Rick Altherr @kc8apf@mastodon.cloud

Reminder: I offer free mentoring and mock interviews. Embed sys, C++, perf analysis, at-scale monitoring, and more. Grab a spot on my calendar at http://calendly.com/kc8apf.

Feeling all the anxiety to get slides for OSFC.io done today...

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

#defcon27 #iotvillage

Training day 1: I rarely talk this much.

Let the DEFCON packing begin

Microscopes help

Tiny bit of dead bug wiring today

Learning to rest is hard work

Someday I'll stop being amazed when I run across RC4 in a modern app.

45 minutes of sorting out Minecraft mod version conflicts was totally worth it. I've never heard my kids work well together as well as they are on a shared Minecraft server.

I feel so useless when I'm sick.

Another day, another set of BMC vulns. https://eclypsium.com/2019/07/16/vulnerable-firmware-in-the-supply-chain-of-enterprise-servers/ #iWorkThere #BackdoorManagementController

Even after working at Apple and Google, I identify as a 1x engineer: https://1x.engineer/

I did a podcast interview: https://unnamedre.com/episode/24

I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.

"Never underestimate the power of proving someone wrong with hard data." - @jessfraz

💯

First security-focused talk submission accepted! Looking forward to sharing “Common BMC vulnerabilities and how to avoid repeating them” at osfc.io in September.

Francine underwent a radiator replacement recently. With an aluminum radiator, electric fan, and her heater core reconnected, she's keeping cool even in stopped traffic on a hot California day.