Tech · Culture · Fiction
Article CORS misconfiguration is consent, not an exploit
CORS misconfiguration explained at the mechanism level: origin reflection, null origin, broken allowlist matching, the credentialed-read exploit path, and why it stays invisible in telemetry.
This isn't a bug. It's the default.
Codex writes unbounded session logs to local SSDs. Mapped correctly to MITRE T1499, not T1071 - a disk-exhaustion DoS primitive EDR baselines miss.
A favicon is a code execution primitive.
How attackers hide skimmers and full payloads in favicon files, why MIME and CSP misconfiguration lets image bytes run as code, and what defenders miss.
A loupe over the data iOS never asked about
Loupe shows iOS gates a fixed sensor list and leaves contextual device data readable by default, with no prompt, no consent, and no record of access.
Google IPv6 crossed 50%, your IPv4 controls didn't follow
Google's IPv6 traffic crossed 50 percent. IPv4-era controls don't see IPv6 - the kernel, NDP, scanning, and telemetry reality for defenders.
Google killed io_uring fleet-wide in 2023
io_uring runs file and network operations off the syscall path, blinding seccomp, auditd, and EDR, while epoll stays observable to defenders.
Keep the hard part
AI doesn't erode your problem-solving skills-offloading the reasoning does. Any intelligence atrophies without use; the fix is design, not avoidance.
The Wire — latest
All →- An engineer discovers the startup that built his career may have been a VC's fraud vehicle
- Anthropic Adds ID Verification to Claude, Outsourcing Document Checks to Persona
- Beyond All Reason: a free, physics-driven RTS in the Total Annihilation tradition
- Building a one-button PC setup: how a gamer with SMA layers assistive tools
- Claude's ID verification pushes a user to open models — and the cost looks small
- Danish privacy activist says masked police raided his home after he doxxed the PM
- Deno's new 'desktop' command turns any web project into a native app
- Fine-tuning a 600M-parameter Qwen model into a reliable question classifier
- JSON-LD for Personal Sites: Structured Data That Boosts SEO and LLM Citations
- Logarithms as Vectors: Rethinking Bases, Bits, and Nats
Stay in the loop
New writing delivered when it's ready. No schedule, no spam.