The biggest takeaway from this talk is that macOS font renderer ALMOST never invokes the interpreter. If you were fuzzing TTF bytecode without paying attention, it was probably not hitting the interpreter at all. I'll post slides shortly with other interesting details. #OBTS

"Invariant inversion" in memory-unsafe languages pacibsp.github.io/2024/invariant…

I built doom-captcha.vercel.app – verify you're human by playing DOOM and killing at least 3 enemies 😁 (in nightmare mode) powered by webassembly × libsdl, ui built in v0

I've got about two weeks left before I cancel my X subscription. I am guessing that I won't look here much after due to advertising. An end to an era I guess. Please follow elsewhere!!

Why do vendors claim reliable and secure and then have vulns like this?? Let me guess, ping again?? moxa.com/en/support/pro…

In other news, FedEx is something else... Shipping a device over a thousand miles to deliver it < 10 miles away. Maybe Saleae should reconsider their shipper options.

Rustaceans among my followers: A few years ago I recall that the intent was to have Servo replace Gecko in FF, and eventually have a Cranelift-based JS JIT in Rust. I can't find much on this online any more, any pointers? What happened?

One of the finest hackers & humans to ever hack the planet needs our help. Marc Rogers is lucky to be alive & we are luckier to be able to help him. Donate if you can and please *share* to spread the word. gofund.me/27112e30

Two takeaways from the latest episode of Rustacean Station — "Rust in Google with Lars Bergstrom": • For the first time this year, the majority of new Android code is written in Rust instead of C++. • There are three million lines of Rust in the Android codebase.

The detailed version of our #WorstFit attack is available now! 🔥 Check it out! 👉 blog.orange.tw/posts/2025-01-… cc: splitline 👁️🐈‍⬛

Triangulating TrueType Fonts On macOS: Reconstructing CVE-2023-41990 by Aleks objectivebythesea.org/v7/talks/OBTS_… youtu.be/_xoA5MrB6ug

I’ve published BTIDES (BlueTooth Information Data Exchange Schema) to its own repository so that it can easily be incorporated as a git submodule in other research projects. I have started using this for crowdsourced BT info sharing. github.com/darkmentorllc/…

I’ve published CLUES (Custom Lightweight UUID Exchange Schema) and my current data about Bluetooth custom UUIDs to its own repository so that it can easily be incorporated as a git submodule in other research projects. github.com/darkmentorllc/…

Not very high impact, but I think it's cool that we (XBOW, autonomously) found an XSS in GCHQ's CyberChef 😁

This. It helps reduce software supply attack surface also.

Lu1g1n0 Joshua J. Drake The clue is here?

First #BOOTSTRAP25 talk announced: Joshua J. Drake - Musings from Decades of Linux Kernel Security Research ringzer0.training/bootstrap25-ta…

My employer, Delphos Labs, is surveying the RE community to optimize the impact of our future development. It's only open for one more week. Last chance to participate! We'd love to learn more about you, your needs, or feedback on the public beta! Try it! docs.google.com/forms/d/e/1FAI…