Collaborate Disseminate
Since Windows 11 has announced its TPM module requirement, the prices for previously abundant and underappreciated TPM add-on boards for PC motherboards have skyrocketed. We’ve been getting chips and soldering …read more Continue reading TPM Module Too Expensive? DIY Your Own Easily!
[aleaksah] got himself a Mi Smart Kettle Pro, a kettle with Bluetooth connectivity, and a smartphone app to go with it. Despite all the smarts, it couldn’t be turned on …read more Continue reading Dumping Encrypted-At-Rest Firmware Of Xiaomi Smart Kettle
Over many years now we’ve covered right-to-repair stories, and among them has been a constant bête noire. The American farm machinery manufacturer John Deere whose instantly recognisable green and yellow …read more Continue reading For Once, The Long Arm Of John Deere Presses The Right Button
To start our week of vulnerabilities in everything, there’s a potentially big vulnerability in Android handsets, but it’s Apple’s fault. OK, maybe that’s a little harsh — Apple released the …read more Continue reading This Week in Security: Android and Linux, VirusTotal, More Psychic Signatures
[Daljeet Nandha] from [RoboCoffee] writes to us, sharing his research on cryptographic signature-based firmware authenticity checks recently added to the Xiaomi Mi scooter firmware. Those scooters use an OTA firmware …read more Continue reading Xiaomi Cryptographically Signs Scooter Firmware – What’s Next?
Java versions 15, 16, 17, and 18 (and maybe some older versions) have a big problem, ECDSA signature verification is totally broken. The story is a prime example of the …read more Continue reading This Week in Security: Java’s Psychic Signatures, AWS Escape, And a Nasty Windows Bug
OpenSSH has minted their 9.0 release, and it includes a pair of security changes. Unlike most of the releases we cover here, this one has security hardening to prevent issues, …read more Continue reading This Week in Security: OpenSSH, Git, and Sort-of NGINX 0-day
Tesla vehicles have a charging port that is under a cover that only opens on command from a charging station. Well, maybe not only. [IfNotPike] reports that he was able …read more Continue reading Just in Case You Want to Charge Your Neighbor’s Tesla
The Cyclops Blink botnet is thought to be the work of an Advanced Persistent Threat (APT) from Russia, and seems to be limited to Watchguard and Asus devices. The normal …read more Continue reading This Week in Security: Vulnerable Boxes, Government Responses, and New Tools
One of the big stories surrounding the announcement of Windows 11 was that it would require support for TPM 2.0, or Trusted Platform Module, to run. This takes the form …read more Continue reading Build a TPM Module For Your Server