[RSS] A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets

https://blog.calif.io/p/a-race-within-a-race-exploiting-cve

[RSS] Reviving a 20-year-old puzzle game Chromatron with Ghidra and AI

https://quesma.com/blog/chromatron-recompiled/

[RSS] U-Boot security improvements using Arm memory permissions

https://www.linaro.org/blog/undefined/

[RSS] Coercing machine accounts through MsSense.exe -- MDE becomes the attack vector

https://medium.com/@Sniffler/stuck-without-coercion-options-why-not-just-coerce-mde-aecc23b43b66

[RSS] Getting a Shell on the Tapo C260 Camera (CVE-2026-0651, CVE-2026-0652, CVE-2026-0653)

https://spaceraccoon.dev/getting-shell-tapo-c260-webcam/

"Besides, they are good company, my sheep."

A new page of my comic Ekphrasis, which you can read for free at https://ekphrasiscomic.neocities.org/.

RE: https://framapiaf.org/@Bristow_69/116178473393080452

inkscape is hiring 2 c++ developers. they have a big red warning box saying absolutely fuck off with your genai

Neptune's Spatuala is a great scene about care and quality (see how I carefully avoid the A word?):

https://www.youtube.com/watch?v=eYeNKdJhk98

IT people should watch more Sponge Bob!

The FBI got compromised, again. Their wiretap system got compromised, again?!

https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

"some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target"

Translation: The police has to write a carefully worded mail to Switzerland.

If you ask AI to rewrite the entirety of an open-source program, do you still need to abide by the original license? In philosophy, this problem is known as the Slop of Theseus

If you don’t build infrastructure to conduct indiscriminate and omnipresent mass surveillance, then your enemies can’t gain access to it.
https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

so if you want to subscribe to a vpn, and you were considering proton, maybe dont

https://infosec.exchange/@josephcox/116178496048136287

So, the Dutch government tried to whitewash Amazon's sovereign cloud offering, only to be called out so hard that they had to withdraw the paper.
#digitalsovereignty
https://nltimes.nl/2026/03/05/dutch-govt-pulls-report-dangers-american-cloud-service-criticism

RE: https://fosstodon.org/@kdkorte/116180140578126363

"Bert Hubert posted a blog on his website criticizing the research. According to him, the report underestimates the risk governments face by using Amszon’s new cloud service. "

@bert_hubert holding the door :)

[RSS] Bypassing debug password protection on the RH850 family using fault injection

http://blog.quarkslab.com/bypassing-debug-password-protection-on-the-rh850-family-using-fault-injection.html

I've been seeing a lot of comments online about how browser telemetry is just a way to spy on users and we never actually use it, and it provides no value.

We can debate whether you think someone (Firefox or otherwise) overcollects telemetry, or doesn't collect it in a privacy-preserving enough way. And you should be able to turn it all off, for any reason.

But it's been instrumental for me, personally, to ship multiple security improvements to Firefox - and I'm just one of hundreds of developers. I wrote up some more here: https://ritter.vg/blog-telemetry.html

When looking at calculations of the environmental impact of LLM systems, consider carefully where the system boundary is drawn.

eg. Is the increased energy usage of the servers being scraped for source data included? Or the increased energy usage of every 3rd-party browser doing proof of work just to access the site? What about the network in between?

If I punch you in the face, and we want to measure the pain caused, we need to consider more than just how *my* hand feels afterwards.

I have just updated this old #IDA Plugin of mine: IDA Magic Strings.

https://github.com/joxeankoret/idamagicstrings

It now supports installation using hcli (https://hcli.docs.hex-rays.com/getting-started/installation/)

#IDAMagicStrings

Daily fill-the-blanks game:

"[REDACTED] technology is characterised by a constant stream of poorly thought-out experimentation and constantly trying to outdo the competition [...] Therefore [REDACTED] technology is not uniform, lending [REDACTED] a cobbled together and random appearance.[...] Much of [REDACTED] technology is unreliable and sometimes seemingly inoperable to [REDACTED], in some cases only working properly in the hands of an [REDACTED]."

Solution below...