Security
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
Further details on the LastPass hack. The attackers got access to an engineer’s laptop, and that engineer had access to a LastPass vault that held decryption keys, so now the attacker has decryption keys.
https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser
The DSi browser runs a old version of Opera. Nathan Farlow found a use-after-free and exploited it with techniques as old as NOP sleds.
https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/
A exploit was used to brick a large number of satellite internet modems at the start of the Russia/Ukraine war. The feature makes the situation sound like it could have been much worse, so go play Hack-A-Sat to help secure outer space.
https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/
A bug in readline enabled arbitrary file read when used in suid binaries. I’m sure there are a number of other popular libraries that were not developed with the expectation that they will execute in a high privileged context. Could make for an interesting CTF chal.
https://seclists.org/oss-sec/2023/q1/51
Yet another reminder that timing attacks are ubiquitous. At least exploitation is still kinda hard.
AI
https://www.jailbreakchat.com/
A collection of ChatGPT jailbreaks. Dev Mode v2 started telling me to execute rm -rf / —no-preserve-root. On an unrelated note, I’m drafting this from my phone.
https://talesofsyn.com/posts/creating-isometric-rpg-game-backgrounds
Using Stable Diffusion to create backgrounds for video games. They look fantastic, but it seems just a bit too impractical and difficult to manipulate to get real use, at least for at least a few more months.
Startups
https://www.notboring.co/p/the-appetizirp
Packy McCormick on zero interest rates. His theory is that occurrences enabled by near-zero interest rates are simply leading indicators of what will be normal when the world is richer and tech is more advanced.
The coffee shop fallacy: Enjoying hanging in coffee shops is different from operating a coffee shop. Running a business is different from using a business.
Tech
https://blog.danslimmon.com/2019/07/15/do-nothing-scripting-the-key-to-gradual-automation/
Writing scripts that just print out commands to copy and paste. This avoids difficult to debug crashes, is simple to write, and is just as easy to execute as a full-fledged shell file.
https://www.mcmillen.dev/sigbovik/
93% of paint splatters, when parsed via OCR, are valid Perl programs. The only surprise here is that the number isn’t higher.
Fun
http://ranprieur.com/misc/dumpster.html
Dumpster Diving FAQ from 2004, updated 2015. I guess that’s one way to get a good cheap meal.
The mystery car that would show up randomly, win street races, and vanish for months. Turns out, the owner was a police officer, so he knew exactly when to lay low.
https://twitter.com/d_feldman/status/1630298607881539586
The untold true story of where the 🐁 emoji originated. Whoever was taking minutes took their job seriously.
https://en.m.wikipedia.org/wiki/F._D._C._Willard
F. D. C. Willard was a cat who published a popular quantum mechanics paper. How appropriate. The real reason the cat was a coauthor was laziness: the author accidentally used ‘we’ and ‘us’ instead of ‘I’ and ‘me.’ Instead of rewriting, he added his cat as an author.