Collaborate Disseminate
Regular readers may recall that security researcher and general open source hardware fanatic [Walker] has been planning a rather unusual flash drive for some time — one that will only …read more Continue reading The Spit-Detecting USB Flash Drive is Nearly Here
It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite …read more Continue reading This Week in Security: GitHub Actions, SHA-1 Retirement, and a Self-Worming Vulnerability
In what’s being described as a Humpty-Dumpty incident, Rackspace customers have lost access to their hosted Exchange service, and by extension, lots of archived emails. The first official word of …read more Continue reading This Week in Security: Rackspace Falls Over, Poison Ping, and the WordPress Race
A modchip is a small PCB that mounts directly on a larger board, tapping into points on that board to make it do something it wasn’t meant to do. We’ve …read more Continue reading A Modchip To Root Starlink User Terminals Through Voltage Glitching
Cryptographic coprocessors are nice, for the most part. These are small chips you connect over I2C or One-Wire, with a whole bunch of cryptographic features implemented. They can hash data, …read more Continue reading Defeating A Cryptoprocessor With Laser Beams
Imagine a movie featuring a scene set in a top-secret bioweapons research lab. The villain, clad in a bunny suit, strides into the inner sanctum of the facility — one …read more Continue reading Sick Beats: Using Music and Smartphone to Attack a Biosafety Room
What’s a Scramblepad? It’s a type of number pad in which the numbers aren’t in fixed locations, and can only be seen from a narrow viewing angle. Every time the …read more Continue reading Scramblepad Teardown Reveals Complicated, Expensive Innards
Due to Twitter’s new policy of testing new features on production, the interest in Mastodon as a potential replacement has skyrocketed. And what’s not to love? You can host it …read more Continue reading This Week in Security: Mastadon, Fake Software Company, and ShuffleCake
If you’ve used a corporate VPN or an online-banking system in the past fifteen years or so, chances are you’ve got a few of those little authenticator key fobs lying …read more Continue reading Generating Two-Factor Authentication Codes With a Commodore 64
The pair of Outlook vulnerabilities we’ve been tracking have finally been patched, along with another handful of fixes this Patch Tuesday, a total of six being 0-day exploits. The third …read more Continue reading This Week in Security: Microsoft Patches, Typosquatting Continues, and Code Signing for All