chompieI’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: https://securityintelligence.com/x-force/little-bug-that-could
Robert Gützkow
- 4 Followers
- 76 Following
- 161 Posts
(This is an old account, moved to [email protected]) IT security, software engineering and digital art. he/him
BlenderBlender 4.2 LTS - Showcase Reel
https://video.blender.org/videos/watch/eaac1b6d-00b8-4eb2-a7c5-b2f9dce1ced3
Blender 4.2 LTS - Showcase Reel
Enjoy this showcase of amazing work done by the Blender Community. See everything new in Blender 4.2 LTS https://www.blender.org/download/releases/4-2/ Credits: Blender Studio Midge "Mantissa" Sinnaeve Gleb Alexandrov, Creative Shrimp Yi-zhishun Ethan Davis Humberto Lazo, Project Last Ocean Bucket Studio SouthernShotty Matt Tkocz André Taylforth Weybec Studio Chris Jones Walter Kim DillonGoo Studios PojoQuiet Paul Chadeisson Hamza N. Meo Blender Studio Kazuya Ohyanagi Kay Hilman Denver Jackson VictoryLuode@ZROII Pierrick Picaut - P2DESIGN Julien Herbey Support Blender development: https://fund.blender.org#peertube #foss #b3d #blender Follow Blender: Twitter: https://twitter.com/blender, Instagram: https://instagram.com/blender.official, Facebook: https://facebook.com/YourOwn3DSoftware, TikTok: https://www.tiktok.com/@blender_org, Mastodon: https://mastodon.social/@blender
Kevin BeaumontAnnouncement is out. Good on Microsoft for finally reaching a sane conclusion.
- Recall won’t ship as a feature at launch on Copilot+ PCs any more.
- Won’t be available in Insider preview channel at launch, as it was pulled.
When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.
Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.
VS Code extensions lacking a permission model and sandboxing as well as Microsoft not verifying most supplied information, creates quite a significant supply chain attack vector.
Great to see Bastien making his appearance in the fifth episode of Blenderheads! We're getting a bit of a look behind the scenes for the Blender Conference 2023. #b3d #blender
https://www.youtube.com/watch?v=h8rauHRo1CY
https://www.youtube.com/watch?v=h8rauHRo1CY
BLENDERHEADS - Ep. 05
Sybren Stüvel 🧡🤍The dates for Blender Conference 2024 are known!
23-25 October, with 26 October Open House at Blender HQ.
lambdafuWe found a critical vulnerability in #PuTTY SSH client with NIST P-521 keys, that allows private key recovery from only 60 signatures, CVE-2024-31497! If you use #Putty or #Filezilla with ECDSA P-521, upgrade now and generate a new key! Joint work with @Skrillor!
ElaHere's my suggestions for "lessons learned" from the xz attack:
* Upstream code should be pulled from the git, not some random tarball
* All requests to disable valgrind, memory sanitation etc. in tests should be met with extreme scepticism and caution
* We need to call out people bullying open source maintainers
* We need to find ways to support maintainers before they burn out
* We need to establish a culture of succession for open source maintainers
AndresFreundTecI accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
Will DormannwatchTowr: Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
https://labs.watchtowr.com/are-we-now-part-of-ivanti/
https://labs.watchtowr.com/are-we-now-part-of-ivanti/
Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
As astute readers of our Twitter account (https://twitter.com/watchtowrcyber) and blog will know, we’ve recently been heavily involved in understanding the recent spatter of vulnerabilities in Ivanti products - most recently, their Connect Secure product which portrays itself as an SSLVPN device. We’re incredibly proud of