• 10 Posts
  • 236 Comments
Joined 3 years ago
cake
Cake day: December 20th, 2021

help-circle

  • If I’m understanding this correctly, it’s the mere existence of reloader.efi and the fact that Microsoft signed it that’s the problem.

    ESET first discovered CVE-2024-7344 in July 2024. Since then, all vulnerable applications have been fixed, and Microsoft revoked the old, vulnerable binaries in its Jan. 14, 2025, Patch Tuesday update.

    So Microsoft are just signing anything even if it breaks UEFI security? And presumably, now that this file is out there, it can be used to subvert SecureBoot on any system that hasn’t had its UEFI blacklist updated?

    Oh great, Microsoft, good job.







  • This breach is worse than just a website’s database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.

    Before changing all of your passwords (and setting up a password manager if you don’t already use one) you need to identify which of your devices was compromised and wipe it.

    If you change all your passwords from the compromised device then the malware will just record all of your new passwords.








  • The nice thing about circular buffers is that they can be made lock-free by making each pointer only ever modified by one function, ie. get modifies the head and put modifies the tail.

    The solution in the article modifies both head and tail in the get function (when subtracting the page size to put the buffer back into the first page) which makes synchronization necessary to avoid races.

    The author could actually make this implementation lock-free too, by making only the get function perform the subtraction on the head whilst the put function performs the subtraction on the tail.

    You would then just need a little bit of extra logic when calculating the current size, but then you’d have a lock-free data structure.




  • Not a red rose or a satin heart.

    I give you an onion.
    It is a moon wrapped in brown paper.
    It promises light
    like the careful undressing of love.

    Here.
    It will blind you with tears
    like a lover.
    It will make your reflection
    a wobbling photo of grief.

    I am trying to be truthful.

    Not a cute card or a kissogram.

    I give you an onion.
    Its fierce kiss will stay on your lips,
    possessive and faithful
    as we are,
    for as long as we are.

    Take it.
    Its platinum loops shrink to a wedding ring,
    if you like.
    Lethal.
    Its scent will cling to your fingers,
    cling to your knife.