Oligo Security reveals AirBorne, a new set of vulnerabilities in Apple’s AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide — and how to protect yourself.
Dear Members,
Over the past few weeks, the Intersect Board of Directors has been actively gathering feedback from our members by engaging with various committees - such as the Steering, Product, and Technical Steering Committees - following the concerns they raised while remaining open to discussions with all committees. \ \ Our goal is to address your concerns about the budget process and broader governance issues in a timely and transparent manner. \ \ We recognize that the changes to the budget process are still evolving and require further refinement. Thank you for your patience and support as we work together to address these challenges - particularly the need to support the Cardano ecosystem by unlocking funding promptly yet responsibly. We also appreciate the thoughtful input you’ve provided and have taken steps to ensure at least one Board member attends each committee’s meeting on a quarterly basis, so we can continue listening and learning directly.
We have also reached out to the Intersect members who organized a petition calling for a public meeting. Regardless of any final tally on signatures, we recognise this is an important conversation and are committed to having it. The originally suggested date proved challenging for our full Board; however, we remain fully committed to holding such a meeting before the end of this month and have invited the petitioners to join as special guests. We will announce a firm date and time in the coming days.
Looking ahead and recognizing the need for clearer communication and more structured collaboration with our committees, the Board has committed to launching a search for an Executive Director. By May 1, we intend to finalize a plan for this search, ensuring we can promptly move forward with confirming a leader who will support our members, foster closer committee engagement, and help us refine our processes to better serve the Cardano ecosystem.
To everyone who has taken the time to share concerns, offer solutions, or otherwise guide Intersect toward continual improvement: thank you. Your dedication motivates us to be the best organization possible as we work together to strengthen Cardano.
Sincerely,
Adam, Nikhil, Gerard, Kavinda, and Steve
> Different post-quantum algorithms can have significantly different performance characteristics and implementation constraints (with respect to key sizes, signature sizes, resource requirements, etc.). > Consequently, different algorithms can be more suitable than others for specific applications. For example, the signature or key size might not be a problem for some applications but can be unacceptable for others. Some widely used protocols need to be modified to handle larger signatures or key sizes (e.g., using message segmentation). Implementations of new applications will need to accommodate the demands of post-quantum cryptography (pqc) and the schemes developed that incorporate pqc for digital signatures and key establishment. In fact, pqc requirements may actually shape some future application standards. The replacement of algorithms generally requires changing or replacing cryptographic libraries, implementation validation tools, hardware that implements or accelerates algorithm performance, dependent operating system and application code, communications devices and protocols, and user and administrative procedures. Security standards, procedures, and best practice documentation are being changed or replaced, and the same will be needed for installation, configuration, and administration documentation.
I noticed that not many people in the formal methods world have even heard of F Star. From what I’m told, it goes even further than Agda and Coq in proving correctness. I’d like to understand why if someone would explain.
YouTube link: https://youtube.com/watch?v=cFW0sYSo7ZM
> A video summary by Faan Rossouw of the Malware of the Day - XenoRAT///
> 🔗 Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
> Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing.https://openwall.com/lists/oss-security/2024/03/2...
AI summary of transcript:
> groundbreaking exploration into transmitting LoRaWAN signals via unconventional means—utilizing microcontrollers lacking native radio functionalities. By tweaking GPIO pins on devices like the CH32V203, ESP32-S2, and ESP8266, OP demonstrates how to generate RF signals strong enough to communicate with commercial LoRaWAN gateways and access the internet. This method deviates from traditional approaches that rely on specific radio chips or RF capabilities. The experiment not only surpasses expectations in terms of signal transmission distance but also showcases a novel blend of ingenuity and technical prowess. Through this project, the resilience and adaptability of LoRa technology are put on full display, proving its capability to facilitate long-range communications under inventive conditions. The venture into RF technology and signal generation through hardware manipulation opens new avenues for utilizing microcontrollers in ways previously deemed impractical, marking a significant achievement in the field.
Hosky speaks at length about selective disclosure regimes using Midnight.
Privacy protocol closed devnet opens up soon.
DO NOT try this EVER.
The feds will show up at your house and arrest you in less than 30 minutes.
> Welcome to the Advanced Meshtastic Series. We'll be getting into some of the more advanced things you can do with Meshtastic.
> Programs aren't capable of generating true random numbers, so how can we? Are they even useful? Dr Valerio Giuffrida demonstrates how to get a true random number from most computers.
I just learned about this podcast today. Enjoy!
