Or why we should all be concerned and condemn the latest pager and walkie-talkie attacks. They clearly opened a Pandora's box, it'd be surprising not to see more of those from various organizations. The funds and efforts required make it affordable enough.

Interesting comparison of the difference in approaches between RedHat and Debian about default system hardening.

Looks like an interesting venue to attack systems which use LLMs.

Nice post explaining the basics of OAuth. If you wonder why the flow seems so convoluted, this article is for you.

Interesting point. As the memory safety of our APIs will increase, can we reduce the amount of sandboxing we need? This will never remove completely the need if only for logic bugs, but surely we could become more strategic about it.

Woops, this was clearly a very bad security issue allowing to completely bypass airport security screening in the US.

Here a good reminder that the PR of Telegram is highly misleading. It's not very secure, they don't really care about your privacy.

Interesting comparison between old attempts at backdooring OpenSSH and the latest xz attempt. There are lessons to be learned from this. It makes a good case for starting to sandbox everything.

Looks like a nice tool to monitor your network.

Scary thread... developers should know better than do this and ship it on devices around the world. Their data is now anyone for the taking and users' privacy can't be ensured.

Clearly a new OpenSSH feature to keep an eye on. This should improved security of the server by default. That said, it needs to be a bit more in the wild before knowing how to best tune it.

Interesting take, those bugs are more convenient to exploit. Logic bugs are too specific to easily exploit at scale.

Luckily this kind of very low level vulnerabilities are not too common and difficult to exploit. But when they get exploited all things break loose and you can't trust your hardware anymore.

Someone was about to get revenge, this gives an interesting exploration.

A very good piece, it's nice it's been resurrected. This is a good reminder that the blame and shame of the user for general computing security is plain wrong. It's we the developers and the UX designers who should be kept on our toes.

Looks like we really get back to the same type of vulnerabilities... it's only a couple of dozens usual suspects.

Definitely not as fashionable as the kubernetes craze. This gives very interesting properties that multi-tenant applications can't really provide. The article is nice as it lays out properly the pros and cons, helps make the choice depending on the context.

A reminder that Secure Boot is worth nothing if the device makers don't manage cryptographic keys properly...

Interesting story. This is getting harder to hire for remote positions I guess.

Make sure to read also part 2. You'd expect critical infrastructure like this to not be exposed over the Internet, and to be properly protected...