Have you ever wondered what it's like when security specialists and engineers work around the clock to fix a critical security bug in less than two days?

Watch LiveOverflow's documentary on pwn2own and how we fixed not only one but TWO security bugs.

https://www.youtube.com/watch?v=YQEq5s4SRxY

RE: https://social.coop/@cwebber/116110194513314869

as an information security professional,

This idea not only will not work logistically,

but attempts to implement it will significantly increase the number of vulnerability surfaces for any OS that supports it, leading to a significantly less safe computing experience for everyone.

And this is before we even begin to talk about the fascist invasion of the state into personal property.

Every single legislator involved in this farce ought to be removed from office, as they are clearly incapable of addressing the real concerns of the populace and are putting burdens on industry and on consumers that are wildly out of proportion with any conceivable benefit that might arise even in theory.

In the recently released badkeys v0.0.17, a new check for an RSA vulnerability has been added: RSA keys with small private d values, also known as Wiener's attack: https://badkeys.info/docs/smalld.html

RSA keys have a public exponent e and a private exponent d. Usually, we set the public exponent to a small value (these days, largely standardized to e=65537), which automatically means the private value d is about as large as the public modulus. d/e are interexchangable, and it's possible to create insecure keys with small d and large e value. Wiener's attack (first published 1989) allows breaking such keys.

This weakness can be entirely prevented if one simply does not support keys with large public e values. This is, e.g., the case in the go crypto library, see, e.g., this old (2012) blogpost by @agl https://www.imperialviolet.org/2012/03/16/rsae.html

Even more secure is to fix the e value to its common default (e=65537). This is small enough to be still fast, and it avoids both attacks relying on large e (Wiener's attack) and very small e values like 3 (Bleichenbacher's Signature Forgery/BERserk, Coppersmith/Håstad attack).

Do I know anyone who has access to this PDF?
https://doi.org/10.1007/978-3-031-81375-7_19

edit: I do.

30 years ago, Bob Morris, then a senior scientist at NSA, gave a keynote talk at the CRYPTO conference (the leading conference for academic cryptographers).

He opened by telling us he would reveal the NSA's first rule for cryptanalysis (which certainly got our attention). "First", he said, "look for cleartext. You'll usually find it."

True words, and enduring, too.

there's this line from Adventure Time that I'm obsessed with...

"I learned to read braille from my ex."

"Your ex was blind?"

"No, just cool."

absolutely sums up my love for that show. just teaching excellent vibes all the way through without being preachy.

Tony Gilroy, creator of Andor, wasn’t allowed to use the word “fascism” during press junkets in 2025. Interesting interview in The Hollywood Reporter. www.hollywoodreporter.com/tv/tv-featur...

Over the past couple years, I have come to know the #dotnet platform pretty well, from a developer's and a #reversing standpoint.

I can’t always say the same the #infosec community.

Today, I decided to rant a little (or maybe a lot 🙃)

👉 https://blog.washi.dev/posts/misconceptions-about-dotnet/

Amazingly, it's weekend and I kind of miss coding Rust.

If this is not Stockholm syndrome I don't know what is.

Anyway, I promised to finish my next #REshare exporter in a week two weeks ago so let's get back to Python!

Love Complex Automata? Don’t Miss The Archer

https://hackaday.com/2026/02/21/love-complex-automata-dont-miss-the-archer/

ART/AB4.GIF

[RSS] Building a Custom Architecture and Platform: Part 1

https://binary.ninja/2026/02/20/quark-platform-part-1.html

#BinaryNinja

[RSS] "They even thanked the coders for giving them such a difficult challenge."

https://unsung.aresluna.org/they-even-thanked-the-coders-for-giving-them-such-a-difficult-challenge

On how Spyro PlayStation edition (2000) was cracked.

Try it out yourself: https://zellic.ai

Here it is, our biggest issue to date, Issue #8!
Read, share, enjoy!
https://pagedout.institute/?page=issues.php
Get prints here - https://www.lulu.com/search?page=1&pageSize=4&sortBy=PRICE_ASC&q=PAGEDOUT8&adult_audience_rating=00

And with that CFP for #9 is open - deadline 30 April 2026

Wikipedia bans Archive.today after site executed DDoS and altered web captures
If DDoSing a blog wasn't bad enough, archive site also tampered with web snapshots.
https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-archive-today-after-site-executed-ddos-and-altered-web-captures/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

RE: https://infosec.exchange/@timb_machine/116068550511596363

If there's anyone on here that works at GitHub, do you think you could remind your support team to check their emails.

For reasons unknown you decided to suspend my account a week ago and I'm yet to even get a response that a ticket has been opened to investigate. I'm sure there's a reason (although I suspect it's debatable) but it would at least be nice to hear from you that it's being looked at.

#github

[RSS] Reverse engineering the Creative Katana V2X soundbar to be able to control it from Linux

https://blog.nns.ee/2026/02/20/katana-v2x-re/

[RSS] Discovery & Analysis of CVE-2025-29969

https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)

[RSS] Mailbag: URLs as UI

https://unsung.aresluna.org/mailbag-urls-as-ui