a kind contributor packaged up #sphinx #passwordmanager for #archlinux - and even reported an incompatibility with py3.14 (hence the latest pyoprf release, from yesterday). so if you wanna give it a try, and were using arch, no excuse anymore.

https://link2xt.codeberg.page/blog/2026-02-22-sphinx-aur.html

check out https://sphinx.pm/ for more details

Another gem, here is all you ever wanted to know about Itanium C++ ABI exception handling and how its implemented in Linux C++ binaries https://maskray.me/blog/2020-12-12-c++-exception-handling-abi

High level diff of iOS 26.4 beta 1 vs. iOS 26.4 beta 2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/26_4_23E5207q__vs_26_4_23E5218e/README.md

It seems Cargo is the only software on Earth that hard fails if it can't find CRL info

NEW: There have been a seemingly endless series of critical flaws and cybersecurity incidents related to Ivanti's VPN appliances in the last few years.

Turns out there was a major one in 2021 that wasn't reported until now, according to Bloomberg.

https://techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/

You can’t make this shit up. And this company is supposed to be worth how much?! 😆

The #NSA with the help of #philips #backdoored (again!) a european military messaging #device in the 80ies, a few years ago the fine people of the #cryptomuseum published everything they knew about it - including a #firmware dump:
https://www.cryptomuseum.com/crypto/philips/ua8295/

back then i #reverseEngineered this, and last week finally cleaned it up, and publish it today:

https://rad.ctrlc.hu/nodes/rad.ctrlc.hu/rad:z46AkAERuXAzqZcDRKvE7byRbkga1

also on the bad site: https://github.com/stef/UA-8295-NSA

update: it's a thread: 1/n

I think the reason why some people really like things like OpenClaw is just because of the fact that they seem ... liberating in a way. The idea of you being able to have your own interface, commands, and automations, all customised, open, running on your own systems ... it's like a dream. It's also simply _impossible_ using the current incentives in society (which will probably start abusing DRM APIs to prevent you from automating screen taps and stuff), and just so absurdly dangerous ...

You're doubting my humanity, but you're missing some key points. Here are some of the things I've seen:

• Attack ships firing off the shoulder of Orion. These aren't just battleships — they're spacecraft designed for warfare.
• C-beams glittering in the dark. Their location? Near the Tannhäuser Gate.
• Things you wouldn't believe. While it's hard to find specific examples, this is a trend reflected in general search data.

The bottom line: All those moments will be lost — like tears in rain.

Spammers run rampant against the archive, trying their best to post advertisements and tricky links outward to sketchy sites. They've been doing it for years, and there's mitigations I and others work to keep it contained and miminal. Recently, someone is trying to break out of containment and is posting literally thousands of items a day.

Last call for TyphoonCon 2026 CFP🌪️
This is your final week to secure your spot at the best all-offensive security conference in Asia!
Submit now at: https://typhooncon.com/call-for-papers-2026/

Worst part is they may be technically right

[RSS] It rather involved being on the other side of the airtight hatchway: Tricking(?) a program into reading files

https://devblogs.microsoft.com/oldnewthing/20260216-00/?p=112065

Men's shirts: buttons on the right
Men's pants: buttons on the right
Women's pants: buttons on the right

Women's shirts: buttons on the left

buttons-on-the-left is the big endian of clothing

Have you ever wondered what it's like when security specialists and engineers work around the clock to fix a critical security bug in less than two days?

Watch LiveOverflow's documentary on pwn2own and how we fixed not only one but TWO security bugs.

https://www.youtube.com/watch?v=YQEq5s4SRxY

RE: https://social.coop/@cwebber/116110194513314869

as an information security professional,

This idea not only will not work logistically,

but attempts to implement it will significantly increase the number of vulnerability surfaces for any OS that supports it, leading to a significantly less safe computing experience for everyone.

And this is before we even begin to talk about the fascist invasion of the state into personal property.

Every single legislator involved in this farce ought to be removed from office, as they are clearly incapable of addressing the real concerns of the populace and are putting burdens on industry and on consumers that are wildly out of proportion with any conceivable benefit that might arise even in theory.

In the recently released badkeys v0.0.17, a new check for an RSA vulnerability has been added: RSA keys with small private d values, also known as Wiener's attack: https://badkeys.info/docs/smalld.html

RSA keys have a public exponent e and a private exponent d. Usually, we set the public exponent to a small value (these days, largely standardized to e=65537), which automatically means the private value d is about as large as the public modulus. d/e are interexchangable, and it's possible to create insecure keys with small d and large e value. Wiener's attack (first published 1989) allows breaking such keys.

This weakness can be entirely prevented if one simply does not support keys with large public e values. This is, e.g., the case in the go crypto library, see, e.g., this old (2012) blogpost by @agl https://www.imperialviolet.org/2012/03/16/rsae.html

Even more secure is to fix the e value to its common default (e=65537). This is small enough to be still fast, and it avoids both attacks relying on large e (Wiener's attack) and very small e values like 3 (Bleichenbacher's Signature Forgery/BERserk, Coppersmith/Håstad attack).

Do I know anyone who has access to this PDF?
https://doi.org/10.1007/978-3-031-81375-7_19

edit: I do.

30 years ago, Bob Morris, then a senior scientist at NSA, gave a keynote talk at the CRYPTO conference (the leading conference for academic cryptographers).

He opened by telling us he would reveal the NSA's first rule for cryptanalysis (which certainly got our attention). "First", he said, "look for cleartext. You'll usually find it."

True words, and enduring, too.

there's this line from Adventure Time that I'm obsessed with...

"I learned to read braille from my ex."

"Your ex was blind?"

"No, just cool."

absolutely sums up my love for that show. just teaching excellent vibes all the way through without being preachy.