TIL Minecraft requires a freaking MS account. I thought it wasn't that bad so we proceeded to create one, but it turns out that if you want to create a child account (based on birth date, to avoid adult ads and shit) you as an adult *also* need a MS account that would be of course immediately connected to your childs account which I assume to be a gold mine for advertisers.

Seriously, fuck #AdTech!

(I also wonder if this is legal in the EU?)

TIL the Task Manager Guy™ once dabbled in scareware?
https://bird.makeup/users/c0ner0ne/statuses/1989395111491588340

Customer burns some of your tooling when using a deprecated version.

https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/

#HackingTeam #MementoLabs #Kaspersky #TheSecurityCommunity

For my blog and newsletter, I wrote about why there have been so many data breaches and security lapses this year *alone* involving the mass-exposure of people's driver's licenses and passports — including new details about an exposure of 223,000 government-issued IDs as recently as this week.

Read more: https://this.weekinsecurity.com/it-is-far-too-easy-to-find-leaked-passports-and-drivers-licenses-online/

Sign up/RSS/subscribe: https://this.weekinsecurity.com

carats per SHA512 hash

#BOFH excuse #225:

It's those computer people in X {city of world}. They keep stuffing things up.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ad42e40

powf

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ad42e40.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ad42e40.json&colors=light

Dear designers: scrollbars are useful and exist for a reason. Don't hide them, please.

See that the procedures adopted are as inconvenient as possible for the management, involving the presence of a large number of employees at each presentation, entailing more than one meeting for each grievance, bringing up problems which are largely imaginary, and so on.

Every now and then, someone shares a hilarious Kagi result. Now they'll have a place in the Kagi Bloopers hall of fame:

https://help.kagi.com/kagi/bloopers/

We've integrated with Surveillance Watch, an interactive database that documents surveillance and spyware entities.

When searching for an entity that appears on their list, we'll display a banner on its domain to alert you that it's a known surveillance tech provider.

#Kagi #Search #Surveillance #Spyware #Privacy

Binary Ninja 5.2, Io, is live and it's out of this world! https://binary.ninja/2025/11/13/binary-ninja-5.2-io.html

With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!

This is my new favorite #design #fail.

Your periodic reminder that most CLI password prompts accept Ctrl+U to fully clear input so you can try again. Leave that backspace key alone.

It sometimes surprises me to learn that there are people who don't know that one of the first really big datasets used to train and evaluate computer language and social models was (and still is) a bunch of internal emails from Enron.

Yes, that Enron. Collected as part of the investigation into its collapse.

https://en.wikipedia.org/wiki/Enron_Corpus

I wrote a proof-of-concept and writeup for CVE-2025-48593, an Android Bluetooth issue that only seems to affect devices that act as Bluetooth headsets / speakers. (i.e. NOT phones, only smartwatches/wearables/cars. And only after pairing. So you can stop worrying.)

https://github.com/zhuowei/blueshrimp

It should be a use-after-free; I haven’t gotten it to do anything interesting though.

So far, I was only able to get a null pointer deref (without malloc debug) or an attempted write to library rodata (with malloc debug).

Today, we're launching SlopStop: Community-driven AI slop detection in Kagi Search.

Join our collective defense against AI-generated spam and content farms:

https://blog.kagi.com/slopstop

#Kagi #Search #AISlop

Update to 4.11.1 now if you use it

CVE-2025-43515
https://support.apple.com/en-us/125693

https://infosec.exchange/@codecolorist/115385827463979240

The video for my TalosCon 2025 keynote, "The Complexity of Simplicity", is now up:

https://www.youtube.com/watch?v=Cum5uN2634o

Slides:

https://speakerdeck.com/bcantrill/the-complexity-of-simplicity