Today, let’s remember Charles Thacker, who was born on this day in 1943. Thacker received the #ACMTuringAward in 2009 for the pioneering design and realization of the first modern personal computer -- the Alto at Xerox PARC -- and seminal inventions and contributions to local area networks (including the Ethernet), multiprocessor workstations, snooping cache coherence protocols, and tablet personal computers.
Read more about him, here: https://amturing.acm.org/award_winners/thacker_1336106.cfm #OTD
Log4j, *the* project that escalated the need for funding open source in the first place, is currently being DOS’d by slop vulnerability reports. Well done everyone. Slow fucking clap.
#curl is secured for the billions - the steps we take. There is no silver bullet. No magic solution. Just plain engineering and doing everything as good as we can and to keep tightening every bolt there is.
(slide for upcoming presentation)
What Windows Server 2025 Quietly Did to Your NTLM Relay https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/
Want to learn more about Chrome exploitation?
In our latest article, we break down two critical Android GPU driver vulnerabilities that enabled Chrome sandbox escape from a compromised renderer and were used in full device exploit chains. Read the full technical analysis here: https://ssd-disclosure.com/chrome-gpu-sandbox-escape-via-qualcomm-adreno-and-arm-mali-gpu-drivers/
I found this Veratasium documentary on the xz Jia Tan backdoor adventure quite good and surprisingly detailed:
This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules