Flux RSS

Press release 26/07

It’s an impressive feat, over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools. Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data. As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.

The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail.

Situation as at 31 December 2025

(first publication: 30 October 2024)

Situation as at 31 December 2025

Situation as at 31 December 2025

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that.

The European Union – the media freedom hub marsrgi Thu, 03/19/2026 - 08:58 Opening: 16 April 2026 Closing: 28 May 2026 The overall goal of this preparatory action is to continue the activities of the ongoing Free Media Hub EAST project, i.e. to sustain and improve existing financial and other kinds of support to exiled independent media from Russia, Belarus, as well as media from Ukraine that has relocated in the EU, and to foster the coordination and consolidation of a pan-European platform or network of media hubs to promote the preservation of a pluralistic media environment. GettyImages © Mihajlo Maricic Main link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportuni… Related topics Media and democracy Media freedom and pluralism International relations Funding for Digital Actions to Support Ukraine Democracy in the digital age {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}

Out-of-court consumer complaint resolution

Surprising no one, Meta’s new AI glasses are a privacy disaster. I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.

Latest update on the AML/CFT standardised data collection

CEF-Digital Info Session: 2026 Calls Anonymous (not verified) Wed, 03/18/2026 - 10:35 26 March 2026 Online Learn more about the calls "Equipment for smart European cable systems" (CEF-DIG-2026-SMART-CABLES) and "Backbone connectivity for Digital Global Gateways" (CEF-DIG-2026-GATEWAYS). GettyImages © Dragon Claws Main link https://hadea.ec.europa.eu/events/cef-digital-info-session-2026-calls-2026-03-2… Related topics Connecting Europe Facility Funding for Digital Related content Press release 17 March 2026 Commission makes available €200 million for submarine cable and digital infrastructure projects The European Commission has opened two new Connecting Europe Facility (CEF) calls worth €200 million for projects in high-capacity networks, including submarine cables. {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}

An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million). When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management. However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device. The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet. Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

Equipment for smart European cable systems - Works Anonymous (not verified) Tue, 03/17/2026 - 08:45 Opening: 17 March 2026 Closing: 30 June 2026 This call supports the upgrade of existing submarine telecommunications/digital infrastructures to “smart capabilities” enabling applications that monitor them as well as other surrounding critical infrastructures (e.g. power cables, pipelines, etc.) and/or their vicinity. Main link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportuni… Related topics Digital connectivity Connecting Europe Facility Funding for Digital {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}