RE: https://infosec.exchange/@mnordhoff/115675202677067879

https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/Zd7VaR-vqV4

On Saturday, 6 December 2025 at approximately 21:13 UTC, the atomic time source (a single cesium beam atomic clock) for all the internet time servers at the NIST Gaithersburg campus failed and exhibited a time step of approximately -10 ms.

Oh.

Does your cybersecurity awareness training contain any hacklore?

I’m collecting examples of hacklore in the wild. Whether it’s training slides, quiz questions, or instructions that focus on rare threats instead of the ones causing the most real-world harm, I want to see it all.

Post some screenshots or notes here, or email them to "info" at hacklore.org. Let’s help organizations replace stale guidance with advice that truly keeps people safe.

I updated the structure of the #Ghidra documentation that I host so now you can access the latest of both version 11.x and 12.x:

https://scrapco.de/ghidra_docs/

I'm still looking for the docs of the new features in 12. If you think something is missing from the web that is available in the source lmk!

Do I know anyone working on freedesktop.org / mesa? A security contact would be ideal :)

Edit: Resolved

GitHub Actions Has a Package Manager, and It Might Be the Worst

https://nesbitt.io/2025/12/06/github-actions-package-manager.html

@mttaggart No worries, SpaceX can put your telescopes to space cheaply so you can avoid Starlink satellites!

@alphaville @pancake as I understand it's not "function" register but "special function" register. RISC-V CSRs are provided as specific example:

https://book.rvemu.app/hardware-components/03-csrs.html

RE: https://mastodon.social/@FirewallDragons/115684533805754572

So excited to share this interview!

@zcutlip I pulled my hair a lot because of that pile of shit until I found this article and while the tech remained the same, at least I started to understand the idea behind it:

"makes perfect sense when you are in the business of breaking stuff so people have to pay you for fixing it."

https://dzone.com/articles/why-you-should-avoid-jsf

@zcutlip That "security" is sometimes "job security": no one in their right mind would use JSF (that produces the exact behavior you describe) unless they can bill by the hour after they locked in the bank with their software built on a (brain)dead framework.

okay so like a month ago @trashpanda sent me one of those 'spycam finder' doodads that you see going for like 80-100 dollars online that supposedly 'find spy cameras and gps trackers'. I've always been curious if they actually work or whats inside. So I just tore the thing open and this is what I found:

"The benefit of having an actual memory space for special function registers is they can be seen, named, references created to them, data types applied at the location, as well as default values supplied for a given binary sample. We plan to do the same for other processors such as the PowerPC."

I hope this is the reason why my PPC-AS pull request is open for more than a year now :)

That was quick: #Ghidra 12.0 is out! Here's what's new:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0_build/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md

New blog post: Why the Sanitizer API is just `setHTML()` - https://frederikbraun.de/why-sethtml.html

@bontchev @adamshostack My favorite example: programmers are taught to use prepared statements, so at first it seems their app doesn't have any SQLi's. Until they add a feature where the user controls result set ordering: you can't use bound variables for field names, so there's a vuln 90% of the time (IME, with wildly different dev teams).

@pancake That's terrible and unfortunately far from unique. Sorry for your mom :(

Zuckerberg has blown 77 billion – enough money to revitalize entire countries – on an idea so overwhelmingly, obviously stupid that I have never once heard anyone, from the Thanksgiving avuncular table to the most wretched depths of social media, say they liked it or even tried it. He was so sure that it would revolutionize the world that he renamed his extremely famous company after it. And now he's on to the next thing that he's so very, very sure about.

The world needs direction from sober people who aim to improve the human condition, not the whims of a handful of billionaire princelings who absolutely, positively cannot be dissuaded from failing at unprecedented scale while chasing their own vainglory off the edge of a cliff.

Punchcards weren't only used for code. These Department of Defense punchcards from 1966 have a microfilm window used for technical drawings — in this case, a rotary telephone switch, and a font!

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions.

https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/

Fuck cancer (and bureaucrats) :(

https://bontchev.nlcv.bas.bg/bye.html

Get yourself checked!