Come be part of Cedarcrypt, our historic new initiative to grow cryptography research, development and representation in the Levant region!
We're seeking speakers and workshop leaders: our call for submissions is open! Learn more: cedarcrypt.org
Please spread the word!
RIP Tony Hoare, March 5 2026, age 92
blog.computationalcomplexity.org/2026/03/tony...
The Russian way of war is not working either. Maybe it's war that is the problem?
Abstract. Signal is a secure messaging app offering end-to-end security for pairwise and group communications. It has tens of millions of users, and has heavily influenced the design of other secure messaging apps (including WhatsApp). Signal has been heavily analysed and, as a result, is rightly regarded as setting the “gold standard” for messaging apps by the scientific community. We present two practical attacks that break the integrity properties of Signal in its advertised threat model. Each attack arises from different features of Signal that are poorly documented and have eluded formal security analyses. The first attack, affecting Android and Desktop, arises from Signal’s introduction of identities based on usernames (instead of phone numbers) in early 2022. We show that the protocol for resolving identities based on usernames and on phone numbers introduced a vulnerability that allows a malicious server to inject arbitrary messages into one-to-one conversations under specific circumstances. The injection causes a user-visible alert about a change of safety numbers, but if the users compare their safety numbers, they will be correct. The second attack is even more severe. It arises from Signal’s Sealed Sender (SSS) feature, designed to allow sender identities to be hidden. We show that a combination of two errors in the SSS implementation in Android allows a malicious server to inject arbitrary messages into both one-to-one and group conversations. The errors relate to missing key checks and the loss of context when cryptographic processing is distributed across multiple software components. The attack is undetectable by users and can be mounted at any time, without any preconditions. As far as we can tell, the vulnerability has been present since the introduction of SSS in 2018. We disclosed both attacks to Signal. The vulnerabilities were promptly acknowledged and patched: the first vulnerability was fixed two days after disclosure, while the second one was patched after eight days. Beyond presenting these devastating attacks on Signal’s end-to-end security guarantees, we discuss more broadly what can be learned about the challenges of deploying new security features in complex software projects.
Image showing part 2 of abstract.
Signal Lost (Integrity): The Signal App is More than the Sum of its Protocols (Kien Tuong Truong, Noemi Terzo, Kenneth G. Paterson) ia.cr/2026/484
Was thinking that the famous scene in Downfall is exactly how I expect “the end” for the current bloke being played.
IP66: an MMDB-compatible IP Geolocation Database with ASN, country, and continent data. Free to use, no license keys required, updated every day. #Network ip66.dev
Thought I'd sahre the Swiss Cyber Security starter pack again.
Am I missing somebody?
go.bsky.app/4xD359p
holy fuckin shit lmao
a supply chain attack perpetrated by a prompt injection in a github ISSUE TITLE
eh. coding agents? what could go wrong
You don’t follow it if the Boss says otherwise, I suspect.
"watch the Pasdaran walk into the US bases" kind of show?
To use Zed you need to be 18+, force a binding arbitration and waive your right to class action lawsuits.
That's, a strange move.
zed.dev/blog/terms-u...
inevitably, Alexander was not your run off the mill bloke, was he?
Well, Alexander the Great did manage to successfully put feet on the ground in Persia.
Epic Slurry?
good morning everyone project your personal imposter syndrome onto this gif ur welcome
I can't remember the name of the op any longer, is it Epic Fail?
oh, I also forgot about the Emanuela Orlandi story which is, probably, an ante-litteram Epstein in Vatican sauce¹. But, having said this, it would have been covered by the previous keywords. Objectively, the Vatican has a millennial history of power…
__
¹ en.wikipedia.org/wiki/Disappe...
Oh don’t start with the Swiss Guard murders… there’s a whole web of intrigue there. Some keywords: P2, Card. Marcinkus, Banda della Magliana, IOR, Enimont, etc.
I'm saddened to see that literally nothing has changed in 30 years since I was making the same remarks on Usenet.
"The power of accurate observation is commonly called cynicism by those who have not got it."
— George Bernard Shaw (1856–1950)
The normalisation of war is the saddest part in all of this…
Lands of Packets
TTL exceeded.
I would like to collect texts from the scene about FX in his memory. A collection of obituaries that will then be posted on phenoelit.de.
If anyone would like to contribute, please contact me.
Mail: joernchen@phenoelit.de
Signal: jrn.07
I was reminded today that you can use OpenBSD tcpdump(8) as a quick and dirty firewall.
# tcpdump -B drop -i em0 udp and port 69
This drop packets completely in the network interfaces interrupt handler!
RIP FX - You are a legend
As much as I hate saying it: “better the Devil you know.” I sincerely hope this is for the best but recent history has sadly shown otherwise.
somewhere it turns on the fans to max and bricks the machine?
heyyyyyy. check this out
i bought one of those chinese motherboards which get the UEFI package from American Megatrends and then enable options with the guiding of "YES."
check out how many juicy bits it has
you can turn the memory scrambler on […]
[Original post on social.treehouse.systems]
The FIFA peace prize was a mockery to begin with…
taking out all potential replacements for current regime who are not liked?
