A CS student used a Flipper Zero and AI to reverse-engineer a Mifare Classic laundry card and found that washers don’t recompute the reload ‘certificate’, allowing the balance to be restored to its last reload and effectively producing unlimited credit. The flaw is long-known but AI lowers the bar to exploitation, illustrating the broader risk of client-side security (no backend validation) and prompting disclosure to CSC ServiceWorks.
A deep, long-form explainer of WebPKI that describes how HTTPS depends on certificate authorities, certificate types (DV/OV/EV), and mechanisms like Certificate Transparency, and examines practical problems — expiration, revocation, CA incidents (e.g. Trustico, Entrust), and the difficulty of revoking large numbers of certs — plus mitigation ideas such as tighter CA restrictions, ACME renewal practices, and improved auditing. The post is based on months of research and aims to map the social, technical, and political complexities of the web’s public key infrastructure.
New drone mapping and soil/pollen analysis suggest the Band of Holes on Monte Sierpe (about 5,200 pits) was likely a landscape-scale indigenous trade and accounting system—akin to a giant khipu—used around the 14th century by regional traders and later repurposed by the Inca. The patterning of pits, presence of transported crop residues, and strategic location support use as a visual, communal ledger or marketplace rather than agricultural or water-capture features.