Renato Gabriele
@remagio.bsky.social
"If you have a garden and a library, you have everything you need." by Cicero.
https://www.journalismfestival.com/speaker/renato-gabriele
https://www.journalismfestival.com/speaker/renato-gabriele
Pinned
Reposted by Renato Gabriele
Upgrading from #FreeBSD 14.3-RELEASE to 15.0-RELEASE?
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
December 2, 2025 at 2:12 PM
Upgrading from #FreeBSD 14.3-RELEASE to 15.0-RELEASE?
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Reposted by Renato Gabriele
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:27 PM
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Reposted by Renato Gabriele
Make a Gravity defying NeoPixel Ring Lamp! Guide: learn.adafruit.com/neopixel-rin... youtu.be/p_5DRfurpYg #Adafruit #3DPrinting
November 23, 2025 at 12:37 PM
Make a Gravity defying NeoPixel Ring Lamp! Guide: learn.adafruit.com/neopixel-rin... youtu.be/p_5DRfurpYg #Adafruit #3DPrinting
Reposted by Renato Gabriele
Cybersecurity isn’t ready for the conversation about how bad sexism and ageism are in the whole pen test / red team community, or how influencer culture and the saturated market are enabling it to get worse. www.linkedin.com/pulse/tryhac...
TryHackMe's Advent of Cyber 2025: Zero Women Creators - A Critical Look at Representation in Cybersecurity Education
THE PROBLEM 18 creators. Zero women.
www.linkedin.com
November 22, 2025 at 4:33 AM
Cybersecurity isn’t ready for the conversation about how bad sexism and ageism are in the whole pen test / red team community, or how influencer culture and the saturated market are enabling it to get worse. www.linkedin.com/pulse/tryhac...
Reposted by Renato Gabriele
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch
Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.
techcrunch.com
November 21, 2025 at 7:11 PM
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
Reposted by Renato Gabriele
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 6:34 PM
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Reposted by Renato Gabriele
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
November 16, 2025 at 4:26 AM
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Reposted by Renato Gabriele
EFF and AV Comparatives team up to see how well anti-virus apps detect Android stalkerware. www.eff.org/deeplinks/2...
EFF Teams Up With AV Comparatives to Test Android Stalkerware
EFF has, for many years, raised the alarm about the proliferation of stalkerware—commercially-available apps designed to be installed covertly on another person’s device to exfiltrate data from that
www.eff.org
November 15, 2025 at 3:04 PM
EFF and AV Comparatives team up to see how well anti-virus apps detect Android stalkerware. www.eff.org/deeplinks/2...
Reposted by Renato Gabriele
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
November 6, 2025 at 8:22 PM
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
Reposted by Renato Gabriele
We're pleased to announce the final lineup for Black Hat Europe '25. Terrific security research spanning 21 tracks. In a separate thread, I'll highlight a few of my favorites.
www.blackhat.com/eu-25/briefi...
www.blackhat.com/eu-25/briefi...
Black Hat
Black Hat
www.blackhat.com
October 31, 2025 at 10:27 PM
We're pleased to announce the final lineup for Black Hat Europe '25. Terrific security research spanning 21 tracks. In a separate thread, I'll highlight a few of my favorites.
www.blackhat.com/eu-25/briefi...
www.blackhat.com/eu-25/briefi...
"If you have a garden and a library, you have everything you need." by Cicero
In the research for Computing, my multi-part documentary that examines the intersection of computing and what it means to be human, I've collected almost 6,000 books to help inform my storytelling. You can browse my entire collection here
t.co/fw6RXUYR2l
t.co/fw6RXUYR2l
https://www.librarycat.org/lib/gbooch
t.co
November 1, 2025 at 5:27 PM
"If you have a garden and a library, you have everything you need." by Cicero
Reposted by Renato Gabriele
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
October 30, 2025 at 7:30 PM
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
Reposted by Renato Gabriele
Sure, why require telcos to have cybersecurity plans? www.cybersecuritydive.com/news/fcc-cyb...
FCC will vote to scrap telecom cybersecurity requirements
The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.
www.cybersecuritydive.com
October 30, 2025 at 5:59 PM
Sure, why require telcos to have cybersecurity plans? www.cybersecuritydive.com/news/fcc-cyb...
Reposted by Renato Gabriele
The future of tech is commons-based, open by design & built with people at its heart. With #DCEDIC, Europe leads a new way, creating digital infrastructure that others can adapt, reuse & grow globally. This is our @okfn.bsky.social vision in action. digital-strategy.ec.europa.eu/en/news/comm...
