Author Archives: Jonathan Bennett

SSH Is Magic, But Tunnels are Even Better

Posted on April 24, 2022 by Jonathan Bennett

Once upon a time, I was doing on-site support for a hardware install at a hotel a few years ago. The remote tech’s remote desktop software didn’t want to play …read more Continue reading SSH Is Magic, But Tunnels are Even Better→

This Week in Security: Java’s Psychic Signatures, AWS Escape, And a Nasty Windows Bug

Posted on April 22, 2022 by Jonathan Bennett

Java versions 15, 16, 17, and 18 (and maybe some older versions) have a big problem, ECDSA signature verification is totally broken. The story is a prime example of the …read more Continue reading This Week in Security: Java’s Psychic Signatures, AWS Escape, And a Nasty Windows Bug→

Ray-Traced Doom Really Shines!

Posted on April 19, 2022 by Jonathan Bennett

We’re huge fans of taking retro games and adding new graphics features to them, so you had to know that when [Sultim Tsyrendashiev] released his ray-traced Doom engine, we would …read more Continue reading Ray-Traced Doom Really Shines!→

This Week in Security: OpenSSH, Git, and Sort-of NGINX 0-day

Posted on April 15, 2022 by Jonathan Bennett

OpenSSH has minted their 9.0 release, and it includes a pair of security changes. Unlike most of the releases we cover here, this one has security hardening to prevent issues, …read more Continue reading This Week in Security: OpenSSH, Git, and Sort-of NGINX 0-day→

This Week in Security: Vulnerable Boxes, Government Responses, and New Tools

Posted on April 8, 2022 by Jonathan Bennett

The Cyclops Blink botnet is thought to be the work of an Advanced Persistent Threat (APT) from Russia, and seems to be limited to Watchguard and Asus devices. The normal …read more Continue reading This Week in Security: Vulnerable Boxes, Government Responses, and New Tools→

This Week in Security: More State-Sponsored Activity, Spring4Shell

Posted on April 1, 2022 by Jonathan Bennett

[Editor’s note: There is a second, fake iteration of this column out today. This is obviously the real column.] An alert from CISA, combined with an unsealed pair of indictments, …read more Continue reading This Week in Security: More State-Sponsored Activity, Spring4Shell→

This WeeΚ in Security: Hackerman, Twitter’s Best, and Signs to Watch Out For

Posted on April 1, 2022 by Jonathan Bennett

[Editor’s note: There is a second, fake iteration of this column out today. This is obviously the real column.] First off, there’s an amazing video tutorial from [Hackerman], embedded below …read more Continue reading This WeeΚ in Security: Hackerman, Twitter’s Best, and Signs to Watch Out For→

This Week in Security: Browser in the Browser, Mass Typo-squatting, and /dev/random Upgrades

Posted on March 25, 2022 by Jonathan Bennett

For every very clever security protocol that keeps people safe, there’s a stupid hack that defeats it in an unexpected way. Take OAuth for instance. It’s the technology that sites …read more Continue reading This Week in Security: Browser in the Browser, Mass Typo-squatting, and /dev/random Upgrades→

Reliving Second-Hand Nostalgia with the PDP-11

Posted on March 19, 2022 by Jonathan Bennett

Levy’s Hackers: Heroes of the Computer Revolution is something like required reading for the hacker subculture, and Hackaday by extension. The first section of that book is all about early …read more Continue reading Reliving Second-Hand Nostalgia with the PDP-11→

This Week in Security: More Protestware, Another Linux Vuln, and TLStorm

Posted on March 18, 2022 by Jonathan Bennett

It seems I have made my tiny, indelible mark on internet security history, with the term “protestware“. As far as I can tell, I first coined this particular flavor of …read more Continue reading This Week in Security: More Protestware, Another Linux Vuln, and TLStorm→