Daily Archives: October 18, 2025

Microsoft update breaks localhost in Windows 11, destroys loads of integrations eg Lian Li Fan software

Posted on by

Microsoft’s October Windows 11 update has managed the impressive feat of breaking localhost, leaving developers unable to access web applications running on their own machines.

The problem first surfaced on Microsoft’s own support forums and quickly spread to Stack Overflow and Server Fault after the October 2025 cumulative update (KB5066835) landed, which appears to have severed Windows’ ability to talk to itself.

Developers describe HTTP/2 protocol errors and failed connections affecting everything from ASP.NET builds to Visual Studio debugging sessions.

Security nightmare stories needed!

Boss get the company hacked because he taped passwords to his monitor? Coworker get phished by a Nigerian prince?

Share the dirty details and they might appear in a future edition of PWNED, our new weekly feature about the worst security breaches that never should have happened.

Drop us a line at pwned@sitpub.com. Your anonymity is guaranteed.

The bug, introduced in build 26100.6899, has been traced to HTTP.sys, the Windows kernel component that handles local HTTP traffic. Developers have found that uninstalling KB5066835, and in some cases its sibling KB5065789, restores localhost functionality.

Others have discovered a temporary workaround that involves manually disabling HTTP/2 in the registry, which works but feels a bit like using a sledgehammer to swat a fly.

At the time of writing, Microsoft had yet to acknowledge the issue. Users report mixed results when trying to reinstall the patch or roll forward to newer builds. The problem appears to vanish on clean installs of Windows 11 24H2, suggesting that the error stems from a conflict in how the update interacts with existing system configurations, rather than being a universal bug.

In the meantime, moderators on Stack Overflow have already locked multiple posts and Server Fault threads are filled with frustrated devs trying to get their local servers running again.

All this comes as Microsoft pushed its final update for Windows 10 this week, officially ending support for the decade-old OS and urging users to move to Windows 11.

The transition hasn’t exactly been buttery smooth. Microsoft’s Windows 11 media creation tool also stopped working the day before, potentially affecting users trying to upgrade, and the same patch cycle saw end-of-support deadlines for Office 2019 and multiple server products.

All this means that, within the same week, Microsoft’s installer broke, its new OS borked local development, and Redmond’s multimillion-dollar upgrade push instead highlighted how fragile its ecosystem still is.

It’s almost enough to make you nostalgic for Clippy. We said almost. ®

Updated at 9.54 UTC on October 17, 2025, to add:

More than twenty four hours after asking Microsoft to comment, a spokesperson for the company sent a statement confirming problems.

“We are actively working on mitigations and recommend customers follow our guidance available here.”

Source: Microsoft update breaks localhost in Windows 11 • The Register

Reddit for the Lian Li problems

The Bird Dropping Report – what cars do birds poop on investigated

Posted on by

Alan’s Factory Outlet surveyed 1,000 American drivers to explore a messy but relatable problem: bird droppings on cars. By combining survey responses with research on bird behavior and parking habits, this report uncovered which vehicles are hit the hardest, which colors attract the most mess, and how much money drivers spend cleaning up. The findings reveal not only surprising insights but also the importance of having protection like carports and garages.

Key Takeaways

  • Ram, Jeep, and Chevrolet are the top three vehicles most frequently targeted by bird droppings.
  • Brown, red, and black cars attract the most bird poop, according to drivers.
  • Over 1 in 2 Americans (58%) say their car has been pooped on more than once in the same day.
  • 29% of Americans feel like birds have “targeted” their vehicle.
  • Nearly 1 in 4 Americans (24%) spend over $500 each year on car washes and repairs due to bird droppings.
  • 1 in 5 Americans (21%) would invest in a car cover or garage to avoid bird mess, and they’d pay an average of $50/month for better protection.

Car Brands and Colors Birds Target Most

Car owners often debate whether certain makes or colors are more vulnerable to bird mess, and the data from our survey suggests they may be right.

Infographic ranking car brands most often pooped on by birds, with Ram, Jeep, and Chevrolet at the top.

Ram, Jeep, and Chevrolet topped the list of vehicles most likely to be splattered. Other frequently targeted brands included Nissan, Dodge, and Kia, while Tesla, Audi, and Subaru also made the top ten. This spread shows that both domestic and imported brands are at risk. Color also played a noticeable role. Brown, red, and black cars drew the most unwanted attention from above, while lighter colors like white and silver/gray ranked lower.

Infographic showing how often Americans deal with bird droppings on cars, with most reporting weekly or monthly.

For many drivers, bird droppings are a regular headache. Over half of Americans (58%) said their car had been pooped on more than once in the same day, and nearly a third (29%) felt like birds had personally “targeted” them. Lexus (47%), Tesla (39%), and Dodge (35%) drivers felt the most targeted by birds.

