Oh dear the entire https://www.lyonlabs.org site is offline *and* excluded from archive.org.
It's a massive archive of vintage and modern GEOS and C64 material a lot of it seemingly not found elsewhere.
Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge.
https://research.google/resources/datasets/
Dataset is available for download at:
▪️https://console.cloud.google.com/storage/browser/net-ntlmv1-tables [Login required]
▪️gs://net-ntlmv1-tables
It's the final Patch Tuesday of 2025! #Microsoft and #Adobe took it easy on us with a smaller release, but there's 1 0-day being exploited & an Exchange bug reported by the NSA. @dustin_childs fills you in on the details & where to focus your priorities. https://www.zerodayinitiative.com/blog/2025/12/9/the-december-2025-security-update-review
i finally gave in and started using uv to manage the dependencies for my Python scripts and it’s great https://jvns.ca/til/python-inline-dependencies/
Phrack #72 PUZZLE CHALLENGE >>> WALKTHROUGH <<< is OUT.
Everyone who did not find the hidden secrets in the hardcopy release: This is your chance.
♥️ Stay curious and live forever ♥️
We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: https://issuetracker.google.com/issues?q=componentid:1836411%20title:JavascriptCore
All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!
V8 now has a (experimental) JS bytecode verifier!
IMO a good example for the benefits of the V8 Sandbox architecture:
- Hard: verify that bytecode is correct (no memory corruption)
- Easier: verify that it is secure (no out-of-sandbox memory corruption)
The sandbox basically separates correctness from security.
More details: https://docs.google.com/document/d/1UUooVKUvf1zDobG34VDVuLsjoKZd-CeSuhvBcLysc7U/edit?usp=sharing
Implementation: https://source.chromium.org/chromium/chromium/src/+/main:v8/src/sandbox/bytecode-verifier.cc
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely.
Gandi disabled my U2F keys without warning. This sort of incompetence is why I moved all my domains away from them earlier this year (to Namecheap; Porkbun was runner-up).
Day 9 of Advent of Compiler Optimisations!
Loop with `i * i` inside? Surely the compiler replaces that expensive multiply with clever addition tricks — like manually tracking an accumulator. But no! The compiler keeps the multiply because it enables something more valuable. Why is "more expensive per iteration" sometimes faster overall? The answer lies in how modern CPUs actually execute code.
Read more: https://xania.org/202512/09-induction-variables
Watch: https://youtu.be/vZk7Br6Vh1U
@blackhoodie will have its own assembly at 39c3 congress this year 🥰 https://events.ccc.de/congress/2025/hub/de/assembly/detail/blackhoodie
Does your cybersecurity awareness training contain any hacklore?
I’m collecting examples of hacklore in the wild. Whether it’s training slides, quiz questions, or instructions that focus on rare threats instead of the ones causing the most real-world harm, I want to see it all.
Post some screenshots or notes here, or email them to "info" at hacklore.org. Let’s help organizations replace stale guidance with advice that truly keeps people safe.
Do I know anyone working on freedesktop.org / mesa? A security contact would be ideal :)
Edit: Resolved
RE: https://mastodon.social/@FirewallDragons/115684533805754572
So excited to share this interview!
okay so like a month ago @trashpanda sent me one of those 'spycam finder' doodads that you see going for like 80-100 dollars online that supposedly 'find spy cameras and gps trackers'. I've always been curious if they actually work or whats inside. So I just tore the thing open and this is what I found: