Your blinds? What about 'em?

Rediscovering Microsoft’s Oddball Music Generator From The 1990s

https://hackaday.com/2025/08/14/rediscovering-microsofts-oddball-music-generator-from-the-1990s/

Some of my bugs are patched in this month's patch tuesday, including the ones I used for Pwn2Own Berlin 2025.

CVE-2025-50167 Race UAF in Hyper-V

Another day, another Cisco perfect 10.

This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server.

I think @cR0w needs to start a perfect-10 leaderboard. Wagers accepted.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79

Another bad user interface (MMS, which allows you to add any random phone number to a group chat) used by law enforcement, leading to inevitable mistakes.

https://infosec.exchange/@josephcox/115028172632972848

Until very recently (like 2 or 3 years ago), federal agents routinely misconfigured the encryption settings on their two way radios, leading to sensitive traffic (much like that in the linked 404media article) going out in the clear more often than not.

https://www.mattblaze.org/papers/p25sec.pdf

@josephcox

Everyone who is able to come back to #WHY2025, we are short-staffed on teardown volunteers, so *please* show up to help, either today (during daylight) or tomorrow. Given the shortage, even if this toot was a couple of hours ago by the time you read it, it will probably still be necessary, so please show up!

20 years in between these Phrack releases 😊 Got the small one at WTH2005 and the larger one at #why2025 😄

If someone wants to commit to buying the answer, locking it in a safe deposit box and throwing away the key, I'll throw $50 at the effort.

https://www.washingtonpost.com/entertainment/art/2025/08/14/kryptos-code-k4-solution-jim-sanborn-auction/

The plaintext of Kryptos, the mysterious statue at the heart of CIA headquarters, is for up for sale to the highest bidder. Here's my story: https://www.nytimes.com/2025/08/14/science/kryptos-sculpture-cia-solution-auction.html?unlocked_article_code=1.eE8.m90H.Onsi2at1i2_U&smid=url-share

How The Widget Revolutionized Canned Beer

https://hackaday.com/2025/08/14/how-the-widget-revolutionized-canned-beer/

Our Windows CTF is coming to Nullcon in Berlin, Sept 4-5 🎯 https://github.com/eshard/TTA-CTF

Play for a chance to win a Binary Ninja license or a Flipper Zero.

#CTF #FlipperZero #windows #reverseengineering

There is a new short domain name for #PuTTY!

https://putty.software/

At present, this is just a "landing page": a nice short name to remember, which will redirect you to the full PuTTY website at the same longer URL where it's always been.

But unlike putty.org or other third-party landing pages, this one is run by us, the actual PuTTY team, and it doesn't have a weird separate agenda of its own.

I intend to move the main PuTTY site over to that domain in the future, and leave just a redirector at the old location. But first I want to get the word out, so that people know which site to trust.

If anyone is still linking to putty.org, here's a place to link to instead. Please spread the word!

“Head, shoulders, knees and toes.”

Went from being a fun little kids song to a list of things that hurt.

In case I know anyone here who's familiar with the finer details of DNS and particularly DNS amplification attacks and their mitigations, I have some questions.