The lyf so short, the craft so long to lerne. - Chaucer

Had a sit down with MSRC, while I can't say full details we had a constructive discussion on the state of things aimed at the following (and remember I'm just the messenger): MSRC handling vulnerability submissions and researcher communication GitHub removal of cybersecurity repros and the pivotal need for safe harbor for TTPs and 0days I won't be commenting on the recent 0day releases being dropped by a certain researcher because that is a unique case. I will be discussing the other topics tho: While GitHub is owned by Microsoft they are still acting independently, I was assured that the removal of researcher GitHub accounts and code was NOT being authorized or done by MSRC. They fully understand the need for 0days and code to be available for testing and cybersecurity defenses is as important as it is for offensive needs, they don't not want code to be fragmented and us going back to the days of milw0rm. MSRC is going to look into these, and I conveyed the need to do this since other places like YouTube and twitch are also cracking down on cybersecurity accounts. The email between MSRC and researchers discussing 0day talks at BH / Defcon and asking them to report what they are talking about is another topic I discussed. This was actually for Microsoft to help coordinate mitigations and tech review the talks that were in their pipeline (btw they have sent this email or it's equivalent for years, it's not new). We discussed ideas to improve these emails and how things could be misinterpreted from both sides. I think MSRC has their work cut out for themselves, but I can say that there are still lots of very passionate researchers there still trying to do good things. And I'm very thankful for them taking the time to sit down with me. I've always been lucky with MSRC interactions, and if you aren't and need a line thru to them for legitimate reasons, let me know, I'm happy to meditate when it is necessary.

Funny how ATT&CK has evolved from a vocabulary to a mental model for conceptualizing attack chains.

It's the 20th anniversary of my favorite Linux tradition, the question was just posted again! 👻 lore.kernel.org/lkml/CABG1bo…

Scales, the eBPF malware targeting ArchLinux sha0coder.github.io/scales/

Imagine building a computer and not allowing its use in CS research. Thats some dystopian shit.

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

Thanks to those who are not here in X too! It was a great time. Before finishing I have been able to write this post which is a summary of the last paper I wrote during my PhD together with @0xjet, I hope you like it. It was a great adventure until it was accepted!

1/ WHEREAMI: Built a Chrome-based geolocation red team tool (bash script😅). whoami tells you who. whereami tells you where. Living-Off-the-Land (#LOLbins), no new binaries, no permissions prompts. Relevant for proximity based attacks, e.g. @Volexity's nearest neighbor

For 19 years, GPS satellites have secretly broadcast a “numbers station” in their public signals. We decoded 12M messages: a 2011 flash where 31 of 32 satellites flipped in hours, “ghost” substrings repeating years apart, and a “TEXT” prefix spreading now. lsc-pagepro.mydigitalpublica…

Today a crazy quantum story just got wilder. On March 31, the Google Quantum AI team published a landmark result on Shor's algorithm for elliptic curve cryptography. Technically, the paper was a bombshell: a dramatic 10x improvement over the state-of-the-art. As a stunt and wakeup call to the blockchain space, those optimisations were illustrated on secp256k1, the elliptic curve underlying Bitcoin and Ethereum signatures. But perhaps the most striking part of the paper was sociological, not technical. Instead of following standard academic process, the optimisations were kept secret, hidden behind a zero-knowledge (ZK) proof. Google's accompanying blog post mentions they "engaged with the U.S. government". The ZK proof demonstrates the existence of algorithmic improvements without leaking details. Academic censorship with ZK, a historic first! As a co-author of the Google paper I witnessed some of the context surrounding this censorship. To be honest, multiple aspects of that context don't sit well with me. As much as I believe the general public ought to know more, I am limited in my ability to whistleblow. Though let me be clear about one thing: the Google team's professionalism has been absolutely exemplary, and they deserve nothing but praise. Censorship has a way of backfiring. The Streisand effect, where an attempt to bury something only draws more attention to it, is exactly what's unfolding today. First, Google's key optimisation has been rediscovered by the French. And in a thrilling turn of events, a collaborative Shor-at-home challenge just launched. The initiative, available at ecdsa[.]fail, breached a new Shor world record in a matter of hours. Let's start with the rediscovery. Just two months after Google's paper, French quantum expert André Schrottenloher cracks the main secret optimisation. His paper, titled "Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms", landed on the arXiv today. Big congrats to André, who beat several other nerdsnipped experts to it. In a blog post also published today, Craig Gidney, the world expert on Shor optimisations, revealed that he'd been sitting on this very optimisation for a whole year under censorship pressure. Interestingly, André missed a handful of minor optimisations, both from Google's original publication and from improvements found since. It's plausible there's still plenty of juice left to squeeze out of Shor, and this is exactly what the ecdsa[.]fail challenge is about. The verifier program developed for the ZK proof does double duty, automatically filtering for valid submissions. Dozens of compounding small and micro improvements are rolling in. As of the time of writing there's an 8.4% improvement to Google's circuit, as measured by the product of logical qubit count and Toffoli gate count. Nice! The nerdsnipping ran deeper than anyone expected. Over the last few weeks it became clear it extended well beyond André and other quantum experts. Behind the scenes, a small army of amateurs quietly got to work. Inspired by Karpathy-style autoresearch, they turned AI on Shor. Ironically, the verifier program for the ZK proof makes an ideal reward function for AIs. The barrier to entry for this modern style of research is refreshingly low, with several non-experts, even a teenager, finding nice optimisations. Get in touch if you'd like to join a Telegram group with fellow autoresearchers :) Part 2: neutral atoms and qday The story doesn't end with Google. On the same day Google went public, a stealthy startup called Oratomic published its own Shor paper in a coordinated release. It made a splash, ultimately becoming the most upvoted paper on scirate[.]com, a website ranking arXiv papers. Oratomic's claim was wild. By building on Google's logical optimisations and applying custom physical optimisations for neutral atoms, they claimed just 10K physical qubits were sufficient to run Shor's algorithm on secp256k1. That number is mind-bogglingly low. Knowing essentially nothing about neutral atoms when Oratomic's paper landed, I was intrigued and decided to learn more about the tech. I fell straight down the rabbit hole and spent a couple hundred hours on the topic. I got a little obsessed and watched every YouTube video I could find and spoke to a bunch of experts. My conclusion? The tech is real, very real. Even Google recently decided to start a neutral atom lab, a notable pivot from their sole focus on superconducting qubits. If you care about qday, i.e. the day a quantum computer will break the first piece of cryptography in production, neutral atoms demand your attention. I shared some of my learnings on Shor and neutral atoms in a 30min talk at the ZKProof cryptography conference. You can find it on YouTube by searching "zkproof neutral atom". Here's an interesting observation about this duo of breakthrough papers: neither Google nor Oratomic say a word about what their results mean for qday. No timelines. Zero. Nada. That is especially baffling given that the whole point of whitehat quantum cryptanalysis is to inform qday estimations and help the general public make good decisions. So let me attempt to partially fill the silence, similarly to what Scott Aaronson did in his April 29 post. Given everything I know, including scary non-public information, I now put the odds of qday by 2032 at 50%. 10% by 2030. Anecdotally, the US government has its own date: 2035. Originating at the NSA and later adopted by NIST, it's when branches of the US government will be disallowed from using quantum-vulnerable cryptography. In plain language: with hindsight, that date is a joke and should be discounted entirely. I don't see how NIST avoids being forced to pull it forward by years. Part 3: post-quantum cryptography There are good reasons to sound the alarm today, but please do not panic. Rushing carelessly towards immature post-quantum cryptography is a recipe for disaster. IMO a good target date for migration is 2029, roughly 3.5 years out. 2029 happens to be the date selected by Google, Cloudflare, and the Ethereum Foundation. These days most of my time goes to safely migrating Ethereum towards post-quantum cryptography as part of the broader lean Ethereum effort. There's a lot to do. We need to rip out and replace BLS signatures at the consensus layer, KZG commitments at the data layer, and ECDSA signatures at the execution layer. The plan to get there is compelling, and is based on hash-based cryptography. Within the Ethereum Foundation we've developed a Swiss army knife called leanVM (github[.]com/leanEthereum/leanVM) powered by the magic of hash-based SNARKs. Thanks to truly exceptional work by Emile, Thomas, and others, its performance is derisked. Regarding security, leanVM is a jewel, a minimal zkVM crafted for end-to-end formal verification and maximum security. Want to help? There are two $1M initiatives. First, the Proximity Prize (proximityprize[.]org). Solve a long-standing mathematical conjecture in coding theory, improve hash-based SNARKs, and go home a millionaire. Second, the Poseidon Initiative (poseidon-initiative[.]info), offers $1M for breaking Poseidon, the SNARK-friendly hash function.

Incidentally, the summary of the rewritten chain of thought is 125 pages long. cdn.openai.com/pdf/1625eff6-…

The proof came from a general-purpose reasoning model, not a system built specifically to solve math problems or this problem in particular, and represents an important milestone for the math and AI communities. openai.com/index/model-dispr…

The mystery of Fast16 has been solved by @symantec and physicist @DAVIDHALBRIGHT1. Fast16 changed data produced by simulator software to trick Iranian engineers into thinking their nuclear weapons designs were bad. It didn't predate Stuxnet but was developed around the same time

I just learned the sad news that Peter Neumann has passed away. Peter Neumann shaped how a generation of security people learned to think about risk. As editor of RISKS Digest, he gave many of us coming up in the 1990s and early 2000s a steady education in the real-world consequences of computer failures. His work made the field more serious, more thoughtful, and more honest. He will be missed. I first met Peter when we both testified at the 1998 Senate Governmental Affairs Committee meeting on Government Security where the L0pht testified. The combination of Peter and the L0pht made the hearing more powerful even if us hackers stole the spotlight. Neumann and the L0pht made the same argument from two different directions. Neumann gave the institutional, systems-engineering view: the country was becoming dependent on brittle, interconnected systems that were never designed for security, reliability, or survivability. The L0pht gave the field evidence: here are the actual flaws, here is how attackers think, here is how cheaply and quickly these systems can fail in practice. Neumann supplied the credibility of a long-time researcher warning that this was not just “hackers breaking into things,” but a structural failure of technology markets, procurement, engineering discipline, and risk management. The L0pht supplied the proof that the warnings were not theoretical. Together, we made the hearing unusually powerful: the academic risk community and the hacker community were telling the Senate the same thing, in different languages, before the rest of the world had fully caught up.