Security

https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md

Writeup and PoC for a new, simple to exploit Word CVE. A bug in the RTF font handling could cause heap corruption and code execution on Mac and Windows. This is exploitable even when the document is previewed, without fully opening Word.

https://krebsonsecurity.com/2023/03/sued-by-meta-freenom-halts-domain-registrations/

Freenom is sued for giving out free domains and not responding quickly to abuse complaints. Is Let’s Encrypt next for giving out free SSL certs?

https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

Mandiant’s writeup on tactics and behavior of North Korea's UNC2970. If you get strung along by a recruiter who takes you from LinkedIn to WhatsApp then shares a Word document with macros enabled… watch out.

https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

A bootkit that bypasses UEFI secure boot has been around since late 2022. You can buy access yourself for a cheap $5,000. Many devices have still not patched the secure boot bypass, despite a proof of concept being public for an even longer time.

Tech

https://www.wsj.com/articles/inside-metas-push-to-solve-the-noisy-office-ba43042

Meta invented the cubicle. This sits right next to the Metaverse on the list of things Meta did not invent.

http://ascii.textfiles.com/archives/5509

Discord is where so much subcultural history and lore is stored. If Discord goes down, terabytes of internet history will be lost. This post is an argument for exportable or crawlable access to Discord chat history.

https://nickdesaulniers.github.io/blog/2023/03/10/disambiguating-arm/

Can you explain the difference between Arm, Arm ARM, Armv9, Armv9.4-A, AArch64, A64, A78, ARM9, StrongARM, ARMv4t, ARMv6t2, aarch64be, and more? Nick can.

https://www.windytan.com/2023/02/using-hdmi-radio-interference-for-high.html

HDMI cables can leak data through radio waves. The author made a images that could be played over HDMI, and by listening to and decoding emitted radio waves, could watch a video that looks different from what was displayed on the monitor. What a complicated way to communicate over an airgap. Maybe just use the lights on ethernet ports?

Science

http://calteches.library.caltech.edu/51/2/CargoCult.htm

Feynman on “Cargo Cult Science.” Science is about reproducibility. Retry experiments that others have claimed to run and be honest - have integrity - when reporting results.

UX

https://growth.design/case-studies/mario-kart-revenue-model

UX designers always explain UX with great UX. These comic-style walkthroughs are always fun. This one is on how to spend money in Mario Kart Tour.

AI

https://github.com/facebookresearch/llama/pull/73

Facebook’s LLaMA models leaked. They were already available for most researchers who asked, now anyone can use them.

https://github.com/microsoft/visual-chatgpt

Using ChatGPT to edit and generate images. This may be a way to work much more iteratively with tools like Stable Diffusion. I haven’t had the chance to play with it yet unfortunately, so if it works well, please let me know!

Money

https://twitter.com/politicalmath/status/1623432184353763329

The IRS didn’t make a decision about whether or not state refunds are taxable. So TurboTax and H&R Block decided for them: not taxable.

https://www.fdic.gov/news/press-releases/2023/pr23019.html

FDIC shut down SVB and created a new bridge bank in its place: SVB, N.A. FAQ here. Older press release here.

Fun

https://xkcd.com/2748/

Someone’s going to make a puzzle where the solution is volume measured in cubic degrees, and it’s going to be so cursed.