"Lack of scalability is enough for us to disqualify QKD outright: if a technology can’t bring security to the whole Internet, we’re not going to spend much time on it."

Quantum Key Distribution (as opposed to post-quantum cryptography) has a number of problems, but this succinctly captures the core issue.

https://blog.cloudflare.com/you-dont-need-quantum-hardware/

Updated to also include a plugin/language extension for Ghidra 🐉 (in addition to the IDA Pro plugin)

https://github.com/blacktop/aarch64-cssc

I am now a perfectly safe penguin, and my colleague here is rapidly running out of limbs!

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

Fun little #iPhone #privacy leaks by my former teammate Máté:

1) Locked iPhone Arbitrary Phone Call
https://szilak.com/2025-09-18-locked-iphone-arbitrary-number-call.html

2) Locked iPhone Saved Contact Confirmation
https://szilak.com/2025-09-18-locked-iphone-contact-brute-force.html

Earlier this year I presented on "Small is beautiful: microstacks or megadependencies", https://webdevcon.nl/session/small-is-beautiful-microstacks-or-megadependencies/ - in which I talk about the state of web development, cloud, and the fun of building self contained highly efficient solutions.

Project: facebook/react https://github.com/facebook/react
File: packages/react-reconciler/src/ReactFiberCommitWork.js:1981 https://github.com/facebook/react/blob/c250b7d980864be49facf2306f06455e7f9e305d/packages/react-reconciler/src/ReactFiberCommitWork.js#L1981

function commitMutationEffectsOnFiber( finishedWork: Fiber, root: FiberRoot, lanes: Lanes, )

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Ffacebook%2Freact%2Fblob%2Fc250b7d980864be49facf2306f06455e7f9e305d%2Fpackages%2Freact-reconciler%2Fsrc%2FReactFiberCommitWork.js%23L1981&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Ffacebook%2Freact%2Fblob%2Fc250b7d980864be49facf2306f06455e7f9e305d%2Fpackages%2Freact-reconciler%2Fsrc%2FReactFiberCommitWork.js%23L1981&colors=light

[RSS] Project Rain:L1TF

https://bughunters.google.com/blog/4684191115575296/project-rain-l1tf

"a detailed overview of the L1TF vulnerability, a CPU vulnerability on some Intel CPUs (Skylake and older)"

Ghidra: I SUPPORT 16-BIT SEGMENTED MODE
Also Ghidra: WHAT IS DS, ES, That's segment zero! Must be!

Seriously though. Does anyone know how to deal with 16-bit code in Ghidra?
#ReverseEngineering

[RSS] Worst Clock Ever Teaches You QR Codes

https://hackaday.com/2025/09/18/worst-clock-ever-teaches-you-qr-codes/

The more and more old servers I see close, the more intolerable it is that Mastodon still doesn't offer a way to migrate data like posts to new accounts. A user's post history is valuable, and it's more valuable the older the account is. Users *should* have the option to migrate those to a new server!

[RSS] exploits.club Weekly Newsletter 86 - KSMBD 0Clicks, Apple Ends Memory Corruption, Mini-Kernels in Zig, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-86-ksmbd-0clicks-apple-ends-memory-corruption-mini-kernels-in-zig-and-more/

kernel hackers go serverless
ring0 → cloud 9 ☁️ ??
brb pwning yr gpu nodes ✨

[RSS] Beyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrame

https://bughunters.google.com/blog/6715529872080896/beyond-sandbox-domains-rendering-untrusted-web-content-with-safecontentframe

“Rowhammer Attacks on DDR5 ::: PTE Exploit Demo” https://www.youtube.com/watch?v=1emxVQ6__qg

[RSS] R.E.L.I.V.E. -- open-source re-implementation of Oddworld: Abe's Exoddus and Oddworld: Abe's Oddysee

https://aliveteam.github.io/

I'm only now figuring out that today's npm attack is distinct from yesterday's npm attack.

Checking on the website of our local #library and found that there is a dedicated status for orders where "all instances of the document *disappeared* and the librarian sees no good chance that they will be found in the foreseeable future".

I mean, you had one job!

Edit: can't wait for my bank to introduce the "sorry bro, we blew that money on coke" status :D

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

"I found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world"

Who could have figured out that automatically downloading half the internet and ten thousand always-changing dependencies every time you build could actually be a weakness?

Took me way too long due to scope creep, but: The Hacker Webring is now up!

Members vote for other users. Given enough users, the whole system should work by itself, without administrative intervention.

It’s still somewhat rough around the edges, but functional!

(ctx: https://donotsta.re/notice/Ay1hgCk7m1VgAkUmIq )