cyph3rPunk 1 month ago • 12%
cyph3rPunk 2 months ago • 83%
The headline was bit sensationalist. So, I shortened it.
> A video summary by Faan Rossouw of the Malware of the Day - XenoRAT/// > 🔗 Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
> Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing.https://openwall.com/lists/oss-security/2024/03/2...
AI summary of transcript: > groundbreaking exploration into transmitting LoRaWAN signals via unconventional means—utilizing microcontrollers lacking native radio functionalities. By tweaking GPIO pins on devices like the CH32V203, ESP32-S2, and ESP8266, OP demonstrates how to generate RF signals strong enough to communicate with commercial LoRaWAN gateways and access the internet. This method deviates from traditional approaches that rely on specific radio chips or RF capabilities. The experiment not only surpasses expectations in terms of signal transmission distance but also showcases a novel blend of ingenuity and technical prowess. Through this project, the resilience and adaptability of LoRa technology are put on full display, proving its capability to facilitate long-range communications under inventive conditions. The venture into RF technology and signal generation through hardware manipulation opens new avenues for utilizing microcontrollers in ways previously deemed impractical, marking a significant achievement in the field.
cyph3rPunk 7 months ago • 85%
cyph3rPunk 7 months ago • 100%
cyph3rPunk 7 months ago • 100%
cyph3rPunk 7 months ago • 100%
Hosky speaks at length about selective disclosure regimes using Midnight. Privacy protocol closed devnet opens up soon.
# DO NOT try this EVER. The feds **will** show up at your house and arrest you in less than 30 minutes.
cyph3rPunk 7 months ago • 100%
cyph3rPunk 8 months ago • 100%
> Welcome to the Advanced Meshtastic Series. We'll be getting into some of the more advanced things you can do with Meshtastic.
> Programs aren't capable of generating true random numbers, so how can we? Are they even useful? Dr Valerio Giuffrida demonstrates how to get a true random number from most computers.
I just learned about this podcast today. Enjoy!
cyph3rPunk 11 months ago • 100%
cyph3rPunk 11 months ago • 100%
cyph3rPunk 12 months ago • 92%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Besides governemental applications, TETRA is also widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. For over two decades, the underlying algorithms have remained secret and bound with restrictive NDAs prohibiting public scrutiny of this highly critical technology. As such, TETRA was one of the last bastions of widely deployed secret proprietary cryptography. We will discuss in detail how we managed to obtain the primitives and remain legally at liberty to publish our findings.
> Spies used to meet in the park to exchange code words, now things have moved on - Robert Miles explains the principle of Public/Private Key Cryptography > > note1: Yes, it should have been 'Obi Wan' not 'Obi One' :) > note2: The string of 'garbage' text in the two examples should have been different to illustrate more clearly that there are two different systems in use.
> Slides - [https://authress.io/l/codemotion](https://docs.google.com/presentation/d/e/2PACX-1vSlrYb8nmtlH8HcVgBRhCnF3-A-Av8WG5YHe6Nte5ly49uL-Ug2JK7wQnPJ6FYi5VZ69vt49y3emLtj/pub?start=false&loop=false&delayms=30000&slide=id.p) > > Conference: > Codemotion Madrid 2023 > https://talks.codemotion.com/why-you-... Can someone recommend a more secure method? I've been told many times that using git for secret management would present a potential vulnerability.
[Video-Based Cryptanalysis](https://www.nassiben.com/video-based-crypta)
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
![](https://www.protocol.com/media-library/vote-check.jpg?id=24672159&width=1245&height=700&quality=85&coordinates=7%2C0%2C8%2C0) > Using blockchain for voting could be risky, as the technology could introduce “new vulnerabilities” to elections, according to a new Government Accountability Office report. > > While some organizations have argued that blockchain-based systems would make elections more secure and easier to audit, “there might be added points of attack that could compromise elections,” the report said. > > “We talked to a number of experts who all indicated that they did not believe blockchain was the magic bullet answer for making voting systems more secure,” Karen Howard, the GAO’s director of Science, Technology Assessment and Analytics, told Protocol. > > The GAO report, titled “Blockchain: Emerging Technology Offers Benefits for Some Applications but Faces Challenges,” examined the potential of the technology, including in the public sector. Overall, the report “found that blockchain is useful for some applications but limited or even problematic for others.” > > “For example, because of its tamper resistance, it may be useful for applications involving many participants who do not necessarily trust each other,” the report said. “But it may be overly complex for a few trusted users, where traditional spreadsheets and databases may be more helpful.” > > One area where blockchain shows some promise is in supply chain management, Howard said. > > “The federal government is a major purchaser and supply chain tracking is a major function,” she said. The GAO found that blockchain technology could potentially be used “to replace or make more efficient” certain processes such as supply chain tracking and recording contracts, Howard said. --- *I disagree with this tiny little article, of course. But, I wanted to play devil's advocate for a moment on this idea.* --- Top Teddit comment by /u/denverpilot: > "Summary of article: > > Tracking things with a cryptographically solid chain of custody might be hard… because… hand wave… we like spreadsheets better and our admin level people are dumb. > > And we’ll distract and talk about supply chains instead because… that sounds more interesting… even though we were tasked with looking at voting. > > I don’t think the bureaucrat understood the assignment."
