"we observe that in most ecosystems, the average vulnerability lifespan has increased in recent years. The average lifespan of vulnerabilities across all platforms has grown from 1,056 days to 1,956 days - an increase of approximately 85%." (from 2017 to 2024)

https://www.semanticscholar.org/paper/Open-Source%2C-Open-Threats-Investigating-Security-in-Akhavani-Ousat/5d4450085cce995b38dfd97dc8d668a9221e1477

I found this great samsung spyware (I assume), I present to you : Samsung news!!
https://galaxystore.samsung.com/detail/com.samsung.android.app.spage?cId=000006738177

For an app that's just supposed to tell you the news :
- It comes bundled with the phone
- It auto connects you to your samsung account
- You can't uninstall it, or even disable it (usually only critical system apps that break your phone if disabled do this)
- In the app info the only permission it shows is notification
- However looking at the app package's info shows it also has permissions to see all installed apps, read and edit settings, run on phone startup and start stuff in the background
- Uninstalled it with root, my phone works flawlessly

Well, that's just 1 app I took a look at. There can be many more simillar ones! I really should install a custom OS
@soatok @xanthe @sebsauvage
#privacy #android #samsung

To me programming is more than an important practical art. It is also a gigantic undertaking in the foundations of knowledge.

— Grace Hopper

#programming

💻Have you read our recent publication?

A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering a double-free error with high stability. This can then be leveraged to achieve local privilege escalation: https://ssd-disclosure.com/ssd-advisory-linux-kernel-pipapo-set-double-free-lpe/

"ZFS snapshots as poor man's ransomware recovery"

It holds up. Better than you'd think.

Ransomware hits a server? I roll back to a snapshot taken 10 minutes ago. Immutable, local, instant.

No restore wizard. No cloud latency. No vendor lock-in.

Just:

zfs rollback pool/dataset@safe

Gone. Like it never happened.

You want real ransomware defense?

🧊 Immutable local snapshots

📦 Offsite ZFS send/mirror

🔐 Key-based SSH, no password logins

🎯 Restore script you actually test

ZFS isn’t "enterprise." It’s survival-grade.

#ZFS #Ransomware #DisasterRecovery #Unix #Sysadmin #Infosec #BSD #SnapshotsSaveLives

So, this is a funny thread about a gag Tom Lehrer left in an old NSA internal publications, and it’s funny, but I have to tell you that I find the idea of sixty year old math papers staying classified is somehow alarming.

https://bsky.app/profile/opalescentopal.bsky.social/post/3luxxx27nos23

Alarming as it is, the article below is still not alarming enough! Microsoft France here claims they've never seen a CLOUD ACT request for French government data. Perhaps true. However, under the FISA section 702 & EO 12333, Microsoft is still mandated to deliver such data to the NSA, and Europeans will never learn of that request. US spies do not need to ask Europeans for permission to spy on European governments! #sigint https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/

The European union is developing an age verification app for EU citizens which relies on Google for verifying the integrity of the app.

This means users who run a custom ROM (e.g #lineageos, #grapheneos) won't access some EU resources.

Read the complete explanation on Reddit: https://www.reddit.com/r/BuyFromEU/s/yO3njXfX1x

Neat game glitch explanation: Why signed integers lead to flirting with dogs

https://www.youtube.com/watch?v=ADenqrgMUgA

Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers.

Data is not oil. It's risk.

Expel has walked back its research on the FIDO bypass/downgrade attack

https://expel.com/blog/an-important-update-and-apology-on-our-poisonseed-blog/