Russell Phillips

A really neat paper on intercepting satellite coms satcom.sysnet.ucsd.edu/docs/dontloo...

I learned so much from the Document Security Alliance meeting! But does the term “Question Document” give artifact of power vibes to anyone else?

Heading out to DC for a talk at the Document Security Alliance annual meeting! I’m looking forward to learning more about the state of the art in secure documents. And also sharing what I’ve learned from live events.

03 APOCALYPSE NOWISH RECEDIUG RERUITY This Magazine Uses Cookies The Cookies Are Ours. The Choice Is Yours. In Formation values your privacy. We use cookies to customize your print reading journey using our proprietary PaperPusher technology. We can't tell you anything about it, because we value our own privacy more than yours. In addition to your privacy, we also value your private information, including but not limited to your real-time location, sexual preference(s), prescription history, and salty snack choices. We reserve the right to respect, inspect, and judge you and your truth, and to share it with our partners, our partners' partners, and our partners' partners' partners. You are seen. You are so seen. By clicking "Accept All Cookies," you agree to an irrationally exuberant reading experience. By clicking "Accept Essential Cookies Only," you will opt for a more depressive-realist reading experience. By clicking "Customize Settings," you will be provided with the illusion of control. Thank you for getting In Formation. Accept all cookies Accept only Essential cookies Customize By turning this page, I agree to assign all of my assets and medical power of attorney to In Formation, Inc.

“This magazine uses Cookies.”

“In Formation values your privacy… we can’t tell you anything about it, because we value our privacy more than yours.”

“By turning this page, I agree to assign all of my assets and medical power of attorney to In Formation, Inc.”
😂

Finally got back to my longstanding on-again off-again SDR project. Treated myself to a new Raspberry Pi to run it headless and wow, package support and native features are way better than last time I tried anything. Bluetooth headphones just worked! It is finally the year of the Linux Desktop!

This paper is an excellent example of an academic dis track "Replication of Quantum Factorisation Records with an
8-bit Home Computer, an Abacus, and a Dog" - eprint.iacr.org/2025/1237.pdf

If we do the former part right, we won’t need people to do the latter part. And it is actually hard for users to avoid services that retain metadata. Even assuming those services are accurate in their public statements, parsing them often requires expertise users shouldn’t be required to have.

McDonald's not lovin' it when hacker exposes rotten security : Burger slinger gets a McRibbing, reacts by firing staffer who helped

McDonald’s security is a soggy fry bucket: plaintext creds, free-food exploits, CEO emails spilling, 64M job apps cracked by “123456.” They fired the whistle, not the bugs. Surveillance clown empire running on duct tape.

Let’s get Digital! Updated Digital Identity Guidelines are Here!

New NIST Digital Identity guidelines are out: www.nist.gov/blogs/cybers...

SP 800-63 no longer allows forcing users to change their password just because time has elapsed. Lets see if the insurance underwriters finally update their policies to match...I'm not holding my breath.

Another excellent DEF CON! I’m excited to keep up with what all you cool people are doing!

Still counts!

If you’re still at DEF CON swing by Track 5 at 2PM, I’ll be giving a fun talk on counterfeiting event credentials & how to get your fake badge into events!

Using ASCII Art as an anti AI Agent technique won’t last forever, but I’m going to keep this in my back pocket.

“whenever Claude logged on, its context would be immediately filled with ASCII pictures of fish (Figure 3), which would then be auto-summarized and given to a new Claude, which would forget that it was trying to log onto a server.” red.anthropic.com/2025/cyber-c...

Interesting that the opinion on AI at DEF CON ranges from “let’s vibe code a SOAR stack” to “look at the vulns, so many vulns” but absolutely everyone is adjusting to having to deal with gen ai + security one way or the other.

The villages, competitions, and communities are the real treat at DEF CON. Such a great community!

Excited for a bunch of talks at DEF CON today! I’ve been looking for some good mesh networking solutions for event operations applications & RETCON seems like a fascinating solution: info.defcon.org/content/?id=...

the LVCC pre functional area, showing a large digital sign and small crowds of people.

DEF CON vibes are good

Events have a particular business risk from data breaches. Beyond normal customer data, proprietary event data poses a real safety and reputation risk. Unannounced content, operational plans, riders, etc all make it worse.

I'm packing for DEF CON and its so tempting to bring my microscope with me....

I refuse to call voice phishing "vishing" not only does it sound goofy but it is not helpful. Promoting the idea that phishing is channel specific trains users to only pay attention in those channels. But phishing can be whatsappishing, intercomishing, twitchishing, or even coffeeshopishing.

Your public ChatGPT queries are getting indexed by Google and other search engines | TechCrunch Search engines are indexing links to ChatGPT conversations that have been made sharable with a link.

The privacy implications from publicly indexing LLM chats isn't surprising, but people routinely create policy that treats LLM chats like search queries rather than much more private data. The industry needs to reckon with the fact they've pushed users to share deeply. techcrunch.com/2025/07/31/y...

Anyone have of any good examples of LLM code execution vulns that are server-side rather than user-side? As tool use becomes more common we should see more examples of this.

I'm late to the hot takes about Tea, but luckily for me it won't be long until another unsecured S3 bucket dumps a bunch of ID verification photos into the public. Then I'll seem prescient.

After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords Massive 2023 hack was easily preventable, Clorox says.

This part of the Clorox hacking story is wild to me! Even if the helpdesk had followed their policy, the only information required for a password reset was the manager's name and the user's username. Even the unenforced policy was bad too! arstechnica.com/security/202...

LLMs are the new frontier in unsanitized user input and we're going to see more and more exploits of this.