Hovav Shacham

@[email protected]
380 Followers
335 Following
1.1K Posts

Security, privacy, and tech policy at UCSD.

“[U]niquely among all government employees, lie[s] outside the scope of [the government speech] doctrine; […] stand[s] alone on a First Amendment pedestal, free to say what [he] please[s], no matter what [his] government employers, including even the State Legislature, think about it.”

Profile photo: Nox the tiercel peregrine, Cal Falcons class of '24, photographed by Billy Thein (California Raptor Center).

Websitehttps://www.cs.utexas.edu/~hovav/
Backdoored compiler attack ideaKarger and Schell, Multics security evaluation, 1974
Hovav Shacham4d ago
Sophie Schmieg4d ago

I feel like we should maybe not give life time achievement awards to people that invented a technology that has zero deployment, that has no path to deployment, and that has fostered a very unhealthy amount of snake oil vendors, especially when there is an alternative technology available to solve the same problem, and that technology is already deployed and has comparatively next to no downsides, at a time when we really really need to start deploying it more widely.

But that's just me, I guess.

Hovav Shacham4d ago

Hot take: This Black Ferns sevens side is good at rugby.

https://www.youtube.com/watch?v=5ZluahVtjBo

UNREAL gold medal match 🥇 | New Zealand v Australia | HSBC SVNS New York 2026 | Full Match Replay

YouTube
Hovav Shacham5d ago
Steven Galbraith5d ago
https://www.mpg.de/26279645/gerd-faltings-2026-abel-prize abel prize for Faltings
Gerd Faltings to receive the 2026 Abel Prize

Gerd Faltings, Director Emeritus at the Max Planck Institute for Mathematics, has become the first German to receive the Abel Prize, having previously been awarded the Fields Medal.

Hovav Shacham5d ago
Lesley Carhart 5d ago
My advice - not either of my employers’ advice - to ANZ orgs regarding to US/Israel/Iran war cyber attacks: seeing a ton of activity. Some targeted, lots opportunistic. If you’re not a geopolitical target, increase threat posture. It’s too chaotic to fully predict and models can change at any time.
Hovav Shacham5d ago

Trevor Paglen has won the 2026 LG Guggenheim Award “for groundbreaking achievements in technology-based art.”

Looking beyond art and culture alone, Paglen examines the power structures surrounding mass technologies and the exchanges they facilitate—between cultural myths, national narratives, and deeply embedded social assumptions.

https://www.guggenheim.org/initiatives/lg-guggenheim-art-and-technology-initiative

LG Guggenheim Art and Technology Initiative | The Guggenheim Museums and Foundation

This five-year, multifaceted initiative is designed to research, honor, and promote artists working at the intersection of art and technology.

The Guggenheim Museums and Foundation
Show threadHovav Shacham6d ago

For those keeping track at home,

CVE-2025-31277: https://github.com/WebKit/WebKit/commit/716536ce98d6f8d40c44abed667b6a1970023e17
CVE-2025-43529: https://github.com/WebKit/WebKit/commit/b21a503b579a8ab14c839f82cc77176e507352e5

[JSC]ASSERTION FAILED: !needsSlowPutIndexing() at ensureArrayStorageSlow · WebKit/WebKit@716536c

https://bugs.webkit.org/show_bug.cgi?id=291745 rdar://149546458 Reviewed by Keith Miller. We should not create Contiguous array when have-a-bad-time happened for RegExp match results. * JSTests/...

GitHub
Hovav Shacham6d ago

Both first-stage bugs exploited by this chain are in JavaScriptCore. We should improve how we build JavaScript JITs somewhat.

https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog

DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.

Google Cloud Blog
Hovav ShachamMar 15
Carrie ShanafeltMar 14
Cute cozy game of A Place for All My Books, in which you congratulate yourself periodically for making piles of books all over your apartment, and listen, this is a bit triggering actually...
#boardgames #boardgaming
Hovav ShachamMar 14
Sindarina, Edge Case DetectiveMar 13

If you are using an older iPhone or iPad, such as the iPhone 8, X, XR, and XS; Apple has released security updates for iOS 15 and 16 that you should install.

https://www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/

https://support.apple.com/en-us/100100

Apple patches older iPhones and iPads against Coruna exploits

​Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

BleepingComputer
Hovav ShachamMar 13

A remarkably bigoted amicus brief in Trump v. Barbara (the birthright citizenship case) from “the Co-founder and CEO of […] a cybersecurity firm specializing in securing industrial facilities”:

With a round-trip plane ticket, a malign actor can send an expecting mother to the United States, receive mother and baby on return, indoctrinate and train the child, and then send the individual back to the United States to engage in espionage activity […]
Thus, with an extremely modest financial investment and the passage of time, a foreign adversary can use geographically derived birthright citizenship to create a nearly undetectable human intelligence asset with no bonds of affection for his country of birth and carte blanche access to the United States.

[https://www.supremecourt.gov/DocketPDF/25/25-365/395038/20260129171701808_25-365%20Amicus%20Brief%20Revised.pdf]