Pulse of Truth

mozz Admin , 1 day ago in Majority of Critical Open Source Projects Contain Memory Unsafe Code

The fuck are you on about

The headline is not what the article says at all

written in a memory-unsafe language

The report concluded that most critical open source projects potentially contain memory safety vulnerabilities. This is a result of direct use of memory unsafe languages or external dependency on projects that use memory-unsafe languages.

Emphasis on “potentially” is mine

Quite a lot more than 55% of projects have an external dependency on projects that use memory unsafe languages. Aside from a certain amount of Go or Rust projects that manage to avoid any dependency that drops down into C to expose some library at some point, I think it’s all of them.

krogoth Mod , 15 hours ago

Not sure if that is even the point. The article is all about memory unsafe programming!!1!. But there is no context at all.

Sure, there are vulnerabilities because of unsafe memory handling. But I looked for some statistic which would bring unsafe memory handling into context with say the high profile vulnerabilities from the last few weeks / months. I haven't spent too much time on research but looking at some lists containing vulns from the last few months it seems as if all those pre-auth, priv escalation, directory traversal and whatnot very based on much simpler failures like wrong error handling or logical errors or missing code than unsafe memory handling.

I might be wrong, then please show me the numbers, but shooting at C/C++ because unsafe!!1! sounds like a very biased story there.

And while we are at it. I'd also be interested in C vs. (somewhat modern) C++.

Cort , 1 day ago in Researchers in Rabbit R1's jailbreaking community say Rabbit left critical API keys hardcoded in its code, which would let hackers use Rabbit's internal systems (Jason Koebler/404 Media)

Wow, they're going for $125 on eBay right now. I'd consider getting one to play around with, but I saw the bringus video on running stock android. It's just not there yet, and there's no way to bring back the stock OS

draughtcyclist , 2 days ago in Researchers in Rabbit R1's jailbreaking community say Rabbit left critical API keys hardcoded in its code, which would let hackers use Rabbit's internal systems (Jason Koebler/404 Media)

Is anyone surprised? They also said it was built from the ground up, then got outed as an android device. This is lipstick on a pig.

CorrodedCranium , 2 days ago in Apple AirPods Bug Allows Eavesdropping

Really misleading title. It was patched. It should say allowed. You can still edit the post to fix this OP

wizardbeard , 2 days ago in Apple AirPods Bug Allows Eavesdropping

Misleading. When trying to connect to a device, an attacker can spoof being said device to get the airpods to connect to them instead. Similar to SSID spoofing with Wi-Fi.

Nothing in the linked article indicates this allows eavesdropping on existing connections.

NoneYa , 2 days ago in Bogus: LockBit's Claimed Federal Reserve Ransomware Hit

I wouldn’t be surprised. What’s going to happen to them if they did get hit by ransomware and millions of peoples’ sensitive info is leaked? Take a look at what happen to Equifax and you’ll see. Not a damn thing.

Asidonhopo , 2 days ago in Organized crime and domestic violence perps are big buyers of tracking devices

Reason enough a ban should be seriously considered except for scientific research purposes

chicken , 2 days ago in FBI warns of fake law firms targeting crypto scam victims

Scammers targeting people who have been scammed is so common and they are incredibly brazen about it. Basically every post I see on smaller crypto subs on Reddit where some hapless individual has lost money somehow and is asking for help, half the response comments are obvious scammers offering to privately 'assist' them through their problem in DMs.

Please_Do_Not , 3 days ago in FBI warns of fake law firms targeting crypto scam victims

Fool me once...

owenfromcanada , 4 days ago in Microsoft attempts to steer Windows users away from local accounts

They've been "steering away" since Windows 10 was released. The question is when they'll disable it completely.

ryannathans , 4 days ago in More Memory Safety for Let’s Encrypt: Deploying ntpd-rs

God damn this is retarded, just disregards the existence of NTS. Just use a client like chrony that already supports secure time syncing.

Ntpd-rs does not fully support NTS yet and "requires more funding"

NiPfi , 4 days ago in Microsoft attempts to steer Windows users away from local accounts

Wait, so having to click "back" on the Microsoft account login screen befire being given the option to create an offline account didn't already make it obvious enough?

nightwatch_admin , 4 days ago in 1 out of 3 breaches go undetected

Are they sure only 1 on 3 goes undetected?

finley , 5 days ago in How Sweden's push to go cashless has left consumers and the country vulnerable to online fraud; value of fraudulent transactions has doubled since 2021 (Bloomberg)

when new technologies roll out to replace old methods of doing things, governments should work harder on tech literacy surrounding these new solutions.

eskimofry , 5 days ago

Whenever we introduce new stuff like this we limit the experiment to youngsters and keep around the old reliable as a failsafe.

All it takes for any software to fail is pulling the plug.

Eheran , 5 days ago

So you think banking would in any way still work with the plug pulled?

prettybunnys , 5 days ago in Since joining NATO, Sweden claims Russia has been borking Nordic satellites

This is a weird use of the word “bork”

zero_spelled_with_an_ecks , 5 days ago

Yeah, not even cooking anything.

prettybunnys , 5 days ago

It took me a second to realize the “bork” you meant lol.

bork bork bork