Introducing ZeroBB! A minimalistic forum (bulletin board) on the Tor network. If you have news to report, ideas to share, dislike moderation, and prefer to be anonymous, then this is for you. #ZeroBB is based on ZeroBin which is an open-source online paste tool where the server has zero knowledge of pasted data. The data is encrypted/decrypted in the browser using 256 bits #AES.
You need Tor to access this URL. Boosts are welcome.
Amazing flickr gallery of tape covers! Yay!
https://www.flickr.com/photos/jubru/albums/72157604683673651/with/2437554160
Set to prevent downloads! Boo
I Am No Longer Attending Vintage Computer Festivals
want a serious macOS security flaw that has been public for a decade+? sshd_config gets rewritten every time you install an update which enables password authentication. really hoping this gets fixed one day
https://discussions.apple.com/thread/252554155
The backdoor author was working with #xz project for 2 years, and actively fixed "valgrind problems" caused by his backdoor. He also tried to push the backdoor to Fedora 40 and 41.
To quote the post at https://news.ycombinator.com/item?id=39866275 :
"He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise."
#infosec #cybersecurity #backdoor #liblzma
"Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries."
----
"Under the right circumstances this interference could potentially enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely."
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
These crows removing the bird-prevention spikes from this new condo. They are not having it!
In 2022, Tom Lehrer released all his songs, lyrics and works to the public domain, an amazing move. While checking on the site, I found out he silently released more material in September of 2023 - a DAT tape of his work with an orchestra and some solo piano takes that are not elsewhere. If you're a Lehrer fan, quite a surprise.
We are happy to tell you that we accept your proposal "Broom not included: curling the modern way" in the Network devroom at #FOSDEM 2024.
It looks like I will blab at FOSDEM again.
"In this vulnerability disclosure report, we discuss details of 5Ghoul – a family of implementation-level 5G vulnerabilities. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek. Consequently, many 5G-capable commercial products such as smartphones, Customer-premises Equipment (CPE) routers and USB modems are potentially impacted due to the employment of vulnerable 5G modems in such products."
https://asset-group.github.io/disclosures/5ghoul/
I can finally reveal some research I've been involved with over the past year or so.
We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parti
es.
1/4
You probably never figured the Caribbean island of Anguilla would be a hotbed of AI activity, but here we are. One of the more interesting press releases I received this morning:
"Due to the rise in popularity of Artificial Intelligence (AI), .ai domain registration figures have skyrocketed. The small island of Anguilla, whose government owns the country code top-level domain (ccTLD) .ai, has had a huge spell of luck after reaping significant profits amid this tech-driven trend."
"Anguilla’s government is earning around $3 million every month from registrations, which has almost surpassed the revenue generated from all goods and services, from all of their shops and restaurants each month of the year so far. Should this trend persist, projections suggest a potential additional revenue of up to $45 million by the end of 2024."
"Although this presents a significant opportunity for a tiny island of only 16,000 inhabitants, such reliance on a single revenue stream poses potential risks to the nation’s economic prospects."
Always amazes me to find quotes like this one from a coder like Dan Scott: "While I was learning and coding, I was always in awe of the crackers. Cracking encrypted code, rearranging disk Content to find space for a cracktro, one filing games, squeezing 2 disk games onto 1 disk etc.. Seemed like voodoo to me" (https://eab.abime.net/showthread.php?p=1657173#post1657173)
Did you know that there is full coverage of the C radare2 api for Rust and Python autogenerated with bindgen and ctypeslib respectively? It’s not idiomatic and certainly needs some maintainance and cosmetic work but the hard part is done. https://github.com/radareorg/radare2-bindings
"Honest Government Ad | How to rig elections"
https://www.youtube.com/watch?v=N3WTlyuhDs0
-"When the going gets weird, the weird turn pro..."