news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

iVentoy tool injects malicious certificate and driver during Win install

https://github.com/ventoy/PXE/issues/106

9•josephernest•2h ago

Comments

josephernest•2h ago

(I am not the person who found it, but I reproduced and I confirm his finding)

Another source:

https://security.stackexchange.com/questions/281238/iventoy-...

josephernest•1h ago

Up to now, I confirm I can reproduce the following steps:

- download of official "iventoy-1.0.20-win64-free.zip"

- extraction of "iventoy.dat"

- conversion back to "iventoy.dat.xz" thanks to @ppatpat's Python code

- confirm that "wintool.tar.xz" is recognized by VirusTotal as something that injects fake root certificates

The next steps are scary, given the popularity of Ventoy/iVentoy :

> Analyzing "iventoy.dat.xz\iventoy.dat.\win\vtoypxe64.exe" we see it includes a self signed certificate named "EV" certificate "JemmyLoveJenny EV Root CA0" at offset=0x0002C840 length=0x70E. > vtoypxe64.exe programmatically installs this certificate in the registry as a "trusted root certificate"

Netpump Data – 12× faster data transfer on Azure and on-prem

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/pacbytelimited1655770796006.managed-netpump-data-server?tab=overview

1•bruce_parker•2m ago•1 comments

Ask HN: Can you exclude ~/Library except for your iCloud Drive in macOS backups?

1•amichail•2m ago•0 comments

Towards React Server Components in Clojure, Part 1

https://romanliutikov.com/blog/towards-react-server-components-in-clojure-part-1

2•nwjsmith•3m ago•0 comments

How to Get Your Paper Accepted

https://maxwellforbes.com/posts/how-to-get-a-paper-accepted/

1•gregsadetsky•5m ago•0 comments

OpenAI Abandons Planned For-Profit Conversion

https://www.wsj.com/tech/ai/openai-to-become-public-benefit-corporation-9e7896e0

1•nailer•6m ago•0 comments

Source Code for Perfect Sound on the Amiga

https://github.com/twiddlingbits/anthonys-early-code/tree/main/amiga/perfect-sound

1•supportengineer•10m ago•1 comments

Show HN: I Parametrized AI Prompts

https://prmptvault.com

1•brankopetric•10m ago•0 comments

FTC bans hidden fees for live events and short-term rentals, effective May 12

https://techcrunch.com/2025/05/05/ftc-bans-hidden-fees-for-live-events-and-short-term-rentals-effective-may-12/

2•toomuchtodo•14m ago•2 comments

Gaza will be destroyed, Israeli minister says

https://www.theguardian.com/world/2025/may/06/hamas-israel-hunger-war-in-gaza

7•zhengiszen•15m ago•3 comments

Show HN: Aude – I built this because I hate bothering other engineers in my team

https://marketplace.atlassian.com/apps/1237445/aude?tab=overview&hosting=cloud

1•Aude-Daniel•17m ago•0 comments

Vagus nerve stimulation therapy for treatment-resistant PTSD

https://www.brainstimjrnl.com/article/S1935-861X(25)00060-9/fulltext

3•bookofjoe•19m ago•0 comments

10,600 IT jobs disappeared in April

https://www.theregister.com/2025/05/05/between_the_ai_rock_and/

4•belter•21m ago•3 comments

Pakistan Says It Has Shot Down Five Indian Planes, Taken Soldiers Prisoner

https://www.bloomberg.com/news/live-blog/2025-05-06/india-strikes-pakistan-after-kashmir-attack

8•bearsyankees•21m ago•0 comments

Why Bloat Is Still Software's Biggest Vulnerability (2024)

https://spectrum.ieee.org/lean-software-development

5•kristianp•21m ago•0 comments

Spyware firm NSO ordered to pay $167M in WhatsApp hacking suit

https://www.axios.com/2025/05/06/nso-group-whatsapp-jury-damages

4•mtlynch•21m ago•0 comments

Turkey thwarted another attack with pagers in Lebanon last year, officials say

https://apnews.com/article/turkey-lebanon-israel-hezbollah-pagers-walkie-talkies-e39b0dabaa1718606e238001ad9a31fa

5•c420•21m ago•0 comments

Hugging Face releases a free Operator-like agentic AI tool

https://techcrunch.com/2025/05/06/hugging-face-releases-a-free-operator-like-agentic-ai-tool/

2•badmonster•23m ago•0 comments

Cold memories control whole-body thermoregulatory responses

https://www.nature.com/articles/s41586-025-08902-6

3•PaulHoule•25m ago•0 comments

DEA Once Touted Body Cameras, Now Abandoning Them

https://www.propublica.org/article/drug-enforcement-administration-ends-body-camera-program-trump

3•bookofjoe•27m ago•0 comments

Pliant Therapeutics Bay Area biotech company announces layoffs

https://www.kron4.com/news/bay-area/another-bay-area-biotech-company-announces-layoffs/

1•randycupertino•27m ago•1 comments

RLHF erased our uncertainty signal after upgrading to GPT‑4.1‑mini

https://www.variance.co/post/alignment-is-not-free-how-a-model-silenced-our-confidence-signals

3•karinemellata•33m ago•0 comments

Vvvvvv Source Code

https://github.com/TerryCavanagh/VVVVVV

4•radeeyate•33m ago•0 comments

Navigating Burnout

https://www.lesswrong.com/posts/n27jK9PJNJMrTgYFT/untitled-draft-wq43

3•sundarurfriend•34m ago•0 comments

US clears $131M sale of defence software, equipment to India

https://timesofindia.indiatimes.com/india/us-clears-131-million-sale-of-defence-software-equipment-to-india/articleshow/120803517.cms

4•1659447091•37m ago•0 comments

Ask HN: Advice wanted – director distrusting of our team?

2•golly_ned•38m ago•0 comments

Show HN: Reasonote, Open-Source AI-Generated Courses, Lessons, and Podcasts

https://github.com/Reasonote/reasonote

2•marviel•48m ago•0 comments

Show HN: macOS menubar timeblocking startup – let me know what you think

https://www.chunkapp.net

1•dudleyspence•51m ago•0 comments

Quantum and the unknowable universe – R. Penrose, S. Hossenfelder, S. ŽIžek

https://www.youtube.com/watch?v=IdzXbIW9kxY

2•rubycollect4812•53m ago•0 comments

Show HN: Whippy Term - GUI terminal for embedded development (Linux and Windows)

https://whippyterm.com

16•SurvivorTed•53m ago•3 comments

Update Reconsidered, delivered?

https://xtdb.com/blog/update-reconsidered-delivered

1•refset•54m ago•0 comments