Özgür Kesim

@[email protected]
1.5K Followers
46 Following
463 Posts
Code by conduct, math by training, music by passion.
"string is the source of all eval()"
verifierhttps://www.kesim.org
verifierhttps://www.codeblau.de
verifierhttps://ngi.taler.net
Özgür Kesim3d ago
Marcus Hutchins 3d ago
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
Özgür Kesim3d ago
CERT-EU3d ago

High Vulnerability in the Linux Kernel ("Copy Fail") (CERT-EU Security Advisory 2026-005)

On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed.

The vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released.
As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions.

CERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.

https://www.cert.europa.eu/publications/security-advisories/2026-005/

High Vulnerability in the Linux Kernel ("Copy Fail")

High Vulnerability in the Linux Kernel ("Copy Fail")

Özgür KesimApr 25
erdgeistApr 25
What a way to celebrate an anniversary … "Germany unveils strategy for becoming Europe’s strongest military by 2039"

https://www.defensenews.com/global/europe/2026/04/22/germany-unveils-strategy-for-becoming-europes-strongest-military-by-2039/
Germany unveils strategy for becoming Europe’s strongest military by 2039

The Bundeswehr will move away from rigid hardware quotas − the number of tanks, aircraft or ships − toward a flexible, effects-based planning model.

Defense News
Özgür KesimApr 23
Show threadTerence TaoApr 22

However, recent advances in both AI and proof formalization have begun to vastly accelerate and automate the first two components of this process. This is leading to a new type of "impedance mismatch": problems for which solutions can be rapidly generated and verified in a mostly automated process, but for which no human author has understood the arguments well enough to initiate the (much slower) digestion process.

In fact, with the current cultural incentives that reward the first authors to "solve" the problem, rather than the later authors who "digest" the solution, one may end up with the perverse situation in which an AI-generated (and formally verified) solution to an problem that is presented to the community without any significant digestion may actually *inhibit* the progress of the field that the problem lies in, by discouraging any further attempts to work on the problem, simplify and explain the proof, and extract broader insights. (2/3)

Özgür KesimApr 21
CERT-EUApr 21

AI is changing the economics of vulnerability discovery. Defenders should adapt now.

Mean time to exploit newly disclosed vulnerabilities is now estimated at minus seven days. Exploitation typically occurs before a patch exists. Frontier AI models have taken a generational leap in autonomous exploit development, and open-weight releases are narrowing the gap.

We set out what this means for Union entities, and eight concrete actions for defenders.

https://www.cert.europa.eu/blog/ai-vulnerability-discovery-defenders-must-adapt

#cybersecurity #AI

AI is changing the economics of vulnerability discovery

AI-powered tools are discovering vulnerabilities at machine speed. Here is what it means for defenders, and why the time to adapt is now.

Özgür KesimApr 20
NGI TALERApr 20

1/2 🚀 Özgür Kesim @oec (FU Berlin · GNU Taler) will be giving a lecture titled “The Taler Protocol Suite for Digital Payments” at Cedarcrypt 2026!

💯 The Taler protocol suite enables online digital payments that preserve buyer anonymity while ensuring seller taxability and regulatory compliance. This lecture will walk through key protocol flows along with the cryptographic building blocks behind them!

💡 A real-world example of how cryptography can solve privacy challenges in digital payments.

Özgür KesimApr 20
Show threadTerence TaoApr 20

But we are now entering an era where generative cognitive tasks, such as finding a proof to a given problem, are becoming cheap (as measured per user, rather than through overall capital investment) and relatively plentiful, analogously to how the Green Revolution dramatically increased crop yields and significantly reduced the occurrence of famine. As such, we are beginning to experience Adams' somewhat turbulent "Inquiry" phase, in which fundamental questions, such as why mathematicians even seek proofs in the first place, and what qualities besides correctness do we want from such proofs, are now being seriously discussed not just by philosophers of mathematics, but by practicing mathematicians as well.

However, at the other end of this transitional period is the "Sophistication" phase, in which our community has fully transitioned from a scarcity mindset to an abundance mindset. The objective will no longer be to accumulate as many proofs (of varying levels of quality) as possible, but to create more sophisticated experiences *around* curated collections of proofs: enjoyable conversations over lunch, rather than to scavenging for all available edible food sources. This will require the mathematicians of the future to prioritize a different set of skills than the ones we promote currently: "culinary" skills, such as mathematical exposition and construction of "big picture" narratives, may become at least as important as the "food gathering" skills of locating proofs. (2/2)

Özgür KesimApr 18
hannoApr 17
Completely boring take on IT security in the age of AI-discovered security vulnerabilities: Everything in IT security that was a good idea before is still a good idea. When security updates are available, install them. Reduce attack surface, avoid unnecessary complexity. Don't reuse passwords.
Özgür KesimApr 17
Daniel J. BernsteinApr 16
Why add a PQ layer? To try to reduce the damage caused by quantum computers. Why also keep the existing (low-cost) ECC layer? To try to reduce the damage from further PQ security failures. For some reason this suddenly seems difficult for U.S. military contractors to understand.
Özgür KesimApr 17
NGI TALERApr 17

#ThrowbackFriday

Back in January, E-Seniors had the pleasure of presenting the NGI TALER project to a group of 61 participants during a dedicated event.

Together, they explored how GNU TALER works, shared its key outcomes, and discussed the benefits of the instant payment revolution.

It was a great opportunity to exchange with participants and raise awareness about innovative digital payment solutions.

Thank you to everyone who attended!

#GoTALER #DigitalInclusion #InstantPayments