Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba’s Physical Access Control System https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system/

The end of the #curl bug-bounty

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

Frankly: binaries are the thing that executes on your system and embody the truth of software behaviour, and with modern technology it's often *easier* to determine that truth through the binary than through the source code (throw the "login" app from Reflections on Trusting Trust into Ghidra and you'd learn the truth even if the source code wouldn't tell you that)

The presumption that free software is sufficient or necessary to ensure all software you depend on is trustworthy is simultaneously naive and ignorant of what software is capable of. The only realistic way to develop trust in software is to trust the people who write it, and development processes associated with free software make that trust easier.

The other day it was cows using tools, today its penguins using satellite imagery.

@csepp I recently got reminded of that guy who wrote a web server in bash and was like "OK, basically bash was invented for text processing"...then had to write a script and realized that whitespace just messes up everything so yeah, that guy's a legend

https://www.youtube.com/watch?v=L967hYylZuc

Oh! just learned that Kathleen Kennedy stepped down \o/ I still won't ever pay for a SW movie again though.

When playing chess against the computer I always feel like Wookie

Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME" errors after installing the January 2026 Patch Tuesday security updates.

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-windows-11-boot-failures-after-january-updates/

@halfbyte I'm with you and while I also believe deep in their hearts enterprise IT teams do want "robust and reliable" providers, I also have good reason to believe that C-level incentive to "avoid onboarding another provider with procurement and whatnot" is much stronger.

If you can't provide *everything* you will eventually be replaced with someone who does.

@hongminhee

In #Hungary:

Me: how come you don't take your shoes off?
US friend: *looks around* our streets are not full of dog shit

Demystifying CVE-2025-47987 [Heap-based buffer overflow in Windows Cred SSProvider Protocol LPE]

https://kryptoenix.github.io/blog/demystifying-CVE-2025-47987/

here's a video (this was the 3rd edition): https://www.youtube.com/watch?v=qMyvfnESJWU

Budapest Micro will be back in March with workshops and Chiptune \o/

https://www.scene.hu/2026/01/24/budapest-micro-vol3-2026-03-28-harom-hollo-budapest/

(I've been to a *lot* of different, often very extreme shows, but I will never forget the first Budapest Micro!)

#chiptune #demoscene #budapest

[RSS] Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary

https://binary.ninja/2026/01/23/reversing-linux-anti-re.html

#ReverseEngineering

[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

https://code-white.com/blog/2026-01-nsm-rce/

CVE-2025-34164, CVE-2025-34165

2girls1cup.mov

RE: https://stefanbohacek.online/@stefan/115950604491314488

AMD4700S Root Key 0 SHA256: 95333bf313b67f653e2b80518d39e39cbc8f481f61a86f6052d2b277217206d3
AMD4700S Root Key 1 SHA256: e2e0e8f8e0c66339c28ed3ee66e2fc9499ac5a5332009f57df556b4b319a73a7
AMD4700S Root Key 2 SHA256: f87833eb4a152f25d07051e73b23a5923fa8ddbdac879940eb1703fa5f9a4d09
AMD4700S Root Key 3 SHA256: 5163e65a31dab1bb833802390dc0bc0d330c8592e20f31133f2be27dbec109b8

Hash values calculated using the raw key bytes. If you get something else, try reversing all key bytes.

One of my hinges broke (it supported a small, light door for whole 10 years...) and the only replacement I found would be from the UK manufacturer, wholesale, so I put on this great album:

https://www.youtube.com/watch?v=ktYn7OZCN4c&list=PLymNFxwBo3tjsy_HQdenCQ1K4a5hrHv9t

stumbled into the Logitech subreddit and found out that Logitech's code signing certificate for macOS expired a few weeks ago, which caused Logitech Options+ to be unable to launch, which stopped everyone's mice from working until Logitech updated it.

so much stupid involved here.