Commission to launch Digital Commons EDIC to support sovereign European digital infrastructure and technology
The European Commission today adopted a decision establishing the Digital Commons European Digital Infrastructure Consortium (DC-EDIC), a new instrument enabling Member States to jointly develop, depl...
digital-strategy.ec.europa.eu
October 30, 2025 at 9:19 AM
The future of tech is commons-based, open by design & built with people at its heart. With #DCEDIC, Europe leads a new way, creating digital infrastructure that others can adapt, reuse & grow globally. This is our @okfn.bsky.social vision in action. digital-strategy.ec.europa.eu/en/news/comm...
Reposted by Renato Gabriele
did not realize cryptography's Alice and Bob had so many counterparts now, including Heidi and Faythe
![Trudy An intruder.
Victor[19] or Vanna[28] A verifier, who requires proof from the prover.
Walter A warden, who may guard Alice and Bob.
Wendy A whistleblower, who is an insider with privileged access capable of divulging information.
Interactive proof systems
For interactive proof systems there are other characters:
Arthur and Merlin Merlin provides answers, and Arthur asks questions.[29] Merlin has unbounded computational ability (like the wizard Merlin). In interactive proof systems, Merlin claims the truth of a statement, and Arthur (like King Arthur), questions him to verify the claim.
Paul and Carole Paul asks questions, and Carole provides answers. In the solution of the Twenty Questions problem,[30] Paul (standing in for Paul Erdős) asked questions and Carole (an anagram of "oracle") answered them. Paul and Carole were also used in combinatorial games, in the roles of pusher and chooser.[31]
Arthur and Bertha Arthur is the "left", "black", or "vertical" player, and Bertha is the "right", "white", or "horizontal" player in a combinatorial game. Additionally, Arthur, given the same outcome, prefers a game to take the fewest moves, while Bertha prefers a game to take the most moves.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:zwn4ztm6rkvkx55bfsmbbak7/bafkreidhoknqdbeciru2vyqtez4ahybrrbjlf4bxc5qbdz2hdsr4oj6bye@jpeg)
![Ivan An issuer, mentioned first by Ian Grigg in the context of Ricardian contracts.[18]
Judy A judge who may be called upon to resolve a potential dispute between participants. See Judge Judy.
Mallory[19][20][21] or (less commonly) Mallet[22][23][24][25] or Darth[26] A malicious attacker. Associated with Trudy, an intruder. Unlike the passive Eve, Mallory is an active attacker (often used in man-in-the-middle attacks), who can modify messages, substitute messages, or replay old messages. The difficulty of securing a system against a Mallory is much greater than against an Eve.
Michael or Mike Used as an alternative to the eavesdropper Eve, from microphone.
Niaj Used as an alternative to the eavesdropper Eve in several South Asian nations.[27]
Olivia An oracle, who responds to queries from other participants. Olivia often acts as a "black box" with some concealed state or information, or as a random oracle.
Oscar An opponent, similar to Mallory, but not necessarily malicious.
Peggy or Pat A prover, who interacts with the verifier to show that the intended transaction has actually taken place. Peggy is often found in zero-knowledge proofs.
Rupert A repudiator who appears for interactions that desire non-repudiation.
Sybil](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:zwn4ztm6rkvkx55bfsmbbak7/bafkreiezfrvckww4e6qx6zsalxlvuclyx2vluyewf4lmulz5kv3hnzsna4@jpeg)
![Alice and Bob The original, generic characters. Generally, Alice and Bob want to exchange a message or cryptographic key.
Carol, Carlos or Charlie A generic third participant.
Chuck or Chad A third participant, usually of malicious intent.[15]
Craig A password cracker, often encountered in situations with stored passwords.
Dan, Dave or David A generic fourth participant.
Erin A generic fifth participant, but rarely used, as "E" is usually reserved for Eve.
Eve or Yves An eavesdropper, who is usually a passive attacker. While they can listen in on messages between Alice and Bob, they cannot modify them. In quantum cryptography, Eve may also represent the environment.[clarification needed]
Faythe A trusted advisor, courier or intermediary. Faythe is used infrequently, and is associated with faith and faithfulness. Faythe may be a repository of key service or courier of shared secrets.[citation needed]
Frank A generic sixth participant.
Grace A government representative. For example, Grace may try to force Alice or Bob to implement backdoors in their protocols. Grace may also deliberately weaken standards.[16]
Heidi A mischievous designer for cryptographic standards, but rarely used.[17]](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:zwn4ztm6rkvkx55bfsmbbak7/bafkreidqlfig7q2ajle2nrwonygaagvegzagqzolu42it76rq6o2kbwtlm@jpeg)
October 29, 2025 at 2:52 PM
did not realize cryptography's Alice and Bob had so many counterparts now, including Heidi and Faythe
Reposted by Renato Gabriele
Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy
October 28, 2025 at 8:36 PM
Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy
Reposted by Renato Gabriele
Reposted by Renato Gabriele
“Implementing a Persistent Key-Value Store in a
Tamper-Resistant Device for SGX Enclave Applications”
Nice research which used our USB armory and TamaGo for its implementation!
dl.acm.org/doi/abs/10.1...
