Lifeboat Foundation

This flaw, which has been identified that affects the ksmbd NTLMv2 authentication in the Linux kernel, is known to quickly cause the operating system on Linux-based computers to crash. Namjae Jeon is the developer of KSMBD, which is an open-source In-kernel CIFS/SMB3 server designed for the Linux Kernel. It is an implementation of the SMB/CIFS protocol in the kernel space that allows for the sharing of IPC services and files over a network.

In order to take advantage of the vulnerability, you will need to transmit corrupted packets to the server, personal computer, tablet, or smartphone that you are targeting. The attack causes what is known as “a memory overflow flaw in ksmbd decodentlmssp auth blob,” which states that nt len may be less than CIFS ENCPWD SIZE in some circumstances. Because of this, the blen parameter that is sent to ksmbd authntlmv2, which runs memcpy using blen on memory that was allocated by kmalloc(blen + CIFS CRYPTO KEY SIZE), is now negative. It is important to take note that the CIFS ENCPWD SIZE value is 16, and the CIFS CRYPTO KEY SIZE value is 8. As the heap overflow happens when blen is in the range [-8,-1], we think that the only possible outcome of this problem is a remote denial of service and not a privilege escalation or a remote code execution.

Continue reading “Critical zero day vulnerability in Linux Kernel Allows DoS Attack” »

La vulnerabilidad afecta a los instaladores de Rooms para Windows anteriores a la versión 5.13.0.

“Un usuario local con pocos privilegios podría explotar esta vulnerabilidad en una cadena de ataque para escalar sus privilegios al usuario del SISTEMA”. lee el aviso publicado por la empresa.

Continue reading “Zoom Rooms se vio afectado por cuatro vulnerabilidades de gravedad ‘alta’” »

Researchers from the cyber security firm Imperva Red Team have disclosed information on a newly found and fixed vulnerability that affected over 2.5 billion Google Chrome users as well as all Chromium-based browsers such as Edge and Opera.

The vulnerability, which is identified as CVE-2022–3656, makes it possible for remote attackers to acquire sensitive user data such as passwords for cloud service providers and knowledge about cryptocurrency wallets. After further investigation, it was determined that the problem was caused by the manner in which the Chrome browser dealt with symlinks when processing directories and files.

Continue reading “This flaw in Google Chrome & Chromium-based browsers enabled data theft of information such as cryptocurrency wallets and credentials from over 2.5 billion users” »

Scammers may commit address poisoning by sending meaningless transactions to your account from an wallet address that is very similar to the one you use.

In case you were unaware of this fact beforehand, your wallet consists of one or more accounts, each of which has its own unique address that was created cryptographically. These are lengthy hexadecimal numbers, which means that they include both numerical and (a few) alphabetical characters. This is because hexadecimal numbers employ both sets of characters. Because of this characteristic, they are incomprehensible to the vast majority of individuals and, more importantly, very difficult to recall.

Continue reading “Cryptocurrency users are becoming victim of address poisoning attacks” »

The meteorite and explosion-site quasicrystals were both uncovered by a team that includes Luca Bindi of the University of Florence, Italy, and Paul Steinhardt of Princeton University. In those previous cases, the materials were subjected to extremely high-pressure, high-temperature shock events—analysis of the meteorite sample revealed the temperature reached at least 1,200 °C and the pressure 5 GPa, while the New Mexico sample reached 1,500 °C and closer to 8 GPa. These transient, intense conditions contorted the materials’ atoms, forcing them to arrange into patterns unseen for usual laboratory conditions.

The explosion-site sample was found in a rock-like substance made of sand that had been fused together with copper wires from a measurement device that had been set up to monitor the atom-bomb test. As a trained geologist, Bindi was aware that similar substances—so-called fulgurites—are created when lightning strikes a beach or a sand dune. He wondered if lightning-fused samples might also contain quasicrystals, so he and the team set about collecting and analyzing the structures of as many fulgurites as they could lay their hands on.

Luck was on their side. In a fragment of a storm-created fulgurite from the Nebraskan Sand Hills—grass-stabilized sand dunes in northern Nebraska—the team found a micron-sized fragment of a quasicrystal with a previously unseen composition and pattern. Specifically, the newly discovered quasicrystal has a dodecagonal—12-fold symmetric—atomic structure. Such ordering is impossible in ordinary crystals, Bindi says, and is unusual even for quasicrystals (both the meteorite and explosion-site quasicrystals, as well as most lab-made ones, have fivefold symmetric patterns). “This was all more than [we] could have hoped for in such a long-shot search,” Steinhardt says.

Researchers have recorded for the first time the dynamics of vibrating Rydberg molecules, the slow-motion counterparts of regular molecules.

https://www.youtube.com/watch?v=Qklk1EukxHM

I made this video with the help of Artificial Intelligence to prove the point Terence McKenna makes in this video that AI will surpass the human production in all the levels.

What did AI tools make?
- Tuning the audio quality to make it look like a podcast record, even though the audio was recorded with a low quality hand microphone in a party in 1998.
- Creating a realistic HD picture of Terence McKenna and tuning the color level, with background.

Continue reading “It’s Happening Now But People Don’t See It — Terence McKenna on AI Prediction” »

Sam Altman was a force to be reckoned with as the president of Y Combinator. Little has changed in his transition to CEO of OpenAI, a “capped-profit” company whose mission it is to “enact a path to safe artificial general intelligence.” We talked at length about his work, OpenAI’s mission, and some of the criticisms that the young outfit is facing. We had fun, talking with him for this extended sit-down; hope you’ll enjoy it, too.

If you walk along the Oudezijds Achterburgwal canal in Amsterdam, you will notice an elegant and aesthetically pleasing steel bridge for pedestrians. If not for the media attention it got, you would even consider it a regular feature of the city’s architecture. But this bridge loaded with sensors, is actually the world’s first 3D-printed steel bridge, according to an Imperial College London press release.

“A 3D-printed metal structure large and strong enough to handle pedestrian traffic has never been constructed before,” said Imperial co-contributor Prof. Leroy Gardner of the Department of Civil and Environmental Engineering, in a press release. “We have tested and simulated the structure and its components throughout the printing process and upon its completion, and it’s fantastic to see it finally open to the public.”