Sergey Simakov (@[email protected])

Ridiculous. Degrowth nonsense.

ACM CAIS is a the first research conference focused on agentic and AI systems, and will run in San Jose this year. The deadline is coming up Feb 27th — submit your papers here: caisconf.org

Very bad experience with @avianca for AV 191 today: 1) cannot explain why only 1 person of 2 able to check-in online. With unclear “incomplete” message 2) refuses to support suitcase that was checked in by Alaska on the way to FLL, that they don’t have it in the system!

Post Quantum Cryptography - Time to Get Going. There are wide ranging estimates on the time frame in which to be concerned about the existence of a cryptographically relevant quantum computer (i.e. one that can break RSA / ECC in reasonable time). But the three triggers/warnings to look at are: 1. Are there machines with higher numbers of physical qbits. 2. Are there less physical qbits needed to make good logical qbits. 3. Are there other advances that reduce the number of logical qbits needed. If all 3 are blinking red that you will want to bring in your time frames for when your PQC migration is done. This blog from Google highlights significant progress on reducing the number of physical qbits needed to factor RSA 2048. Warning lights are starting to switch on. security.googleblog.com/2025/05/tracki… If you haven't even started planning your PQC migration then you really should start. Some guidance on how to get going here: philvenables.com/post/post-quan…

Want to check for #ESC15 ? Use the following cypher with #BloodHound MATCH p=(:Base)-[:MemberOf*0..]->()-[:Enroll|AllExtendedRights]->(ct:CertTemplate)-[:PublishedTo]->(:EnterpriseCA)-[:TrustedForNTAuth]->(:NTAuthStore)-[:NTAuthStoreFor]->(:Domain) WHERE ct.enrolleesuppliessubject = True AND ct.authenticationenabled = False AND ct.requiresmanagerapproval = False AND ct.schemaversion = 1 RETURN p Thanks @Jonas_B_K More information available here: trustedsec.com/blog/ekuwu-not…

IN CASE YOU MISSED IT: The EU — in private — amended draft digital identity regulation to create a legally-mandated surveillance backdoor in HTTPS. Over 300 academics & tech experts YESTERDAY published an open letter calling on the EU to fix this + follow web standards instead:

Caricatures of Security People 2. Cryptographer turned Security Guru Says things like: “If only people more than just me realized that security processes are important we’d be in a much better place.” philvenables.com/post/caricatur…

I just enabled MTE on my new Pixel 8!! 😁🔥 Check out Mark's blog on how to enable MTE on the Pixel 8 and Pixel 8 Pro: googleprojectzero.blogspot.com/2023/11/first-…

"@Google's Titan chip measures a machine's boot firmware before it runs, so that Titan can determine whether the boot firmware satisfies the machine credential's boot policy" cloud.google.com/docs/security/…

I spoke at @MSFTBlueHat last week. ➡️github.com/JohnLaTwC/Shar… I will follow up with a link to the recording when it is posted. Some highlights from my talk below👇👇👇

Our next whitepaper is out cloud.google.com/docs/security/… - if you were wondering how Titan secure elements are used in the production fleet. #gsecurity Stay tuned for more whitepapers 😉

🔖 Pitfalls of relying on eBPF for security monitoring (and some solutions) eBPF was never intended for security monitoring. It is first and foremost a networking and debugging tool. From @trailofbits blog.trailofbits.com/2023/09/25/pit…

Long blog post about Cloudflare’s new “encrypted client hello” protocol for TLS. blog.cloudflare.com/encrypted-clie…

A few years old but still very interesting works by @Riscure for learning fault injection and secure boot bypass techniques: raelize.com/upload/researc… raelize.com/upload/researc… raelize.com/upload//resear… #cybersecurity #hardware

@royalhansen Kunsthistorisches museum is amazing!

Arguably the greatest room in any art museum on the planet

Encrypted Client Hello (ECH) is a new proposed standard that improves encryption and metadata protection for connections online that use TLS for security. After years of testing and refinement, it's finally happening. Chrome has been testing ECH for months, and is now enabling it by default in Chrome 117: chromestatus.com/feature/619670…. Firefox is not far behind: elevenforum.com/t/encrypted-cl…. Cloudflare just launched support for ECH for all customers: blog.cloudflare.com/announcing-enc…. These changes amount to the removal of the hostname from cleartext for huge chunk of Internet communication. Considering how long the hostname has been in cleartext and how many products were built around that assumption, it's going to be an interesting rollout.

In the spirit of "this talk could've been a tweet", I just pushed a button: #BinDiff is now open source. - Snapshot release, no major new functionality - Release binaries later today or tomorrow - This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)

"We’re working towards a future of personalized vulnerability detection with little manual effort from developers. With the addition of LLM generated fuzz targets, OSS-Fuzz can help improve open source security for everyone." security.googleblog.com/2023/08/ai-pow…

Beautiful #PNW

But the overall risk for Europe 🇪🇺 is that its prosperity and influence will continue to decline given how important technology is to economic vitality and competitiveness (21/25)