More than 1 in 10 drivers (11%) even reported paint damage caused by droppings. These experiences often lead to frequent car washes. Over half of drivers (57%) have paid for a car wash specifically to clean off bird droppings, and 39% said they have to wash their cars multiple times a month because of it.

The costs add up quickly. Nearly 1 in 4 drivers (24%) spent more than $500 annually on car washes and repairs related to bird mess. Tesla and BMW owners were among the most impacted, with two-thirds of each brand spending over $500 per year.

Parking Habits and Prevention Attempts

Parking choices made a big difference in how often cars were hit.

Infographic on how parking and protective measures affect bird droppings on cars, including interest in car covers or garages.

Nearly one-third of Americans (29%) had changed their usual parking spot to steer clear of bird droppings, while 55% admitted their current setup provided little to no protection. Many went out of their way for a cleaner car: 38% said they would walk up to a block just to avoid parking under “poop zones.” Drivers of Toyota (17%), Honda (15%), and Chevrolet (7%) vehicles were the most likely to make these adjustments.

Bird droppings even disrupted daily life for some. More than 1 in 20 Americans (6%) had canceled or delayed plans because their car was too dirty, and over 1 in 10 (14%) had gotten droppings on themselves while getting in or out of their vehicle.

To prevent the mess, about 1 in 5 Americans (21%) said they would invest in a car cover or garage addition, with many willing to spend around $50 per month for added protection. Covered options such as carports also offered a practical solution for drivers looking to avoid these costly and frustrating cleanups.

Source: The Bird Dropping Report

Using Etherhiding to insert malware into blockchains to scam job seekers, steal wallets gain corporate entry

Posted on by

[…] a technique called EtherHiding, hiding malware inside blockchain smart contracts to sneak past detection and ultimately swipe victims’ crypto and credentials, according to Google’s Threat Intelligence team.

A Pyongyang goon squad that GTIG tracks as UNC5342 has been using this method since February in its Contagious Interview campaign, we’re told.

The criminals pose as recruiters, posting fake profiles on social media along the lines of Lazarus Group’s Operation Dream Job, which tricked job seekers into clicking on malicious links. But in this case, the Norks target software developers, especially those working in cryptocurrency and tech, trick them into downloading malware disguised as a coding test, and ultimately steal sensitive information and cryptocurrency, while gaining long-term access to corporate networks.

Hiding on the blockchain

To do this, they use EtherHiding, which involves embedding malicious code into a smart contract on a public blockchain, turning the blockchain into a decentralized and stealthy command-and-control server.

Because it’s decentralized, there isn’t a central server for law enforcement to take down, and the blockchain makes it difficult to trace the identity of whoever deployed the smart contract. This also allows attackers to retrieve malicious payloads using read-only calls with no visible transaction history on the blockchain.

“In essence, EtherHiding represents a shift toward next-generation bulletproof hosting, where the inherent features of blockchain technology are repurposed for malicious ends,” Google’s threat hunters Blas Kojusner, Robert Wallace, and Joseph Dobson said in a Thursday report.

[…]

“EtherHiding presents new challenges as traditional campaigns have usually been halted by blocking known domains and IPs,” the security researchers wrote. “Malware authors may leverage the blockchain to perform further malware propagation stages since smart contracts operate autonomously and cannot be shut down.”

The good news: there are steps administrators can take to prevent EtherHiding attacks, with the first – and most direct – being to block malicious downloads. This typically involves setting policy to block certain types of files including .exe, .msi, .bat, and .dll.

Admins can also set policy to block access to known malicious websites and URLs of blockchain nodes, and enforce safe browsing via policies that use real-time threat intelligence to warn users of phishing sites and suspicious downloads.

Source: Norks abuse blockchains to scam job seekers, steal wallets • The Register

SpaceX’s Secret ‘Starshield’ Satellites Caught Using Unauthorized Frequencies

Posted on by

SpaceX may be guilty of violating regulatory standards by using a classified network of satellites to transmit data to Earth on radio frequencies reserved for uplinking signals, according to a citizen scientist who tracks satellites in Earth orbit.

Scott Tilley, an amateur satellite tracker in Canada, accidentally detected space-to-Earth emissions on a radio frequency band reserved for transmitting data from Earth to space, NPR first reported. The signals were traced to SpaceX’s Starshield, an encrypted version of the Starlink satellites used for national security efforts.

Using an unauthorized frequency to downlink data to Earth violates radio regulations set by the International Telecommunications Union (ITU) and could potentially interfere with other satellites’ ability to receive signals from Earth, according to a report by Tilley.

[…]

Although there’s little information shared about Starshield, Tilley was able to detect signals from 170 satellites in the 2025 to 2110 MHz range. This specific band of the radio spectrum is reserved for uplinking data from Earth to orbiting satellites and therefore should not have any signals going the other way round.

“Nearby satellites could receive radio-frequency interference and could perhaps not respond properly to commands—or ignore commands—from Earth,”

[…]

Because the ITU doesn’t impose fines for regulatory violations, SpaceX will likely face no consequences for using an unauthorized frequency band or for potentially interfering with other satellite signals. The company is known for pushing regulatory boundaries to further its position as a leader in the industry.

