GNU Radio 3.10.7.0 is out!
People still complain GNU Radio was hard to install – I say: I recommend people actually try. (It really isn't any more.)
https://wiki.gnuradio.org/index.php?title=InstallingGR#Quick_Start
Trouble?
Ask questions on Matrix `#gnuradio:gnuradio.org` via, for example, https://app.element.io/#/room/%23gnuradio%3Agnuradio.org?via=gnuradio.org
#reverseengineering Lesson 113: ARM-32 Course 2 (Part 48 – Debugging Post-Decrement Operator) #assembler #c #cyber #cybersecurity #hack #hacking https://github.com/mytechnotalent/Reverse-Engineering
#reverseengineering Lesson 114: ARM-32 Course 2 (Part 49 – Hacking Post-Decrement Operator) #assembler #c #cyber #cybersecurity #hack #hacking https://github.com/mytechnotalent/Reverse-Engineering
Gmail is putting ads in the middle of your inbox. Is it worth being bombarded with ads? Why bend over backwards to escape Gmail Ads when you can migrate to Tutanota?! 😎
Just thought of this as I put on my rubber ID bracelet in preparation to go for a ride: wear an ID tag. Wear two. Ask any cop or EMT who has ever worked a pedestrian fatality, and they will tell you: Like flip-flops on a Texas roller coaster, shoes always always ALWAYS come off the pedestrian in a vehicle-versus-pedestrian hit. Often the fly a long way away.
When pedestrians are hit by a car, the victim's shoes absolutely, positively, WILL fly off. Guaran-flippin-teed.
So while lots of runners and cyclists put ID tags on their shoes, also wearing a rubberized ID bracelet (like the ones they sell at https://www.roadid.com/) is a great idea for those running or cycling near public roads.
I do both: the wrist tag, the shoe tag, and, if I am carrying a backpack, I put ID and insurance information inside the bag, secured in a Ziploc. The RoadID tags have a code and PIN on them for first responders who can go to the RoadID site, enter the codes and get all the up-to-date information about me.
"„Going dark“ sei eine Angststörung, unter der der Sicherheitskomplex leide. „In Wahrheit hatten die #Strafverfolgungsbehörden noch nie einen so weitreichenden Zugang zu unserem #Privatleben und unserer Persönlichkeit wie im digitalen Zeitalter“, sagt Breyer"
https://netzpolitik.org/2023/going-dark-eu-gruendet-arbeitsgruppe-gegen-verschluesselung-und-anonymitaet/#netzpolitik-pw
We all regularly see the successes of others, but rarely discuss what it actually takes to get there. Normalize talking about that other part...
habe etwas GPN FOMO. maybe next year?
shipping the first RKX7 FPGA module today!
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
"On 64-bit Apple platforms, the entire 4 GiB 32-bit address space (addresses [0x00000000, 0xFFFFFFFF]) is not accessible by the process, which catches both NULL pointer dereference bugs and 64-bit to 32-bit pointer truncation bugs." https://alwaysprocessing.blog/2022/02/20/size-matters
I wasn't aware. This is clever! Even with about 4 billion possible values shaved off, that still leaves over 16 million Petabytes of address space.
I’m excited to share what I’ve been hacking on for the past few years: The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders.
This is the story behind CVE-2022-3266, CVE-2022-32939, CVE-2022-42846, and CVE-2022-42850 along with an extended RCA of CVE-2022-22675.
🧵
Atop all these issues, we also find a nifty use-after-free in FFmpeg in VLC for Windows, alongside issues all across the hardware decoder ecosystem! This was so much fun to work on with @stevecheckoway and @hovav .
You can read more details in our paper available here: https://wrv.github.io/h26forge.pdf .
Keep a lookout for the release of H26Forge so more security researchers can also find these types of bugs!
My awesome colleague @JohnHammond worked through the night with fellow @huntress analysts to produce this overview of #3CX #3CXApocalypse attack paths and vendor-neutral defensive guidance. Honestly the best summary and overview of activity since the initial CrowdStrike disclosure. #DFIR #ThreatIntel #CTI
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
Hack Life Advice - In Return-Oriented Programming (ROP), we hijack execution of a program not by directly inserting our own instructions, but by finding pre-existing useful code already in the program and executing it in our chosen useful order.
.
This is good general advice whether dealing with a computer program, a holy book, or anything else in life: keep and make use of the good wherever you find it , and JMP over the bad!
#ROP #hacking #philosophy #lifeadvice #music #rockfortrock #modularsynth #modular #synthesizer
I'm not writing an entire blog post about how stupid a US TikTok ban would be because this is all that needs to be said:
If the Chinese government is in your threat model, don’t install TikTok on your device. Otherwise, your actual problem is surveillance capitalism.
Theo de Raadt at CanSecWest: Synthetic Memory Protections https://undeadly.org/cgi?action=article;sid=20230325163416 #openbsd #security #rop #mimmutable #aslr #stacksmash #heapsmash
