Please note: There are currently problems with uploading to YouTube.
You might want to use media.ccc.de instead.

#39c3

^ta

I pushed an early version of REshare IDA exporter:

https://github.com/v-p-b/reshare-ida/blob/main/reshare-ida-export.py

I don't have time to run x-platform tests right now, but if you do I'd appreciate any bug reports!

#ReverseEngineering #IDA #IDAPro

🔔 CFP for #offensivecon26 is still open — don’t miss your chance to take the stage!

We're actively seeking cutting-edge security research, novel exploit techniques, and deep technical investigations that push the industry forward. If you've been sitting on something brilliant, this is your sign to submit.

🗓️ CFP Deadline: 1 March 2026, 6:00 pm UTC
📬 Submit your talk: https://cfp.offensivecon.org/offensivecon26/cfp

Bring your best work. Surprise us. Challenge us.

Instead of storing my data in the cloud, I just store it in the bush. It's the same thing, only palette-swapped. More accessible, too.

“We learn different lessons from finishing projects than we do from starting them. Starting teaches us about ideation and initial implementation. Finishing, on the other hand, teaches us about perseverance, attention to detail, and the art of knowing when to let go. These are invaluable skills that can only be honed through the act of completion.”

https://www.bytedrum.com/posts/art-of-finishing/

Why Simple Everyday Objects Are Impossible to Make

https://www.youtube.com/watch?v=pj0ze8GnBKA

there’s a bubble machine labelled nvidia 😭 #39c3

A post-American, enshittification-resistant internet

https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet

Damn this is a good talk! #39c3

Zero day… all those patches seem so far away… #gpgfail #39c3

For those being notified or first learning about the #WIRED #databreach:

On December 25, I broke the story of how I had been contacted in November by "Lovely," who claimed to have discovered a vulnerability. They asked for help getting Condé Nast to respond to them. They claimed they were not seeking any bounty or payment and had only downloaded a few profiles as proof.

They showed me my own data.

Trying to help, I reached out to Condé Nast corporate as well as to a contact at #WIRED.

Condé Nast never responded to me -- or to "Lovely" who eventually showed their true colors as someone trying to extort Condé Nast.

Do they have more data? Yes, it appears they do.

@troyhunt verified the data leak and #HIBP has been notifying its affected subscribers.

Read more details in my blog post at https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/

@zackwhittaker @campuscodi @gcluley @euroinfosec @ValeryMarchive

#databreach #dataleak #infosec #cybersecurity #incidentresponse

A smart guy who did something well, and did it freely and without charge, 34 years ago. Pragmatic and sensible.
Happy birthday Linus!

#linustorvalds #linux #opensource #birthday

TIL about Lockheed's System-User-Engineered minicomputer which seems like a pretty cool modular hardware system for purpose-built computers:

http://www.bitsavers.org/pdf/lockheed/sue/SUE_Computer_Handbook_Jul73.pdf

I still don't know what tinfo_t.is_sue() does though.

"Search advertising continues to be the largest form of internet advertising. Search revenue grew nearly 16% year on year."

$103B in search ad revenue (in U.S alone!) means results are ranked by who pays most, not what's most relevant.

This is the model Kagi Search rejects.

There's a new Fediverse music streaming service showing music videos by small independent artists with their permission. You can view the channel at:

➡️ https://tv.theindiebeat.fm

It's like the old-style MTV but for the Fediverse 🙂

You can follow the channel at:

➡️ @TIBtv

The service runs on @owncast and you can find out more about OwnCast at:

➡️ https://fedi.tips/owncast-live-streaming-and-chat-on-the-fediverse

#Music #OwnCast

Want to know how Apple's Low Latency WiFi works?

Today, 3:40pm CET, Hall 1, #39c3.

More details: https://events.ccc.de/congress/2025/hub/event/detail/cracking-open-what-makes-apple-s-low-latency-wifi-so-fast
Stream: https://streaming.media.ccc.de/39c3/one

I recently saw a lot of examples of using LLMs when you could get away e.g. with and API call, but now I think I found the perfect example of LLMs being more niche then even skeptics (like myself) think they are:

Even skeptics have to admit that LLMs are very good at natural language translation. @kagihq introduced a fast ("Standard") #LLM for its translation service that seems to fail miserably if you try to translate single words for less common languages:

https://kagifeedback.org/d/9373-standard-translation-is-unusable-for-hungarian

My point is that doing a dictionary lookup for all words (~1mil for English) could be done on a disposable vape in no time with better results, incl. clear indication of lookup failures, so you can fall back to your GPUs when needed.

https://gpg.fail IS ONLINE
TALK VOD IS ONLINE (preliminary recording, not yet edited) #39c3

The worst part of Christmas, where everyone is at #39c3 and I am not

[RSS] Why is the last letter of my string not making it to the clipboard?

https://devblogs.microsoft.com/oldnewthing/20251225-00/?p=111914

(I use Linux and X11, usually none of my string makes it to the clipboard)

Who's watching #DieHard 4 tonight? :)

https://www.youtube.com/watch?v=OTyw6cq86kY