Security

https://support.lastpass.com/help/incident-2-additional-details-of-the-attack

Further details on the LastPass hack. The attackers got access to an engineer’s laptop, and that engineer had access to a LastPass vault that held decryption keys, so now the attacker has decryption keys.

https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser

The DSi browser runs a old version of Opera. Nathan Farlow found a use-after-free and exploited it with techniques as old as NOP sleds.

https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/

A exploit was used to brick a large number of satellite internet modems at the start of the Russia/Ukraine war. The feature makes the situation sound like it could have been much worse, so go play Hack-A-Sat to help secure outer space.

https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/

A bug in readline enabled arbitrary file read when used in suid binaries. I’m sure there are a number of other popular libraries that were not developed with the expectation that they will execute in a high privileged context. Could make for an interesting CTF chal.

https://seclists.org/oss-sec/2023/q1/51

Yet another reminder that timing attacks are ubiquitous. At least exploitation is still kinda hard.

AI

https://www.jailbreakchat.com/

A collection of ChatGPT jailbreaks. Dev Mode v2 started telling me to execute rm -rf / —no-preserve-root. On an unrelated note, I’m drafting this from my phone.

https://talesofsyn.com/posts/creating-isometric-rpg-game-backgrounds

Using Stable Diffusion to create backgrounds for video games. They look fantastic, but it seems just a bit too impractical and difficult to manipulate to get real use, at least for at least a few more months.

Startups

https://www.notboring.co/p/the-appetizirp

Packy McCormick on zero interest rates. His theory is that occurrences enabled by near-zero interest rates are simply leading indicators of what will be normal when the world is richer and tech is more advanced.

https://web.archive.org/web/20120529125543/http://thestartuptoolkit.com/blog/2011/10/the_coffeeshop_fallacy

The coffee shop fallacy: Enjoying hanging in coffee shops is different from operating a coffee shop. Running a business is different from using a business.

Tech

https://blog.danslimmon.com/2019/07/15/do-nothing-scripting-the-key-to-gradual-automation/

Writing scripts that just print out commands to copy and paste. This avoids difficult to debug crashes, is simple to write, and is just as easy to execute as a full-fledged shell file.

https://www.mcmillen.dev/sigbovik/

93% of paint splatters, when parsed via OCR, are valid Perl programs. The only surprise here is that the number isn’t higher.

Fun

http://ranprieur.com/misc/dumpster.html

Dumpster Diving FAQ from 2004, updated 2015. I guess that’s one way to get a good cheap meal.

https://www.dodgegarage.com/news/article/owners-clubs/2022/12/a-look-at-the-black-ghost-dodge-challenger-and-the-man-behind-the-wheel.html

The mystery car that would show up randomly, win street races, and vanish for months. Turns out, the owner was a police officer, so he knew exactly when to lay low.

https://twitter.com/d_feldman/status/1630298607881539586

The untold true story of where the 🐁 emoji originated. Whoever was taking minutes took their job seriously.

https://en.m.wikipedia.org/wiki/F._D._C._Willard

F. D. C. Willard was a cat who published a popular quantum mechanics paper. How appropriate. The real reason the cat was a coauthor was laziness: the author accidentally used ‘we’ and ‘us’ instead of ‘I’ and ‘me.’ Instead of rewriting, he added his cat as an author.