We found a critical vulnerability in #PuTTY SSH client with NIST P-521 keys, that allows private key recovery from only 60 signatures, CVE-2024-31497! If you use #Putty or #Filezilla with ECDSA P-521, upgrade now and generate a new key! Joint work with @TrueSkrillor, details ⬇️
On December 25, 1999, libsafe introduced a technique for ‘Protecting Critical Elements of Stacks’. In this paper, it showcased the ‘Libsafe Containment of Buffer Overflow’ by iterating through the EBP list. I wasn't aware of this paper and "re-invented" this as ‘Stack Fortify’🤯
The BSidesTLV 2024 Call for papers is officially open!
Our theme this year is all about resilience : “Together we stand, Together we hack”. Submit your talks now to speak on our main stage, full day conference Thursday June 27, 2024 at Tel Aviv University https://t.co/DucyzwDxuE
days since last dd(1) accident: 0
.. only blew away EFI partition and /boot, fortunately! was able to piece it back together over ssh using cached partition layout information from sysfs and some handholding by @iksteen 🙏 (who is a walking archlinux wiki, amongst other things)
This is beyond scandalous. Every UN agency, official, and aid organization that was in Gaza should be investigated and potentially prosecuted. They have lied and covered up these atrocities for years. They are still lying right now.
📢 Just dropped the fourth and final blog post in the #RingHopper saga! In this post, we elevated the attack to operate from user-land and thus, managed to hop from Ring 3 to SMM. Explore the details in our latest post here: https://t.co/TvTEthTuK0
⭕🦗
@LuskyYehonatan
New Project Zero blogpost by Mark Brand - first mobile device ships with MTE (and how to enable it).
"MTE on a production handset for the first time is a big step forward... there's real potential to use this technology to make 0-day harder".
https://t.co/sjxJaZ9cyQ
GrapheneOS now has hardware memory tagging support in our Stable channel. Memory tagging greatly improves protection against targeted attacks. Thanks to hardware support on the Pixel 8 and Pixel 8 Pro, it's extremely low overhead despite the massive benefits it's able to provide.
BREAKING! Canary Mission can confirm that @RepRashida has extensive fundraising ties to Hamas insiders, incl working w/Hamas activist Salah Sarsour who co-hosted a 2018 election campaign event. Tlaib’s Canary Mission profile: https://t.co/0XTmlE1akk 🧵
Hamas terrorist in leaked interrogation video: “the commander told us to stomp in their heads, behead them. Do whatever you want with them... chop off their legs".
Hamas is ISIS!!!
A compilation of interrogations of Hamas terrorists responsible for the #October7massacre. In the interrogations, they admit to a litany of crimes against humanity including rape, beheading, child killing and more.
The @BBCNews gets it’s arse handed to it again. This time incredibly politely by an international law expert who gift wraps the BBC’s arse for them and hands it over with a card saying: “Dear BBC - please find enclosed your arse”