new vulnerability in your motherboard
YouTube Video
Click to view this content.
The headline was bit sensationalist. So, I shortened it.
XenoRAT | Malware of the Day
YouTube Video
Click to view this content.
> A video summary by Faan Rossouw of the Malware of the Day - XenoRAT///
> đź”— Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Malicious Backdoor in xz liblzma
YouTube Video
Click to view this content.
> Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing.https://openwall.com/lists/oss-security/2024/03/2...
Broadcast LoRa packets WITHOUT a radio
YouTube Video
Click to view this content.
AI summary of transcript:
> groundbreaking exploration into transmitting LoRaWAN signals via unconventional means—utilizing microcontrollers lacking native radio functionalities. By tweaking GPIO pins on devices like the CH32V203, ESP32-S2, and ESP8266, OP demonstrates how to generate RF signals strong enough to communicate with commercial LoRaWAN gateways and access the internet. This method deviates from traditional approaches that rely on specific radio chips or RF capabilities. The experiment not only surpasses expectations in terms of signal transmission distance but also showcases a novel blend of ingenuity and technical prowess. Through this project, the resilience and adaptability of LoRa technology are put on full display, proving its capability to facilitate long-range communications under inventive conditions. The venture into RF technology and signal generation through hardware manipulation opens new avenues for utilizing microcontrollers in ways previously deemed impractical, marking a significant achievement in the field.
The use of the AI buzzword raises some flags for me, personally.
Charles on Selective Disclosure Regimes using Midnight
YouTube Video
Click to view this content.
Hosky speaks at length about selective disclosure regimes using Midnight.
Privacy protocol closed devnet opens up soon.
How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN
YouTube Video
Click to view this content.
DO NOT try this EVER.
The feds will show up at your house and arrest you in less than 30 minutes.
This is, perhaps, old news for most here.
Still, it’s interesting, relevant content.
Thanks. This was very good moderation. OP and I ended up becoming friendly. :)
Advanced Meshtastic Series
YouTube Video
Click to view this content.
> Welcome to the Advanced Meshtastic Series. We'll be getting into some of the more advanced things you can do with Meshtastic.
True Random Numbers - Computerphile (12:15)
YouTube Video
Click to view this content.
> Programs aren't capable of generating true random numbers, so how can we? Are they even useful? Dr Valerio Giuffrida demonstrates how to get a true random number from most computers.
Darknet Diaries: True stories from the dark side of the Internet
I just learned about this podcast today. Enjoy!
As often as you desire! I’m so happy to see some content not posted by me on there. Thanks!
I’d humbly invite you to post it on https://infosec.pub/c/cypherpunk
It has been pretty quiet over there lately and I sincerely wish my small community had more activity.
Wake me up when they switch to RISC-V.
This url worked for me: https://media.ccc.de/v/camp2023-57100-all_cops_are_broadcasting
All cops are broadcasting: Obtaining the secret TETRA primitives after decades in the shadows (47:30)
YouTube Video
Click to view this content.
In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Besides governemental applications, TETRA is also widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. For over two decades, the underlying algorithms have remained secret and bound with restrictive NDAs prohibiting public scrutiny of this highly critical technology. As such, TETRA was one of the last bastions of widely deployed secret proprietary cryptography. We will discuss in detail how we managed to obtain the primitives and remain legally at liberty to publish our findings.
Formal Verification for n00bs — Part 1: The K ecosystem
> The motivation for Formal Verification > Security of smart contracts is still a crucial challenge: we all remember the DAO, parity hacks, a bunch of smaller attacks and the most recent delayed hard fork. We would like to see the future in which we can be way more confident about our code. > > Depending how you count, event over a half a billion dollars (by today’s Ethereum evaluation), was lost in a couple of biggest smart contract hacks. > > What about if behind every responsible piece of code stands pure solid mathematics instead of personal conviction of developers? With formal verification tools for Ethereum finally maturing, it is now not only possible but also practical. > > In this and following post we will be getting step by step into the world of K-framework, which allows to formally verify EVM smart contracts.
Formal Methods for the Working DeFi Dev by Rikard Hjort | Devcon Bogota (1:03:31)
YouTube Video
Click to view this content.
