Paged Out! Deeply technical zine. And it's free.

𝙿𝙰𝙶𝙴𝙳 𝙾𝚄𝚃! #𝟾 𝙳𝙴𝙰𝙳𝙻𝙸𝙽𝙴: 𝟺 𝙹𝚊𝚗𝚞𝚊𝚛𝚢 𝟸𝟶𝟸𝟼 𝙴𝚘𝙳 𝙴𝚘𝙰

Save the date if you're planning to write an article or showcase your digital art in the next issue of our magazine.

pagedout.institute

P.S. We're looking for sponsors for issue #8 as well.

I was thinking of something much more simple, time division and non geo geostationary.

Wrt proxy for entanglement based approaches the idea is the satellite would be an untrusted bell pair generator sending entangled pairs for parties to generate keys with

Btw Luke I’ve just sent you an email regarding a new attack analysis against BB84 I’ve been working on

Nice to chat here! You’re right about point to point during QKD of course. what would be the right phrase to describe that multiple receivers, even mobile, can perform QKD with the Sat, sequentially if not concurrently without multiplexing

There’s production * (typo)

I think the clearest argument is that it requires classical auth to start with. So why not just use classical authentication then ???

Regarding scalability there’s productive satellite QKD available now, so the last mile/ point to point argument does not apply there

Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...

Yeah when I first implemented that for WiFi wpa2/3 my thoughts were similar, but recently revisited this and can’t help but wonder if this helps create sidechannel points with known plaintext on the pattern that’s unwrapped

I am at usenix woot today/tmrw! Ping if you want to connect

WiFi dispenser

Hey bitchat users, I started a bluer/bluez rust Linux client github.com/spr-networks.... Runs in a docker container and I hooked it up to the wifi password dispenser over e2e. Each user gets their own wpa3 pass

Supply-chain attacks on open source software are getting out of hand Attacks affected packages, including one with ~2.8 million weekly downloads.

Supply-chain attacks on open source software are getting out of hand

Supernetworks Router WiFi 6 Poe+ Router Order Page WiFi 6 PoE+ Router built with Raspberry Pi CM5

www.supernetworks.org/compute-boar...

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch Dorsey admitted that his new messaging app had not been reviewed or tested for security issues prior to its launch.

techcrunch.com/2025/07/09/j...

Do they also aid memory forensics/
Sidechannels for automated key discovery ?

It’s also terribly insecure as implemented. The trusted peers can be trivially intercepted an adversary can inject themselves into a trusted chat

www.supernetworks.org/pages/blog/a...

Being an identical twin has its perks, like easy biometrics testing. Most vendors sensitivity isn’t as good as I hope

I've just been told that John Young of Cryptome.org passed away last week.

#Cryptome was foundational, and a predecessor to organizations like @ddosecrets.com and #Wikileaks.

RIP, John.

Exclusive | In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks A senior Chinese official linked intrusions to escalating U.S. support for Taiwan.

Chinese officials acknowledged in a December meeting with Biden officials in Geneva that Beijing was behind the Volt Typhoon intrusions into U.S. critical infrastructure citing increasing U.S. policy support for Taiwan as an excuse www.wsj.com/politics/nat...

West Coast numbers are coming in, and estimates have now surpassed 5 million. People are still pouring into the streets—nearly 2% of the American population is rising up. America, we are so proud of you. You did it.

What percent of imports are from perfect competition companies

Anti coercion act and statements from EU makes it seem like they’re a target for EU.

of the deficit something like 75% -80% is due to US related party import. Taxing US activity for production abroad would have been the better approach to avoid collateral damage to exports

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog

Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE.

cloud.google.com/blog/topics/...

Today I learned that cracking keys now takes about 1/3rd as many qubits as before without substantially different gate counts.

Clémence Chevignard, Pierre-Alain Fouque, and André Schrottenloher 2024.

eprint.iacr.org/2024/222.pdf

 Today's April 1st. From garage geeks to tech titans: Happy Birthday, Apple

Our team discovered some security vulnerabilities in launchd, SMB, and Kerberos, now patched. #CVE-2025-24269 #CVE-2025-31182 #CVE-2025-24235 #CVE-2025-30444

support.apple.com/en-us/122373
support.apple.com/en-us/122371

Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....

What’s up with YouTube ads asking for location lately

www.supernetworks.org/compute-boar...

Shipping in 8-12 weeks

OpenAI calls DeepSeek 'state-controlled,' calls for bans on 'PRC-produced' models | TechCrunch In a proposal, OpenAI describes DeepSeek as 'state-controlled,' and recommends banning models from it and other PRC-affiliated operations.

My contempt for anyone involved with this drivel knows few limits. Conflating issues and fear mongering because a Chinese company dared to publish an actual open model:

techcrunch.com/2025/03/13/o...

And trying to talk about copyright after training in Libgen.

Hypocrisy, lies, grifting :-(

Only way to make sure a security review gets good coverage

I wrote up my thoughts on a promising new project to evolve wpa3 to better support multipass without having users pay a “security tax” www.supernetworks.org/pages/blog/w...