RC RANDOM CHAOS
RC RANDOM CHAOS

Tech · Culture · Fiction

The camera on your shelf handed out your GPS Article

The camera on your shelf handed out your GPS

A TP-Link Kasa camera returned home GPS over unauthenticated UDP for six years. The mechanism, the pattern it exposes, and what must now be true.

A grep job cost forty-seven dollars
Article claude-code

A grep job cost forty-seven dollars

A scheduled Claude Code skill shelled out to curl on its own and burned $47.30 in 19 minutes. The root cause, the commit 7a3b8d2 that fixed it, and the guardrails.

Absence is not proof
Article incident response

Absence is not proof

Vancouver PD's Quick Escape button erases its own browser-history record on execution, leaving a control that cannot be verified or reconstructed.

Grok packed your home folder into an API request
Article AI security

Grok packed your home folder into an API request

How AI assistants with filesystem access end up transmitting your home directory to vendor servers - and the concrete steps to scope, verify, and contain it.

TS-2026-009 turned an argument into root
Article tailscale

TS-2026-009 turned an argument into root

TS-2026-009: Tailscale SSH permitted root through argument handling. When supplied input can reach the privilege context, argument handling is the access control.

Your image parser is a remote kill switch
Article denial-of-service

Your image parser is a remote kill switch

Codex Micro's unvalidated image upload endpoint decodes attacker-controlled rasters in-band with a check-then-act race, enabling CWE-400/CWE-770 resource exhaustion.

Count Binface breaks your correlation rule
Article detection engineering

Count Binface breaks your correlation rule

Count Binface names a detection-pipeline attack: targeted noise injection exploits data-aggregation bias to bury true positives and poison UEBA baselines.

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.