Valve: “We need a credit card on file to prove you’re 18”

Me: “My account is 23 years old”

Valve: “That just proves your account is old”

Me: “A credit card just proves you know someone with a credit card”

Every week, Metacurity offers our free and paid subscribers the best infosec-related long reads that we couldn't get to in the daily crush of news.

This week's selection covers

--How Israel turned Iran's vast camera network into a targeting tool,
--Project Maven and the gods of AI warfare,
--How cops can surveil you using your body's data,
--Liberal San Francisco is now ground zero for tech-driven surveillance,
--Prompt optimizations are security flaws

Sign up for a free subscription to check out our choices. And if you are so moved, consider signing up for a paid subscription to gain access to all of Metacurity's archives and special reports.
https://www.metacurity.com/best-infosec-related-long-reads-for-the-week-of-3-21-26/

RE: https://zeppelin.flights/@glennf/116302580304418622

Thank you! This is a useful resource.

Try to unsee it

Level: impossible.

Weekend Reads

* DNS parser overflow in Zephyr
https://www.0xkato.xyz/CVE-2026-1678-DNS-Parser-Overflow-in-Zephyr/
* Telegram bots measurement survey
https://arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
https://arxiv.org/abs/2603.21082
* Building the largest data center
https://spectrum.ieee.org/5gw-data-center
* OpenBSD init system and boot process
https://overeducated-redneck.net/blurgh/openbsd-init-system.html

#DNS #Telegram #BGP #AI #OpenBSD

An anti-ICE app that installs from a web page and can't be removed from any app store because it's not on an app store.

Now with EFF legal support, a warrant canary, a backup domain in Iceland, and more!

https://www.dailykos.com/stories/2026/3/26/2374832/-Update-ICE-Tracking-App-AntiFreeze-Is-Becoming-Harder-to-Censor-Here-s-How?utm_campaign=trending

https://antifreeze.app
https://antifreeze.is

#NoIce #NoKings #ProtectOurCommunities #ProtectImmigrants

I may regret this. You may regret this.

I've just put out a Linux forensics scenario for you all to play around with. There's a contest. You r submissions are due by 2026-04-15 23:59 UTC.

https://righteousit.com/2026/03/27/linux-forensic-scenario/

#DFIR #Linux

LAST CALL: CFP ends in 4 DAYS 🚨

🔥 Last reminder for our dear potentials authors: go & submit your Security x Free Software (or open protocol/format) research or tool NOW!

👉 https://cfp.pass-the-salt.org/pts2026/cfp

📅 CFP ends: Tuesday March 31 at midnight GMT+2

🌐 https://2026.pass-the-salt.org/

👋 See you soon in Lille & 🙏 for relaying!

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns