Renato Gabriele
@remagio.bsky.social
"If you have a garden and a library, you have everything you need." by Cicero.
https://www.journalismfestival.com/speaker/renato-gabriele
https://www.journalismfestival.com/speaker/renato-gabriele
Pinned
Reposted by Renato Gabriele
What can you do about an ISP outage—on Thanksgiving day? If you're Blacksmith, you use Tailscale Services to build an immediate, zero-config proxy for GitHub traffic, so it doesn't happen again: tailscale.com/blog/blacksm...
Building a transparent proxy around ISP routing failures with Tailscale Services
How Blacksmith built a secure load-balancing proxy with Tailscale Services
tailscale.com
December 18, 2025 at 3:38 PM
What can you do about an ISP outage—on Thanksgiving day? If you're Blacksmith, you use Tailscale Services to build an immediate, zero-config proxy for GitHub traffic, so it doesn't happen again: tailscale.com/blog/blacksm...
Reposted by Renato Gabriele
I'm running a TamaGo VM on Google Compute Engine. No CVEs to worry about other than Go ones, just own code and runtime, starts and reboots instantly.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
December 16, 2025 at 9:39 AM
I'm running a TamaGo VM on Google Compute Engine. No CVEs to worry about other than Go ones, just own code and runtime, starts and reboots instantly.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
Reposted by Renato Gabriele
Serious question: if you get a threat notification from Apple, WhatsApp, Google...and you are not a journalist ot dissident so you can't go to Citizen Lab/Amnesty/AccessNow, where do you go?
Asking for an article, not for someone who's gotten that notification.
Asking for an article, not for someone who's gotten that notification.
December 10, 2025 at 5:27 PM
Serious question: if you get a threat notification from Apple, WhatsApp, Google...and you are not a journalist ot dissident so you can't go to Citizen Lab/Amnesty/AccessNow, where do you go?
Asking for an article, not for someone who's gotten that notification.
Asking for an article, not for someone who's gotten that notification.
Reposted by Renato Gabriele
It’s almost time for my @BSidesCapeTown talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it!
github.com/sensepost/pi...
github.com/sensepost/pi...
December 6, 2025 at 1:56 PM
It’s almost time for my @BSidesCapeTown talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it!
github.com/sensepost/pi...
github.com/sensepost/pi...
Reposted by Renato Gabriele
Wherever there's spyware, there's always an Italian angle...
Interesting artefact in the uploaded JSKit code used by Intellexa from Google's Threat Intelligence Group.
"//TODO: va bene solo per ios 15 perchè l'exploit è uguale per tutte le version 15.0.x infatti se inferiore a 15.1 restituisce sempre 15.0" - some italian....
cloud.google.com/blog/topics/...
"//TODO: va bene solo per ios 15 perchè l'exploit è uguale per tutte le version 15.0.x infatti se inferiore a 15.1 restituisce sempre 15.0" - some italian....
cloud.google.com/blog/topics/...
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
cloud.google.com
December 4, 2025 at 9:30 PM
Wherever there's spyware, there's always an Italian angle...
Reposted by Renato Gabriele
I just found this little solar robot bug I made 20 years ago.
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
December 3, 2025 at 2:41 AM
I just found this little solar robot bug I made 20 years ago.
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
Reposted by Renato Gabriele
Upgrading from #FreeBSD 14.3-RELEASE to 15.0-RELEASE?
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
December 2, 2025 at 2:12 PM
Upgrading from #FreeBSD 14.3-RELEASE to 15.0-RELEASE?
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Reposted by Renato Gabriele
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:27 PM
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Reposted by Renato Gabriele
Make a Gravity defying NeoPixel Ring Lamp! Guide: learn.adafruit.com/neopixel-rin... youtu.be/p_5DRfurpYg #Adafruit #3DPrinting
November 23, 2025 at 12:37 PM
Make a Gravity defying NeoPixel Ring Lamp! Guide: learn.adafruit.com/neopixel-rin... youtu.be/p_5DRfurpYg #Adafruit #3DPrinting
Reposted by Renato Gabriele
Cybersecurity isn’t ready for the conversation about how bad sexism and ageism are in the whole pen test / red team community, or how influencer culture and the saturated market are enabling it to get worse. www.linkedin.com/pulse/tryhac...
