Slider

4973 Articles

This Week In Security: Second Verse, Worse Than The First

March 27, 2026 by 16 Comments

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the wild, dubbed Darksword.

Like Coruna, Darksword appears to have followed the path of government security contractors, to different government actors, to crypto stealer. It appears to focus on exploits already fixed in modern iOS releases, with most affecting iOS 18 and all patched by iOS 26.3.

Going from almost no public examples of modern iOS exploits to two in as many weeks is wild, so if mobile device security is of interest, be sure to check out the Google write-up.

Another FBI Router Warning

The second too early to be retro – but too important to ignore – repeat security item is a second alert by the FBI cautioning about end-of-life consumer network hardware under active exploitation, with the FBI tracking almost 400,000 device infections so far.

Like the warning two weeks ago, the FBI calls out a handful of consumer routers – but this time they’re devices that may actually still be service in some of our homes (or our less cutting edge friends and family), calling out devices from Netgear, TP-Link, D-Link, and Zyxel:

  • Netgear DGN2200v4 and AC1900 R700
  • TP-Link Archer C20, TL-WR840N, TL-WR849N, and WR841N
  • D-Link DIR-818LW, 850L, and 860L
  • Zyxel EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K

While many of these devices are over ten years old, they still support modern networking – some of them even supporting 802.11ac (also called Wi-Fi 5).  Unfortunately, since support has been ended by the manufacturers, publicly disclosed vulnerabilities have not been patched (and now never will be, officially) Continue reading “This Week In Security: Second Verse, Worse Than The First”

FLOSS Weekly Episode 867: Pangolin: People Can Lie

March 25, 2026 by No comments

This week Jonathan chats with Milo Schwartz about Pangolin, the Open Source tunneling solution. Why do we need something other than Wireguard, and how does Pangolin fix IoT and IT problems? And most importantly, how do you run your own self-hosted Pangolin install? Watch to find out!

Continue reading “FLOSS Weekly Episode 867: Pangolin: People Can Lie”

Retail Fail: The :CueCat Disaster

March 25, 2026 by 67 Comments

Digital Convergence Corporation is hardly a household name, and there’s a good reason for that. However, it raised about $185 million in investments around the year 2000 from companies such as Coca-Cola, Radio Shack, GE, E. W. Scripps, and the media giant Belo Corporation. So what did all these companies want, and why didn’t it catch on? If you are old enough, you might remember the :CueCat, but you probably thought it was Radio Shack’s disaster. They were simply investors.

The Big Idea

The :CueCat was a barcode scanner that, usually, plugged into a PC’s keyboard port (in those days, that was normally a PS/2 port). A special cable, often called a wedge, was like a Y-cable, allowing you to use your keyboard and the scanner on the same port. The scanner looked like a cat, of course.

However, the :CueCat was not just a generic barcode scanner. It was made to only scan “cues” which were to appear in catalogs, newspapers, and other publications. The idea was that you’d see something in an ad or a catalog, rush to your computer to scan the barcode, and be transported to the retailer’s website to learn more and complete the purchase.

The software could also listen using your sound card for special audio codes that would play on radio or TV commercials and then automatically pop up the associated webpage. So, a piece of software that was reading your keyboard, listening to your room audio at all times, and could inject keystrokes into your computer. What could go wrong?

Continue reading “Retail Fail: The :CueCat Disaster”

The Most Secure, Modern Computer Might Be A Mac

March 25, 2026 by 39 Comments

The Linux world is currently seeing an explosion in new users, thanks in large part to Microsoft turning its Windows operating system into the most intrusive piece of spyware in modern computing. For those who value privacy and security, Linux has long been the safe haven where there’s reasonable certainty that the operating system itself isn’t harvesting user data or otherwise snooping where it shouldn’t be. Yet even after solving the OS problem, a deeper issue remains: the hardware itself. Since around 2008, virtually every Intel and AMD processor has included coprocessors running closed-source code known as the Intel Management Engine (IME) or AMD Platform Security Processor (PSP).

M1 MacBook Air, now with more freedom

These components operate entirely outside the user’s and operating system’s control. They are given privileged access to memory, storage, and networking and can retain that access even when the CPU is not running, creating systemic vulnerabilities that cannot be fully mitigated by software alone. One practical approach to minimizing exposure to opaque management subsystems like the IME or PSP is to use platforms that do not use x86 hardware in the first place. Perhaps surprisingly, the ARM-based Apple M1 and M2 computers offer a compelling option, providing a more constrained and clearly defined trust model for Linux users who prioritize privacy and security.

