Demo video for my OBTS v8 talk next week:
objectivebythesea.org/v8/talks.htm...

Unauthenticated LAN remote code execution for Apple Compressor v4.9. Fun fact: this video is made with the vulnerable app itself

Apple is planning a special initiative featuring iPhone 17 with Memory Integrity Enforcement. To rapidly make this defense available to those targeted by mercenary spyware, the company will provide a thousand iPhone 17 devices to civil society organizations.

security.apple.com/blog/apple-s...

is it written in a book somewhere that all the most important parameters should be obscurred by as much template bullshit as possible?

(guy designing c++): alright how do we make it as hard as possible to find the actual value of a variable

NEW: In May, a Texas police department said they used the powerful Flock surveillance network against a woman who had an abortion "for her safety"

Newly obtained court records show it was a 'death investigation,' and they considered charging her with a crime

www.404media.co/police-said-...

(even though "implode" seems like the way more likely outcome at the moment)

its pretty cool how we are warping our economy so that it will either develop AGI or completely implode.

(actually a part of me does unfortunately really think this is cool)

slightly ominous mailer from the Red Cross

Happy radare2 6.0.4 release day infosec.exchange/@radareorg/1...

@dmnk.bsky.social you are working on Big Sleep right? what do you think about this ? does it apply to Big Sleep or is that actually a model that is being tuned to Be A Better Hacker so it works effectively without (as many) rails?

the post itself states "Machine-Guided Beats Human-Mimicry" and there are clearly very narrow rails upon which the agents are supposed to stay. yes an LLM is a fully "general solution", but if it has to be boxed in incredibly tightly to give correct answers then what is the point of the generality?

reading more about the Team Atlanta AIxCC solution i do still wonder if eliminating the LLM components in favor of normal ML classification (or just "dumb" hardcoded logic) could achieve results that are nearly as good and orders of magnitude more efficient

team-atlanta.github.io/blog/post-ml...

i was thinking earlier today about how i never reflexively check janky looking sites for injection vulns anymore. so i tested the next site where i got the vibe. immediate sqli

The iPhone 17 is powered by Apple's A19 SoC (System on a Chip). Chipwise took a die photo of the chip, but it's a bit drab. I spiced it up by applying the over-saturated color gradient that Apple used for die photos of the M1 chip :-)

Link to the original die photo: chipwise.tech/our-portfoli...

someone needs to make flare-on but not windows shit (i know that this is "literally every other ctfs rev chals")

the answer appears to be "no". theres maybe not even been any recorded remote ITW exploit?

the grapheneOS hardened allocator is pretty scary

www.synacktiv.com/en/publicati...

has there ever been a recorded ITW 0c exploit on a grapheneOS device?

i just made a cool video

NEW: 404 Media is suing ICE. We have filed a lawsuit demanding the agency release its $2 million contract with Paragon, a company that makes powerful spyware to break into phones and read messages from encrypted chat apps www.404media.co/were-suing-i...

Found a video from a couple of years ago when I wrote a brainfuck implementation in Fastly VCL. Each tick of the interpreter was executed by making a GET request to the VCL service with the entire interpreter state encoded in the URL. Anyway, here is "hello world" in 1771 GET requests.

this list of people on the wikipedia page for "If Anyone Builds it, Everyone Dies" is absolutely sending me