Archive (Page 5) • the grugq's newsletter

April 24, 2024 I just published C isn’t a Hangover; Rust isn’t a Hangover Cure https://t.co/CyDpCwGMJy— John Viega (@viega) April 23, 2024 from @violazhouyi...

April 23, 2024 ChatGPT and its ilk are making people worse at writing, in a more insidious way than social media or text messaging ever did. Woah Daniel, how...

April 22, 2024 I had a great time at T2 con, Helsinki was a load of fun. First time I’ve seen snow in at least a decade. Introduction to "EDR-Preloading"...

April 21, 2024 GPT-4 can exploit vulnerabilities by reading CVEs : https://t.co/Kw65h1q7Nm (pdf)— Binni Shah (@binitamshah) April 21, 2024 IMO as co-founder...

April 18, 2024 The second order side effects of using memory safe code languages in edge devices is that all discovered vulnerabilities thereafter will...

April 17, 2024 My @BlackHatEvents #BHEU presentation has now been posted 📽️https://t.co/NUJQhW1ha6— Brett Hawkins (@h4wkst3r) March 28, 2024 Finished reading...

April 16, 2024 I am in Helsinki, Finland, for the T2.fi conference this Thursday and Friday. The newsletter will be on semi-hiatus while I am away. If you’re...

April 14, 2024 Note: I will be traveling to Helsinki for T2.fi con this week. The newsletter will be sporadic while I’m away. If you’re in Helsinki, feel...

April 13, 2024 Those who don't read https://t.co/DWIfxzByU0 (which turned 11 last month) are doomed to whatever people shocked about /sys/kernel/notes are...

April 12, 2024 Instagram is rolling out nude detection in private DMs; will automatically blur images it believes are nudes, including in end-to-end...

April 11, 2024 Looks like someone dropped a Linux kernel 0day https://t.co/UYPK9rItOc pic.twitter.com/wGFK4Vw7Fb— matteyeux (@matteyeux) April 10, 2024...

April 10, 2024 Come see how I used my jerry-rigged “EMBite” probe to capture an EM side-channels using a HackRF. I used this to figure out the precise timing...

April 9, 2024 In a shot across Microsoft's bow, @RonWyden is introducing legislation that would set a four-year deadline for the government to stop using...

April 8, 2024 Ever want to test systems & see if your password is ever stored/sent in plaintext? Make it: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-...

April 7, 2024 Interesting video from the cockpit of an A350 flying from Copenhagen to Bangkok. "The challenge on this route is like the jamming and the...

April 6, 2023 Series by @pberba about persistence in Linux environments Map: https://t.co/8KaO3celxe Auditd: https://t.co/YFlzhgrWjX Accounts:...

April 5, 2024 We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to...

April 4, 2024 xz bd engineer 1: bro, we need a way to probe the address space to make sure we never SEGV sshd xz bd engineer 2: we'll just do a pselect...

April 3, 2024 "At Kirovskoe Airfield on occupied Crimea [and at at least 12 other air bases] there are decoy Russian fighter aircraft painted on the concrete...

April 2, 2024 I am currently helping my wife look for the Lindt chocolate bunny I ate on Thursday.— Douglas Cheape (@CheapeDouglas) March 31, 2024 A day...

April 1, 2024 Kinda feel like the xz backdoor story should’ve waited for Monday. NEW: Facebook snooped on Snapchat users' encrypted network traffic to study...

March 31, 2024 Backdoor in upstream xz/liblzma leading to ssh server compromise https://t.co/29Vfiz0n1T— Open Source Security mailing list (@oss_security)...

March 30, 2024 Absolutely the biggest story in a while. The backdoor developer appears to be Jia Tan who spent years working on the xz project to gain a...

March 29, 2024 The rev.ng decompiler goes open source + start of the UI closed beta The rev.ng decompiler goes open source + start of the UI closed beta -...

March 28, 2024 Fascinating Google report with details of zero days - the breakdown of who is using zero days gives pause for thought https://t.co/3nxxVRIIUe...

March 27, 2024 Feds Now Adding Dragnet Searches Of YouTube Users’ Video Watching To Their Investigative Arsenal | TechdirtAll you need is Google. That’s how...

March 26, 2024 I wrote this Format dialog back on a rainy Thursday morning at Microsoft in late 1994, I think it was. We were porting the bajillion lines of...

March 25, 2024 I mentioned the idea of using Tailscale as a reverse shell in my @rejektsio talk and promised a blog with some more details. Here's the blog...

March 24, 2024 EU bans anonymous crypto payments to hosted walletsIn a recent regulatory development, the European Union (EU) has voted to ban cryptocurrency...

March 23, 2024 GitHub - getgrit/gritql: GritQL is a query language for searching, linting, and modifying code.GritQL is a query language for searching,...

March 23, 2024 GitHub - getgrit/gritql: GritQL is a query language for searching, linting, and modifying code.GritQL is a query language for searching,...

March 22, 2024 White House and EPA tell US governors that water facilities need to improve their defenses against cyber threats https://t.co/YI6rusC0WT...

March 20, 2024 Wallet Drainers Starts Using Create2 Bypass Wallet Security Alert Wallet Drainers Starts Using Create2 Bypass Wallet Security Alert - Scam...

March 19, 2024 In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution...

March 18, 2023 IT helpdeskers increasingly targeted by cybercriminals GitHub - albertan017/LLM4Decompile: Reverse Engineering: Decompiling Binary Code with...

March 17, 2024 Passkeys – Under The Hood Fuzzing Ladybird with tools from Google Project Zero Irish Broadcasting History & Hall of Fame: The Economics of...

March 16, 2024 Update: last update. I got it finished, turned in on time, and Ive got a place that is interested in publishing it. Thanks for your patience...

March 15, 2024 Update: done! “Drivers of cars manufactured by General Motors, Ford, Honda and other popular brands say that their insurance rates went up...

March 13, 2024 Update: so close to the wire. GrapheneOS: "Our hardware memory tagging support for Pixel 8 a…" - GrapheneOS MastodonOur hardware memory...

March 11, 2024 Update: the last few days… fixes from the editor are incorporated. I’m not finished, but I’m close. I still need to slash word count. But...

March 11, 2024 Update: the last few days… fixes from the editor are incorporated. I’m not finished, but I’m close. I still need to slash word count. But...

March 10, 2024 List of interesting artifacts for forensics invetigations on Android 14https://t.co/KTuIN4zRPC#android #infosec pic.twitter.com/7NLPolJO58—...

March 9, 2024 Classy move by Microsoft, waiting til Friday to announce that APT29 completely owned them https://msrc.microsoft.com/blog/2024/03/update-on-...

March 8, 2024 Update: I don’t even want to know the date. My introduction is looking sharp, and progress is ok with the rest. Not great, but on track. Some...

March 7, 2024 Update: 7 days until deadline. This footage is strikingly visually similar to those films of WW2 ships in the Pacific shooting at incoming...

March 6, 2024 Update: I know you’re all excited for these, so I won’t keep you in suspense. Today I’m revising a new section. 8 days to go....

March 5, 2024 Update: my editor canceled. I got a new editor. I’ve managed, through hard work and judicious use of the delete key, to squeeze my manuscript...

March 4, 2024 Update: another section submitted to the editor. Three down, five to go. Bad news though, my editor has a family emergency. "The head of the...

March 3, 2024 Updates: good news, I sent second section to the editor a day early. Bad news, now the third section is due on March 4. Teaser: after I submit...

March 2, 2024 Administrivia: good news, first section is with the editor. Bad news, next section is due March 3rd. We published our in-depth analysis of the...