I permanently switched away from #intel CPUs back when I had a C2000 board self-destruct due to CPU degradation fault (*) - now 13900K/14900K CPUs are developing issues en masse. Intel has acknowledged the issue but has been unable to give proper explanation for it. So far these issues has mostly been raised by individual end users but it seems this is likely to change as it appears that large hosting companies using these CPUs appear to be affected as well. #Level1Techs and #GamersNexus are hinting on the issue being far more widespread than initially believed and not a result of running the chips near or over the recommended power limits. GN video: https://www.youtube.com/watch?v=oAE4NWoyMZk
*) https://www.anandtech.com/show/11110/semi-critical-intel-atom-c2000-flaw-discovered
CVE-2024-5535 is an #OpenSSL problem that cannot be triggered by #curl
OpenSSL calls it it a low severity flaw. https://www.openssl.org/news/vulnerabilities.html
GitHub lists is as "critical" at 9.1 out of 10: https://github.com/advisories/GHSA-4fc7-mvrr-wv2c
At Sommarhack this weekend we somehow managed to win the zero bitplane competition with this contribution: https://youtu.be/QlbSEDq6Cno?si=sdocBAN_f3ZRj5fV
We just barely managed to get a higher score than SMFX with this demo, which in my opinion is more technically impressive: https://youtu.be/z2Ke-Irp7U8?si=fiBT7UXIl24bpIsa
The rules for the competition was that the demo should run on an Atari ST and should never display any graphics on the bitmap, and the only way you are allowed to display anything on the screen is by changing the background colour at precise times.
📚The r2book is getting updated with new contents and better organization. Check out the new chapters on r2con, r2wars, r2frida, r2pipe, r2js scripting and the revamped project introduction and help us by following the new contribution guidelines! https://book.rada.re
The death of public jailbreaks and the inability for Apple to let go of their control over their customers’s devices is an ongoing vulnerability that will be (or has been, even) getting people killed. I’m sure the ‘DMA bad’ peeps will find ways to spin or flat out ignore this.
https://infosec.exchange/@lorenzofb/112752391329610950
Lock up your computers and hide your software. A new version of SERV has been seen roaming the streets. https://blog.award-winning.me/2024/07/serv-13.html
Just received the #rabbitr1 today and with the last update it feels so useless and buggy. Can’t even use it to tell time because the timezone and the rabbithole thing feels so unsafe and scary to login any service there. At least the device looks cool
On some tracks I layer floppy drive sounds behind the drums. Here's a short video showing how it's done :)
So there's a "novel" #VPN attack with a fancy name "#TunnelVision". I argue that this is not novel at all. It is quite well known that these routes bypass routes set up by a VPN. Case example: Here is the TunnelVision attack described in September 2023: https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic #infosec #cybersecurity
Great, another crapball OS we have to deal with
A recent #Amiga demo "Backslide to Arcanum" by Cosmic Orbs included a mind-blowing fullscreen 50Hz rotozoom effect on Amiga 500. Having created a rotozoomer on A500 back in the day I knew exactly how incredibly hard it is to make such routine run fast. The effect has now been dissected and there's also author's writeup.
• Dissect of the effect by Alexander Grupe: https://heckmeck.de/blog/skew-this/
• Jobbo's writeup: https://www.cosmicorbs.com/blog/backslide
• Backslide to Arcanum at Pouet: https://www.pouet.net/prod.php?which=96604
#demoscene #amiga #retrocomputing
WebLlama is a llama3 finetuned model for browsing the web using human language. Outperforms GPT4 https://github.com/McGill-NLP/webllama
In other words. If someone wasn't aware of that yet. #radare2 turns 18 this year. So it means that it can legally drink alcohol, go to prison, vote in the upcoming elections, drive heavy machines and enter a casino. Not necessarily in this order.
Amazing flickr gallery of tape covers! Yay!
https://www.flickr.com/photos/jubru/albums/72157604683673651/with/2437554160
Set to prevent downloads! Boo
I Am No Longer Attending Vintage Computer Festivals
want a serious macOS security flaw that has been public for a decade+? sshd_config gets rewritten every time you install an update which enables password authentication. really hoping this gets fixed one day
https://discussions.apple.com/thread/252554155
The backdoor author was working with #xz project for 2 years, and actively fixed "valgrind problems" caused by his backdoor. He also tried to push the backdoor to Fedora 40 and 41.
To quote the post at https://news.ycombinator.com/item?id=39866275 :
"He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise."
#infosec #cybersecurity #backdoor #liblzma
"Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries."
----
"Under the right circumstances this interference could potentially enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely."
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
-"When the going gets weird, the weird turn pro..."