I'm so disheartened about my job. We had a training about AI, and the person presenting just sounded so in love with it. Not as in appreciating a good tool to use, not like loving a new tool. She was actually in love with it, and even admitted to the need to stop thinking of AI as if it's a real person.

She excitedly talked about human-like responses to her prompts, as if someone she has a crush on gave her attention.

When I talk about my dislike for AI, how it can't be used ethically, how flawed it can be, I'm telling people that their crush is evil. They are reacting in a predictable way: with anger and hurt. It's an emotional topic.

Talking about a set of code shouldn't be this emotional. The data centers that are the beating hearts of their love interests get a pass from them; they would destroy the whole planet to maintain this dopamine high and in fact they are gladly doing so.

#NoAI #AISlop

hi everyone

given one #bitlocker #0day is already out there, here's my own bitlocker 0day, I added it to my repo listing bitlocker attacks.

Introducing "ram leak": https://github.com/Wack0/bitlocker-attacks#ram-leak

As we all know, the boot environment allows booting from a ramdisk. This involves loading a file from disk into RAM, as expected.

However, "file" and "disk" can be arbitrarily chosen, and "disk" being a BitLocker encrypted partition is a supported scenario. Using another trick (same one used with bitpixie earlier) it's possible to get the keys derived without going through the legacy integrity validation checks too if relevant.

You can see where this is going. It's possible to leak any file from a bitlocker encrypted OS partition into RAM as long as you can get the keys derived (ie, TPM-only scenario).

The catch is that booting into the NT kernel marks that memory area as free so it could get overwritten there, but there are other ways to dump the memory area, and a PoC is included with my preferred method (it's only a PoC so just displays a hexdump of the first sector of the file)

The video shows successful exploitation in my test VM, it has secure boot enabled (you can tell because VMware shows an efi shell option on the boot menu when secure boot is disabled).

#infosec #windows

In the 15+ years people have been promoting blockchains, this flowchart remains undefeated.

Morgen (Samstag) ist Roller Derby!

https://fearlessbruisers.at/events

#Innsbruck #FearlessBruisers #RollerDerby

Adding a new module to a dracut-based initramfs which simply loop mounts a squashfs file is apparently nothing you can achieve within one evening. It's amazing and sad to see what a complex beast this has become.
P.S: Yes, yes, I know about dmsquash-live.

https://www.freewear.org/C

Today's Low Quality Ad is for this Myth of Syphilis Pin. I love Greek Mythology. Keep trying pal, you'll get it some day.
https://collabs.shop/yh04rj

@xahteiwi vim? 🤪

💥Over 20 years ago, back when I was a rookie, students in D.J. Bernstein's UNIX security course disclosed 44 vulnerabilities all at once. It was a big deal in the infosec world.
Fast forward to today? 271 AI assisted vulnerabilities were just patched in Firefox 150, and nobody is even surprised. 🤖
It's wild to see how much the scale of cybersecurity has changed. ⏳

Want to keep up with the latest #Artemis chatter? Come visit our toilet!

#Artemis2 #ArtemisII #space #hackerspace

Just one week to go!

Grab massive community discounts on paper-based Linux Professional Institute (LPI) exams to be held during @linuxtage, Apr 10–11, in Austria! 🎉

€70 for Essentials / €110 for all other exams. (limited seats)

This offer is sponsored by our partners OSC - LPI Channel Partner and Linux Training @wefinet. 🙌 💛

Learn more: https://lpi.org/d9ng

#GLT26 #Linux #opensource #FOSS #SysAdmin #DevOps #LPIC #LinuxEssentials #WebEssentials #SecurityEssentials #LinuxDay #linuxtage

There's a lot about the whole "AI topic" where I don't know what I should think. But I am quite worried what the flood of low-quality "AI" code will do to the free and open source ecosystems.
I found this mail from Michał Górny, one of the most active developers at Gentoo Linux (full disclosure: I'm also a Gentoo developer, but not one of the most active ones 🙂 ), about the issues the ecosystem is facing, quite insightful:
https://www.mail-archive.com/gentoo-dev@lists.gentoo.org/msg102518.html

Was für eine coole Idee ist das?!
Kafka ist drei Dauereien

Happy Friday.

🤔

https://github.com/rustsec/advisory-db/pull/2637#issuecomment-3907459881

Nothing like a trillion dollar company asking if your volunteer run project can fix a problem quicker.

@fosdem is starting: @LPI has nice #stickers and #discounts on #LPI exams. Just watch out for the people with the yellow shirts an #sayhi to get yours.

Looking forward to meet you!
#fosdem #lpi #linux #opensource #brussels

They say AI isn’t profitable. That’s not true.
Twice just this past week, I’ve been contacted and paid to fix problems caused by developers who relied on AI to configure servers.

#AI

Hot take: SystemD is actually pretty good. #systemd #linux