Chrome: 72 hours to update or delete your browser. by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 24 points 3 months ago

We're all trying to figure out where these headlines came from. The stable channel with all the fixes does not (at this time) bundle the warning. How is that users have become confused and believe the dev channel is the only way to get security fixes?

Chrome: 72 hours to update or delete your browser. by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 97 points 3 months ago

I'm going to go way out on a limb here and guess nothing will happen if I do neither.

Framework boosts its 13-inch laptop with new CPUs, lower prices, and better screens by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 23 points 3 months ago

What critical information are people putting in the six missing pixels?

Framework boosts its 13-inch laptop with new CPUs, lower prices, and better screens by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 35 points 3 months ago

Now people want recall?

Apple needs to explain that bug that resurfaced deleted photos by tedu in c/apple_enthusiast@lemmy.world
[-] tedu@azorius.net 57 points 3 months ago

I'm impressed the verge was able to refer to the issue without using the word nudes in the headline.

Please Don’t Share Our Links on Mastodon: Here’s Why! | itsfoss.com by tedu in c/fediverse@lemmy.world
[-] tedu@azorius.net 39 points 4 months ago

Real talk, the mastodon traffic stampede isn't that bad for a properly configured website.

A YouTuber let the Cybertruck close on his finger to test the new sensor update. It didn't go well. by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 128 points 4 months ago

There's plenty of dumb to go around, but the word frunk by itself is the dumbest thing about this story.

Motherboard makers apparently to blame for high-end Intel Core i9 CPU failures by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 23 points 4 months ago

The hardware unboxed video has more details, and squarely points the blame at Intel for previously saying that running the CPU at uncapped power was in spec.

CEO Alarmed to Discover That Laying Off 1,500 Workers Had Consequences by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 184 points 4 months ago

I like how the verb in the headline evolves every time I see this story. First he was surprised. Then he was shocked. Now he's alarmed. Maybe I'll check back tomorrow and learn he's horrified!

Spotify CEO Daniel Ek surprised at negative impact of laying off 1,500 Spotify employees by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 40 points 4 months ago* (last edited 4 months ago)

The full quote if you don't want to read the article.

Another significant challenge was the impact of December workforce reduction. Although there’s no question that it was the right strategic decision, it did disrupt our day-to-day operations more than we anticipated. It took us some time to find our footing, but more than four months into this transition, I think we’re back on track and I expect to continue improving on our execution throughout the year getting us to an even better place than we’ve ever been.

And the full transcript of the earnings call if you want to read the whole thing.

https://seekingalpha.com/article/4685308-spotify-technology-s-spot-q1-2024-earnings-call-transcript

A Judge Can Break Up Google Right Now. Will He? by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 54 points 4 months ago

I am going to guess that Google will not be broken up right now.

X automatically changed 'Twitter' to 'X' in domain names, breaking legit URLs by tedu in c/technology@lemmy.world
[-] tedu@azorius.net 64 points 5 months ago

He doesn't just want the links to change. He wants the mindshare to change. To erase twitter.com from consciousness. Because X is like, super cool, man. So the solution is to rewrite tweets so it's impossible to say the ungood name.

28
CVE-2020-19909 Is Everything That Is Wrong With Cves (daniel.haxx.se)
submitted 1 year ago* (last edited 1 year ago) by tedu@azorius.net to c/cybersecurity@infosec.pub
2 comments fedilink

It was obvious already before that NVD really does not try very hard to actually understand or figure out the problem they grade. In this case it is quite impossible for me to understand how they could come up with this severity level. It’s like they saw “integer overflow” and figure that wow, yeah that is the most horrible flaw we can imagine, but clearly nobody at NVD engaged their brains nor looked at the “vulnerable” code or the patch that fixed the bug. Anyone that looks can see that this is not a security problem.

21
Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop (www.errno.fr)
submitted 1 year ago by tedu@azorius.net to c/cybersecurity@infosec.pub
3 comments fedilink

The vulnerability should be obvious: at some point in the boot process, the VMK transits unencrypted between the TPM and the CPU. This means that it can be captured and used to decrypt the disk.

38
WinRAR flaw lets hackers run programs when you open RAR archives (www.bleepingcomputer.com)
submitted 1 year ago by tedu@azorius.net to c/cybersecurity@infosec.pub
4 comments fedilink

The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.

RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477.

https://www.zerodayinitiative.com/advisories/ZDI-23-1152/

7
Summary: MTE As Implemented (googleprojectzero.blogspot.com)
submitted 1 year ago by tedu@azorius.net to c/cybersecurity@infosec.pub
0 comments fedilink

MTE = Memory Tagging Extension

In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specification. This blog post series is based on that review, and includes general conclusions about the effectiveness of MTE as implemented, specifically in the context of preventing the exploitation of memory-safety vulnerabilities.

Despite its limitations, MTE is still by far the most promising path forward for improving C/C++ software security in 2023. The ability of MTE to detect memory corruption exploitation at the first dangerous access provides a significant improvement in diagnostic and potential security effectiveness. In comparison, most other proposed approaches rely on blocking later stages in the exploitation process, for example various hardware-assisted CFI approaches which aim to block invalid control-flow transfers.

Implementation Testing

Mitigation Case Studies

The Kernel

10
The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 (security.googleblog.com)
submitted 1 year ago by tedu@azorius.net to c/cybersecurity@infosec.pub
0 comments fedilink

41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in 2021. Although a 40% drop might seem like a clear-cut win for improving security, the reality is more complicated.

view more: next ›

tedu

joined 1 year ago