Reminder: I offer free mentoring and mock interviews. Embed sys, C++, perf analysis, at-scale monitoring, and more. Grab a spot on my calendar at http://calendly.com/kc8apf.
Just re-upping this offer: because being comfortable with git is a barrier to entry to many FS/OSS projects, and because I care deeply about lowering those barriers, I will tutor anyone who asks for help with git, and/or connect them with any mentor(s) they might prefer.
I'll do this while I put energy and work into making the tool more approachable, and into making better tools and learning paths.
Boosts gratefully appreciated.
My latest research is out today. USBAnywhere let's you plug in any USB device to Supermicro servers over IP. More over at Eclypsium's blog: https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
My son noticed our unlocked ZTE Trek 2 HD tablet showed LTE on Google Fi but Firefox claimed it was offline. Best I can gather, AT&T/ZTE stopped shipping updates after Android 7.1. Guessing Fi won't let such an old patch level on the network. Trying to update to LineageOS has been 2 hours of frustration due to bootloader nonsense. Tablets aren't supposed to be disposable.
I spent all day looking for vulns in a IoT clothes dryer. What did I find?
* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door
Best I could do was get the DHCP server to serve the same IP to every request.
Well done GE.