Before getting into why Apple Silicon can be appealing for those with this concern, we first need to address the elephant in the room: Apple’s proprietary, closed-source operating system. Luckily, the Asahi Linux project has done most of the heavy lifting for those with certain Apple Silicon machines who want to go more open-source. In fact, Asahi is one of the easiest Linux installs to perform today even when compared to beginner-friendly distributions like Mint or Fedora, provided you are using fully supported M1 or M2 machines rather than attempting an install on newer, less-supported models. The installer runs as a script within macOS, eliminating the need to image a USB stick. Once the script is executed, the user simply follows the prompts, restarts the computer, and boots into the new Linux environment. Privacy-conscious users may also want to take a few optional steps, such as verifying the Asahi checksum and encrypting the installation with LUKS but these steps are not too challenging for experienced users. Continue reading “The Most Secure, Modern Computer Might Be A Mac”

Age-Verification And The World Before Social Media

March 24, 2026 by 57 Comments

Although it may be hard to believe for current generations, there was a time when the Internet and the World Wide Web were not as integrated into society as it is today. The only forms of online ‘social media’ that existed came in the form of IRC, forums, BBSes, newsgroups and kin, while obtaining new software for your PC involved generally making your way over to a physical store to buy a boxed copy, at least officially.

In this era – and those before it – age-verification already existed, with various goods ranging from tobacco and alcohol to naughty adult magazines requiring you to pass some form of age check. Much like how movies also got age-gated, so did video games, with a sales clerk taking a very good look at you before selling you that naughty puzzle game or boxed copy of Quake 3.

Today we’re seeing a big fuss being made about online age-verification, with the claim being that it is ‘for the children’, but as any well-adjusted adult can attest to, this is essentially a big bucket of hogwash.

Continue reading “Age-Verification And The World Before Social Media”

From Zip To Nought: The Rise And Fall Of Iomega

March 24, 2026 by 91 Comments

If you were anywhere near a computer in the mid-to-late 1990s, you almost certainly encountered a Zip drive. That distinctive purple peripheral, with its satisfying clunk as you slotted in a cartridge, was as much a fixture of the era as beige tower cases and CRT monitors. Iomega, the company behind it, went from an obscure Utah outfit to a multi-billion-dollar darling of Wall Street in the span of about two years. And then, almost as quickly, it all fell apart.

The story of Iomega is one of genuine engineering innovation and the fickle nature of consumer technology. As with so many other juggernauts of its era, Iomega was eventually brought down by a new technology that simply wasn’t practical to counter.

The House That Bernoulli Built

Iomega was founded in Utah, in 1980, by Jerome Paul Johnson, David Bailey, and David Norton. The company soon developed a novel approach to removable magnetic storage based on the Bernoulli effect. The Bernoulli Box arrived in 1982, which was a drive relying on PET film disks spun at 1500 RPM inside a rigid, removable cartridge. The airflow generated by the spinning disk pulled the media down toward the read/write head thanks to the eponymous Bernoulli effect. While spinning, the disk would float a mere micron above the head surface on a cushion of air. If the power cut out or the drive otherwise failed, the disk simply floated away from the head rather than crashing into it—a boon over contemporary hard drives for which head crashes were a real risk. The Bernoulli Box made them essentially impossible. Continue reading “From Zip To Nought: The Rise And Fall Of Iomega”

The Zero-Power Flight Computer

March 23, 2026 by 27 Comments

In the early days of aviation, pilots or their navigators used a plethora of tools to solve common navigation and piloting problems. There was definitely a need for some kind of computing aid that could replace slide rules, tables, and tedious dead-reckoning computations. This would become even more important during World War II, when there was a massive push to quickly train young men to be pilots.

The same, but different. A Pickett slide rule (top) and an E6B slide rule (bottom). (Own Work).

Today, we’d whip up some sort of computer device, but in the 1930s, computers weren’t anything you’d cram on a plane, even if they’d had any. For example, the Mark 1 Fire Control Computer during WW2 was 3,000 pounds of gears and motors.

The computer is made to answer flight questions like “how many pounds of fuel do I need for another hour of flying time?” or “How do I adjust my course if I have a particular crosswind?”

History

There were a rash of flight computers starting in the 1920s that were essentially specialized slide rules. The most popular one appeared in the late 1930s. Philip Dalton’s circular slide rule was cheap to produce and easy to use. As you’ll see, it is more than just an ordinary slide rule. Keep in mind, these were not computers in the sense we think of today. They were simple slide rules that easily did specialized math useful to pilots.

Dalton actually developed a number of computers. The popular Model B appeared in 1933, and there were refinements leading to additional models. The Mark VII was very popular. Even Fred Noonan, Amelia Earhart’s navigator, used a Mark VII. Continue reading “The Zero-Power Flight Computer”