frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Pixnapping Attack

https://www.pixnapping.com/
84•kevcampb•2h ago

Comments

ChrisArchitect•2h ago
Discussion: https://news.ycombinator.com/item?id=45574613
jonplackett•1h ago
In the previous discussion everyone seems happy it’s been patched and not to worry (even though androids mostly don’t run anything like the latest android)

But in this write up they say the patch doesn’t work fully

charcircuit•1h ago
The bigger issue is the sidechannel that exists which leaks information from secure windows, even from protected buffers, potentially including DRM protected content.

While these blurs make the sidechannel easier to use as it provides a clear signal, considering you can predict the exact contents of the screen I feel like you could get away with just a mask.

esher•1h ago
I was looking for a nice browser game, just judging by the name.
ggm•57m ago
Not a phone designer, but could we imagine a new class of screen region which is excluded from screen grab, draw over and soft focus with a mask, and then notification which do otp or pin subscribe to use it?
charcircuit•49m ago
App developers can already dynamically mark their windows as secure which should prevent any other app from reading the pixels it rendered. The compositor composites all windows, including secure windows and applies any effects like blur. No apps are supposed to be able to see this final composited image, but this attack uses a side channel they found that allows apps on the system to learn information about the pixels within the final composition.
ZiiS•2m ago
The attack needs you to be able to alter the blur of pixels in a secure window; this could be forbidden. A secure window should draw 100% as requested or not at all.
bilekas•46m ago
It's not exactly a new technique but it's effective for most super targeted attacks, honestly it seems if you were this inclined to be able to get a specific app on the users phone, you might as well just work off the Android app you've already gotten delivered to the users phone. Like Facebook.

Throw a privacy notice to the users "This app will take periodic screenshots of your phone" You'd be amazed how many people will accept it.

> Did you release the source code of Pixnapping? We will release the source code at this link once patches become available: https://github.com/TAC-UCB/pixnapping

It's not exactly impossible to reverse what's happening here. You could have waited until it was patched but sounds like you wanted to get your own attention as soon as possible.

4gotunameagain•12m ago
Modern devices are simply too complex to be completely secure.

We have this tendency of adding more and more "features", more and more functionality 85% of which nobody asked for or has use for.

I believe that there will be a market for a small, bare bones secure OS in the future. Akin to how freeBSD is being run.

FSF announces Librephone project

https://www.fsf.org/news/librephone-project
836•g-b-r•8h ago•327 comments

Pixnapping Attack

https://www.pixnapping.com/
84•kevcampb•2h ago•9 comments

Show HN: Firm, a text-based work management system

https://github.com/42futures/firm
18•danielrothmann•1h ago•10 comments

Beliefs that are true for regular software but false when applied to AI

https://boydkane.com/essays/boss
377•beyarkay•14h ago•283 comments

Nvidia DGX Spark: great hardware, early days for the ecosystem

https://simonwillison.net/2025/Oct/14/nvidia-dgx-spark/
111•GavinAnderegg•7h ago•43 comments

DOJ seizes $15B in Bitcoin from 'pig butchering' scam based in Cambodia

https://www.cnbc.com/2025/10/14/bitcoin-doj-chen-zhi-pig-butchering-scam.html
126•pseudolus•17h ago•109 comments

A modern approach to preventing CSRF in Go

https://www.alexedwards.net/blog/preventing-csrf-in-go
70•todsacerdoti•17h ago•19 comments

Interviewing Intel's Chief Architect of x86 Cores

https://chipsandcheese.com/p/interviewing-intels-chief-architect
83•ryandotsmith•5d ago•8 comments

How bad can a $2.97 ADC be?

https://excamera.substack.com/p/how-bad-can-a-297-adc-be
228•jamesbowman•15h ago•124 comments

Unpacking Cloudflare Workers CPU Performance Benchmarks

https://blog.cloudflare.com/unpacking-cloudflare-workers-cpu-performance-benchmarks/
225•makepanic•12h ago•35 comments

How AI hears accents: An audible visualization of accent clusters

https://accent-explorer.boldvoice.com/
215•ilyausorov•16h ago•93 comments

Hacking the Humane AI Pin

https://writings.agg.im/posts/hacking_ai_pin/
130•agg23•6d ago•32 comments

A 12,000-year-old obelisk with a human face was found in Karahan Tepe

https://www.trthaber.com/foto-galeri/karahantepede-12-bin-yil-oncesine-ait-insan-yuzlu-dikili-tas...
327•fatihpense•1w ago•142 comments

Can we know whether a profiler is accurate?

https://stefan-marr.de/2025/10/can-we-know-whether-a-profiler-is-accurate/
36•todsacerdoti•6h ago•9 comments

How to turn liquid glass into a solid interface

https://tidbits.com/2025/10/09/how-to-turn-liquid-glass-into-a-solid-interface/
149•tambourine_man•13h ago•100 comments

Astronomers 'image' a mysterious dark object in the distant Universe

https://www.mpg.de/25518363/1007-asph-astronomers-image-a-mysterious-dark-object-in-the-distant-u...
222•b2ccb2•18h ago•123 comments

SmolBSD – build your own minimal BSD system

https://smolbsd.org
192•birdculture•15h ago•18 comments

Show HN: Greenonion.ai – AI-Powered Design Assistant

https://exuberant-premise-723012.framer.app/
31•yanjiechg•1w ago•22 comments

Europe's Digital Sovereignty Paradox – "Chat Control" Update

https://www.process-one.net/blog/chat-control-update-oct-2025/
6•neustradamus•53m ago•1 comments

Python's splitlines does more than just newlines

https://yossarian.net/til/post/python-s-splitlines-does-a-lot-more-than-just-newlines/
14•woodruffw•6d ago•2 comments

Updating Desktop Rust

https://tritium.legal/blog/update
12•piker•3d ago•3 comments

Intel Announces Inference-Optimized Xe3P Graphics Card with 160GB VRAM

https://www.phoronix.com/review/intel-crescent-island
98•wrigby•14h ago•72 comments

You Can't Mock Reality: Testing a 3D Rendering Pipeline in Blender

https://medium.com/@egorich42/you-cant-mock-reality-testing-a-3d-rendering-pipeline-in-blender-9c...
3•Egorich42•5d ago•0 comments

CSS for Styling a Markdown Post

https://webdev.bryanhogan.com/miscellaneous/styling-markdown/
41•bryanhogan•1w ago•10 comments

What Americans die from vs. what the news reports on

https://ourworldindata.org/does-the-news-reflect-what-we-die-from
541•alphabetatango•14h ago•317 comments

Surveillance data challenges what we thought we knew about location tracking

https://www.lighthousereports.com/investigation/surveillance-secrets/
388•_tk_•12h ago•93 comments

Printing Petscii Faster

https://retrogamecoders.com/printing-petscii-faster/
24•ibobev•4d ago•6 comments

Why Is SQLite Coded In C

https://www.sqlite.org/whyc.html
209•plainOldText•12h ago•223 comments

GrapheneOS is ready to break free from Pixels

https://www.androidauthority.com/graphene-os-major-android-oem-partnership-3606853/
302•MaximilianEmel•10h ago•147 comments

Beating the L1 cache with value speculation (2021)

https://mazzo.li/posts/value-speculation.html
35•shoo•4d ago•8 comments