I want to try switching to Linux.

However, I cannot find a working remote desktop system that allows me to take over the same session that I was using locally so that I can switch back and forth between being at the computer and being remote without having to log out. Blanking/Locking the local screen while I'm connected remotely is also a need.

Basically I need it to work as close to Microsoft's RDP as possible. If anyone can help me with this, you'll convert me to a Linux user.

#linux

Here’s a free scanner for that FortiWeb CVE-2025-64446 I made for you. https://github.com/sensepost/CVE-2025-64446

Chatting with a friend about Cloudflare's intermittent outages today, they brought up an interesting point: How many organizations have started relying on Cloudflare to do basic security blocking and tackling stuff, like stopping SQL injection attacks at the edge? Maybe your devs were lazy at blocking this stuff in the past b/c CF was the control layer to compensate for that.

You might say well okay but if CF is down, so are the sites relying on them, and that's true. But a lot of organizations will switch CF off during these times to keep their sites and services reachable and running. And my friend's point was that for those organizations, they might want to take a closer look at the traffic they received during this eight-hour outage window or whatever, and I think that's sound advice.

Wizard Zines is doing another Big Zine Sale again this year on Friday, November 28th! One day only.

here’s a google calendar link for the duration of the sale if you want a reminder: https://wzrd.page/cal (or an ICS link: https://wzrd.page/cal.ics)

Just dropped: my RECON 2025 talk on Rust library recognition in malware! 🦀

I present RIFT—a tool that tackles one of the trickier problems in modern malware analysis, rust library recognition in malicious software.

https://youtu.be/_JiuYkFzVgg?si=7GAVhfyNOzLjPZnS

Worth a watch if you're into RE or malware research.

#malware #reverseengineering #cybersecurity #rift #microsoft

RE: https://nileane.fr/@nileane/115570855799458529

First it was IoT devices, and now browsers don't work when Cloudflare has an outage. We truly are living in the dumbest timeline.

#Cloudflare

Big day for hardware folks in Europe 🧡

We’re launching Beautiful Boards+, our biggest PCB update yet:
2–8 layers • 5 PCB colours • black/white silkscreen • 35/70 µm copper – all 100% made in Europe.

Our checkout automagically picks Beautiful Boards or Beautiful Boards+ based on your choices.

Try Beautiful Boards+ with your next project: https://aisler.net/en

Thanks for building with us and for helping us make hardware less hard. 🧡

#pcb #electronics #hardware #MadeInEurope

Cloudflare down is another teachable moment to think about your eggs and your baskets.

Cloudflare just jumped off a bridge, down globally.

We're in Tokyo presenting our iOS emulator at the CODE BLUE Conference.

📲 You can still join our early adopter program: https://u.eshard.com/ios-emulation #events #cybersecurity

reasoning_effort = 'none'

New, by me: Protei, a Russian-founded telecoms provider and supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.

"Another DPI/SORM provider bites the dust," read the company's defaced website.

https://techcrunch.com/2025/11/17/surveillance-tech-provider-protei-was-hacked-its-data-stolen-and-its-website-defaced/

Friendly advice for crisis communication:

"Our systems have been under attack for T days" doesn't mean that your system withstood the attack for that long. Hackers don't work with sledgehammers.

It means that you saw the attack but were unable to act on it for T days.

#incidentresponse

⌨️ Introducing HCLI: The Modern Command-Line Interface for IDA.

Automate workflows, simplify plugin development across platforms, manage licenses and more.

https://hex-rays.com/blog/introducing-hcli

New assessment for topic: CVE-2025-25257

Topic description: "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. ..."

"In one of our honeypots we observed the following payload being executed: ..."

Link: https://attackerkb.com/assessments/ccb5097e-52f5-411c-b4f6-951b36b166d7

This is a fun one: LLM inference creates a timing side channel that allows identifying sensitive topics by passively intercepting encrypted traffic:

https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/

/via @jonny

Today, my VPS served over 51.5 million requests. Well over 99% of that was AI crawlers and other obnoxious shits.

This is not normal. This is complete and utter bullshit. This is also happening all over the place.

It can be caught, it's not even hard. But we shouldn't need to. This is about three orders of magnitude more requests I'd normally receive, and it's almost entirely useless garbage.

Every single one of you who use GenAI tools, you personally, are complicit in this. You are responsible for these bots hammering the entire internet, you are enabling it.

If you think this price is acceptable, that every single person who hosts anything outside of BigTech walled gardens deserves this relentless assault of thieving robots, then you are a garbage human being.

But it is not too late to change course. You too can look back at the carnage you enabled, and feel remorse. It's okay. We'll forgive you.

You don't need to look at the environment damage LLMs cause - we can have an educated guess (it's very bad). You don't need to look at the unsustainability of it all. All of those are things that we don't directly feel right now.

But look at the damage these things cause to everyone outside of the BigTech walled gardens. That is measurable. These attacks are fact. You can't debate it. You can't justify it.

You, dear enabler of GenAI bullshit, you are responsible for enabling this carnage. Think about that. Feel bad about it, and stop. Today is a great day to do that.

chat my ex cancelled the spotify duo account, what streaming service do i sign up for?

I totally forgot to post about this huge leak from Chinese government linked infosec company KnownSec (a name that makes me think of 2013 Anonymous more than anything else).
https://www.techradar.com/pro/data-breach-at-mysterious-chinese-firm-reveals-state-owned-cyber-weapons-and-even-a-list-of-targets

did you know that you can find free Cortex M0 development boards at the side of the road? folks call them disposable vapes but they're hackable, and i've reverse engineered a bunch of them! see https://github.com/schlae/VapeRE/