Phrack 73 CFP

https://phrack.org/

With a demo!

The perfect headline doesn’t exi…

https://www.engadget.com/big-tech/google-pledges-roughly-three-hours-of-its-annual-profit-to-fight-climate-change-164808010.html

[RSS] Reverse-engineered the WiFi transfer protocol for HeyCyan smart glasses (BLE + USR-W630 WiFi module) -- first iOS implementation

https://alexschar.dev/HeyCyanCaseStudy

[RSS] A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets

https://blog.calif.io/p/a-race-within-a-race-exploiting-cve

[RSS] Reviving a 20-year-old puzzle game Chromatron with Ghidra and AI

https://quesma.com/blog/chromatron-recompiled/

[RSS] U-Boot security improvements using Arm memory permissions

https://www.linaro.org/blog/undefined/

[RSS] Coercing machine accounts through MsSense.exe -- MDE becomes the attack vector

https://medium.com/@Sniffler/stuck-without-coercion-options-why-not-just-coerce-mde-aecc23b43b66

[RSS] Getting a Shell on the Tapo C260 Camera (CVE-2026-0651, CVE-2026-0652, CVE-2026-0653)

https://spaceraccoon.dev/getting-shell-tapo-c260-webcam/

"Besides, they are good company, my sheep."

A new page of my comic Ekphrasis, which you can read for free at https://ekphrasiscomic.neocities.org/.

RE: https://framapiaf.org/@Bristow_69/116178473393080452

inkscape is hiring 2 c++ developers. they have a big red warning box saying absolutely fuck off with your genai

Neptune's Spatuala is a great scene about care and quality (see how I carefully avoid the A word?):

https://www.youtube.com/watch?v=eYeNKdJhk98

IT people should watch more Sponge Bob!

The FBI got compromised, again. Their wiretap system got compromised, again?!

https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

"some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target"

Translation: The police has to write a carefully worded mail to Switzerland.

If you ask AI to rewrite the entirety of an open-source program, do you still need to abide by the original license? In philosophy, this problem is known as the Slop of Theseus

If you don’t build infrastructure to conduct indiscriminate and omnipresent mass surveillance, then your enemies can’t gain access to it.
https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

so if you want to subscribe to a vpn, and you were considering proton, maybe dont

https://infosec.exchange/@josephcox/116178496048136287

So, the Dutch government tried to whitewash Amazon's sovereign cloud offering, only to be called out so hard that they had to withdraw the paper.
#digitalsovereignty
https://nltimes.nl/2026/03/05/dutch-govt-pulls-report-dangers-american-cloud-service-criticism

RE: https://fosstodon.org/@kdkorte/116180140578126363

"Bert Hubert posted a blog on his website criticizing the research. According to him, the report underestimates the risk governments face by using Amszon’s new cloud service. "

@bert_hubert holding the door :)

[RSS] Bypassing debug password protection on the RH850 family using fault injection

http://blog.quarkslab.com/bypassing-debug-password-protection-on-the-rh850-family-using-fault-injection.html

I've been seeing a lot of comments online about how browser telemetry is just a way to spy on users and we never actually use it, and it provides no value.

We can debate whether you think someone (Firefox or otherwise) overcollects telemetry, or doesn't collect it in a privacy-preserving enough way. And you should be able to turn it all off, for any reason.

But it's been instrumental for me, personally, to ship multiple security improvements to Firefox - and I'm just one of hundreds of developers. I wrote up some more here: https://ritter.vg/blog-telemetry.html