Jann Hornfrom the Security Cryptography Whatever podcast, talking about openssl API design choices: https://youtu.be/jhdLja5mWbU
| Pronoun | er/he |
Liam
- 153 Followers
- 111 Following
- 233 Posts
in search for flags and vulns
After a long time, I started looking at V8 again this weekend, probably not reachable though: https://chromium-review.googlesource.com/c/v8/v8/+/7594526
Google took our research paper "DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing" and upstreamed the code to both v8 and Fuzzilli, where it will be maintained and actively run on more cores than we could ever rent.
Flüpkehttps://access.redhat.com/security/cve/cve-2025-68973
> To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG.
Before verifying a signature with GnuPG use some secure scheme to verify authenticity? 🙂🙃🙂🙃
Anyone at #39c3 who happens to have TI TMS320C6000 binaries or even actual hardware here. Please reach out over DECT 6087, here, or at the KITCTF assembly in the CTF area.
Giving https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/to-sign-or-not-to-sign-practical-vulnerabilities-i with @49016 at #39c3
[39c3] To sign or not to sign: Practical vulnerabilities in GPG & friends
Beyond the underlying mathematics of cryptographic algorithms, there is a whole other layer of implementation code, assigning meaning to the processed data. For example, a signature verification operation both needs robust cryptography **and** ass...
Booked a single compartment in the night train (Kálmán Imre EuroNight) Budapest → Germany :)
