🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers. Microsoft Microsoft Teams posted on a bug tracker full of volunteers that their issue is "high priority"

Hot take (or not controversial at all): Yes, AI allucinates (often), but so does most of the so-called 'experts' (myself included, so be careful). In *every* single company I've worked for I've seem absurdities in name of 'security'. It is even a meme between researchers the

I had a lot of fun and learned a lot at RE//verse . I truly appreciate everyone who came and chatted with me. Thanks to the organizers Vector 35 and BINARLY🔬 for the opportunity.

That is actually my main fear with learning thru CTFs. The sense of time and possibility is quite different. Almost like playing fast chess versus longer time chess games. It could be good practice but it very likely is detrimental if done too often.

Reminder that the Phrack 72 CFP closes APRIL 1ST 2025. Get your papers in and come be a part of our fabulous 40th anniversary issue! See phrack.org for more info

I ended up coming to Austin for ringzerø.training && @[email protected] ... thank you 🐘 @[email protected] - I am looking forward to meet folks!

Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue! tmpout.sh/4/

Excellent keynote by haroon meer at ringzerø.training && @[email protected] : "Your earlier customers will accept a lot of rough edges as long as you keep the promises you made them."

IMHO, only grsecurity's team is tracking, properly backporting and doing effective mitigation engineering for the Linux Kernel. Any organization that considers the kernel as a security boundary should use grsec. Literally there are no other (real) options.

Interestingly, we have seemingly traded memory safety attack surface for software supply-chain attack surface...

Original CVE was live for nearly 3 months: lore.kernel.org/linux-cve-anno… I ask again how many end-users would expect to know they'd need to track *rejected* CVEs to make sure they didn't insert vulnerabilities into their kernel, with 0 communication from the CNA?

When vulnerabilities are silently patched, customers lose critical signals regarding urgency, update prioritization, and overall security impact. This practice strongly benefits attackers by extending the window of opportunity, making “1-day” vulnerabilities more effective.

👋lore.kernel.org/all/08393aa3-0… Upstream did nothing to advance GCC plugin usage and the code copy+pasted from us hasn't been maintained properly by them, so this won't be any loss. It will just more honestly reflect reality than this did:

A quick reminder that discounted registration rates for for the #LangSec workshop end tomorrow, April 14, at 11:59 pm PDT, and the conference hotel block rates end shortly after. Details at langsec.org/spw25/importan… We hope to see you all in San Francisco on May 15, 2025!

Fixed 12 years ago in grsec: git.kernel.org/pub/scm/linux/… github.com/linux-scraping…

I would like to praise Gabriel Negreira Barbosa outstanding contributions to the security community and hacking, not only as editor of the magazine for the past 6+ years, but also for his sharing of perspectives, guidance and technical contributions. In this edition we wrote another small

Come work with me in complex, large scale, innovative binary analysis problems! Remote position in US (focused on cryptoanalysis): careers.oracle.com/jobs/#en/sites… - In the coming days I will also post 2 remote positions in Brazil!

When a threat intelligence group sees a drastic reduction of browser & mobile zero-days and attributes that to vendor investments, is there truly a link between these two or could that be at least partially linked to a better threat actors' OPSEC?

What if the whole AI is just a very ellaborate disinformation campaign? In every private group that I am a part of I see folks discussing major changes, including layoffs of core tech people. Experience, trust and knowledge that wont ever be recovered. If AI can't deliver on its