Tamper-Resistant Device for SGX Enclave Applications”
Nice research which used our USB armory and TamaGo for its implementation!
dl.acm.org/doi/abs/10.1...
Implementing a Persistent Key-Value Store in a Tamper-Resistant Device for SGX Enclave Applications | Proceedings of the 16th ACM SIGOPS Asia-Pacific Workshop on Systems
dl.acm.org
October 22, 2025 at 3:03 PM
“Implementing a Persistent Key-Value Store in a
Tamper-Resistant Device for SGX Enclave Applications”
Nice research which used our USB armory and TamaGo for its implementation!
dl.acm.org/doi/abs/10.1...
Tamper-Resistant Device for SGX Enclave Applications”
Nice research which used our USB armory and TamaGo for its implementation!
dl.acm.org/doi/abs/10.1...
Reposted by Renato Gabriele
Malware using cryptocurrency data availability layers for distribution is the new hotness, apparently. We solved censorship-resistant publishing (to some extent) which is pretty fascinating.
October 21, 2025 at 12:39 PM
Malware using cryptocurrency data availability layers for distribution is the new hotness, apparently. We solved censorship-resistant publishing (to some extent) which is pretty fascinating.
Reposted by Renato Gabriele
NEW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
October 18, 2025 at 5:48 PM
NEW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
Reposted by Renato Gabriele
Ma davvero siamo oggi un paese in cui si tenta di far saltare per aria giornalisti?
Quando ho saputo dell'attentato ho pensato subito a Dafne Caruana Galizia.
Quando ho saputo dell'attentato ho pensato subito a Dafne Caruana Galizia.
October 17, 2025 at 7:05 AM
Ma davvero siamo oggi un paese in cui si tenta di far saltare per aria giornalisti?
Quando ho saputo dell'attentato ho pensato subito a Dafne Caruana Galizia.
Quando ho saputo dell'attentato ho pensato subito a Dafne Caruana Galizia.
Reposted by Renato Gabriele
It's been 14 months since the ML-KEM spec was published.
age still isn't PQ because it's waiting for trivial details of the HPKE hybrids to stabilize, but they are blocked on the CFRG.
The TLS, SSHM, and LAMPS (X.509) IETF WGs are not waiting for CFRG. I just posted a plea for HPKE to do the same.
age still isn't PQ because it's waiting for trivial details of the HPKE hybrids to stabilize, but they are blocked on the CFRG.
The TLS, SSHM, and LAMPS (X.509) IETF WGs are not waiting for CFRG. I just posted a plea for HPKE to do the same.
[hpke] Let's ship post-quantum HPKE
Search IETF mail list archives
mailarchive.ietf.org
October 16, 2025 at 3:11 PM
It's been 14 months since the ML-KEM spec was published.
age still isn't PQ because it's waiting for trivial details of the HPKE hybrids to stabilize, but they are blocked on the CFRG.
The TLS, SSHM, and LAMPS (X.509) IETF WGs are not waiting for CFRG. I just posted a plea for HPKE to do the same.
age still isn't PQ because it's waiting for trivial details of the HPKE hybrids to stabilize, but they are blocked on the CFRG.
The TLS, SSHM, and LAMPS (X.509) IETF WGs are not waiting for CFRG. I just posted a plea for HPKE to do the same.
Reposted by Renato Gabriele
This one's a wild/messy one: Cyber giant F5, which serves most of the Fortune 500, said unknown government hackers had 'long term' access to its network:
• stole source code, some customer data
• accessed undisclosed vulns in BIG-IP
• DOJ allowed F5 to delay public notice citing national security
• stole source code, some customer data
• accessed undisclosed vulns in BIG-IP
• DOJ allowed F5 to delay public notice citing national security
Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch
The company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds.
techcrunch.com
October 15, 2025 at 3:55 PM
This one's a wild/messy one: Cyber giant F5, which serves most of the Fortune 500, said unknown government hackers had 'long term' access to its network:
• stole source code, some customer data
• accessed undisclosed vulns in BIG-IP
• DOJ allowed F5 to delay public notice citing national security
• stole source code, some customer data
• accessed undisclosed vulns in BIG-IP
• DOJ allowed F5 to delay public notice citing national security