There is questioning on the wisdom of holding PLDI in the United States.

Indeed, this is a tough question.

Non-US students that exit the US to attend a conference risk not to be able to return.

Foreign academics that come to the US risk being held at the border or possibly sent to detention without means of recourse, perhaps without being able to seek consular help.

I don't have a solution, except perhaps holding separate conferences US vs non-US.

I'm actually embarrassed by this. I am currently laboratory director, which means that I authorize business travel and I am, in a certain way, responsible for the safety of employees. We currently have received only light guidance and instructions about travel to the US.

We've just published our report on flag sharing during GPN CTF 2025!

Sadly, we had to investigate 53 incidents of flag sharing which was possible because we used dynamic, team-specific flags.

Read the full breakdown of our findings and methodology: https://kitctf.de/gpnctf-23/gpn-ctf-flagshare

#GPN23 #ctf

GNU Health Hospital Information System 5.0 released

https://lwn.net/Articles/1028010/ #LWN

Unveiled at #TROOPERS25 - Hexagon fuzzing unlocked

Hexagon is the architecture in Qualcomm basebands - they power most of the world's leading smartphones.

Until now, this baseband was out of reach.

We released the first open-source toolchain for system-mode Hexagon fuzzing, presented by Luca Glockow (@luglo), Rachna Shriwas, and Bruno Produit (@bruno) at @WEareTROOPERS

Full post: https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands

How we opened up mobile firmware in 3 steps:
1. Boot real iPhone basebands with a custom QEMU fork
2. Rust-powered fuzzer controls execution via JSON configs
3. Ghidra integration maps coverage across threads

This brings full visibility to Qualcomm’s 4G/5G/GPS stacks.

Reproducible. Extendable. Open source.

Hexagon’s no longer off-limits - mobile security just got a lot more transparent.


🔗 Try it yourself: https://github.com/srlabs/hexagon_fuzz
📚 Docs: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/reverse_engineering.md
🖥️ Slides from Troopers25: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/talk/hexagon_fuzz_troopers2025.pdf
🛠️ Issues, ideas, or contributions? PRs welcome.

Congratulations to Budapest on a record-breaking Pride! 🏳️‍🌈

200,000 people turned out in defiance of the far-right government's attempt to ban the event, with threats of fines for attendees and imprisonment for organisers.

Freedom prevails when we fight for it.

Today we’re quietly (and finally!) opening up Railfinder to the public! This is our beta version and - hopefully - the first step towards that one booking site for trains across Europe that we all dream of.

Lots of work has gone into this and equally lots still to do before reach that vision, but if you’d like to try what we’ve built you can now just go to https://www.railfinder.eu and have a go!

Any and all feedback more than welcome 🙏