This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model

This week a reader sent me a story about a CVE in Notepad++, and something isn’t quite right. The story is a DLL hijack, a technique where a legitimate program’s Dynamic Link Library (DLL) is replaced with a malicious DLL. This can be used for very stealthy persistence as well as escalation of privilege. This one was assigned CVE-2025-56383, and given a CVSS score of 8.4.

The problem? Notepad++ doesn’t run as a privileged user, and the install defaults to the right permissions for the folder where the “vulnerable” DLL is installed. Or as pointed out in a GitHub issue on the Proof of Concept (PoC) code, why not just hijack the notepad++ executable?

This is key when evaluating a vulnerability write-up. What exactly is the write-up claiming? And what security boundary is actually being broken? The Common Weakness Enumeration (CWE) list can be useful here. This vulnerability is classified as CWE-427, an uncontrolled search path element — which isn’t actually what the vulnerability claims, and that’s another clue that something is amiss here. In reality this “vulnerability” applies to every application that uses a DLL: a CVSS 0.

Continue reading “This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model”

The WindRunner unloading a blade, image Radia.

Giant Airplane Goes Long On Specialization

While not everyone agrees on the installation of wind turbines in their proverbial back yards, one thing not up for debate is that there is a drive to build them bigger, and bigger. Big turbines means big blades, and big blades need to be transported… somehow. If air freight is going to stay relevant to the industry, we’re gonna need a bigger airplane.

A startup called Radia has a plan for that plane, and it is a doosie. The “WindRunner” would clock in at a massive 108 meters (354 feet) long, but with a wingspan of just 80 m (262 ft). That’s very, very long, but it might not be the largest airplane, depending how you measure it. Comparing to the 88 m wingspan for the late, lamented An-225 Mriya, you can expect a lower payload capacity, but heavy payloads aren’t the point here. Wind turbine blades really aren’t that heavy. They’re big, or they can be — the WindRunner is designed to fit a single 105 m blade within its long fuselage, or a pair of 90 m blades.

Continue reading “Giant Airplane Goes Long On Specialization”

Air Quality Monitor Plays Game Of Life

The problem with air quality is that you can’t really tell how good or bad it is just by looking…unless it’s really bad, that is. It’s usually more helpful to have some kind of sensor that can tell you what the deal is. To that end, [Arnov Sharma] built a neat air quality monitor with a fun twist.

A Raspberry Pi Pico W acts as the heart of the build, armed with an SGP40 gas sensor. This sensor is intended for monitoring total volatile organic compounds in the air, which can be a useful measure of air quality in at least one dimension. It reports a simple air quality score from 0 to 500, based on a 1-1000 ppm ethanol equivalent reading. Based on the sensor’s output, the Pi Pico drives an LED matrix display — setting it green for good quality air, yellow for moderate, and red for poor air quality (i.e. high VOC content). The fun part is that rather than just show a simple color, the display plays Conway’s Game of Life to create an animated visual. We’d love it even more if poor air quality lead to the premature death of individual cells, making it even more interactive.

We’ve featured other air quality monitors before; often, it’s desirable to monitor CO2 levels to determine whether more ventilation is needed.

Continue reading “Air Quality Monitor Plays Game Of Life