𝐂𝐔𝐏𝐒 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞 𝐃𝐚𝐭𝐚 Since there were some questions about the severity of the CUPS vulnerability due to it requiring the presence of the cups-browsed daemon and UDP port 631 being open to the internet, I performed a global scan to gather more data. Of the 61,763 systems I found which had CUPS exposed to the internet, 13,289 of them returned a valid response when probed on UDP port 631, indicating the port was reachable and cups-browsed daemon was running. The top affected countries are as follows: US: 3381, DE: 2790, RU: 853, FR: 724, NL: 634, SG: 582, IN: 579, FI: 566, GB: 533, CA: 282, BR: 227, JP: 202, KR: 151, ID: 141, PL: 136, CN: 131, HK: 121

Here's a cool little Windows quirk that's useful for red teaming. You can use the HTTP.sys API to start a kernel mode HTTP servers which relays requests to your code via IOCTL. You don't even need admin privileges to do it! Since the kernel handles all the socket operations for you, the listening port will show as belonging to the System process, as will the associated network traffic. Since all communication with HTTP.sys can be done via IOCTL, there's no need for sockets, pipes, or even any DLLs. All you need are syscalls. Best part is, if you're administrator and the server is running an application like IIS or Exchange, you can bind to the same port and add your own custom endpoint (url paths) to it. Normal requests will go to the original application, but requests to your custom endpoint are sent to your code instead.

Some woman on Threads made a post getting mad at people with ADHD referring to their meds as speed, and I'm kind of enjoying watching her get clowned on. I've always felt like it's kind of elitist. Basically, in an attempt to destigmatize ADHD meds, they're perpetuating the exact same stigma against others. Adderall is literally just amphetamines. Addicts aren't addicts because they took speed instead of Adderall, or heroin instead of Oxycodone, or cocaine instead of Ritalin. That's just not how things work. IMO it hurts society in so many ways. It creates the illusion that there are intrinsically good and bad drugs. And attributes addiction to choice rather than mental health and genetics. Many people with late-diagnosed ADHD will have self-medicate with similar but illegal drugs, at which point they get labelled "high risk of addiction" and denied access to proper medication. It also leads to over-prescription because people believe pharmaceutical drugs are intrinsically safe. That's how you get the opioid crisis, which rebounds into under-prescription, and suddenly people with legitimate needs are denied important medication because "it's addictive". On top of all that it create a big barrier for researchers trying to get funding and approval to research the "bad drugs" because they're viewed by society and legislators as having no clinical value, which is why modern science is only just now starting to catch up with some of the potentially beneficial properties of hallucinogens, something that has been widely known since before the dawn of civilization.

When I got her she was traumatized from her last owner leaving her locked in a crate for days without food. Now she just kinda hangs out in it

My Google history from today legit makes me look like a straight up terrorist. There was speculation that the pager explosions were triggered by overheating the batteries (which is what lead to the whole "it was malware" insane speculation). It's pretty much widely accepted at this point that the pagers were intercepted and implanted with PETN, but that doesn't actually answer the question. PETN is a secondary explosive (i.e. it's fairly stable and highly resistant to detonation from force or ignition). So the (IMO) most interesting question, which is currently still unanswered, is how did they detonated the PETN, and how did they build a detonator that would not be discovered by inspection, explosive detectors, etc. While malware is 100% out of the question, custom lithium batteries could be made with a mechanism designed to reliably cause thermal runaway via an internal short circuit. So, I was curious if theoretically you could use a maliciously modified LiPo battery as a detonator PETN. What I can gather from research, is that PETN can't reliably be detonated by an open flame, and the heat produced by thermal runaway from a LiPo battery would be so hot that it would actually cause the PETN to undergo chemical decomposition and become inactive. So, basically, the result of my entire Google history now looking like "hello, yes, CIA, I am doing a terrorism" is thermal runaway as a trigger is unlikely.

I feel sorry for whoever at the CIA has to go through my Google search history and figure out if I'm a terrorist or just a YouTuber doing research for silly videos.

TIL: Siberian huskies are considered aggressive dogs by a lot of insurance companies and most apartment complexes and home insurance companies explicitly ban them.