Rick Altherr @kc8apf@mastodon.cloud

@progo
But how would you live without your dryer ordering more dryer sheets from Amazon automatically? *eyeroll*

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

#defcon27 #iotvillage

@lukedashjr

No. While this one still uses branch prediction as the trigger for speculative execution and cache as the side-channel, it uses a specific x86 instruction to cause the side effect that can be seen in the cache. POWER9 may have it's own instructions with similar side effects but this is specific to x86.

Training day 1: I rarely talk this much.

Let the DEFCON packing begin

Microscopes help

Tiny bit of dead bug wiring today

@Savagejen
That same scenario would explain what I'm hearing. Something to check into. Thanks!

@Savagejen
Good luck. I have one of those sounds that I've been hunting for 2 years. :(

Learning to rest is hard work

Someday I'll stop being amazed when I run across RC4 in a modern app.

45 minutes of sorting out Minecraft mod version conflicts was totally worth it. I've never heard my kids work well together as well as they are on a shared Minecraft server.

I feel so useless when I'm sick.

Another day, another set of BMC vulns. https://eclypsium.com/2019/07/16/vulnerable-firmware-in-the-supply-chain-of-enterprise-servers/ #iWorkThere #BackdoorManagementController

Even after working at Apple and Google, I identify as a 1x engineer: https://1x.engineer/

I did a podcast interview: https://unnamedre.com/episode/24

I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.