@progo
But how would you live without your dryer ordering more dryer sheets from Amazon automatically? *eyeroll*

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

@lukedashjr

No. While this one still uses branch prediction as the trigger for speculative execution and cache as the side-channel, it uses a specific x86 instruction to cause the side effect that can be seen in the cache. POWER9 may have it's own instructions with similar side effects but this is specific to x86.

@Savagejen
That same scenario would explain what I'm hearing. Something to check into. Thanks!

@Savagejen
Good luck. I have one of those sounds that I've been hunting for 2 years. :(

Someday I'll stop being amazed when I run across RC4 in a modern app.

45 minutes of sorting out Minecraft mod version conflicts was totally worth it. I've never heard my kids work well together as well as they are on a shared Minecraft server.

OpenBIOS - open source Forth firmware 

telnet mapscii.me # For maps in your terminal from OpenStreetMap. Use arrow keys to move around and a/z to zoom in/out. Or use your mouse if your terminal supports that.

Even after working at Apple and Google, I identify as a 1x engineer: 1x.engineer/

I did a podcast interview: unnamedre.com/episode/24

I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.

Show more
mastodon.cloud

Generalistic and moderated instance.