Your UEFI firmware can inject a PE binary into Windows on every boot via WPBT (Windows Platform Binary Table). smss.exe extracts it to disk and runs it as SYSTEM. OEMs use this to survive OS reinstalls. Attackers use it the same way.

One registry key tells Windows to ignore the table entirely:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v DisableWpbtExecution /d 1 /t REG_DWORD /f

Won't stop real firmware implants, but kills a whole class of cheap persistence for free.

Hi #fediverse. We need to talk about something.

While talking to a colleague about how I recently learned most people have never sat on a cow it came up that she has never sat on a horse. Like, not even once during childhood.

Another colleague admitted they also have never sat on a horse.

My hypothesis is that most people have at one point in their life sat on a horse.

🏇 🐎 🐴

Have you sat on a horse?

Please boost for scientific accuracy.

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

We need to push much harder against
Age Verification laws and law proposals.

Contact your local representatives NOW to tell them you firmly oppose these privacy-destroying laws that will harm democracy and civil liberties in unprecedented ways.

#AgeVerification #Privacy #MassSurveillance #Authoritarianism

USA: Creates a society reliant upon big tech.

USA Corps: Goes all in on AI despite it failing to do literally anything positive for the security of society.

USA Gov: Attacks pretty much the whole world.

USA Corps: Get fucked by pretty much the whole world but the executives don't take the hit, it's all the small orgs and individuals.

What a fucking timeline. 

I came across a functioning coder today asking if a kilogram was 1000 or 1024 grams.

Yes they did ask, yes they verified, yes they accepted 1000 grams.

I swear ten thousand years in the future some fucker will 'oops, black hole!' 'cos they began in comp sci and learned kilo = 1024 first and NOBODY WILL CATCH IT. Humanity will be WIPED OUT because YOU LOT KEPT THIS SHIT UP.

This is Mycena rosoflava. A species of agaric mushroom in the family Mycenaceae. It is a wood-inhabiting mushroom native to New Zealand.

It is also quite beautiful in my opinion, which is the real reason why I'm posting it ...

📷 Photographed by Aucklander Jay Lichter at Hunua Falls in May 2024