The TPM classes at OST2 are a great way to learn about the most widely available hardware-backed security mechanism for the low-low price of $0 from the comfort of your own emulator :)

New blog post on reverse engineering and modifying HDD firmware. In this part I cover obtaining, analyzing, and modifying firmware, using backdoor commands to hot patch code in RAM, and using JTAG to debug a live HDD icode4.coffee/?p=1465

This information class was added only a few years ago. In the age of trillion dollar spending on AI code reviews and security, codeQL, KASAN and more, the world’s leading operating system kernel still added code to increment an arbitrary user controlled pointer in a system call

Gatekeepers decided what platform security capabilities shipped.. [now] joined by open-source, specialized firms and manufacturers with AI-augmented teams. Can future supply chains configure platforms for device fleets, threat models and regulations at the speed customers expect?

Excited to see @Google launch Intrusion Logging, the first purpose-built system to enable forensic investigations of advanced attacks on mobile. @AmnestyTech has worked with @Android as a design partner, during the development of Intrusion Logging and Advanced Protection Mode

It is hard to understate how much more hardened Apple's Application-Processor-side of WiFi is than any other operating system out there. Between MIE and the XZM allocator there's some serious hardening on the latest iOS and iPhone 17. We spend a lot of time in wifi land and Apple's the gold standard here. The first big thing to know about Apple's WiFi on iOS is that they removed attack surface from the kernel and brought it into userland with DriverKit (developer.apple.com/videos/p…). The concept was initially formed by Simon Douglas while he was at NeXT, Inc working for Steve Jobs and brought to Mac in 2019 by Douglas and team. Most memory corruption can't get far by design and it should be exceedingly difficult to see another Ian Beer type wifi exploit (projectzero.google/2020/12/a…) This use after free bug occured in `wifid`, a root userland process on iOS and can be triggered without any user interaction.

CFP for LPC 2026 is open! Important dates: Thursday, April 23, 2026: Deadline to submit proposals to host a microconference Sunday, June 28, 2026: Deadline to submit LPC Refereed Track Presentations Proposals and Kernel Summit Presentations Proposals. lpc.events/event/20/abstract…

📢 🐧 The schedule for Linux Security Summit North America (LSS-NA) 2026 is published! ➡️ events.linuxfoundation.org/l… 👀 LSS-NA 2026 will be held May 21-22 in Minneapolis, MN, co-located w/ OSS. ✏ Register: events.linuxfoundation.org/l… #linuxsecuritysummit #linux #infosec

If AI finds the zero-day, writes the exploit, and patches the code, who trains the next generation of security researchers? Chris St. Myers' "Cognitive Rust Belt" essay kicked off a debate we couldn't stop having. Apple Podcasts podcasts.apple.com/us/podcas…

I do. ost2.fyi/Vulns1001, ost2.fyi/Vulns1002

This stirred a lot of thinking and emotion. I'd read it closely 👇🏽

Two weeks after the DarkSword iOS hacking tool was revealed, Apple is taking the rare step of pushing a security fix to older iOS 18 iPhones rather than just telling users to update to iOS 26, as it had previously done. (Which left millions vulnerable.) wired.com/story/apple-will-p…

Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform

This is made possible by executing arbitrary microcode on the DFX-locked system. And although this was a truly challenging task, we were able to do it after researching in details the interaction between PMC and PUNIT

The marginal effects here mean we are getting some amazing data about the types of bugs that were most exposed to AI, and once these waves of fixes go in and if things taper we’ll see the ongoing bug stream as a frontier capability signal.

The “foreign routers ban” is being enforced at the FCC certification stage. If you don’t know what that means, here’s a quick explainer: Once you (the manufacturer) have FINALIZED your new hardware design, you produce a few units and send them off to a specialized lab to test the radio emissions from your device. If everything goes perfectly (no test failures), 2-3 months later you will have a FCC certification. Then you have to apply the FCC label to your product. Without the completed FCC cert, you cannot legally market, import, or sell in the USA. So, mass production typically doesn’t start until after the cert happens, unless you are very confident that you will one-shot the lab tests without any hardware revisions. Else, you’d be stuck with tons of hardware you can’t sell. This FCC change will be especially painful to anyone who was about to get their new device certified. The requirement to have an on-shoring plan is probably going to be the most significant hurdle for manufacturers. If this ban included all current routers (it doesn’t), it would have been way more painful. Not just from the consumer side with supply impact. But imagine every existing router having to go through a 3 month process with labs that would be instantly booked with backlog for years. Sure, some sort of leaned down re-cert process would have been more probable, but you get the point.

FCC Updates Covered List to Include Foreign-Made Consumer Routers fcc.gov/document/fcc-updates… (news.ycombinator.com/item?id…)

The FCC today updated its list of products that can't be sold in the U.S. to include *all* consumer routers made in foreign countries. It's a big but potentially disruptive move to limit supply-chain security risks to U.S. networks. docs.fcc.gov/public/attachme…

Just remembered about this awesome video by @oxidecomputer where they discuss debugging powering on the board for the first time, including using AMD’s socket stress tool. “Twitter Space 12/6/2021 -- Tales from the Bringup Lab” youtu.be/lhji-kP3Lhk?si=rLuy…

It would be nice for an iPad to start macOS when a keyboard is connected. Could be a quick boot VM based on a snapshot. Maybe with access to the files app on the host.