> A video summary by Faan Rossouw of the Malware of the Day - XenoRAT///
> đź”— Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
> Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing.https://openwall.com/lists/oss-security/2024/03/2...
AI summary of transcript:
> groundbreaking exploration into transmitting LoRaWAN signals via unconventional means—utilizing microcontrollers lacking native radio functionalities. By tweaking GPIO pins on devices like the CH32V203, ESP32-S2, and ESP8266, OP demonstrates how to generate RF signals strong enough to communicate with commercial LoRaWAN gateways and access the internet. This method deviates from traditional approaches that rely on specific radio chips or RF capabilities. The experiment not only surpasses expectations in terms of signal transmission distance but also showcases a novel blend of ingenuity and technical prowess. Through this project, the resilience and adaptability of LoRa technology are put on full display, proving its capability to facilitate long-range communications under inventive conditions. The venture into RF technology and signal generation through hardware manipulation opens new avenues for utilizing microcontrollers in ways previously deemed impractical, marking a significant achievement in the field.
The use of the AI buzzword raises some flags for me, personally.
Hosky speaks at length about selective disclosure regimes using Midnight.
Privacy protocol closed devnet opens up soon.
DO NOT try this EVER.
The feds will show up at your house and arrest you in less than 30 minutes.
This is, perhaps, old news for most here.
Still, it’s interesting, relevant content.
> Welcome to the Advanced Meshtastic Series. We'll be getting into some of the more advanced things you can do with Meshtastic.
> Programs aren't capable of generating true random numbers, so how can we? Are they even useful? Dr Valerio Giuffrida demonstrates how to get a true random number from most computers.
I just learned about this podcast today. Enjoy!
As often as you desire! I’m so happy to see some content not posted by me on there. Thanks!
I’d humbly invite you to post it on https://infosec.pub/c/cypherpunk
It has been pretty quiet over there lately and I sincerely wish my small community had more activity.
Wake me up when they switch to RISC-V.
This url worked for me: https://media.ccc.de/v/camp2023-57100-all_cops_are_broadcasting
In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Besides governemental applications, TETRA is also widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. For over two decades, the underlying algorithms have remained secret and bound with restrictive NDAs prohibiting public scrutiny of this highly critical technology. As such, TETRA was one of the last bastions of widely deployed secret proprietary cryptography. We will discuss in detail how we managed to obtain the primitives and remain legally at liberty to publish our findings.
> The motivation for Formal Verification > Security of smart contracts is still a crucial challenge: we all remember the DAO, parity hacks, a bunch of smaller attacks and the most recent delayed hard fork. We would like to see the future in which we can be way more confident about our code. > > Depending how you count, event over a half a billion dollars (by today’s Ethereum evaluation), was lost in a couple of biggest smart contract hacks. > > What about if behind every responsible piece of code stands pure solid mathematics instead of personal conviction of developers? With formal verification tools for Ethereum finally maturing, it is now not only possible but also practical. > > In this and following post we will be getting step by step into the world of K-framework, which allows to formally verify EVM smart contracts.
> Spies used to meet in the park to exchange code words, now things have moved on - Robert Miles explains the principle of Public/Private Key Cryptography > > note1: Yes, it should have been 'Obi Wan' not 'Obi One' :) > note2: The string of 'garbage' text in the two examples should have been different to illustrate more clearly that there are two different systems in use.
> Slides - https://authress.io/l/codemotion > > Conference: > Codemotion Madrid 2023 > https://talks.codemotion.com/why-you-...
Can someone recommend a more secure method? I've been told many times that using git for secret management would present a potential vulnerability.
Star Trek: The Next Generation
Gamification could be (almost) solved using digital identity, no? One wallet per person and such.
Thanks for the info. That's unfortunate.
This type of comment is one of the many reasons I created this community. Thanks, @himazawa@infosec.pub 🙂
I can’t speak for OP. But I, for one, do that because instances shut down all the time without a trace.
Fool me once: I had a solo account on aspiechattr.me and that instance disappeared randomly one day.
I try to just be myself. Maybe that doesn't exactly fit with the perfect, quintessential definition of cypherpunk but I am trying to populate almost an entire community with content that resonates with me. I am a person who strongly identifies with the cypherpunks. From my perspective, they created some of the only virtually tamper-proof technologies still in existence today. I try to remember their ethos when adding content.
Honestly, my mission for this community is to help the everyday person become more knowledgeable about the possibilities of technology & cryptography while also trying to recruit and gently guide talented software engineers and thinkers that may wander into our midst to create technologies and content that will guide society in a direction that not only stops corruption and sociopathy but makes them impossible under their watchful, just eye.
The press has been dead since around 2017. It's time for guerrilla information-exchange.
