Thoughts on the changing IXP landscape by my colleague Hanna Kreitem.

The Peering Disconnect - Internet Society

https://www.internetsociety.org/resources/doc/2026/the-peering-disconnect/

A RIPE Atlas probe could have been enough to hijack a RIPE NCC user's next login, giving full access to the member portal, including the RPKI dashboard and the RIPE Database.

I discovered a session fixation vulnerability in RIPE NCC's single sign-on: the session token was not rotated on login. Two ways to exploit it: a new XSS in RIPEstat through DNS NS records, or a free Atlas probe. Anyone with a free RIPE NCC account can host a probe, approved automatically. Installing a web server and serving one HTML page was all it took.

This builds on my earlier posts on the XSS+CSRF exploit chain and session token exposure through CAA misconfigurations: https://mxsasha.eu/posts/ripe-ncc-session-fixation/

The vulnerability was fixed within 20 days. This all took place before my #RIPE92 talk from last week, only some of it made it into that talk. More structural fixes are pending.

Imagine if someone photocopied every book in the public library, burned the library down, and then opened a subscription service for the copies.

That's the AI business model.

And here's how they're pitching their slop to us.

Sam Altman: “We see a future where intelligence is a utility, like electricity or water, and people buy it from us on a metre."

#AI #SamAltman #AIslop #TechBrosAreInsane

I'm incredibly pleased to announce that the microcode for the Intel 80386 has been decoded.

It was a group effort by a bunch of talented people to extract and correct the physical bits, but the major work of decoding them was done by reenigne - you may know him from such incredible PC demos as 8088 MPH and Area 5150, as well as being the person who decoded the 8088 microcode previously.

Please, check out his writeup.

https://www.reenigne.org/blog/80386-microcode-disassembled/

#retrocomputing #vintagecomputing #microcode #reverseengineering

If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.

See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8

🔥Supporting the first-ever #BSidesMaribor!

A new cybersecurity event bringing together wider infosec community through talks, workshops& knowledge sharing.

🎟️ Tickets release: 22 May 2026 @ 11:00 CET
📅 Event: 27 June 2026
👀 https://bsidesmaribor.si

#InfoSec #SecurityBSides

IMNSHO the payment system is totally not sovereign if they host their shit on AWS.

THANK YOU FOR YOUR ATTENTION TO THIS MATTER

It's the annual "change my work password" day. (Yes, I know, don't tell me, tell the IT department.)

For credentials I'm going to type a lot, I still prefer a short password full of strange characters to a long passphrase made of words. It's more effort to memorise, but once that's done, it's faster to enter than a long passphrase – a benefit that lasts the rest of the year.

My current memorisation technique involves a recurring timer. Every N minutes, an alert goes off, and I stop whatever I'm doing, run 'su $USERNAME -c "echo ok"', type my password, and make sure it did echo "ok". I do the password change first thing in the morning, and over the course of the day, increase the period between memory checks, from 5 minutes down to 15 or 30, so that it moves from short-term to long-term memory. If I find I've forgotten it in one of these tests, I'm allowed to look it up, but in every test I must first try it from memory and _then_ find out what I got wrong. And then retype it right.

I like this technique because it's simultaneously practice at remembering the password, and practice at typing it quickly and accurately. Even the "do it right now, interrupting whatever else you were doing" aspect is deliberate: it trains the skill of remembering the password _even while distracted_, which is actually necessary, if e.g. you need to 'sudo' something in a sudden emergency that's taking up most of your brain.

Reinforcing the new password periodically over the course of the first day is generally enough that when I come to log in the next morning I can remember it even after a night's sleep. And then I'm over the hump.

But one problem I still haven't solved is remembering, the next day, *that* I changed my password. It's still common for me to type the old one three times running before I realise what the problem is!

3D oblak točk (klasificiran LiDAR) gostete med 10 in 40 točk na m2 in pravi ortofoto z resolucijo 15 cm je na voljo za pregled and prenos za celotno Slovenijo.
https://clss.si

vir: https://x.com/anzeznidarsic/status/2056743824026718352