Arrigo Triulzi

There is something about Heathrow, and UK airports in general (except LCY), which defeats understanding. I have been going through since the 1980s and the experience is unchanged, just shinier.

There is always Heathrow in Summer to provide you with the very worst expectations.

AWS deleted my 10-year account and all data without warning After 10 years as an AWS customer and open-source contributor, they deleted my account and all data with zero warning. Here's how AWS's 'verification' process became a digital execution, and why you s...

"In Cloud we Trust"™

www.seuros.com/blog/aws-del...

What gets the Attention? Consulting the OWASP top 100,000 from the Appendix to the Addendum to the Supplement to the Apocrypha, Volume 127, we see… #17,245 Spectre #17,246 POODLE #17,247 Meltdown #17,248 Rowhammer #17,249 DROWN #17,250 ROCA … What do all of these have in common? No-one ever uses them * there are 17,244 easier ways to carry out an attack * this is why they've been referred to as "stunt cryptography" Stunt cryptography attack * You have a 0.00001% chance of recovering 2 bits of plaintext from a single message Any of the OWASP top ten * You have a 100% chance of recovering the plaintext of all the messages

Periodic reminder about stunt hacking¹.

You will get done by phishing.

Nothing else matters.
__
¹ www.cs.auckland.ac.nz/~pgut001/pub...

TS celebrating seL4 Day

Today is the 16th anniversary of the completion of se4’s proof of implementation correctness, and the 11th anniversary of seL4 being open-sourced.
Happy #seL4 Day from all at Trustworthy Systems!

The long version of why you need key authentication for SSH servers: "The Hail Mary Cloud and the lessons learned" nxdomain.no/~peter/hailm... #ssh #passwordgroping #unix #linux #openbsd #freebsd #pf #packetfilter

Also, The 4th edition of the Book of PF is coming soon: nxdomain.no/~peter/yes_t...

Oh, it is just the provision of information to one of the worst possible jurisdictions where to send any form of information, never mind rather sensitive information about possible abuse targets, the rest is just icing on the cake, is it not?

Perhaps if someone rephrased the UK ID verification as "sending information about minors to the USA where we don't quite know who is in the Epstein files" might actually help to focus minds?

Non possiamo semplicemente organizzare la "coda infernale" per loro?

it adds "stupidity" to the menu.

Your cloud database is not co-mingled, it is co-pwned.

It is an attack.

Latest Security Liberation Front issue is out!

slf.fish

Hopefully they did not have a banner with “like what you see? be part of it!”, given the current world…

That would be a "yes", then.

It is the plan B career for most Italians in IT … ;P

“Our windows make you feel in the air”

It must be really difficult to run a marketing campaign for a Russian windows & frames manufacturer.

You should have just written "Shit sekurity software brings clowns to 8.5m boxes"

You know how Italians have a habit of trying out political ideas before the rest of the world catches on…

Film poster for “Fascisti su Marte” (“Fascists on Mars”).

Ah, there is a script for the latter bit.

See en.wikipedia.org/wiki/Fascist...

Better than “I’ll send it to my number and authenticate you”… #truestory

I am also puzzled as to dodging of uncharted landmines while walking to the beach, amongst other fabulous "surprises"… that place was a fortress which outclassed all the other fortresses built across Albania.

One wonders whether the companies doing their risk assessments and completing their SBOMs actually have the courage to write something like "if this is backdoored we're stuffed" or "this is a critical dependency but we don't even pay for support".

I bet the answer is "no".

It is 2025 and we have companies still expecting free, and immediate, 24x7 support from open-source maintainers of projects they liberally use and have never contributed to in any way or form, God forbid paying for support.

Time to backdoor them all? Or timebomb them?

YES 😍 1 year till the next AREA41 conference🥳
The new location is www.thehall.ch and we are excited to grow🤩
18.-19.June 2026
-> a41con.ch

weird, it worked for me when I grabbed it but I was using Waterfox.

It is getting better by the hour: apparently now, since Iran got hit by Stuxnet, the US enrichment plant (which one?) is going to “be hacked back”…
No issues there: no Siemens PLCs in US enrichment plants and, er, no enrichment plant except the Urenco in Louisiana doing reactor-grade fuel…

I wish I had come up with the Hans Blix clip, I wish… ;)

No, it was a friend asking in good faith because he had heard it on the news.

UPDATE: the complete report, in English, is out¹.

__
¹ archive.today/2kJ4i