Fredrik Dahlgren
@fegge.bsky.social
Cryptography and static analysis @ Trail of Bits
Reposted by Fredrik Dahlgren
what people think hacking is like: Mr. Robot
what hacking is actually like: Hmm. That’s weird
what hacking is actually like: Hmm. That’s weird
December 2, 2025 at 6:28 AM
what people think hacking is like: Mr. Robot
what hacking is actually like: Hmm. That’s weird
what hacking is actually like: Hmm. That’s weird
Reposted by Fredrik Dahlgren
We got our security analysis of Letter Sealing v2 (latest E2EE protocol in the LINE messenger) accepted to Black Hat Europe. Full paper coming soon!
darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
LINE Messaging Bugs Open Asian Users to Cyber Espionage
The encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure.
darkreading.com
November 24, 2025 at 4:38 PM
We got our security analysis of Letter Sealing v2 (latest E2EE protocol in the LINE messenger) accepted to Black Hat Europe. Full paper coming soon!
darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
Reposted by Fredrik Dahlgren
We should all be using dependency cooldowns
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
#security #oss
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
#security #oss
November 21, 2025 at 2:45 PM
We should all be using dependency cooldowns
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
#security #oss
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
#security #oss
Reposted by Fredrik Dahlgren
Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.
blog.trailofbits.com/2025/11/14/h...
#golng #crypto #cryptography #postquantum
blog.trailofbits.com/2025/11/14/h...
#golng #crypto #cryptography #postquantum
How we avoided side-channels in our new post-quantum Go cryptography libraries
We’ve released open-source Go implementations of ML-DSA and SLH-DSA.
blog.trailofbits.com
November 14, 2025 at 4:00 PM
Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.
blog.trailofbits.com/2025/11/14/h...
#golng #crypto #cryptography #postquantum
blog.trailofbits.com/2025/11/14/h...
#golng #crypto #cryptography #postquantum
Reposted by Fredrik Dahlgren
The call for talks for CAW 2026 (a workshop affiliated with Eurocrypt) is out!
This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.
All info is on: caw.cryptanalysis.fun.
This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.
All info is on: caw.cryptanalysis.fun.
November 11, 2025 at 6:38 PM
The call for talks for CAW 2026 (a workshop affiliated with Eurocrypt) is out!
This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.
All info is on: caw.cryptanalysis.fun.
This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.
All info is on: caw.cryptanalysis.fun.
Uppfriskande att se att någon har visioner som inte handlar om att utvisa människor eller sätta barn i fängelse.
www.dn.se/varlden/eu-v...
www.dn.se/varlden/eu-v...
EU vill korta tågresan Stockholm–Köpenhamn till fyra timmar
En ny handlingsplan från EU-kommissionen kan ge snabbare tåg över gränserna och förbättra resandet mellan europeiska storstäder
www.dn.se
November 5, 2025 at 6:32 PM
Uppfriskande att se att någon har visioner som inte handlar om att utvisa människor eller sätta barn i fängelse.
www.dn.se/varlden/eu-v...
www.dn.se/varlden/eu-v...
Reposted by Fredrik Dahlgren
Steg 1
Regeringen tar bort anslaget för klimatanpassning
Steg 2
Två av tre tjänster inom förebyggande klimatarbete försvinner
Steg 3
Klimatrelaterade katastrofer blottar luckor i krisberedskapen
Steg 4
Klimatministern läxar upp länsstyrelserna
Steg 5
[inget händer]
¯\_(ツ)_/¯
omni.se/a/73Xzmo
Regeringen tar bort anslaget för klimatanpassning
Steg 2
Två av tre tjänster inom förebyggande klimatarbete försvinner
Steg 3
Klimatrelaterade katastrofer blottar luckor i krisberedskapen
Steg 4
Klimatministern läxar upp länsstyrelserna
Steg 5
[inget händer]
¯\_(ツ)_/¯
omni.se/a/73Xzmo
November 2, 2025 at 8:20 AM
Steg 1
Regeringen tar bort anslaget för klimatanpassning
Steg 2
Två av tre tjänster inom förebyggande klimatarbete försvinner
Steg 3
Klimatrelaterade katastrofer blottar luckor i krisberedskapen
Steg 4
Klimatministern läxar upp länsstyrelserna
Steg 5
[inget händer]
¯\_(ツ)_/¯
omni.se/a/73Xzmo
Regeringen tar bort anslaget för klimatanpassning
Steg 2
Två av tre tjänster inom förebyggande klimatarbete försvinner
Steg 3
Klimatrelaterade katastrofer blottar luckor i krisberedskapen
Steg 4
Klimatministern läxar upp länsstyrelserna
Steg 5
[inget händer]
¯\_(ツ)_/¯
omni.se/a/73Xzmo
Good post on Merkle tree certificates.
