Random Chaos

Tech · Culture · Fiction

Cloudflare's self-managed OAuth secures nothing by default

Cloudflare's self-managed OAuth moves the enforcement point from provider to user. An unconfigured access control is an open path, not a safe default.

Jun 25, 2026

Article

LuaJIT proposal exposes a guard-elision primitive

Jun 25, 2026

Article

The device is the inventory

Jun 25, 2026

Article trust boundaries

They walked out with the blueprints, not answers

Anthropic alleges Alibaba extracted Claude capabilities. The confirmed issue is structural: authenticated access governs entry, not what a party accumulates.

Jun 25, 2026

Article identity-access-management

Meta paused employee tracking after its own leak

Meta paused an internal employee tracking program after a data leak. The access boundary around the collected data was set at the program, not the identity.

Jun 24, 2026

Article securerom

No patch is coming for this

usbliter8 is a critical SecureROM defect on Apple A12 and A13 silicon. Read-only memory means it cannot be patched at the anchor. What that now requires.

Jun 24, 2026

Article ssh-tunneling

OpenSSH turns every authenticated session into a pivot

How SSH local, remote, and dynamic port forwarding becomes pivot infrastructure for lateral movement and exfiltration, and what it leaves in telemetry.

Jun 24, 2026

Article single-vendor dependency

Someone else's hand pulled the plug on Mythos

NSA lost Mythos access through a vendor dispute, not a breach. The failure is a single-vendor enforcement point that can be revoked without intrusion.

Jun 24, 2026

Article 3d-printer-security

The locked printer still phones home

AB 2047 restricts who may hold a 3D printer but leaves firmware, update, and network trust unverified. A custody control acting on the wrong layer.

Jun 24, 2026

All articles → All stories →

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.