harrysintonen

joined 2 years ago
 

The feeling when you notice a bug in your binutils port that has been generating semi-randomly broken branch relaxation trampolines for decades.

#programming #coding #oops

 

If you're a #facebook user, you can object to your information being used for #aItraining: https://www.facebook.com/help/contact/6359191084165019

As part of the process, they demand you to explain how the process impacts you. Of course, this is just another step to stop you from exercising your right to object. You can enter "I refuse to explain my reasons" or similar, and it will be equally valid as an actual explanation.

#privacy #enshittification

 

No one — absolutely no one — saw this coming: "The UK government is developing a “murder prediction” programme which it hopes can use personal data of those known to the authorities to identify the people most likely to become killers."

https://www.theguardian.com/uk-news/2025/apr/08/uk-creating-prediction-tool-to-identify-people-most-likely-to-kill

This is far, far more sinister than anything even Philip K. Dick could dream of.

#precrime #thoughtcrime #privacy

 

I can't recommend
https://www.privacyguides.org/ enough. Excellent curated information on how to protect your #privacy.

 

Finnish Post has decided to start using your data for service planning and development. This is opt-in by default.

"My data may be used for service planning and development, as well as for delivering personalized content and targeted advertising using profiling.
Profiling refers to automated processing of personal data where the information is used to evaluate personal characteristics, such as interests or service usage. The purpose of profiling is to enhance the customer experience and ensure that the customer receives relevant and interesting recommendations and services."

Notably for some reason this is separate from "Marketing consents" and is enabled by default.

You can turn off this option at: https://my.account.posti.fi/settings

#profiling #privacy #gdpr #enshittification

 

Today Finland is voting in county and municipal #elections. Unsurprisingly the idiot Russian "hacking crew" is DDoSing websites of the political parties.

Newsflash: The voting is pen & paper. No websites are involved in the voting process. You gain absolutely nothing by DDoSing the party websites.

#infosec #cybersecurity

 

In case you haven't noticed #nis2directive is in effect in Finland now:

"Finnish Parliament has passed the government proposal for a national #Cybersecurity Act to implement the EU Cybersecurity Directive (NIS 2 Directive). As regards public administration, the relevant requirements included in the Directive are laid down in the Act on Information Management in Public Administration."

Interestingly this also increases the duties and responsibilities of The Finnish Transport and Communications Agency Traficom:

"The Cybersecurity Act also entails new supervisory duties for Traficom compared to the old NIS Directive. In future, Traficom will be the competent authority supervising cybersecurity issues also in the following sectors: postal and courier services, space, public administration, managed service providers, managed security service providers, research, and the manufacture of vehicles and other transport equipment."

ref: https://traficom.fi/en/news/cybersecurity-act-passed-parliament-obligations-under-nis-2-directive-enter-force-8-april-2025

 

#Microsoft is removing the possibility to use a local account with #Windows.
https://blogs.windows.com/windows-insider/2025/03/28/announcing-windows-11-insider-preview-build-26200-5516-dev-channel/

"We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11."

Oh, okay, but how does it improve security or user experience?

"This change ensures that all users exit setup with internet connectivity and a Microsoft Account."

Ah, so it does not improve security or use experience. It in fact is making the user experience worse, as you no longer can set up Windows offline easily.

The only reason is to force more users to sign up to Microsoft account.

#enshittification

 

If you care about your health information #privacy sending your generic material to a commercial entity is a mistake. The reason for the cheap prices is that your health information will be sold. While some companies claim anonymity, such claims are often with little merit has there often is enough information to identity individuals.

 

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.

#infosec #cybersecurity

 

VMSA-2025-0004: #VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)

VMCI heap-overflow vulnerability (CVE-2025-22224): A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

VMware ESXi arbitrary write vulnerability (CVE-2025-22225): A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

HGFS information-disclosure vulnerability (CVE-2025-22226): A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

#CVE_2025_22224 #CVE_2025_22225 #CVE_2025_22226 #infosec #cybersecurity

 

#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot?

If you build it on a modern system and want to try exploiting it in true 90s fashion, be sure to turn off address space layout randomisation (ASLR).

https://github.com/curl/httpget/blob/master/httpget-0.2.c

#infosec #cybersecurity

[–] [email protected] 1 points 4 months ago

#Nordnet services appear to be back.

[–] [email protected] 1 points 4 months ago (2 children)

Nordnet has a lot of technical issues to sort out. If the malfunction allowed unauthorized parties to operate the accounts it will be quite messy to sort out.

Among with technical part, they will have to deal with the regulatory issues, in particular the Financial Supervisory Authority. They will demand answers.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

I still occasionally write some m68k code and apps. These are from 2024:

- Execute code in #amiga color registers: https://sintonen.fi/src/colexec/colexec.asm
- RXS-M-XS 32bit->32bit Permuted Congruential Generator: https://sintonen.fi/src/misc/pcg/_rand.asm
- Minimal modplayer (protracker music player): https://sintonen.fi/src/minimod/ (the replayer routine is mostly from Frank Wille however)

[–] [email protected] 1 points 5 months ago

I also participated in very useless size/speedcoding competitions - some of them are still accessible from this old web page: https://amycoders.org/compo/

Note that some of the HTML is a bit broken, for example https://amycoders.org/compo/circlecompo.html - you can view source to see the full routine

#m68k #assembly #sizecoding #speedcoding

[–] [email protected] 2 points 5 months ago

@[email protected] Curl will likely address this eventually even though they don't consider it a vulnerability. See https://github.com/curl/curl/issues/16197

[–] [email protected] 3 points 5 months ago

The latest curl version 8.12.0 (released today) is affected.

[–] [email protected] 1 points 5 months ago

The details of the #AMD Microcode Signature Verification #Vulnerability are out:

#infosec #infosecurity #cybersecurity

[–] [email protected] 1 points 5 months ago

In total surprise to no one, #NVIDIA #RTX5080 card is just "meh": https://www.youtube.com/watch?v=sEu6k-MdZgc

[–] [email protected] 3 points 5 months ago

So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation "DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende" gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago)

@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn't seem to be going great here.

Update: The "PeCoffLoader memory overflow issue for security" likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796

[–] [email protected] 5 points 5 months ago

I had actually forgotten I still had Docker installed on this system. I've now fixed this issue by uninstalling the malicious app. I'm using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!

view more: ‹ prev next ›