The road ahead is long, but we have a plan to get PQ signatures into TLS. Let me know what you think, or come yell at us at the PLANTS BoF at IETF next week!
Keeping the Internet fast and secure- introducing Merkle Tree Certificates
Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.
blog.cloudflare.com
October 29, 2025 at 6:43 AM
Good post on Merkle tree certificates.
Reposted by Fredrik Dahlgren
Överskrider kvarvarande koldioxidbudget med 1000 procent • AP-fonderna försvarar sina fossilinvesteringar.
Dina pensionspengar finansierar världens koldioxidbomber
Överskrider kvarvarande koldioxidbudget med 1000 procent • ”Förstör svenska pensionssparares framtid”
www.etc.se
October 27, 2025 at 5:16 AM
Överskrider kvarvarande koldioxidbudget med 1000 procent • AP-fonderna försvarar sina fossilinvesteringar.
Reposted by Fredrik Dahlgren
ABB:s robotikförsäljning till Japan är ett tecken på Sveriges och Europas industriella förtvining.
Där tänker man långsiktigt – här jagar man snabba klipp, skriver @jonasalgers.bsky.social.
Där tänker man långsiktigt – här jagar man snabba klipp, skriver @jonasalgers.bsky.social.
Snabba klipp blir Europas undergång
Jonas Algers: Från folkhem till hustlarkapitalism
www.flamman.se
October 20, 2025 at 12:22 PM
ABB:s robotikförsäljning till Japan är ett tecken på Sveriges och Europas industriella förtvining.
Där tänker man långsiktigt – här jagar man snabba klipp, skriver @jonasalgers.bsky.social.
Där tänker man långsiktigt – här jagar man snabba klipp, skriver @jonasalgers.bsky.social.
Reposted by Fredrik Dahlgren
WAICT builds on subresource integrity to create an end-to-end transparency solution for web applications. It is still early days, but this looks like great news for web application auditability and trust! 🎉
blog.cloudflare.com/improving-th...
blog.cloudflare.com/improving-th...
Improving the trustworthiness of Javascript on the Web
Today, there's no way to audit a site’s client-side code as it changes, making it hard to trust sites that use cryptography. We preview a specification we coauthored that adds auditability to the web.
blog.cloudflare.com
October 16, 2025 at 7:03 PM
WAICT builds on subresource integrity to create an end-to-end transparency solution for web applications. It is still early days, but this looks like great news for web application auditability and trust! 🎉
blog.cloudflare.com/improving-th...
blog.cloudflare.com/improving-th...
Reposted by Fredrik Dahlgren
Geostationary satellites are leaking critical data, transmitting sensitive communications in the clear. With just $800 of consumer hardware, researchers intercepted military, telecom, retail, and infrastructure traffic. satcom.sysnet.ucsd.edu/docs/dontloo...
October 14, 2025 at 10:47 AM
Geostationary satellites are leaking critical data, transmitting sensitive communications in the clear. With just $800 of consumer hardware, researchers intercepted military, telecom, retail, and infrastructure traffic. satcom.sysnet.ucsd.edu/docs/dontloo...
Reposted by Fredrik Dahlgren
Vad bra Moderaterna mår. (Återigen: Underlaget jag skriver utifrån är alltså officiell SCB-statistik!)