TryHackMe's Advent of Cyber 2025: Zero Women Creators - A Critical Look at Representation in Cybersecurity Education
THE PROBLEM 18 creators. Zero women.
www.linkedin.com
November 22, 2025 at 4:33 AM
Cybersecurity isn’t ready for the conversation about how bad sexism and ageism are in the whole pen test / red team community, or how influencer culture and the saturated market are enabling it to get worse. www.linkedin.com/pulse/tryhac...
Reposted by Renato Gabriele
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch
Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.
techcrunch.com
November 21, 2025 at 7:11 PM
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
Reposted by Renato Gabriele
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 6:34 PM
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Reposted by Renato Gabriele
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
November 16, 2025 at 4:26 AM
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Reposted by Renato Gabriele
EFF and AV Comparatives team up to see how well anti-virus apps detect Android stalkerware. www.eff.org/deeplinks/2...
EFF Teams Up With AV Comparatives to Test Android Stalkerware
EFF has, for many years, raised the alarm about the proliferation of stalkerware—commercially-available apps designed to be installed covertly on another person’s device to exfiltrate data from that
www.eff.org
November 15, 2025 at 3:04 PM
EFF and AV Comparatives team up to see how well anti-virus apps detect Android stalkerware. www.eff.org/deeplinks/2...
Reposted by Renato Gabriele
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
November 6, 2025 at 8:22 PM
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
Reposted by Renato Gabriele
We're pleased to announce the final lineup for Black Hat Europe '25. Terrific security research spanning 21 tracks. In a separate thread, I'll highlight a few of my favorites.
www.blackhat.com/eu-25/briefi...
www.blackhat.com/eu-25/briefi...
Black Hat
Black Hat
www.blackhat.com
October 31, 2025 at 10:27 PM
We're pleased to announce the final lineup for Black Hat Europe '25. Terrific security research spanning 21 tracks. In a separate thread, I'll highlight a few of my favorites.
www.blackhat.com/eu-25/briefi...
www.blackhat.com/eu-25/briefi...
"If you have a garden and a library, you have everything you need." by Cicero
In the research for Computing, my multi-part documentary that examines the intersection of computing and what it means to be human, I've collected almost 6,000 books to help inform my storytelling. You can browse my entire collection here
t.co/fw6RXUYR2l
t.co/fw6RXUYR2l
https://www.librarycat.org/lib/gbooch
t.co
November 1, 2025 at 5:27 PM
"If you have a garden and a library, you have everything you need." by Cicero
Reposted by Renato Gabriele
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
October 30, 2025 at 7:30 PM
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
Reposted by Renato Gabriele
Sure, why require telcos to have cybersecurity plans? www.cybersecuritydive.com/news/fcc-cyb...
FCC will vote to scrap telecom cybersecurity requirements
The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.
www.cybersecuritydive.com
October 30, 2025 at 5:59 PM
Sure, why require telcos to have cybersecurity plans? www.cybersecuritydive.com/news/fcc-cyb...
Reposted by Renato Gabriele
The future of tech is commons-based, open by design & built with people at its heart. With #DCEDIC, Europe leads a new way, creating digital infrastructure that others can adapt, reuse & grow globally. This is our @okfn.bsky.social vision in action. digital-strategy.ec.europa.eu/en/news/comm...
Commission to launch Digital Commons EDIC to support sovereign European digital infrastructure and technology
The European Commission today adopted a decision establishing the Digital Commons European Digital Infrastructure Consortium (DC-EDIC), a new instrument enabling Member States to jointly develop, depl...
digital-strategy.ec.europa.eu
October 30, 2025 at 9:19 AM
The future of tech is commons-based, open by design & built with people at its heart. With #DCEDIC, Europe leads a new way, creating digital infrastructure that others can adapt, reuse & grow globally. This is our @okfn.bsky.social vision in action. digital-strategy.ec.europa.eu/en/news/comm...
Reposted by Renato Gabriele
did not realize cryptography's Alice and Bob had so many counterparts now, including Heidi and Faythe
![Trudy An intruder.
