A nice short intro, setting the scene for the followup on the perils of async void.

https://blogs.msdn.microsoft.com/oldnewthing/20170721-00/?p=96665

First fix didn’t take. Shell quoting is hard. Just don’t.

Previously: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Also: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

It says introduction, but it’s 170 text heavy slides.

source: L

But on 10 June, one box office-topping movie was watched by just two people, in one cinema. Unsubscribe, a 29-minute horror movie shot entirely on video-conferencing app Zoom, generated $25,488 (£20,510) in ticket sales on that day. Nationwide, the movie hit the top of the charts, according to reputable revenue tacker Box Office Mojo. The budget of the movie: a flat $0. How was that possible?

source: HN

What if a secure device had an attacker-viewable crashdump format? What if that same device allowed putting arbitrary memory into the crashdump? Amazingly, the ps4 tempted fate by supporting both of these features! Let’s see how that turned out…

source: L

Experiments in Handwriting with a Neural Network

Deconvolution and Checkerboard Artifacts

See also: I’ve decided to move on to Distill

http://colah.github.io/posts/2017-03-Distill/

source: HN

Antoine on GNOME and more.

Landry on ports.

http://undeadly.org/cgi?action=article&sid=20161112095902

Jeremy on ruby and more.

http://undeadly.org/cgi?action=article&sid=20161112112023

Daniel on python.

http://undeadly.org/cgi?action=article&sid=20161112141429

Ingo on LibreSSL mdoc conversion.

http://undeadly.org/cgi?action=article&sid=20161114174451

Comparison of subway maps.

Troubleshooting is both a science and an art. The first step is to make a hypothesis about why something is behaving in an unexpected way, and then prove whether or not the hypothesis is correct. But before you can formulate a hypothesis, you first need to clearly identify the problem, and express it with precision. If the issue is too vague, then you need to brainstorm in order to narrow down the problem—this is where the “artistic” part of the process comes in.

source: HN

This browser variability is particularly true with touch devices, especially in relation to the primary innovation of the touchscreen keyboard: its malleability, or adaptation its mode of input to best suit the context. For example, when a site specifies that the user should type a number, the browser can show a number-pad like keyboard (0 through 9) with extra large buttons for easier, faster, and more accurate numeric input. The usability difference between the small button and large button keyboards for numeric input is stark:

source: HN

On the difficulty of keeping a live streamed location secret from the internet.

This is a fun exercise, though it gets a bit involved.

If one of the lines paſs through the centre, it is evident that it cannot be biſected by the other, which does not paſs through the centre.

I probably could have done without ye olde spelling, but nice web conversion otherwise.

A new car loses about 10% of its value as soon as you drive it off the lot; most news depreciates a lot faster than that. Humans are curious, hard-wired to seek out new information on a continuous basis. But not everything we haven’t seen before is worth our attention.

I’ve been running about two weeks behind in my RSS feed for a while now, and keep plugging away, but I’m not sure I really want to catch up. It’s not all bad being a bit behind.

source: K

Interrupt processing (returning from an interrupt handler, actually) is fully serialising on x86, and on other platforms, no doubt: any userspace instruction either fully executes before the interrupt, or is (re-)executed from scratch some time after the return back to userspace. That’s something we can abuse to guarantee ordering between memory accesses, without explicit barriers.

And then it gets crazy.

source: HN

Under a number of scenarios the GPU can be shared between multiple applications at a fine granularity allowing a spy application to monitor side channels and attempt to infer the behavior of the victim. For example, OpenGL and WebGL send workloads to the GPU at the granularity of a frame, allowing an attacker to interleave the use of the GPU to measure the side-effects of the victim computation through performance counters or other resource tracking APIs. We demonstrate the vulnerability using two applications. First, we show that an OpenGL based spy can fingerprint websites accurately, track user activities within the website, and even infer the keystroke timings for a password text box with high accuracy. The second application demonstrates how a CUDA spy application can derive the internal parameters of a neural network model being used by another CUDA application, illustrating these threats on the cloud.

source: L

Checking function pointers for validity before calling them.

Another way of doing this in the OpenBSD mbuf code: http://marc.info/?l=openbsd-cvs&m=146401711327935&w=2

For many years, the US National Security Agency (NSA) was identified with its almost iconic dark-glass cube-shaped headquarters building at Fort Meade in Maryland. Only when Edward Snowden stepped forward in 2013, the public learned that there’s also a large NSA facility in Hawaii - which is actually one of four regional centers spread across the United States.

source: grugq

Example of extreme syntaxis: a prayer to the patron saint of explosives.

As part of our platform research in Zimperium zLabs, I have recently disclosed a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018-07-01 patch level), including additional patches in the September security update (2018-09-01 patch level).

In this blog post, I will cover the technical details of the vulnerability and the exploit. I will start by explaining some background information related to the vulnerability, followed by the details of the vulnerability itself. I will then describe why I chose a particular service as the target for the exploit over other services that are affected by the vulnerability. I will also analyze the service itself in relation to the vulnerability. Lastly, I will cover the details of the exploit I wrote.

Too many moving parts.

source: L