October 8, 2025 at 6:11 AM
Vad bra Moderaterna mår. (Återigen: Underlaget jag skriver utifrån är alltså officiell SCB-statistik!)
Reposted by Fredrik Dahlgren
Påminnelse. År 2025 lever 700 000 människor i materiell och social fattigdom i Sverige. Det är en ökning med 120 000 på ett år. Bara sedan 2021 har andelen fattiga nästan fördubblats, från 3,5% till 6,6%. Ojämlikheten skenar
www.dagensarena.se/innehall/fat...
www.dagensarena.se/innehall/fat...
Fattigdomen fördubblad i Sverige på tre år | Dagens Arena
Andelen fattiga i Sverige har fördubblats sedan 2021 och är nu nära 7 procent av befolkningen. 700 000 personer klarar inte att betala nödvändiga utgifter.
www.dagensarena.se
October 6, 2025 at 7:45 AM
Påminnelse. År 2025 lever 700 000 människor i materiell och social fattigdom i Sverige. Det är en ökning med 120 000 på ett år. Bara sedan 2021 har andelen fattiga nästan fördubblats, från 3,5% till 6,6%. Ojämlikheten skenar
www.dagensarena.se/innehall/fat...
www.dagensarena.se/innehall/fat...
Jag försökte bli månadsgivare till en organisation jag stödjer, men för att godkänna autogirot var jag tvungen att ge något som heter FinShark tillgång till mitt konto i 180 dagar!? Det känns ju helt bananas! Är det här verkligen det bästa vi kan åstadkomma 2025?
October 7, 2025 at 10:57 AM
Jag försökte bli månadsgivare till en organisation jag stödjer, men för att godkänna autogirot var jag tvungen att ge något som heter FinShark tillgång till mitt konto i 180 dagar!? Det känns ju helt bananas! Är det här verkligen det bästa vi kan åstadkomma 2025?
Reposted by Fredrik Dahlgren
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
October 3, 2025 at 4:14 PM
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
This is so cursed.
Virtual Machines render fonts. It’s kind of insane.
TrueType has its own instruction set, memory stack, and function calls.
You can debug it like assembly. It’s also exploitable:
TrueType has its own instruction set, memory stack, and function calls.
You can debug it like assembly. It’s also exploitable:
October 2, 2025 at 9:40 PM
This is so cursed.
Signal is really pushing the envelope with their new post-quantum secure triple ratchet. The protocol is formally verified using ProVerif, and the implementation uses hax to verify correctness and panic-freeness of the implementation. Really great work!
In 2023, Signal was the first mainstream messenger to enable post-quantum cryptography. We’re still ahead of the (elliptical) curve, implementing a new hybrid PQ ratchet ensuring Forward Secrecy & Post-Compromise Security even in a post-quantum world. signal.org/blog/spqr/
Signal Protocol and Post-Quantum Ratchets
We are excited to announce a significant advancement in the security of the Signal Protocol: the introduction of the Sparse Post Quantum Ratchet (SPQR). This new ratchet enhances the Signal Protocol’s...
signal.org
October 2, 2025 at 9:15 PM
Signal is really pushing the envelope with their new post-quantum secure triple ratchet. The protocol is formally verified using ProVerif, and the implementation uses hax to verify correctness and panic-freeness of the implementation. Really great work!
Reposted by Fredrik Dahlgren
Fan ta svenska folket om de inte röstar bort de brunblå om ett år.
September 18, 2025 at 7:37 PM
Fan ta svenska folket om de inte röstar bort de brunblå om ett år.
Reposted by Fredrik Dahlgren
Reposted by Fredrik Dahlgren
I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?
September 17, 2025 at 5:10 PM
I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?
Reposted by Fredrik Dahlgren
September 16, 2025 at 2:50 PM
Reposted by Fredrik Dahlgren
TIL that setting LESSSECURE makes you more secure
September 15, 2025 at 9:24 PM
TIL that setting LESSSECURE makes you more secure