Today we mourn the loss of rarbg. What a sad day.

So that's pretty batshit crazy ...

Fucking around with signed int sizes is like playing with a loaded gun. size_t!, learn it, use it, internalize it!

so when I type in 'download chrome' in a freshly installed windows VM, in edge, the actual result to download chrome is the 6th entry down. This doesn't feel like it's a coincidence...

#blockchain will fix it!

the new notepad icon is ugly :(

In the 90s when I was an annoying teenager I've done my share of channel takeovers and the occasional server takeover, but in the end you always loose. What Andrews Lee has done is next next level. He took over the largest IRC network in the world and is expecting to keep it.

Charlie is 100% right!

Well said!

For those that keep shouting 'gotos, harmful, dijkstra' anytime they see a goto error handler, I suggest you actually go read the paper :)

IOActive Labs: No buffers harmed: Rooting Sierra Wireless AirLink devices through logic bugs by Ruben Santamarta (reversemode) labs.ioactive.com/2020/09/no-buf…

Not credited in the commit, but reported by my buddy droogie: github.com/microsoft/WSL2…

Having a publicly documented security bug reporting process (e.g. email address) is a sign you care about security. If you don't have that, there's a good chance I won't report security bugs in your product (should I find one).

Mario Ballano, Gabriel Gonzalez, Josep Pi Rodríguez, and Simon Robin, Security Consultants at IOActive, disclosed multiple vulnerabilities to Moog EXO series Cameras on June 18, 2020. Read the advisory: ioac.tv/3hy1xu6

Mario Ballano, Gabriel Gonzalez, Josep Pi Rodríguez, and Simon Robin, Security Consultants at IOActive, disclosed multiple vulnerabilities to Verint PTZ Cameras on June 18, 2020. Read the advisory: ioac.tv/2Nbc40h

CVE-2020-8597 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. cve.mitre.org/cgi-bin/cvenam…

If you take a moment and think about the TCB in linux/windows/osx you get lightheaded. How did we get here? where did we go wrong?

I always thought Postels robustness principle 'Be liberal in what you accept, and conservative in what you send.' was terrible advise, and has lead to many security bugs. Turns out I wasn't alone, rfc1122 added some much needed clarifications.