Source: SpaceX’s Secret ‘Starshield’ Satellites Caught Using Unauthorized Frequencies

And with “pushing” they mean “breaking”, either wilfully or due to crass incompetence.

Amazon’s Ring to partner with Flock, a network of AI cameras used by ICE, feds, and police with little oversight

Posted on by

Amazon’s surveillance camera maker Ring announced a partnership on Thursday with Flock, a maker of AI-powered surveillance cameras that share footage with law enforcement.

Now agencies that use Flock can request that Ring doorbell users share footage to help with “evidence collection and investigative work.”

Flock cameras work by scanning the license plates and other identifying information about cars they see. Flock’s government and police customers can also make natural language searches of their video footage to find people who match specific descriptions. However, AI-powered technology used by law enforcement has been proven to exacerbate racial biases.

On the same day that Ring announced this partnership, 404 Media reported that ICE, the Secret Service, and the Navy had access to Flock’s network of cameras. By partnering with Ring, Flock could potentially access footage from millions more cameras.

Ring has long had a poor track record with keeping customers’ videos safe and secure. In 2023, the FTC ordered the company to pay $5.8 million over claims that employees and contractors had unrestricted access to customers’ videos for years.

Source: Amazon’s Ring to partner with Flock, a network of AI cameras used by ICE, feds, and police | TechCrunch

For more on Flock cameras and how unsecured and dangerous these things are (and also how to join a network of people monitoring this pervasive surveillance) click here.

Prosper data breach impacts 17.6 million accounts

Posted on by

Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper.

Prosper operates as a peer-to-peer lending marketplace that has helped over 2 million customers secure more than $30 billion in loans since its founding in 2005.

As the company disclosed one month ago on a dedicated page, the breach was detected on September 2, but Prosper has yet to find evidence that the attackers gained access to customer accounts and funds.

However, the attackers stole data belonging to Prosper customers and loan applicants. The company hasn’t shared what information was exposed beyond Social Security numbers because it’s still investigating what data was affected.

[…]

“We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data.

[…]

While Prosper didn’t share how many customers were affected by this data breach, data breach notification service Have I Been Pwned revealed the extent of the incident on Thursday, reporting that it affected 17.6 million unique email addresses.

The stolen information also includes customers’ names, government-issued IDs, employment status, credit status, income levels, dates of birth, physical addresses, IP addresses, and browser user agent details.

[…]

Source: Have I Been Pwned: Prosper data breach impacts 17.6 million accounts

Also no mention of how easy it was to perform these “unauthorised queries” on the database, or why the difference between 2m customers and 17.6m records.

Play every GTA In-Game Radio Station In your car with this gadget

Posted on by

Part of the magic in the hugely popular Grand Theft Auto (GTA) video games is how well they pack pop-culture parodies into their virtual worlds. Like, between normal songs, the in-game radio stations have talk shows and ads that sound like they could be real until you pay attention. A gaming and tech enthusiast in Germany has taken that meta aspect to another level, building a Raspberry Pi-based device that lets him use the in-game radio in his car in real life.

This little 12-volt-socket-powered dongle has a surprisingly polished appearance with a tiny display for each game radio station and a handy knob to cycle between them. The audio and icon files are stored within the device.

12-volt radio dongle.
@ZeugUndKram/YouTube

A Raspberry Pi is just a tiny computer with no screen, body, or peripherals. Tech hobbyists like them because they’re small and inexpensive, but powerful enough to do computer processing.

The GTA radio stations have themes just like real ones—there’s a pop channel, a country channel, an angry-screaming-pundit channel, and many more. But the DJ interludes and commercials are the funny part—they mostly sound like normal radio chatter, then veer into wacky/raunchy/unsubtle culture-mocking.

As for listening to the game radio stations in a real car, the cheapest and fastest way to do it would probably be to simply cue up a YouTube video about the game station you want to hear (there are a bunch on YT) and beam it to your car through Bluetooth like Spotify or Netflix or whatever app you normally listen to.

Tiny Raspberry Pi screen.
@ZeugUndKram/YouTube

However, the custom-made solution we found today is far cooler. As outlined on the YouTube channel Zeug und Kram (which means “stuff and junk” in German), the setup here is essentially a 12-volt charger and Bluetooth radio transmitter mated to a Raspberry Pi with a tiny circular screen on top, all neatly integrated together in a rather elegant 3D-printed housing.

The video we’ll embed below explains how it came together. It’s also outlined on Instructables if you want to try and replicate the project yourself. Objectively speaking, it’s not particularly useful per se, but it’s a great execution of a creative idea.

If you don’t speak German, YouTube does a good job of auto-translating with closed captions (hit the gear button to find that menu).

Source: Every GTA In-Game Radio Station Is Playable IRL in This Guy’s Car