Why Black Holes Could Delete The Universe – The Information Paradox
https://www.youtube.com/watch?v=yWO-cvGETRQ [www.youtube.com]
2017-08-27 00:58
random
Why Black Holes Could Delete The Universe – The Information Paradox
https://www.youtube.com/watch?v=yWO-cvGETRQ [www.youtube.com]
2017-08-27 00:58
A very deep dive into iOS Exploit chains found in the wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html [googleprojectzero.blogspot.com]
2019-08-30 02:11
Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple’s software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we’ll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users.
Papers that will make you a better peogrammer
https://lobste.rs/s/itxtjr/papers_will_actually_make_you_better [lobste.rs]
2017-03-10 03:26
Wisdom of the crowds is never wrong.
source: L
Trapper Keeper Contraband
https://tedium.co/2018/08/28/trapper-keeper-contraband-decline/ [tedium.co]
2018-08-31 00:12
Schools are weird. They get super-political about the strangest things, because kids tend to get hung up about stupid things and those stupid things tend to affect what happens in the classroom. And that leads to common things getting banned. One of those things was the Trapper Keeper—a brilliant tool built to organize students as they went about the myriad subjects in their day. It seems like a useful thing, but schools across the country banned the products at the height of their success, ensuring that they would eventually fade from view. (Try finding one in a store lately?) Today’s issue organizes every spare thought around the Trapper Keeper.
Potholes to avoid when migrating to IPv6
http://rachelbythebay.com/w/2018/12/30/v6/ [rachelbythebay.com]
2018-12-31 05:53
Is your parser still going to work?
Times 77.
Strings are hard!
Tiny transformer inside: Decapping an isolated power transfer chip
http://www.righto.com/2020/05/tiny-transformer-inside-decapping.html [www.righto.com]
2020-05-09 19:12
I saw an ad for a tiny chip that provides 5 volts of isolated power: You feed 5 volts in one side, and get 5 volts out the other side. What makes this remarkable is that the two sides can have up to 5000 volts between them. This chip contains a DC-DC converter and a tiny isolation transformer so there’s no direct electrical connection from one side to the other. I was amazed that they could fit all this into a package smaller than your fingernail, so I decided to take a look inside.
A bug story: data alignment on x86
http://pzemtsov.github.io/2016/11/06/bug-story-alignment-on-x86.html [pzemtsov.github.io]
2016-11-07 15:28
Trying to write a ones complement checksum function. Unlike the classic x86, SSE has alignment restrictions and sometimes the compiler decides that’s what you get unexpectedly.
socket: Limit the number of accepted sockets that kevent reports.
http://lists.dragonflybsd.org/pipermail/commits/2017-October/626501.html [lists.dragonflybsd.org]
2017-10-24 16:32
Neat little change to control latency.
source: Dfly
Don't touch my clipboard
https://alexanderell.is/posts/taking-over-my-clipboard/ [alexanderell.is]
2020-02-18 05:07
USENIX Security '19 Technical Sessions
https://www.usenix.org/conference/usenixsecurity19/technical-sessions [www.usenix.org]
2019-09-29 17:05
The full Proceedings published by USENIX for the conference are available for download below. Individual papers can also be downloaded from the presentation page.
Into the Borg – SSRF inside Google production network
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ [opnsec.com]
2018-07-20 22:11
I used the private IP as the url for the Google Sites javascript external resource and waited for the moment of truth. The request took more than 30 seconds to complete and at that time I really thought the request was blocked and I almost closed the page since I never had any luck with SSRF on Google before. However, when Google Caja replied, I saw that the reply size wasn’t around 1 KB like for a typical error message but 1 MB instead! One million bytes of information coming from a 10.x.x.x IP from Google internal network, I can tell you I was excited at this point!
source: HN
Windows Defender Antivirus can now run in a sandbox
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/ [cloudblogs.microsoft.com]
2018-10-27 01:31
Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we received from the security industry and the research community.
One might say finally, but here it is.
Building a prefetch module for the ZipCPU
http://zipcpu.com/zipcpu/2017/11/18/wb-prefetch.html [zipcpu.com]
2017-11-21 22:42
The prefetch is that portion of a CPU that reads instructions from memory and presents those instructions to the rest of the CPU for execution. While today’s Wikipedia author’s argue that there’s a difference between an instruction fetch, which gets the next instruction from memory, and a prefetch, which fetches an instruction before it is needed, I’m going to equate the two terms under the single name prefetch for simplicity. The result of this abuse of terminology will be that I can describe all instruction fetch modules with the same term, but also that this subtle difference in meaning will be lost.
Terminology abuse aside, quite some detail here.
source: HN
Why is there no CR1 – and why are control registers such a mess anyway?
http://www.pagetable.com/?p=364 [www.pagetable.com]
2016-12-08 05:12
Long, long ago there was an 8086...
The polyglotism of PoC||GTFO
https://twitter.com/angealbertini/status/896452930349522944 [twitter.com]
2017-08-14 03:15
When Twitter Threads Fly Away
http://www.erynnbrook.com/when-twitter-threads-fly-away/ [www.erynnbrook.com]
2019-02-24 03:10
Mostly about threads and plagiarism, but also in conclusion:
Twitter is not a blog. It’s not meant to be a blog. This is a blog. Compare the thread that I wrote with what I transcribed to this blog post. Is there more information in the thread? Mm, maybe. There’s different information. But is the important information available here, edited for clarity, removing the random wandering thoughts and audience participation? Yes. Is this format better suited to a blog post? Yes. Is the twitter thread better suited to twitter? Absolutely.
I don’t like twitter threads, but like the multiple levels of bottom feeders even less.
source: HN
Weaponization of a JavaScriptCore Vulnerability
https://blog.ret2.io/2018/07/11/pwn2own-2018-jsc-exploit/ [blog.ret2.io]
2018-07-12 13:55
In this post, we shed some light on the process of weaponizing a vulnerability (CVE-2018-4192) in the Safari Web Browser to achieve arbitrary code execution from a single click of an unsuspecting victim. This is the most frequently discussed topic of the exploit development lifecycle, and the fourth post in our Pwn2Own 2018 series.
source: grugq
How to Make an Alien Planet on Earth
http://www.atlasobscura.com/articles/how-to-make-an-alien-planet-on-earth [www.atlasobscura.com]
2017-01-22 05:15
For a short film about another world, the landscape designer Bas Smets created a dark, scientifically accurate terrain.
A short list of black plants.
Chinese tourist attraction installs speed bumps for pedestrians
http://www.dailymail.co.uk/travel/travel_news/article-4465380/Chinese-tourist-spot-installs-speed-bumps-PEDESTRIANS.html [www.dailymail.co.uk]
2017-05-03 19:05
Who knows what’s really going on, but interesting idea.
source: MR
A news posting about the computers used on Safeguard
http://www.nuclearabms.info/Computers.html [www.nuclearabms.info]
2017-05-30 14:58