Believing in the Data Fairy - carnival tricks and confirmation bias.

A fascinating and accessible psychological analysis - highly recommend

softwarecrisis.dev/letters/llment…

My company ogSec Consulting has partnered with Zero-Point Security to create some essential report writing training. It will not just boost your writing skills but also the efficiency & quality of your assessments. Check out what's covered in the course here: training.zeropointsecurity.co.uk/courses/the-ar…

Listening to a talk by Dinis Cruz should be enough, but if you need further encouragement there will be free pizza.
These events are usually great fun and attended by lots of great people from the London infosec community.

I used to love that UI :-)

On the xz 'event' this is the best ongoing technical analysis seen so far of the final .o payload

gist.github.com/smx-smx/a6112d…

The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.

Nice way to backdoor, just do it in a release branch, add binary files as test helpers, and later call them as part of make - github.com/tukaani-projec… (full details in openwall.com/lists/oss-secu…). Can't trust anything from this repo!

BSides Ljubljana CFP is open.

So much of this right now

SteelCon CFP is open.
For anyone who hasn't been, this is a great community-oriented con, run by nice people, with good talks and a friendly atmosphere.
If you've got a good idea or decent research then submit it.

Looks very interesting. I'm currently buying No Starch Press books faster than I can read them.

Signing books in the #lymeregis bookshop. I’ll be doing my talk about the Post Office scandal at the ⁦Marine Theatre Lyme Regis⁩ at 1.30pm today. Do come along if you’re in town.

Listen to the words of the amazing Jennifer Fernick.

An excellent clear description of the topic. I'd recommend reading this if post-quantum cryptography seems obscure or complex.

Great fun to watch Peter Winter-Smith ‘s talk on wSAST last week. I’d encourage anyone interested in code security review to download the slides and tool.

What do we want? LLMs running on a Casio watch, clearly...

arxiv.org/abs/2402.17764…

A chance to sponsor one of the best, and friendliest, cons with a great sense of community.