A detailed, well-written, and hilarious breakdown of the details of CVE-2024-55591, one of the latest Fortinet fiascos:

#ThreatIntel #ThreatIntelligence #CVE

When the answer to major draw backs with a language is use it better that’s a dead end for me.
Try browsing the list of somewhat recent #CVE rated critical, as I just did to verify. A majority of them is not related to any memory errors. Will you tell all them "just use a different programming language"?
And again with OOP. Why hack it into a language rather than use a language that supports it.
Have you seen existing C code? For anything non-trivial, most code uses some OOP, and it comes quite natural in C, certainly no "hacking". You don't need a class keyword to do that.
If it came out today you’d have an incredibly hard time convincing anyone to use it over other languages.
It doesn't come out today, it's been there for a long time, and it's standardized, proven and stable. Sounds like you seriously misunderstood my points, which were, in a nutshell: For applications and similar, just use whatever suits you; for operating systems do experiments in lab/research projects (as was done with Unix), because existing and established ones are relied upon by lots of software. Just to make that perfectly clear, that doesn't mean they should use C forever, it means they should wait for a potential replacement to reach a similar state of stability with independent standards and competing implementations.

Who is paying attention to #EvilSocket on X and wheres the conversation happening? I'd like to follow whoever's mastodon is talking about it.

If no one is, then there is a #Linux unauth #RCE being disclosed to openwall on the 30th.

Appears to affect Linux and #BSD with a 9.9 CVSS score.

From reading X thread seems to be not kernel or user space. Assuming protocol implementation?

https://x.com/evilsocket/status/1838169889330135132

🚨 Microsoft has patched CVE-2024-38077, a critical RCE flaw in Windows Remote Desktop Licensing Service (CVSS 9.8). 79k instances exposed online. Apply patches immediately!