~

Also the cheesy bit: students are most likely to need UNDO Thank me later.

All those greenhorn students/schools who will 'take advantage' of IDA Pro's new educational licenses are heading into a trap, IMO. Heck, I (and probably you, too) know *brilliant* young hackers that used to use radare ;-P I know, I know, a bit masochistic even for my taste :))

IDA Pro is a very very good tool, but I get the feeling all those 'pros' who invested dozens of thousands into it over their lifetimes are now defending it with too much zeal -- as if they are defending their (back then) only choice of investment. Times have changed. #Ghidra

aaaaand Corellium blocked me haha. number of fucks given: 0https://twitter.com/xerub/status/1108179983057543168 …

GHIDRA is out! \o/

Throw in some tagged pointers and "an application may be able to execute arbitrary code" is soon to become a meme. That is, fewer and fewer crashes will be exploitable... Remember, it's not merely bug-fixing that increase attacker cost, never has been. Mitigations do that.

So the NSA rickrolling the GHIDRA release is just like every other conference speaker promising to release code referenced during the talk "very soon/after cleanup/blah blah" IOW sine die

random thought of the day: equality of chances mean everybody should have the same fair start, *not* the same finish line.

in yesterday's news, experts agree that one should never question the status quo. Once the spectrum of acceptable opinion is strictly limited, you're good debating within that spectrum: die on a hill defending the rules of warfare your enemy doesn't care about, or switch sides...