SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Dave Aitel via Dailydave on Apr 17

On Monday, I and 400 other people, including many on this mailing list,
attended Sophia's funeral in a huge church in the upper east side of NYC.
Although I grew up in a Jewish household, I am not religious, and the last
time I went to a church was also with Sophia, in Jerusalem, where we
wandered through various landmarks until we ended up at the Church of the
Holy Sepulcher, one of the holiest sites for Christianity.

We waited in a line...

Posted by Dave Aitel via Dailydave on Apr 02

[image: image.png]

Like everyone I know, I've been spending a lot of time neck deep in LLMs.
As released, they are fascinating and useless toys. I feel like actually
using an LLM to do anything real is your basic nightmare still. At the very
minimum, you need structured output, and OpenAI has led the way in offering
a JSON-based calling format which allows you to extend it with functions
that cover the things an LLM can't really do...

Posted by Dave Aitel via Dailydave on Apr 01

[image: image.png]

The security community (aka, all of us on this list) still rages with the
impact of Jia Tan putting a sophisticated backdoor into the XV package, and
all of the associated HUMINT effort that went into it. And I realized from
talking to people, especially people in the cyber policy realm but also
technical experts, about it that there's a pretty big gap when it comes to
understanding why someone would put in a backdoor at...

Posted by Tomi Tuominen via Dailydave on Mar 28

Dear Daily Dave,

For a hacker conference, twenty years is a huge achievement — for a small conference, even more so. Over these years
we’ve enjoyed speakers showcasing results from cutting-edge research, seen thought-provoking keynotes and bonded with
other like-minded people from all over the world.

If we had to summarize the experience with one word, it would be gratitude. The speakers, repeat speakers, first timers
or regular...

Posted by Dave Aitel via Dailydave on Mar 24

There seem to be a lot of people who think the problem with cyber security
is we aren't paying lawyers enough. This results in the current push for
software liabilities, or the need to click accept on cookies before we use
every website. It is natural for lawyers to want to feed the
next generation of associates, by regurgitating legal koans into their
mouths. These vomitous truisms pass for thought leadership when you go high
enough into...

Posted by Michal Zalewski via Dailydave on Mar 06

Not really different from prototyping on the Linux kernel or the
Chromium codebase - pick an old version if you want known bugs... you
don't see a whole lot of that either, and in contrast to Windows, that
wouldn't lead to all kinds of icky questions about ethics, IP, etc.

The thing about most of these tools is that they don't fare well in
large and exotic codebases. What makes sense for a web app is seldom
applicable to a kernel,...

Posted by Konrads Klints via Dailydave on Mar 06

Windows XP and Windows 2003 partial source code is out there on github. With such a rich corpus of known
vulnerabilities in those OS'es and source code availability, surely there should be an amazing amount of
SAST/semgrep/codeql rules that take as input existing known exploits and then do rules that find similar things, yet I
don't seem to be able to find such projects

Surely, these two code bases should be the foundation of most...