another banger from qualys https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
jessica
- 4 Followers
- 59 Following
- 83 Posts
interested in windows and browser exploitation
@GossiTheDog must be nice
@benjaoming @hanno always has been an arms race. the incentive has always been to throw as much computation at the problem as you can afford. but there are gaps and limits to what automation can accomplish. when an attacker writes tooling they have different goals and scope than a project maintainer. if you know some project has a massive testing suite they're running on oss-fuzz or like they have their own custom llm harness cranking away on cluster of h100s, you can't really compete with that. you will just focus on finding the gaps. so it's kind of an asymmetric battle, i think?
@david_chisnall @jerry truly hes the american erdogan lol
@buherator it seems familiar to me somehow, perhaps a variant🤔
@lina You can always just do them without even competing against a team of egghead academics who see it as another credential for their CV. Solving puzzles is fun on its own. Maybe we were screwed the moment people started seeing hacking not as an art and source of emotional fulfillment, but as a road to riches. Oh well. I think a lot of society will have to rethink their priorities (and the social contract) over the next decades.
Sarah Jamie LewisRE: https://mastodon.social/@sarahjamielewis/116161459299855467
Something I want to make clear:
The "age verification" bit of the CA/CO laws are not the bit I care about i.e. a law that requires an operating systems to implement some kind of parental control feature is...whatever.
The bits I care about are the obligations on developers to call APIs and then that invocation being taken as evidence of knowledge.
Specifically, I think a -legal- requirement to:
- make any kind of call is an attack on speech
- know a users age (bracket) is a privacy violation
@evacide what is "account setup?" what is an "account?" is useradd illegal now? even daemon and nologin users have to provide an "age signal?" that doesn't even make sense. with windows i guess it's another excuse to force oobe setup on everyone but like, what if i don't use a gui installer at all? wtf lol
blacktopNEW macOS 26.3 🥫🍝 sauce! 🎉
xnu:
https://github.com/apple-oss-distributions/xnu/compare/xnu-12377.61.12...xnu-12377.81.4
dyld:
https://github.com/apple-oss-distributions/dyld/compare/dyld-1335...dyld-1340
- this post was generated by `ipsw` 🤖
@timbray this is also an affliciton that plagues crypto/web3 people. the plumbing of interbank transfers is also massively complex. if you have rock solid code that has been in production for decades, why would you want to fuck with it. "solana is so much faster and cheaper🚀 🚀 🚀 ." yes, banks would be a lot faster and cheaper if they didn't have to care who/where your money was going to or what they're using it for. finance people generally do not view this as a "feature"