Some food bloggers warn Google’s AI Overviews and AI food pics are burying their real, tested recipes, setting home cooks up for disaster this Thanksgiving (Bloomberg)

Comments Off on Some food bloggers warn Google’s AI Overviews and AI food pics are burying their real, tested recipes, setting home cooks up for disaster this Thanksgiving (Bloomberg)

Bloomberg:
Some food bloggers warn Google’s AI Overviews and AI food pics are burying their real, tested recipes, setting home cooks up for disaster this Thanksgiving  —  Food bloggers see traffic dip as home cooks turn to AI, inspire…

Read More >>

Some food bloggers warn Google’s AI Overviews and AI food pics are burying their real, tested recipes, setting home cooks up for disaster this Thanksgiving (Bloomberg)

Comments Off on Some food bloggers warn Google’s AI Overviews and AI food pics are burying their real, tested recipes, setting home cooks up for disaster this Thanksgiving (Bloomberg)

Bloomberg:
Some food bloggers warn Google’s AI Overviews and AI food pics are burying their real, tested recipes, setting home cooks up for disaster this Thanksgiving  —  Food bloggers see traffic dip as home cooks turn to AI, inspire…

Read More >>

We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.

Comments Off on We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.

We’ve just released a tool that fixes a particularly annoying problem for those trying to fuzz HTTP/3.

The issue is that QUIC is designed to prevent network bottlenecks (HOL blocking), which is beneficial, but it disrupts the fundamental timing required for exploiting application-level race conditions. We tried all the obvious solutions, but QUIC’s RFC essentially blocks fragmentation and other low-level network optimizations. 🤷‍♂️

So, we figured out a way to synchronize things at the QUIC stream layer using a technique we call Quic-Fin-Sync.

The gist:

  1. Set up 100+ requests, but hold back the absolute last byte of data for each one.
  2. The server gets 99.9% of the data but waits for that last byte.
  3. We send the final byte (and the crucial QUIC FIN flag) for all 100+ requests in one single UDP packet.

This one packet forces the server to “release” all the requests into processing near-simultaneously. It worked way better than existing methods in our tests—we successfully raced a vulnerable Keycloak setup over 40 times.

If you are pentesting HTTP/3, grab the open-source tool and let us know what you break with it. The full write-up is below.

What’s the most frustrating thing you’ve run into trying to test QUIC/HTTP/3?

submitted by /u/ES_CY
[link] [comments]

Read More >>

Labor’s nature laws risk collapse with deal yet to be struck on eve of parliament’s final sitting day

Comments Off on Labor’s nature laws risk collapse with deal yet to be struck on eve of parliament’s final sitting day

If Labor cannot reach deal on Thursday, it will mark second time in 12 months that it has failed to secure planned EPBC Act reforms Get our breaking news email, free app or daily news podcastAnthony Albanese is yet to land a deal to rewrite federal nat…

Read More >>

‘Illegal alien from Brazil’: Karoline Leavitt’s relative detained by ICE; Trump admin targets visa overstays

Comments Off on ‘Illegal alien from Brazil’: Karoline Leavitt’s relative detained by ICE; Trump admin targets visa overstays

A relative of White House press secretary Karoline Leavitt, Bruna Caroline Ferreira, was detained by ICE in Massachusetts. Ferreira, described as a “criminal illegal alien from Brazil” who overstayed her visa, is facing removal proceedings. Her family …

Read More >>