OH: «by sending a malicious DNS packet to the target device», 👌🤭
I lost count. How many vulns this year already?
Or you could follow to the (original) blog: https://blog.jgc.org/2024/09/cracking-old-zip-file-to-help-open.html
You mean like FIST but with a huge revolver? 😍
Not sure if that is even the point. The article is all about memory unsafe programming!!1!. But there is no context at all.
Sure, there are vulnerabilities because of unsafe memory handling. But I looked for some statistic which would bring unsafe memory handling into context with say the high profile vulnerabilities from the last few weeks / months. I haven't spent too much time on research but looking at some lists containing vulns from the last few months it seems as if all those pre-auth, priv escalation, directory traversal and whatnot very based on much simpler failures like wrong error handling or logical errors or missing code than unsafe memory handling.
I might be wrong, then please show me the numbers, but shooting at C/C++ because unsafe!!1! sounds like a very biased story there.
And while we are at it. I'd also be interested in C vs. (somewhat modern) C++.
Will have to look in the logs. Probably the pushing to Lemmy part.
A great lesson regarding OpSec.
I wonder what effect this will have on that role in general.
A tad late (the original story), but now there is an opinion piece on this topic now: https://www.theregister.com/2025/03/24/microsoft_opinion/
I like the part with "This a post-literate era, and we should expect the next demand for bughunters to express proof-of-concept as a TikTok dance short."