Mastodawn

Great day at the Nymacon hackathon at WaalHalla in Nijmegen: over 100 students and professional pen-testers used their hacking skills on CTF challenges and the IT infrastructure of the city of Nijmegen, including the traffic control system.

Thanks to @tvanelferen for his support for this event!

Erik Poll Nov 6

"cyberslop" is a new term coined by @GossiTheDog for cases where "trusted institutions use baseless claims about cyber threats from generative AI to profit, abusing their perceived expertise".
For his analysis of a crappy paper from someone at MIT, since pulled, see https://doublepulsar.com/cyberslop-meet-the-new-threat-actor-mit-and-safe-security-d250d19d02a4

Erik Poll Oct 31

Another successful edition of @SURF''s HALON event (Hack Al het Onderwijs in Nederland) yesterday at Radboud University, with students discovering 62 vulnerabilities in the IT systems of universities and research institutes. And good to see some Radboud students among the winning teams! https://www.surf.nl/en/news/success-hackers-find-62-vulnerabilities

Erik Poll Oct 7

Congratulations to our students Can Acar and Ward Theunisse for winning the first prize in Google's Hackceler8 CTF in Mexico City as members of the Kalmarunionen CTF team https://www.kalmarunionen.dk/news/2025/2025-10-05-google-hx8/

Erik Poll Sep 20, 2025

HALON (Hack Al het Onderwijs in Nederland) will be held at Radboud University this year, on Oct 30. At HALON, organised by SURF, students try to hack the IT infrastructure of universities to find and fix cyber security vulnerabilities. More info & registration at https://www.surf.nl/en/agenda/join-halon-and-hack-an-educational-institution

Erik Poll Aug 31, 2025

De gemeente Nijmegen houdt op 7 November de 4e editie van NymaCon, met een CTF voor studenten en pen-test voor meer ervaren ethical hackers. Meer info & registratie op https://nymacon.nl

Erik Poll Aug 24, 2025

Thursday evening Sept 4 in Arnhem: DevSecCon meetup about securing code by design https://www.meetup.com/devseccon-netherlands/events/308897324

Erik Poll Jun 3, 2025

Great research started by Güneş Acar in our research group: Meta abused a loophole in Android to surreptitiously track users, violating Google's terms of service. See news article in Dutch https://nos.nl/artikel/2569805-onderzoekers-facebook-en-instagram-gebruikten-spionagetrucje-op-android-smartphones or English https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers, or all the technical details in https://localmess.github.io/

Erik Poll Apr 18, 2025

Great map by @jurgentje at https://jurgen.gaeremyn.be/map.html showing that municipalities in Benelux rely on Microsoft or Google for email much more than in France or Germany

More info in Jurgen's blogpost https://jurgen.gaeremyn.be/2025/03/08/european-critical-dependencies and his interview on the situation in Brussels https://www.bruzz.be/actua/column/data-analist-brussel-te-sterk-afhankelijk-van-microsoft-en-google-2025-03-19

There will be on-premise MS Outlook behind some - many? most? - of the blue and green, so dependency on Microsoft will be higher than these colors suggest

Erik Poll Dec 20, 2024

There will be another LangSec workshop at IEEE S&P in May. Deadline for submissions: January 20. See https://langsec.org/spw25