USENIX WOOT Conference 2026: two submission deadlines this year! - Cycle 1: December 12, 2025 *only one month away* ! - Cycle 2: March 3, 2026 WOOT still has a SoK track and an "Up-and-coming track" (~Industry), CFP for details: www.usenix.org/conference/w...

C'est un document sans précédent : les caméras-piétons des gendarmes mobiles engagés à Sainte-Soline en 2023 dévoilent un maintien de l'ordre fascisant où tous les excès sont permis avec les encouragements de la hiérarchie. À partager. www.mediapart.fr/journal/fran...

Last chance to (self-) nominate for USENIX Security'26 Artifact Evaluation Committee! You should expect a low load of ~1 artifact for functionality/reproducibility assessments per cycle (max 3 for the whole year). Please support Open Science and fill the form by Oct 17: forms.gle/WoYRX4govNY1... 🚀

À #SecSea2k5 Aurélien Francillon d'Eurecom relate les expériences hallucinantes d'écoutes en reconnectant avec les documents NSA déclassifiés en parallèle 😁 ✅ Bluetooth 😧 ✅ JTAG fait tout fuiter "quand le 𝑗𝑖𝑡𝑡𝑒𝑟 révèle le calcul de la puce" 👏🏻 Génial 👍🏻

The Danish Presidency is pushing a dangerous proposal in the EU that would allow the government to scan all our private communications. www.eff.org/deeplinks/2...

Signal to leave EU rather than comply w/ Chat Control, which would scan all messages sent over end-to-end encrypted platforms. Vote on Chat Control's future Oct 14. Germany is the swing vote. Officials there opposed the measure in past but new govt silent re position therecord.media/signal-calls...

Interesting story how DES 56 became a 56-bit key algorithm (while having a 64-bit block size): "NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately, they compromised on a 56-bit key."

Archives du 26 juillet 2024 : Emmanuel Macron écarte l'option d'un gouvernement mené par @luciecastets.bsky.social au nom de "la stabilité institutionnelle".

Tomorrow at 6:30 PM the EU Green Parliament group holds a webinar on #ChatControl act.greens-efa.eu/chatcontrol

"Bad news: The proposal is going forward to be voted on on October 14th, and there's still no blocking minority achieved, as Germany reverted its position to undecided. Good news: There is still time to fight back!" Shut this monstrosity down NOW

Le projet de loi pour espionner vos conversations privées #WhatsApp revient sur la table, l’opposition se mobilise 01net.com/actualites/l... via @01net.com #EURECOM @aurelsec.bsky.social

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

Phrack 72 released today. phrack.org/issues/72/1 It got me thinking. I first read Phrack back in the 90's as I started hanging out on IRC (maybe '93 or '94?), as I was learning about FreeBSD and later, Linux. It must have been Phrack 43-45 where I started. What a wild ride on the Internet.

I reverse engineered Lockbit's Linux ESXi variant, also explaining how I did some of the steps! For the fun of it, cause reverse engineering is lots of fun. Enjoy! hackandcheese.com/posts/blog1_...

@blackhoodie.bsky.social will be at @sec-t.bsky.social on September 10th with a training on Linux Malware Reverse Engineering, for women by women! We have very few seats left 😁 blackhoodie.re/SecT2025/

Discounted early bird registration for WOOT '25 is still open until Monday - www.usenix.org/conference/w... - join us in Seattle on Aug 11/12 (right before USENIX Security) for talks and discussions on great cutting-edge offensive security research. Full program at www.usenix.org/conference/w...

Our research on open tunneling servers got nominated for the Most Innovative Research award :) The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security Brief summary and code: github.com/vanhoefm/tun... Paper: papers.mathyvanhoef.com/usenix2025-t...

Une pétition vient d'être lancée sur le site de l'AN pour demander au gouvernement français d'arrêter d'utiliser X pour ses communications officielles. Je l'ai évidemment signée. Avec toi ? (Et on fait tourner l'info) petitions.assemblee-nationale.fr/initiatives/...

Détecter les contenus pédocriminels en ligne : quelles options techniques ? Quels risques pour la vie privée ? theconversation.com/detecter-les...

Huge implications from this: Microsoft cut off the email of the chief prosecutor of the International Criminal Court, because of his work on Israel www.nytimes.com/2025/06/20/t...

Zonenberg et al. extract its one-time programmable memory through passive voltage contrast 🔬 using a focused ion beam ⚡: www.usenix.org/conference/w...

Two winners of the RP2350 Hacking Challenge will present their results at WOOT! Muench et al. break its secure boot guarantees through voltage, electromagnetic, and laser fault injection 💥 techniques: www.usenix.org/conference/w...

Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...

Since mid-2024, Google has refused to reinstate the access Nextcloud needs for uploading and syncing other file types to its host-your-own cloud platform.

Haven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!

📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going public this week. Dyon will present at IEEE S&P on Monday 3pm, while David and I will be on stage at @offensivecon.bsky.social on Saturday 11am with even more details! 1/6

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs. My findings are based on TM SGNL's source code, and they are corroborated by hacked data micahflee.com/despite-misl...

I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes micahflee.com/tm-sgnl-the-...

For the past while J-P at @newae.com has been working on a major #ChipWhisperer doc refactor - this is now live, check out chipwhisperer.readthedocs.io/en/latest/in... . It moves software, hardware, and even some tricks/tips all into once place using Jupyter Books. Huge improvement in usability!

Here you are @oflynn.com :)

💥Detection method for #symlink #backdoor on #fortinet "we are willing to share it, privately" More than 18k devices compromised Read more: blog.onyphe.io/en/symlink-b...

On est d'accord que...

📢 The Internet Archive needs your help. At a time when information is being rewritten or erased online, a $700 million lawsuit from major record labels threatens to destroy the Wayback Machine. Tell the labels to drop the 78s lawsuit. 👉 Sign our open letter: www.change.org/p/defend-the... 🧵⬇️

Logiciels espions : 21 pays s’engagent à lutter contre la prolifération des armes numériques

And pretty please, let's move S&P from San Francisco and NDSS from San Diego. Thanks 😘

Finally finished uploading my "Intro to PCB Design" lectures from my class this semester - Part 1 at youtu.be/N544CMR8I-M and rest linked from there. Slides and example project for students to complete at github.com/colinoflynn/... if you want to reuse it! #pcb #pcbdesign #electronics #kicad

"Signal would exit the French market before it would comply with this law as written" Meredith Whittaker @meredithmeredith.bsky.social, President of Signal @signal.org

Merci @gabrielthierry.bsky.social de revenir sur l'histoire incroyable des #ShadowBrokers en plusieurs parties #MustRead Partie 1 open.substack.com/pub/pwned/p/... Partie 2 open.substack.com/pub/pwned/p/... Partie 3 open.substack.com/pub/pwned/p/...

Nearly finished! "Modeling and Analyzing Security Protocols with Tamarin: A Comprehensive Guide" (Basin, Cremers, Dreier, and Sasse) will be published by Springer in the near future. I'm very happy to announce that a full draft of our book is now available for download at tamarin-prover.com/book/

Petit récap sur les amendements déposés sur la loi narcotrafic : - réintroduction de l'article 8 ter sur les applis chiffrées par Olivier Marleix (LR) www.assemblee-nationale.fr/dyn/17/amend... - mais aussi par Paul Midy (EPR) dans une versionTRES proche : www.assemblee-nationale.fr/dyn/17/amend...

Pour l'heure, aucun amendement du gouvernement à la #PPLNarcotrafic discutée à partir de lundi ne rétablit feu l'article 8ter (accès aux communications chiffrées). Mais on trouve trois amendements parlementaires, peu ou prou identiques (ça alors !), qui en proposent une version remaniée.

Chiffrement et «portes dérobées» : sur X, la ministre du Numérique C. Chappaz plaide pour un «équilibre». Mais lequel ? Soit il y a obligation de résultat, soit il n'y en a pas. Et la situation actuelle (obligation de moyens pour les opérateurs + piratage légal) n'est-elle pas un «équilibre» ?

Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at www.usenix.org/conference/w...

Ce dernier propose de permettre aux fournisseurs concernés par l’obligation de créer une porte dérobée d’opposer une impossibilité technique. www.assemblee-nationale.fr/dyn/17/amend... www.assemblee-nationale.fr/dyn/17/amend...

Pouria Amirshahi (Écologiste & Social) "Ces dispositions entraîneraient alors un affaiblissement généralisé des moyens cryptographiques & reviendrait donc à mettre en danger notre sécurité, comme le formulait Guillaume Poupard, ancien directeur de l’ANSSI" www.assemblee-nationale.fr/dyn/17/amend...

Eric Bothorel (Ensemble pour la Rép) & d’autres députés du groupe "L’exigence d’un affaiblissement des mécanismes de chiffrement va à l’encontre des principes fondamentaux de sécurité informatique & expose l’ensemble des utilisateurs à des menaces accrues" www.assemblee-nationale.fr/dyn/17/amend...

Elsa Faucillon (GDR) "la capacité de chiffrer ses communications numériques (...) est (...) l’un des derniers remparts, individuels & collectifs, aux intrusions arbitraires et illégales de nombreux acteurs, étatiques, privés ou criminels" www.assemblee-nationale.fr/dyn/17/amend...

Aurélien Lopez (RN) et d’autres députés du groupe : « Cet article est donc disproportionné et techniquement hasardeux » www.assemblee-nationale.fr/dyn/17/amend...

Paul Molac (Libertés, indépendants, Outre-mer et Territoires) : « Dans une société démocratique, les seuls besoins de l'enquête ne peuvent justifier une telle atteinte aux libertés publiques, cet article doit être supprimé. » www.assemblee-nationale.fr/dyn/17/amend...