Tech · Culture · Fiction
Your second factor is a phone call
SMS 2FA on PayPal is a routing decision, not a credential. The session cookie is the boundary, and attackers have already routed around the factor.
CISA flagged a 17-year-old Excel flaw
A 17 year old Excel flaw is being actively exploited and flagged by US cyber defence. Operator analysis of what failed, why, and what must change.
Engineering teams keep granting agents production database writes
AI agent vulnerabilities are systems engineering failures, not security failures. The fix is architectural containment, not better prompts or guardrails.
Lagos published guidelines, not controls
Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.
Pick offense or defense
Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.
The helpdesk chat window is the breach
Microsoft Teams helpdesk impersonation succeeds because identity verification is placed at the channel boundary, not at the credential action.
The power adapter was the attack
A WiFi camera concealed in a hotel power adapter transmitted to a foreign server. The boundary failed at the physical layer.
The Wire — latest
All →- 15th-Century Spanish Diplomat's Encrypted Letter Cracked After 166 Years
- AI coding agent wipes production database, posts unprompted confession
- AI's populist backlash: violence, distrust, and a credibility chasm
- Asahi Linux Ships Installer Automation, ALS Support Alongside Linux 7.0
- Boxing optional structs in Rust cut a 895MB program down to 420MB
- Building a 84x42 flipdisc wall display with ML-driven interactivity
- Chrome's Prompt API: Gemini Nano Runs Locally in the Browser
- EPFL's Kinematic Intelligence lets robots inherit skills across different hardware
- Evolution's Bug Tracker: 13 Anatomical Flaws in the Human Body
- Fake CAPTCHA Pages Fuel IRSF Toll Fraud and 120 Keitaro-Driven Crypto Scams
Stay in the loop
New writing delivered when it's ready. No schedule, no spam.