meik 🥋☠️✌️🤘

I just learned the sad news that Peter Neumann has passed away. Peter Neumann shaped how a generation of security people learned to think about risk. As editor of RISKS Digest, he gave many of us coming up in the 1990s and early 2000s a steady education in the real-world consequences of computer failures. His work made the field more serious, more thoughtful, and more honest. He will be missed. I first met Peter when we both testified at the 1998 Senate Governmental Affairs Committee meeting on Government Security where the L0pht testified. The combination of Peter and the L0pht made the hearing more powerful even if us hackers stole the spotlight. Neumann and the L0pht made the same argument from two different directions. Neumann gave the institutional, systems-engineering view: the country was becoming dependent on brittle, interconnected systems that were never designed for security, reliability, or survivability. The L0pht gave the field evidence: here are the actual flaws, here is how attackers think, here is how cheaply and quickly these systems can fail in practice. Neumann supplied the credibility of a long-time researcher warning that this was not just “hackers breaking into things,” but a structural failure of technology markets, procurement, engineering discipline, and risk management. The L0pht supplied the proof that the warnings were not theoretical. Together, we made the hearing unusually powerful: the academic risk community and the hacker community were telling the Senate the same thing, in different languages, before the rest of the world had fully caught up.

💾😂 It’s actually wild that Gen Z has never experienced the pure serotonin of watching MS-DOS DEFRAG do its little block dance. Your 4GB 386 is choking on life? Just run DEFRAG and stare at it like it’s 1993 Netflix. Don’t fight the hypnosis… become one with the pixels.😵‍💫

We are happy to announce FREE Corelan exploit development walkthrough series to help people work through the legendary tutorials step-by-step on Windows 11! Huge thanks to @corelanc0d3r for making this content freely available and @wetw0rk7 for helping modernize it.

old school unix hacks are still "super effective" today

PS1 is 31 years old PS2 is 26 years old PSP is 22 years old Xbox 360 is 21 years old Nintendo DS is 20 years old PS3 is 19 years old PS4 is 13 years old Switch is 8 years old PS5 is 6 years old You didn’t grow up with retro games. You grew up with modern classics.

holy SHIT new killer feature i've been waiting for for ages for dnSpyEx goated @washi_dev

just like my vibe-coded app—yeah, it’s buggy, but if it works, don't touch a thing

Public PoC for NGINX CVE-2026-42945. An 18-year-old RCE flaw in the rewrite module enables server takeover. Update to NGINX 1.31.0 or 1.30.1 immediately. #NGINX #CyberSecurity #InfoSec #RCE #Vulnerability #CVE #WebServer #PoC #GitHub #SysAdmin #TechNews securityonline.info/nginx-rce-vuln…

I appreciate everyone dropping linux privesc 0days in the current AI renaissance, but to really make it feel like the good ol days someone needs to drop a weaponized pre-auth SMB or RDP RCE. We haven't had a good Windows worm in AGES.

Mon ressenti du mois de mai

John Carmack: C's simplicity makes it easier to work with, especially in projects like OpenBSD's kernel.

Why are API keys not bound to an IP address allow list? I never see this option available in API services. Failing that, you should also receive an email whenever a new IP address attempts to use your API key. API keys should double up as canary tokens.

В марте хакеры ФСБ провели рассылку писем со ссылкой, переход по которой мог привести к полной компрометации устройства. Я был первый, кто обратил внимание на эти письма, проанализировал их, а также отобрал у ФСБ их домен. Тред с подробностями и советами:

And now you don't 🙃

I agree AI won’t find all the bugs, but the correct conclusion (imho) is there will always be bugs and exploits and so nothing will change. This is the same argument when winxp2 came out and when aslr+DEP came out. Also, AI will be creating bugs and so there will be a new supply.

MIT teaches operating systems by giving students a complete Unix like kernel and asking them to modify it it is called xv6 and is about 6000 lines of C a reimplementation inspired by Unix Version 6 from 1975 rewritten in modern C for x86 multiprocessor processes system calls virtual memory and filesystem are all there and small enough to read end to end in a weekend this is what you study to understand how operating systems actually work not just how they are described

Time to return to their roots of putting a laptop on a table and awarding the physical device to the first person to pwn it

Counterpoint: if you throw a rock in a random direction at Defcon or Blackhat you will hit someone with a blue belt or above in BJJ