| Website | https://philip-huppert.de |
| Callsign | DL6QA & KN6QAJ |
Tomorrow (Sa) from 16⁰⁰ onwards, we will have the next instance of our monthly compiler dev meet-up in the @cccac. Come by if you are interested in working on compilers or want to figure out how they work together.
This time it will be just socialising / work round if you need that notch to continue your compiler journey ^^
I reported an insecure DKIM key to Deutsche Telekom / T-Systems. They first asked me to further explain things (not sure why 'Here's your DKIM private key' needs more explanation, but whatever...). Then they told me it's out of scope for their bugbounty.
I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl
384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with [email protected] or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D
Did we just made a Schottky diode?
Al on n-doped Si. Random Fe contacts to Al and Si to measure. Positive lead to Si, negative to Al.
X = V (2V per division)
Y = I (100mA per 1V, so 5mA per division.)
(the I/V curve is a composite image of two waveforms)
Si has its protective oxide layer forcefully removed using abrasive methods (ie. sandpaper [!] - still working on being able to handle HF safely).
Not sure if it matters, but the Al is thermally evaporated aluminum foil from EDEKA.
LLMs now do the busywork of finding amazing vulnerabilities for everyone willing to spend the tokens.
But hacking still isn't dead:
We haven't at all solved the underlying problems which come with writing and shipping code.
You still need to understand what you're looking at and what you are operating.
The LLM platforms themselves are a exquisite target for hacking^Wcreative use of the technology.
Now when everyone can pull a CVE or two out of thin silicon and a few kWh of electricity the art of hacking might need adopt and maybe reshape a little but at its core the mind- and skillset will stay as relevant as it always was.
In that sense: keep hacking, keep exploring, break some stuff.
🎵 @jerry was a race car driver
He drove so goddamn fast
He never did win no checkered flags
But he never did come in last
Donate to his roster of infosec servers ( https://mastodon.social/@jerry@infosec.exchange/110781964675046145 )
Donate here
https://ko-fi.com/infosecexchange
https://www.patreon.com/infosecexchange
#PledgeDrive
5/
This year at #revision2026 we did 3 new things. First of all there are no tools for MacOS on Apple Silicon to make demos. Especially for size coding.
We developed our own tool, our own synth, our own packer. 4klang VST does not work on MacOS!
We also released a WASM Music Disk. Our recent works of our group are collected at https://drehwerk.net
You can listen to the music while browsing the prods.
The website was entirely made in rust and compiles to WASM.
Have Fun.
Sophie Tyalie (☎️ 7098)
badkeys
famfo 
Mike Sheward
FAFO Updates
joernchen 
flexghost.
Matt Gray
JackPearse
Jernej Simončič �