But how would you live without your dryer ordering more dryer sheets from Amazon automatically? *eyeroll*
I spent all day looking for vulns in a IoT clothes dryer. What did I find?
* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door
Best I could do was get the DHCP server to serve the same IP to every request.
Well done GE.
No. While this one still uses branch prediction as the trigger for speculative execution and cache as the side-channel, it uses a specific x86 instruction to cause the side effect that can be seen in the cache. POWER9 may have it's own instructions with similar side effects but this is specific to x86.
That same scenario would explain what I'm hearing. Something to check into. Thanks!
Good luck. I have one of those sounds that I've been hunting for 2 years. :(
Another day, another set of BMC vulns. https://eclypsium.com/2019/07/16/vulnerable-firmware-in-the-supply-chain-of-enterprise-servers/ #iWorkThere #BackdoorManagementController
OpenBIOS - open source Forth firmware
telnet http://mapscii.me # For maps in your terminal from OpenStreetMap. Use arrow keys to move around and a/z to zoom in/out. Or use your mouse if your terminal supports that.
Even after working at Apple and Google, I identify as a 1x engineer: https://1x.engineer/
I did a podcast interview: https://unnamedre.com/episode/24
I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.