icesurfer

@[email protected]
111 Followers
81 Following
359 Posts
Infosec Swiss Army Knife. Tec diver. Occasional (but published) travel photographer. Opinions are all mine and usually wrong.
icesurferNov 13, 2024

"In this study, we systematically evaluate current mainstream decompilers’ semantic consistency and readability. Semantic evaluation results show that the state-of-the-art decompiler Hex-Rays has about 55% accuracy at almost all optimization"

https://dl.acm.org/doi/pdf/10.1145/3650212.3652144

icesurferOct 29, 2024
clearbluejarOct 29, 2024
New blog post diving into Ghidra Data Types and when you need to create your own custom GDTs - part 1 https://medium.com/@clearbluejar/everyday-ghidra-ghidra-data-types-when-to-create-custom-gdts-part-1-143fe45777eb
Everyday Ghidra: Ghidra Data Types— When to Create Custom GDTs — Part 1

In this 2-part “Everyday Ghidra” series post, we’ll walk through creating custom Ghidra data types by parsing C header files. In Everyday Ghidra: Symbols (part 1), we explored various sources Ghidra…

Medium
icesurferOct 24, 2024
Always fun when a CrackMe's challenge can be completely bypassed in ways the developer never intended to
icesurferOct 12, 2024
Show threadSwiftOnSecurityOct 12, 2024
LLMs are super fucking dangerous because they subvert all normal human signals on authority. They always have impeccable language when telling you fucking nonsense.
icesurferOct 12, 2024
wirepairOct 12, 2024
ah yes, the eternal development struggle, do shit right, or get shit done.
icesurferOct 5, 2024
Fi 🏳️‍⚧️Oct 5, 2024

"a backdoor for one is a backdoor for everyone", quoting my own fucking self for,

L I T E R A L L Y

Y E A R S.

I fucking said this would happen; half the rest of the industry said this would happen, and mirabile motherfucking dictu, have a big fucking look at what fucking happened.

"told you so" does not go anywhere near far enough for the amount of so I hath fucking told.

https://mastodon.social/@fj/113253726161428151

icesurferOct 5, 2024
Frédéric JacobsOct 5, 2024

China targeted and might have held for months access to the infrastructure used to do wiretaps on the AT&T and Verizon networks.

This is a huge "told you so" moment for the cryptographic community that has been saying that such infrastructure does present a huge risk to national security. China reportedly used this capability for intelligence collection, obviously without a warrant ...

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=C5ywbp&reflink=desktopwebshare_permalink

icesurferOct 5, 2024
Michael KinyonOct 4, 2024
A mathematician uses first person plural in proofs to suggest to the reader that they are on a journey together. This is not dissimilar to Virgil guiding Dante through the Inferno.
icesurferOct 2, 2024

23andme is on the verge of bankrupcy, which means that some random company could soon be able to purchase a DB with the DNA of ~15 million people.

Dunno, if you are among them you might want to get your data erased ASAP(and pray that they actually comply).

https://www.theatlantic.com/health/archive/2024/09/23andme-dna-data-privacy-sale/680057/

Remember That DNA You Gave 23andMe?

The company is in trouble, and anyone who has spit into one of its test tubes should be concerned.

The Atlantic
icesurferSep 30, 2024
Today's barrel of rage is for those people who in 2024, and with key-based auth available and deployed, think it's still a good idea to ban an IP address after a handful of failed login attempts, because some auditor said so in 1998.