During #39c3 Nadia Heninger introduced me to Keegan Ryan, and we talked about things that could go wrong in RSA, and how to detect keys with suspicious patterns created by defect RNGs. At some point, Keegan said: "You could check the Hamming Weight of the Modulus." And I replied: "I don't know what that means."
But it's actually quite simple. The Hamming Weight is the ratio of symbols, if we look at bits, how many 0s vs 1s are there. For a "proper", randomly generated RSA key, the ratio should be close to 0.5. If it's significantly different from that, it's likely not randomly generated.
We ended up finding some keys with repeating zero-byte patterns.It is possible to represent those as polynomials. Unlike integer numbers, polynomials can be factored efficiently, which means these keys can be broken.

We found SSH host keys that we could trace back to a software called CompleteFTP (which, furthermore, had another RSA vulnerability in its Linux version and also generated vulnerable DSA keys - all fixed in the latest version of CompleteFTP, but keys need to be regenerated). We furthermore identified another class of vulnerable keys (with a different width of zero byte patterns) in TLS certs (both self-signed and WebPKI-signed, but all expired, so no revocations), most of them from Verizon+Yahoo, but we were unable to identify the vulnerable RSA implementation.

If you're interested in the details of the attack, check Keegan's blog post:
https://blog.trailofbits.com/2026/06/12/factoring-short-sleeve-rsa-keys-with-polynomials/

The latest badkeys version 0.0.18 detects all affected vulnerable keys.

12 June 1929 | A German Jewish girl, Anne Frank, was born in Frankfurt.

In 1942, on her 13th birthday, she received an empty diary. She perished in Bergen-Belsen concentration camp in 1945.

'Human greatness does not lie in wealth or power, but in character & goodness.' (A.Frank)

https://www.mcsweeneys.net/articles/ai-economics-for-dummies

#AI #AIBubble #fuckedUp #IReallyHopeItsBeenLongEnoughThatThisIsntConsideredPoorTasteAnymoreButDespiteTheHashtagsAtTheEndThatMakeThisIntoAJokeTheyActuallyDidALotOfCapitalistFuckedUpShitNotJustThatOneThing

Bugs
Rule
Everything
Around
Me

Re: https://github.com/V4bel/ITScape

We started analyzing a classic case where GDB creates the illusion that code in writable memory is corrupted. We ended up discovering two interesting behaviors.

Did you know there's a way to hit a breakpoint without using hardware or software breakpoints? Or how GDB patches the binary to execute an instruction?

Learn more about how GDB works under the hood.

Why is my shellcode being corrupted?
https://allelesecurity.com/why-is-my-shellcode-being-corrupted/

@cynicalsecurity Can't wait to see if LLMs bug hunting is deep or shallow. Really curious. Also interesting how they all turned into bug hunting as their main target and AGI etc talk is long gone already LOL Guess bugs make better PR, financial returns, time will tell :-)

[RSS] GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan

https://deadeclipse666.blogspot.com/2026/06/greatxml-bitlocker-that-seems-to-only.html

[RSS] IDA 9.4 Beta | Hex-Rays Docs

https://docs.hex-rays.com/release-notes/9_4beta

"Feed the fire, let the last cinders burn."

My IB-01: CEL 240 illustration is now available as a print <3

https://www.inprnt.com/gallery/lurnoise/ib-01-cel-240/

I know namespaces are nice, but we only should have conflicting local names for the most trivial stuff.

bedroom::Plumbus and bathroom::Plumbus are probably fine.

But when I have bedroom::PlumbusInserter and bathroom::PlumbusInserter it's *guaranteed* that my IDE will import the wrong name resulting in hours of debugging because nothing makes sense.

#programming

ITScape: Guest-to-Host Escape in KVM/arm64

https://github.com/V4bel/ITScape

Someone's AI agent has been performing a wide variety of manipulation to the project for a while to the Fedora project. https://lwn.net/SubscriberLink/1077035/c7e7c14fbd60fae9/

It's clearly linked to an account that precedes the, ahem, "agentic AI era", but it also seems the account wwas probably compromised, but everything is unclear, including motivations or the extent of damage.

Blogged about the time I doubled our users by doing proper engineering instead of React slop

https://www.mohkohn.co.uk/writing/html-first/

Now I have seen it all - https://bumsrake.de/

@thezdi @TheDustinChilds thanks for the clarification!

Thinking about the last tweet, not imposing exemplary punishment on the first person who published a `latest` tag on anything was probably a major mistake of humanity.

@christopherkunz Damn that sounds like a major burn for MS!

@buherator I can verify that the exploit still works with that mpengine.dll version and the 1.453.28.0 definition update that got released 6/10/2026 6:29:20 PM. It takes more than one attempt, sometimes up to 6-7 now, where it used to be almost always one shot, but it still works.
I'm waiting for my other VM to fully update and then I'll retry there, too.