| Homepage | https://nebelwelt.net |
| Group | https://hexhive.epfl.ch |
From "What the Fuzz?" to "All The Fuzz!" (Keynote fuzzing workshop @ NDSS'26)
Reflections on the three phases of fuzzing: from origins of fuzzing to the greybox fuzzing, ending with how fuzzing will continue evolving in the future.
Comments welcome!
RE: https://infosec.exchange/@aristot73/116463759957379327
LLM bug finding vs fuzzing: LLMs explore a different part of the bug space, my guess is that we'll see a similar curve as with fuzzing where new bugs get more expensive to find with the key difference that we can hit new capabilities to find different types of bug patterns resulting in a saw function than just a sigmoid. Fun times ahead, especially for researchers looking into defense!
Subscription bombing is a (re-)emerging threat vector where attackers flood your inbox with thousands of unwanted messages. This is not just nuisance but attackers often leverage subscription bombing to hide their true goals such as support scams or account takeovers. Even worse, subscription bombing has become a service. We analyzed 24 subscription bombing attack campaigns to reflect and provide insights.
Check out our CACM article for details: https://cacm.acm.org/practice/subscription-bombing-email-under-attack/
Has anyone checked out the new Frame.Work Laptop 13 Pro? I'm especially interested in power management given that I hate the most recent Lenovo X1 as the keyboard is annoying, it no longer has the trackpoint, it only support s2idle, and in general battery runtime is abysmal. [I.e., would not recommend Lenovo anymore]
LLMs are automating not just coding, but vulnerability discovery and exploitation. At scale, this shifts the economics of offensive security: lower skill barriers, faster iteration, and massively increased attack surface coverage.
As exploitation becomes cheap and ubiquitous, how can we leverage this for defense?
Nextcloud im Praxistest: Es ist BESSER als Teams | c't 3003
Mit Nextcloud gibt es eine deutsche Alternative zu Dropbox, Teams, Slack und all den anderen US-Anbietern. c't 3003 hat sie selbst gehostet und ausprobiert.
While I'm a bug fan of second factor authentication for high risk environments, it also comes at a cost due to additional friction.
Can someone explain to me while the EU for the Horizon portal had to create a new dedicated 2FA app that maximises friction? I log into this portal once every 1.5 years. This means I'll likely have to go through the 2FA recovery process every single time.
What's the state of digital sovereignty for our academic landscape?
Inspired by a similar post looking at digital sovereignty of municipalities, I explored what messaging infrastructure universities rely on. Sadly, many have switched to hyper scalars but few large universities keep running their own email infrastructure. Germany, Austria, France does not look too bad and lead by example.
[Note that the assessment is based on a simple MX records comparison against a list of known scalars, I don't yet check SPF records or guesstimate the SMTP software/version, this may be done in a future version.]
Check out the interactive map: https://nebelwelt.net/gannimo/unimx/
School of Computer Sciences
c't Magazin