Victor[19] or Vanna[28] A verifier, who requires proof from the prover.
Walter A warden, who may guard Alice and Bob.
Wendy A whistleblower, who is an insider with privileged access capable of divulging information.
Interactive proof systems
For interactive proof systems there are other characters:
Arthur and Merlin Merlin provides answers, and Arthur asks questions.[29] Merlin has unbounded computational ability (like the wizard Merlin). In interactive proof systems, Merlin claims the truth of a statement, and Arthur (like King Arthur), questions him to verify the claim.
Paul and Carole Paul asks questions, and Carole provides answers. In the solution of the Twenty Questions problem,[30] Paul (standing in for Paul Erdős) asked questions and Carole (an anagram of "oracle") answered them. Paul and Carole were also used in combinatorial games, in the roles of pusher and chooser.[31]
Arthur and Bertha Arthur is the "left", "black", or "vertical" player, and Bertha is the "right", "white", or "horizontal" player in a combinatorial game. Additionally, Arthur, given the same outcome, prefers a game to take the fewest moves, while Bertha prefers a game to take the most moves.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:zwn4ztm6rkvkx55bfsmbbak7/bafkreidhoknqdbeciru2vyqtez4ahybrrbjlf4bxc5qbdz2hdsr4oj6bye@jpeg)
![Ivan An issuer, mentioned first by Ian Grigg in the context of Ricardian contracts.[18]
Judy A judge who may be called upon to resolve a potential dispute between participants. See Judge Judy.
Mallory[19][20][21] or (less commonly) Mallet[22][23][24][25] or Darth[26] A malicious attacker. Associated with Trudy, an intruder. Unlike the passive Eve, Mallory is an active attacker (often used in man-in-the-middle attacks), who can modify messages, substitute messages, or replay old messages. The difficulty of securing a system against a Mallory is much greater than against an Eve.
Michael or Mike Used as an alternative to the eavesdropper Eve, from microphone.
Niaj Used as an alternative to the eavesdropper Eve in several South Asian nations.[27]
Olivia An oracle, who responds to queries from other participants. Olivia often acts as a "black box" with some concealed state or information, or as a random oracle.
Oscar An opponent, similar to Mallory, but not necessarily malicious.
Peggy or Pat A prover, who interacts with the verifier to show that the intended transaction has actually taken place. Peggy is often found in zero-knowledge proofs.
Rupert A repudiator who appears for interactions that desire non-repudiation.
Sybil](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:zwn4ztm6rkvkx55bfsmbbak7/bafkreiezfrvckww4e6qx6zsalxlvuclyx2vluyewf4lmulz5kv3hnzsna4@jpeg)
![Alice and Bob The original, generic characters. Generally, Alice and Bob want to exchange a message or cryptographic key.
Carol, Carlos or Charlie A generic third participant.
Chuck or Chad A third participant, usually of malicious intent.[15]
Craig A password cracker, often encountered in situations with stored passwords.
Dan, Dave or David A generic fourth participant.
Erin A generic fifth participant, but rarely used, as "E" is usually reserved for Eve.
Eve or Yves An eavesdropper, who is usually a passive attacker. While they can listen in on messages between Alice and Bob, they cannot modify them. In quantum cryptography, Eve may also represent the environment.[clarification needed]
Faythe A trusted advisor, courier or intermediary. Faythe is used infrequently, and is associated with faith and faithfulness. Faythe may be a repository of key service or courier of shared secrets.[citation needed]
Frank A generic sixth participant.
Grace A government representative. For example, Grace may try to force Alice or Bob to implement backdoors in their protocols. Grace may also deliberately weaken standards.[16]
Heidi A mischievous designer for cryptographic standards, but rarely used.[17]](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:zwn4ztm6rkvkx55bfsmbbak7/bafkreidqlfig7q2ajle2nrwonygaagvegzagqzolu42it76rq6o2kbwtlm@jpeg)
October 29, 2025 at 2:52 PM
did not realize cryptography's Alice and Bob had so many counterparts now, including Heidi and Faythe
Reposted by Renato Gabriele
Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy
October 28, 2025 at 8:36 PM
Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy
Reposted by Renato Gabriele
