Here’s the more constructive part of the (I still think warranted - but likely a bit tone deaf) rant: https://github.com/tukaani-project/xz/pull/181

The httpget 0.2 doesn’t quite work in the form it was uploaded.

First it uses hardcoded argv, argc instead of getting from the app invocation (as args in main, the code uses void main).

Second obtaining any data from the socket will result in the app stopping and leaving behind an empty file (if (nread) break;).

This program could never download anything. It is likely some work in progress or modified test version of httpget. Since it includes some windows specific headers and has disabled the unix ones I can only presume it was some earlier attempt to get the tool running on windows.

So while the code has a local stack buffer overflow it can’t be triggered for this early version.

If this trend continues, we will be losing the ability to use secure means of communication with UK friends and colleagues. For example, #signalapp will rather get out of the UK than add backdoors: https://www.bbc.com/news/technology-64584001

“#Nordnet admits that it was possible to trade in other people’s depots during the IT breakdown”

https://www.marketscreener.com/quote/stock/NORDNET-AB-115787339/news/Nordnet-admits-that-it-was-possible-to-trade-in-other-people-s-depots-during-the-IT-breakdown-49034492/

#Nordnet services appear to be back.

Nordnet has a lot of technical issues to sort out. If the malfunction allowed unauthorized parties to operate the accounts it will be quite messy to sort out.

Among with technical part, they will have to deal with the regulatory issues, in particular the Financial Supervisory Authority. They will demand answers.

I still occasionally write some m68k code and apps. These are from 2024:

- Execute code in #amiga color registers: https://sintonen.fi/src/colexec/colexec.asm
- RXS-M-XS 32bit->32bit Permuted Congruential Generator: https://sintonen.fi/src/misc/pcg/_rand.asm
- Minimal modplayer (protracker music player): https://sintonen.fi/src/minimod/ (the replayer routine is mostly from Frank Wille however)

I also participated in very useless size/speedcoding competitions - some of them are still accessible from this old web page: https://amycoders.org/compo/

Note that some of the HTML is a bit broken, for example https://amycoders.org/compo/circlecompo.html - you can view source to see the full routine

#m68k #assembly #sizecoding #speedcoding

@SatyrSack@feddit.org Curl will likely address this eventually even though they don’t consider it a vulnerability. See https://github.com/curl/curl/issues/16197

The latest curl version 8.12.0 (released today) is affected.

The details of the #AMD Microcode Signature Verification #Vulnerability are out:

• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
• https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

#infosec #infosecurity #cybersecurity

In total surprise to no one, #NVIDIA #RTX5080 card is just “meh”: https://www.youtube.com/watch?v=sEu6k-MdZgc

Of course this is not halftone dithering as pointed out in the video, but yet my first association was the dithering used in print papers.

So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation “DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende” gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s

@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn’t seem to be going great here.

Update: The “PeCoffLoader memory overflow issue for security” likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796

I had actually forgotten I still had Docker installed on this system. I’ve now fixed this issue by uninstalling the malicious app. I’m using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!

@g@irrelephant.co Oof, that’s not good at all.

@Ichinin@infosec.exchange Nah, but there’s another booze bottle in the game that is exact same alcvol as Koskenkorva. They are of course actively avoiding trademark issues by creating their own labels and trademarks for items.

I just noticed that the game location (Mankila) is actually a real place in Finland: https://maps.app.goo.gl/D3dFdmt7ACokCf7d8

The shape of the lake, the buildings around it are different and there are extra islands etc, but it is clearly modelled after the real deal. That’s quite cool, heh.

#FinnishCottageSimulator

@Ichinin@infosec.exchange Currently there is no driving with or working on cars, but I’ve managed to hitch a ride from one of the NPCs. Driving the moped is quite fun until you drive into a ditch. Pulling the moped out of there is as painful as in real life… 😆

Other difference to my summer car: Currently there is no hunger, thirst, stress or similar “pressure”. As it is early access I don’t know if any if this will change later.

The multiplayer is ton of fun with bunch of friends.