> My first espresso machine, a rocket appartamento, has turned into a testbed for all my ideas of how much technology you can pack into an espresso machine. Let me share what I've done, and please ask about what you would like to hear more of! > > ↓PARTS↓ > * Dual Pressure Gauge: Bezzera 7432524 on 1st-line.com > * 24 Power Supply: Mean Well SDR-120-24 > * Digital Thermometer: Eric's e61 thermometer, appears to be out of stock :( > * Gear Pump: Fluid-O-tech MG304. Reach out to your local modbar technician > * Temperature Sensor: La Spaziale Dream Temperature Probe from chriscoffee.com > * Linear Potentiometer: BI model 404 from Mouser, TTI, etc > * Controller: Arduino IoT 33 > * Capillary tube: Quick Mill RA0970CMN from chriscoffee.com > * Stainless tube: 1/8" F to 1/8" F 30cm V_884 from EspressoParts.com > * Flowmeter: Low Pressure NSF Flowmeter S_962 From EspressoParts.com
> Kevin Mitnick (RIP) visits Google's NYC office to discuss his book "Ghost in the Wires: My Adventures as the World's Most Wanted Hacker" with Eran Feigenbaum, Google's Director of Security for Google Apps. This event took place on August 17, 2011, as part of the Authors@Google series. > > Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies--and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn't just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information. > > Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI's net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down. > > Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
Secret texts buried in a picture of your dog? Image Analyst Dr. Mike Pound explains the art of steganography in digital images.
> In the early 1990s, a group of mathematicians, misfits, hackers, and hobbyists calling themselves "the cypherpunks" came together around a shared belief that the internet would either demolish society's artificial walls or lay the groundwork for an Orwellian state. They saw cryptography as a weapon against central planning and surveillance in this new virtual world. > > The philosophical and technical ideas explored on the cypherpunks' widely read email list, which launched in 1992, influenced the creation of bitcoin, WikiLeaks, Tor, BitTorrent, and the Silk Road. The cypherpunks anticipated the promise and the peril that lay ahead when the internet went mainstream, including new threats to privacy and the possibility of building virtual platforms for communication and trade that would be impervious to government regulators.
>In this video I explore an elaborate cryptographic internet puzzle orchestrated by a mysterious individual or group known as Cicada 3301. > >Puzzle: The puzzle I hid in this video has been [solved](https://www.lemmi.no/p/my-latest-puzzle).
Soft White Underbelly interview and portrait of Gummo, a computer hacker from Jacksonville, Florida. Here’s a link to a follow up interview with Gummo: [Black Hat Hacker-Gummo (follow up) ](https://www.youtube.com/watch?v=3ZtkMmVDNEo&t=0s)
cyph3rPunk 1 year ago • 100%
Here's a good laugh. A stupid man interviews the "#1 ethical hacker in the world".
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
> Cool projects are rare. Here I found one I want to show to you. An off-grid personal communicator. It includes a lot of new technologies: ESP32, Smartphones, LoRa, BLE, GPS, Mesh, and as you see, 3D printing. And it solves a problem that could be seen as a human right: Personal SMS style communication everywhere in the world, without the need for any infrastructure, and without mass surveillance. In addition, it shows the location of all your friends in your group on a map on your Smartphone. > Everything open source, of course. How cool is that? Even "Sexycyborg" Naomi Wu likes it. I am a proud Patreon of GreatScott!, Electroboom, Electronoobs, EEVblog, and others.
