Ben Leggett

@[email protected]
64 Followers
217 Following
614 Posts
1. Gets excited about dumb things
2. Plans to keep doing that
le githeaubhttps://github.com/bleggett
Ben Leggett4d ago
k3ym𖺀Mar 26

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

Ben LeggettMar 26
TaggartMar 3

As of 2026-03-02, the state of the art in quantum decryption has cracked a:

  • 22-bit RSA key
  • 6-bit elliptic curve key

https://forklog.com/en/quantum-computer-cracks-tiny-cryptographic-key

The IBM QC that cracked the 6-bit key uses 133 qubits.

Some new research suggests that RSA-2048 could be cracked with as "few" as 100,000 qubits.

https://www.newscientist.com/article/2516404-breaking-encryption-with-a-quantum-computer-just-got-10-times-easier/

(Paywall-free)

Such a machine...is not feasible to build any time soon.

So when your CISO or a vendor starts going off about "post-quantum" security, feel free to use this to remind them that we still have SMB1 in some places and Telnet in others. Plenty of work to do around the house.

Quantum Computer Cracks ‘Tiny’ Cryptographic Key | ForkLog

forklog.media
Ben LeggettMar 4
★ Amy Star ★Mar 1

capitalists: "without a profit motive, nobody would do anything. society would collapse."

my friends & acquaintances: "I implemented a SPARC emulator in pure CSS"

Ben LeggettJan 22

AI saves exactly as much dev time as StackOverflow used to, and no more.

Tech CEOs simply were able to ignore StackOverflow for decades because it cost nothing for their dev teams to use, and was thus invisible to them.

AI, on the other hand, shows up on the balance sheet.

Ben LeggettJan 20
TaggartJan 20

Wowowow

If the client supply[sic] a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.

https://seclists.org/oss-sec/2026/q1/89

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

Ben LeggettJan 20
Steve HermanJan 20
The authoritarian government of Belarus is purging the country’s ham operators, charging them with treason and seizing their radio equipment. https://steanlab.medium.com/mayday-389f5713fee4
Ben LeggettJan 14
Show thread✧✦Catherine✦✧Jan 14
a lot of the time people go "so, nix fixes thi--" but like yes. i know. i run more nix machines than i can count on two hands. i know it fixes that; it just doesn't make me happy
Ben LeggettJan 14
✧✦Catherine✦✧Jan 14
i think in addition to "btw i run arch" (proud) we also need a "yes i also use nixos" (pensive)
Ben LeggettJan 14
daniel:// stenberg://Jan 14

https://github.com/curl/curl/pull/20312

There, now you know.

BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl

Remove mentions of the bounty and hackerone. There will be more mentions, blog posts, timings etc in the coming weeks.

GitHub
Ben LeggettJan 10

RE: https://m6n.io/@fuzzychef/115872654928113242

I am absolutely convinced there will be a glut of this stuff when about half of these data centers never get built.