RE: https://infosec.exchange/@Weld/116100770024505311

🕯️ Jason Snitker "Parmaster" Memorial 🕯️
Feb 28, 2026 04:00 PM

Debra Kavaler Wysopal will be hosting this online memorial service for Parmaster along with Jason's family from Atlantic City, NJ.

Confirmed Speakers:

Par's Aunt
Deb
Mudge
John Lee
Tom Sloan (former Secret Service)

The memorial service will be recorded.

Registration Link: https://us02web.zoom.us/meeting/register/hYD6OW0URGaIUG5qA18zXw

My wife Deb and I are heartbroken to share the sad news that our old friend Jason Snitker AKA Parmaster has passed away.

Par was one of the sharpest and most elusive minds of the early underground hacking scene. As chronicled in “Underground”, he spent years navigating the emerging digital frontier, connecting with hackers internationally and repeatedly staying ahead of the United States Secret Service during a prolonged investigation in the early 1990s.

His story in “Underground” includes the Citibank investigation that helped trigger the pursuit, as well as his time in custody at Rikers Island, where he found himself playing Dungeons & Dragons.

Par’s life reflected both the intensity of the early hacking world and the very real consequences that came with it. He was part of a generation that explored the edges of a new technological landscape before most of the world even understood it existed.

There will be an online memorial gathering on Feb 28. More details to follow.

The old-school hacking community has lost a true original. Rest in peace, Par. If anyone has stories or memories, please share them here.

In order to collect a bug bounty, a researcher was required to sign an NDA to not discuss the vulnerability.

https://zuernerd.github.io/blog/2026/01/29/molekule-re.html

Vulnerability disclosure norms are a control system for incentives. They made vulnerability handling predictable enough to industrialize.

We get more finding, more fixing, and more secure software.

ATM Jackpotting, still alive in 2025

Two attackers physically popped ATMs, plugged in a laptop, dropped malware, and forced machines to dump all cash.

This isn’t an isolated case. DOJ has charged dozens tied to multi-state jackpotting rings, including members of Tren de Aragua. Same playbook, scaled.

Props where due: this entire class of attacks was dragged into the open by Barnaby Jack, who live-demoed ATM jackpotting at Black Hat in 2010 and literally coined the term. He showed that ATMs were just poorly defended computers with cash attached.

“Prompt injection” is a misleading label.

What we’re seeing in real LLM systems looks a lot more like malware campaigns than single-shot exploits.

This paper argues LLM attacks are a new malware class, Promptware, and maps them to a familiar 5-stage kill chain:

• Initial access (prompt injection)
• Priv esc (jailbreaks)
• Persistence (memory / RAG poisoning)
• Lateral movement (cross-agent / cross-user spread)
• Actions on objective (exfil, fraud, execution)

If you’ve ever thought: “why does this feel like 90s/2000s malware all over again?", that’s the point.

Security theater around “guardrails” misses the real issue:

models can’t reliably distinguish instructions from data

assume initial access. Design for containment

https://arxiv.org/html/2601.09625v1