sayzard3h ago

I read OpenSSL for fun and found a nonce leak

OpenSSL 4.0.0의 SLH-DSA 서명 구현에서 랜덤 nonce(주소 랜덤값)를 스택에 남겨두는 치명적이지는 않지만 보안상 취약한 버그가 발견되었다. nonce를 지워야 하는데 조건문 오류로 인해 정상 경로에서는 스택 버퍼를 지우지 않아, 프로세스 크래시 시 코어 덤프, 스왑 파일, 정보 노출 취약점과 연계될 수 있다. ML-DSA 구현과 비교해보면 SLH-DSA 코드가 변수 혼동으로 인해 클렌징 로직이 잘못 작성된 것이 원인이다. 간단한 코드 수정으로 문제를 해결할 수 있으며, FIPS 140-3 준수에도 영향을 미친다.

https://blog.himanshuanand.com/2026/05/i-read-openssl-for-fun-and-found-a-nonce-leak/

#openssl #cryptography #security #postquantum #bug

I Read OpenSSL for Fun and Found a Nonce Leak

I was poking around the OpenSSL source code recently. Not really hunting for anything specific (one of the most heavily audited codebases), just curious about how the new post-quantum crypto stuff was wired up in version 4.0.0. I went in expecting to find nothing interesting. Instead I tripped over a single-character logic bug that leaks cryptographic randomness onto the stack on every signing call. Quick disclaimer: I am not a crypto person.

Himanshu Anand :: Threat Notes
Bleme5h ago

Un développeur au Bug Bounty privé d’OpenAI 🤓 🛡️ 🤖

https://video.ut0pia.org/w/56vy4eKk8ebi1SPJwaDF7Y

Un développeur au Bug Bounty privé d’OpenAI 🤓 🛡️ 🤖

PeerTube
Hacker News16h ago

When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug

https://blog.cloudflare.com/quic-death-spiral-fix/

#HackerNews #Linux #QUIC #optimization #bug #idle #performance #kernel

When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug

We investigated a bug where CUBIC's congestion window became pinned at its minimum floor, causing a performance to plummet. The fix involved correctly measuring idle periods to distinguish RTT wait times from actual application idleness.

The Cloudflare Blog
Diego Pastor1d ago
Cassida hemisphaerica (fam. Chrysomelidae)

[ES] Pensaba que estaba fotografiando una chinche y resulta que es un curioso escarabajo. Tuve que sujetar la flor por el viento que hacía, así que he tenido que recortar mucho para que no salga mi mano. Fotografiado con el móvil.

[EN] I thought I was photographing a hemipteran and it turned out to be a very curious beetle. The photo is cropped so my hand is not visible because I had to hold the flower which was being shaken by the wind. Photographed with the mobile phone.

2026/05/12, provincia de/province of Cáceres (Spain).

#coleoptera #chrysomelidae #cassida #cassidahemisphaerica
#escarabajo #beetle #leafbeetle #bicho #bug #insect #insecto #insects
#nature
#flowers #wildflowers #bloomscrolling
Andy Piper1d ago

FWIW this double-post happened via the web app (4.5.9), not a third party API client @MastodonEngineering

(I've now deleted one of them)

#bug

Sergei Trofimovich1d ago

Today's `nix` bug is https://github.com/NixOS/nix/issues/15839.

There `nix` fails to build a derivation that creates files with and without `.tmp` extension:

```
__contentAddressed = true;
postBuild = ''
touch $out.tmp
touch $out
'';
```

#nix #bug

`__contentAddressed = true;` builds crash nix on `.tmp` files · Issue #15839 · NixOS/nix

Describe the bug When nix tries to use .tmp suffix it sometimes collides on already existent files and crashes without a chance to recovery. Steps To Reproduce a.nix: example { pkgs ? import <nixpk...

GitHub
Diego Pastor1d ago
Nomada sp? (fam. Apidae)

[ES] Una foto difícil, con mucho viento y con el sol "de culo". Ha quedado regu, pero me encantan las abejitas que duermen agarradas con las mandíbulas a la vegetación. No estoy seguro, pero por comparación de fotos me parece del género Nomada; de la especie ya ni idea.
Tienen una biología interesante: se parecen a avispas y no recolectan polen, por lo que tienen poco pelo (la mía es bastante peluda comparada con tras especies). Son cleptoparásitas (como el cuco): ponen un huevo en una celda abierta de nidos de Andrena sp (otra abeja). Cuando la larva nace, mata a su compañera de celda y se zampa el acopio de néctar y polen que le dejó su madre (¡qué cabrona!).
Más información (en inglés): https://www.nhsn.org.uk/nomad-bees/

[EN] This photo was difficult to take, with a strong wind and the sun hitting from the back, so it didn't turn out well, but I like how it hangs on the twig with its mandibles. I'm not sure, but I think it belongs to the genus Nomada.
These bees have a very interesting biology: they look like wasps and they don't collet pollen, so they haven't got much hair (mine is hairy compared to other species from the genus). They are cleptoparastes (like the cuckoo): they lay one egg in an open cell of the nest of Andrena sp (another bee) and when it hatches, the larva kills its cellmate and eats all the pollen and nectar its mother collected for it.
More information: https://www.nhsn.org.uk/nomad-bees/

2026/05/10, provincia de/province of Cáceres (Spain).

Equipo/Equipment: Canon EOS 400D + Tamron SP 90 mm f/2.8 Di MACRO 1:1
ISO 800, s 1/200, f/8,0. A pulso/Handheld.

#hymenoptera #apocrita #apidae #nomada
#abeja #bee #nomadbee
#insecto #insect #bicho #bug
#macro #macrofotografía #macrophotography
#nature
The Eclectic Light Company [Unofficial]2d ago

What has changed in macOS Tahoe 26.5?

https://web.brid.gy/r/https://eclecticlight.co/2026/05/11/what-has-changed-in-macos-tahoe-26-5/

What has changed in macOS Tahoe 26.5?

The update bringing macOS Tahoe to version 26.5 is modest in size and, apart from its security fixes, seems largely routine maintenance. The only release notes worth reading are those listing vulne…

The Eclectic Light Company
Barrie2d ago
Lady bug with a visitor
#bug
#ladybug
#insect
#macro
#macroworld
#macrovision
#vivox200pro
#nunspeet
DimaLink2d ago

Panda Ant – Walking Through a Field

Panda Ant is making his way through the grass. It rained this morning. And there are lots of drops of water. He can drink them. The water is delicious. And the grass is green. He can eat. Panda Ant often comes here. He's a builder. He loves to build things. Out of sticks. For example, he can build a house.

#ant #panda #insect #bug #field #grass #littleanimals #goodandkindanimal #friend #antpanda #fluffy #builder