Links @ Put.as

March 2021

Patent troll IP is more powerful than Apple’s - “IP lets one of the least taxed corporations on Earth extract a 30% tax from everyone else.”

The Art of Warez Documents the Lost ANSI Art Scene - I miss those times! oh well, life goes on :-)

Ghost: Confessions of a Counterterrorism Agent - An interesting book, even if spook’s books only have shades of reality, if we are lucky having that.
The clown king: how Boris Johnson made it by playing the fool - Epic prose.
awesome-linux-rootkits
I’ve Been Targeted With Probably the Most Vicious Corporate Counterattack in American History - Crazy story!
Un-bee-lievable Performance: Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace - Really interesting results, a tool to explore.
Top NATO Scientist With Security Clearance Busted Spying for China

We bootstrapped to $11 million in ARR - Thinkst keeps growing, focused on great product and customer service. An interesting company!
TikTok for Android 1-Click RCE - Look mam,no memory corruption RCE!

Security Theater, The Beat Goes On - The usual good stuff from Dan Geer.
Another approach to portable Javascript Spectre exploitation

COMPLEXITY: THE EMERGING SCIENCE AT THE EDGE OF ORDER AND CHAOS - I expected something technical but this more an history about the idea of complexity and its development (it’s a 90s book!). I just loved it.
Finding Issues In Regular Expression Logic Using Differential Fuzzing
Finding Evil Go Packages

Reverse Engineering of Intel Microcode Update Structure

Inside the ‘Covid Triangle’: a catastrophe years in the making

One day short of a full chain: Part 1 - Android Kernel arbitrary code execution
ARMs Race: Ampere Altra takes on the AWS Graviton2 - ARM might kill Intel and AMD out of the datacenter if they don’t pull a rabbit out of their hats.
The Triple Agent: The al-Qaeda Mole who Infiltrated the CIA - A really good book, well written and engaging, about the CIA suicide bomber tragedy at Khost.

How to rob a (Fire)fox - Firefox disables library validation so it’s easy to inject code in macOS. Seriously…
Reproducing the Microsoft Exchange Proxylogon Exploit Chain - If you have a Exchange server exposed to the Internet, the only course of action is to get a new one and reinstall everything. It’s most probably already pwned!
DUMPING THE SONOS ONE SMART SPEAKER - Attacking a Sonos speaker via its mini PCIe port and DMA