"Formally Verifying Everybody's Cryptography" by Mike Dodds, Joey Dodds (Strange Loop 2022) (40:30)
YouTube Video
Click to view this content.
Public Key Cryptography - Computerphile (6:19)
YouTube Video
Click to view this content.
> Spies used to meet in the park to exchange code words, now things have moved on - Robert Miles explains the principle of Public/Private Key Cryptography > > note1: Yes, it should have been 'Obi Wan' not 'Obi One' :) > note2: The string of 'garbage' text in the two examples should have been different to illustrate more clearly that there are two different systems in use.
Lichee Pi 4A: Serious RISC-V Desktop Computing (19:13)
YouTube Video
Click to view this content.
> Sipeed Lichee Pi 4A RISC-V SBC review and Debian demo. This is the first RISC-V computer I’ve tested that's provided a usable desktop computing experience right out of the box. End-user RISC-V is starting to arrive! :) > > You can learn more about the Lichee Pi 4A on its web page here: > https://sipeed.com/licheepi4a > > And the board has excellent documentation here: > https://wiki.sipeed.com/licheepi4a.html > > Note that the hardware I used in this video was purchased from AliExpress: > https://www.aliexpress.com/item/10050... > > I have reviewed four previous RISC-V SBCs, including the StarFive VisionFive 2, which also (after some messing around) provides a good desktop experience: > > > • VisionFive 2: RISC-V Quad Core Low Co... > > I also have an 2023 update on RISC-V developments here: > > > • RISC-V 2023 Update: From Embedded Com... > > And my general introduction to RISC-V is here: > > > • Explaining RISC-V: An x86 & ARM Alter... > > For additional ExplainingComputers videos and other content, you learn about becoming a channel member here: > > > / @explainingcomputers > > More videos on computing and related topics can be found at: > > > / @explainingcomputers > > You may also like my ExplainingTheFuture channel at: > > / @explainingthefuture > > Chapters: > 00:00 Introduction > 00:45 Unboxing > 03:33 Specifications > 07:26 First Boot > 10:37 Debian Demo > 18:10 Another Milestone
Let's Discuss the Potential for Vulnerability Here: Why you should check your secrets into Git | Warren Parad (55:08)
YouTube Video
Click to view this content.
> Slides - https://authress.io/l/codemotion > > Conference: > Codemotion Madrid 2023 > https://talks.codemotion.com/why-you-...
Can someone recommend a more secure method? I've been told many times that using git for secret management would present a potential vulnerability.
Star Trek: The Next Generation
You bring up some valid points about readability and auditability, and I can see where the confusion might come from. Let's break it down a bit.
-
Readability vs. Auditability: With homomorphic encryption, you can perform calculations on encrypted data without needing to decrypt it first. So, yes, the data can be audited without being fully readable. Think of it like checking a locked treasure chest's contents without actually opening it!
-
Selling Votes and Security Concerns: Zero-knowledge proofs are like saying, "I know the secret, but I won't tell you what it is." They allow the system to verify information without exposing the details. It's a cool concept that's been researched for decades, and it has applications in keeping things like medical records secure.
-
Why Blockchain? Imagine a public ledger that no one person controls and can't be easily tampered with. That's what blockchain brings to the table. It creates a system where we can trust the process because the data is transparent and immutable.
Here's a real-world example: ElectionGuard uses this technology to ensure that electronic records match physical ballots. They encrypt the records in a way that can be verified without exposing individual votes.
If you're interested in diving deeper, check out these resources:
-
A paper on Secure E-voting Using Homomorphic Technology.
-
Another article about ElectionGuard and homomorphic encryption.
what’s the design goal?
To create the capabilities for a direct democracy that is far more secure and auditable than the current system.
I hope this helps make things clearer! Feel free to hit me back with any more questions. It's a complex subject, but it's super interesting once you start to get the hang of it.
Best, cy
Reworded by AI, acting as my anger translator at your "how do you figure?":
Homomorphic encryption solves this…
This episode got me into Haskell.
cyph3rPunk, for sure. ;)
Gamification could be (almost) solved using digital identity, no? One wallet per person and such.
Thanks for the info. That's unfortunate.
The damned bot beat me to it. This is a great writeup.
This type of comment is one of the many reasons I created this community. Thanks, @[email protected] 🙂