I like the “we and our 227 partners” part. All of them totally care about your privacy!

Or you could follow to the (original) blog: https://blog.jgc.org/2024/09/cracking-old-zip-file-to-help-open.html

«When they loaded this URL, the server responded with a Java heap dump, which is a roughly 150-MB file containing a snapshot of the server’s memory at the moment the URL was loaded.»

Comedy gold, the whole article…

A tad late (the original story), but now there is an opinion piece on this topic now: https://www.theregister.com/2025/03/24/microsoft_opinion/

I like the part with "This a post-literate era, and we should expect the next demand for bughunters to express proof-of-concept as a TikTok dance short."

Yes. And you will have a good chance that the EDR wont flag the extractor since its not suspicious code per se.

So, will the AV software then scan that +:\ drive or not? 🤔

Oh wow 🙄. Thanks for letting me know.

OH: «by sending a malicious DNS packet to the target device», 👌🤭

«PQC...isn't mathematics or engineering, it's augury: 'A great machine shall arise, and it will cast aside all existing cryptography, there shall be Famine, Plague, War, and a long arable field.'»

🤭

News or not. I like the fact that the pot is calling the kettle black…

Did anyone count? How many vulns just in 2025 alone?

Not sure if that is even the point. The article is all about memory unsafe programming!!1!. But there is no context at all.

Sure, there are vulnerabilities because of unsafe memory handling. But I looked for some statistic which would bring unsafe memory handling into context with say the high profile vulnerabilities from the last few weeks / months. I haven't spent too much time on research but looking at some lists containing vulns from the last few months it seems as if all those pre-auth, priv escalation, directory traversal and whatnot very based on much simpler failures like wrong error handling or logical errors or missing code than unsafe memory handling.

I might be wrong, then please show me the numbers, but shooting at C/C++ because unsafe!!1! sounds like a very biased story there.

And while we are at it. I'd also be interested in C vs. (somewhat modern) C++.

🤭

I lost count. How many vulns this year already?

Direct link: https://www.nytimes.com/2025/04/24/magazine/crybercrime-crypto-minecraft.html

See slides #8 and #10 on this presentation: https://download.openwall.net/pub/projects/lkrg/presentations/OSTconf2020-LKRG-In-A-Nutshell.pdf -> Kernel Panic (milder response would be ineffective) and killing the task.

I like this comment on that page, haven’t heard about it before: «Was done..in Stockholm a few years back. Someone copied the plates of the CEO of the company operating a toll road in the city and posted it online. Folks pasted it over their own plates and used the toll road all day. The ALPR dutifully generated an humongous bill…»

I wonder what must happen that we as a society start to make companies responsible for such fails.

You mean like FIST but with a huge revolver? 😍

Will have to look in the logs. Probably the pushing to Lemmy part.