This Week In Security: Court Orders, GlassWorm, TARmageddon, And It Was DNS

October 24, 2025 by Jonathan Bennett 3 Comments

This week, a US federal court has ruled that NSO Group is no longer allowed to use Pegasus spyware against users of WhatsApp. And for their trouble, NSO was also fined $4 million. It’s unclear how much this ruling will actually change NSO’s behavior, as it intentionally stopped short of applying to foreign governments.

There may be an unexpected source of leverage the US courts can exert over NSO, with the news that American investors are acquiring the company. Among the requirements of the ruling is that NSO cannot reverse engineer WhatsApp code, cannot create new WhatsApp accounts, and must delete any existing WhatsApp code in their possession. Whether this actually happens remains to be seen.

Continue reading “This Week In Security: Court Orders, GlassWorm, TARmageddon, And It Was DNS” →

Robot Phone Home…Or Else

October 24, 2025 by Al Williams 58 Comments

We would have enjoyed [Harishankar’s] tear down of a robot vacuum cleaner, even if it didn’t have a savage twist at the end. Turns out, the company deliberately bricked his smart vacuum.

Like many of us, [Harishankar] is suspicious of devices beaming data back to their makers. He noted a new vacuum cleaner was pinging a few IP address, including one that was spitting out logging or telemetry data frequently. Of course, he had the ability to block the IP address which he did. End of story, right?

No. After a few days of working perfectly, the robot wouldn’t turn on. He returned it under warranty, but the company declared it worked fine. They returned it and, indeed, it was working. A few days later, it quit again. This started a cycle of returning the device where it would work, it would come home and work for a few days, then quit again.

You can probably guess where this is going, but to be fair, we gave you a big hint. The fact that it would work for days after blocking the IP address wouldn’t seem like a smoking gun in real time.

Continue reading “Robot Phone Home…Or Else” →

Tommy Flowers: How An Engineer Won The War

October 24, 2025 by Jenny List 22 Comments

Back in 2016, we took you to a collection of slightly dilapidated prefabricated huts in the English Home Counties, and showed you a computer. The place was the National Museum of Computing, next to the famous Bletchley Park codebreaking museum, and the machine was their reconstruction of Colossus, the world’s first fully electronic digital computer. Its designer was a telephone engineer named Tommy Flowers, and the Guardian has a piece detailing his efforts in its creation.

The front of the museum's Colossus MkII. — TNMOC’s Colossus MkII.

It’s a piece written for a non-technical audience so you’ll have to forgive it glossing over some of the more interesting details, but nevertheless it sets out to right a long-held myth that the machine was instead the work of the mathematician Alan Turing. Flowers led the research department at the British Post Office, who ran the country’s telephone system, and was instrumental both in proposing the use of electronic switches in computing, and in producing a working machine. The connection is obvious when you see Colossus, as its racks are the same as those used in British telephone exchanges of the era.

All in all, the article makes for an interesting read for anyone with an interest in technology. You can take a look at Colossus as we saw it in 2016 here, and if your interest extends to the only glimpse the British public had of the technology behind it in the 1950s, we’ve also taken a look at another Tommy Flowers creation, ERNIE, the UK Premium Bond computer.