~lobsters | Bookmarks (159)

clear filters

How to create a Secure, Random Password with JavaScript - Hanno's blog

hboeck.de

cryptography javascript security web
1
Blog - How I Also Hacked my Car

goncalomb.com

reversing security
2
Breaking Bitlocker - Bypassing the Windows Disk Encryption

youtube.com

science & technology security video windows
1
Frederik Braun - How Firefox gives special permissions to some domains

frederik-braun.com

browsers security
1
Thanksgiving 2023 security incident

cloudflare.com

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server....
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and on Sunday, November 26, we brought in CrowdStrike’s Forensic team to perform their own independent analysis.Yest...

security
1
A captivating summer 2007

fabiensanglard.net

historical ios reversing security
1
several container breakouts due to internally leaked fds

github.com

devops go security
1
Macaroons Escalated Quickly

fly.io

cdn docker elixir fly fly.io
2
New Linux glibc flaw lets attackers get root on major distros

bleepingcomputer.com

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting...
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). Tracked as CVE-2023-6246, this security flaw was found in glibc's __vsyslog_internal() function, cal...

debian fedora glibc linux privilege escalation
2
Enhancing trust for SGX enclaves

trailofbits.com

nix security
1
npm flooded with 748 packages that store movies

sonatype.com

Meet npmjs.com, a video and eBook hosting platform — not our words, but it seems that's...
Meet npmjs.com, a video and eBook hosting platform — not our words, but it seems that's what goes in the mind of some users (and attackers) recently seen misusing the platform to store media like multi-gig movies, videos, and eBooks. Today, the Sonatype Security Research team came across 748 packages flooding the np...

nodejs security
1
UEVR: An Exploration of Advanced Game Hacking Techniques

praydog.com

home.. github donations articles feed praydog / July 2023 (9023 Words, 51 Minutes) Disclaimer: Most of...
home.. github donations articles feed praydog / July 2023 (9023 Words, 51 Minutes) Disclaimer: Most of what is talked about here is not new, and has been used in the security industry for a long time. This article is meant to show how these techniques can be used to locate functions, variables, and structure offsets...

reversing security
1
Embedded Systems Security and TrustZone

embeddedsecurity.io

hardware security
1
Rook to XSS: How I hacked chess.com with a rookie exploit

skii.dev

security
2
Deciphering Glyph :: Unsigned Commits

glyph.im

security vcs
2
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing - Mobile Hacker

mobile-hacker.com

A recently discovered critical vulnerabilities (CVE-2023-45866, CVE-2024-21306) in Bluetooth can be exploited to inject keystrokes without...
A recently discovered critical vulnerabilities (CVE-2023-45866, CVE-2024-21306) in Bluetooth can be exploited to inject keystrokes without user confirmation – by accepting any Bluetooth pairing request. These vulnerabilities affect Android, Linux, macOS, iOS, and Windows operating systems, making it a serious threat...

mobile security
1
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs

gatech.edu

We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic sidechannel leakage...
We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic sidechannel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.Thus, we show, it is possible to conduct physical sidechannel attacks on computation by remote and purely passive analysis of commonly-shared channels. These attacks require...

pdf security
1
LeftoverLocals: Listening to LLM responses through leaked GPU local memory

trailofbits.com

security
2
Zero Day Initiative — Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own

zerodayinitiative.com

If you just want to read the contest rules, click here.Even though we’re a week out...
If you just want to read the contest rules, click here.Even though we’re a week out from our first ever Pwn2Own Automotive, it’s time to start thinking ahead to the original Pwn2Own event, which takes place at CanSecWest in Vancouver on March 20-22, 2024. We’re always excited to return to Vancouver for the event, bu...

event security
1
PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.

quarkslab.com

security
2
MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms

googleblog.com

Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team Welcome back...
Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objec...

browsers security
1
When Random Isn't | orlp.net

orlp.net

games security
2
Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch

johnstawinski.com

ai security
3
PSL in curl | daniel.haxx.se

haxx.se

security web
2