Quantum computing will bring tumultuous change to the world of information security in the coming decade. As multi-qubit systems use quantum algorithms to slice through even 4096-bit PK encryption in seconds, new Quantum Encryption will be required to ensure data security. Join Konstantinos for a look at real world experiments in Quantum Key Distribution that BT and partners have recently performed that show what the future of encryption will look like. Remember the panic after Heartbleed when SOME passwords needed to be changed? Imagine a day when ALL communications are at risk of eavesdropping via Quantum Computers - a day when only new systems that exploit the weirdness of quantum mechanics can ensure privacy.
cyph3rPunk 1 year ago • 100%
> Presently, smartphones are used more and more for purposes that have nothing to do with phone calls or simple data transfers. One example is the recognition of human activity, which is relevant information for many applications in the domains of medical diagnosis, elderly assistance, indoor localization, and navigation. The information captured by the inertial sensors of the phone (accelerometer, gyroscope, and magnetometer) can be analyzed to determine the activity performed by the person who is carrying the device, in particular in the activity of walking. Nevertheless, the development of a standalone application able to detect the walking activity starting only from the data provided by these inertial sensors is a complex task. This complexity lies in the hardware disparity, noise on data, and mostly the many movements that the smartphone can experience and which have nothing to do with the physical displacement of the owner. In this work, we explore and compare several approaches for identifying the walking activity. We categorize them into two main groups: the first one uses features extracted from the inertial data, whereas the second one analyzes the characteristic shape of the time series made up of the sensors readings. Due to the lack of public datasets of inertial data from smartphones for the recognition of human activity under no constraints, we collected data from 77 different people who were not connected to this research. Using this dataset, which we published online, we performed an extensive experimental validation and comparison of our proposals. > > Keywords: walking recognition, activity recognition, smartphones, inertial sensor fusion, pattern classification, time series classification. --- The tldr/"why do I care?" is this: Agencies with access to raw IMU data from cell phones can identify an individual with >90% accuracy among an entire population of humans using machine learning *and methods outlined in this paper*. The science of Inverse kinematics can be employed to reverse-engineer your unique gait (which is as unique as a fingerprint).
> The Ace has returned with yet another Cyber Tech Tool review! Today we look at the Flipper Zero, a portable multi-tool for pentesters and hardware geeks that comes in the form of a tamagotchi. This hardware opens up the world of radio protocols, access control systems, hardware, and more to what was previously a niche security industry. Flipper Zero, on the other hand, is not some magical Watch Dogs-inspired hacking device that will allow you to control traffic lights, security cameras, or ATMs to give you money. It has very limited capabilities and is primarily intended for light pentesting and a gentle introduction to the world of sub-frequencies.
>my first impressions of qubes os the reasonably secure operating system
perhaps we can come up with a way to pipe this to make it more fed friendly.
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
and here’s how that channel recommends hardening an android phone: https://youtu.be/mlW6I5Kuj6c
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
How do you prove something without giving away all your data? [Zero Knowledge Proofs](https://en.wikipedia.org/wiki/Zero-knowledge_proof) could hold the answer. Alberto Sonnino, Research Student at UCL explains. [Further reading.](https://securityboulevard.com/2020/05/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/) --- **Z**ero **K**nowledge technology holds the key to true privacy by default.
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
In this report, we examine the future of voting and the possibility of conducting secure elections online. Specifically, we explore whether End-to-End Verifiable Internet Voting (E2E-VIV) systems are a viable and responsible alternative to traditional election systems. This report contains the most complete set of requirements to date that must be satisfied by any Internet voting system used in public elections. Developed by a team of experts in election integrity, election administration, high-assurance engineering, and cryptography, the report starts from the premise that public elections in the U.S. are a matter of national security. - [Report for Non-technical Audiences](https://usvotefoundation-drupal.s3.amazonaws.com/prod/E2EVIV_nontechnical_audience_report.pdf) - [Complete Rreport](https://usvotefoundation-drupal.s3.amazonaws.com/prod/E2EVIV_full_report.pdf) - [Usability Study](https://usvotefoundation-drupal.s3.amazonaws.com/prod/E2EVIV_usability_report.pdf) --- I think a utxo blockchain makes perfect sense as an application for this homomorphic encryption technology for use in democratic voting, and subsequent verification, and security of the vote (to protect the voter from intimidation after the fact). In my opinion, the main problem behind blockchain voting comes when a centralized power (like the US for example) wants to *understandably* use their own national currency in CBDC form (digital currency) as the `oil` in that machine. It's a dilemma because decentralized, open source technologies **must** be used for a system like this to truly be secure and independently-verified.
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 50%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 100%
cyph3rPunk 1 year ago • 83%
This one answer to that question has been ringing through my head for a couple of days. > * The right to solidarity, i.e. all should be allowed to partake in solidary action during a strike. > * The right of initiative and right to recall. > * The right to free software, or freedom from proprietary software. > * The right to a third place, i.e. ready access to physical spaces that allow for socializing with strangers. > * Freedom from eviction (mainly wrt rent strikes and squatting.) > * The right to democratic education. > * The right to cross borders. > * The right to be forgotten. > * The right to purpose, or freedom from meaningless labor. This includes the right to an employee fund. > > And there are of course other things. I just think that under the world's current paradigm, these, at least individually, seem relatively attainable without a literal revolution. Perhaps we might talk about how we might guide society toward these things using technology.