Show more

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

Someday I'll stop being amazed when I run across RC4 in a modern app.

45 minutes of sorting out Minecraft mod version conflicts was totally worth it. I've never heard my kids work well together as well as they are on a shared Minecraft server.

OpenBIOS - open source Forth firmware 

telnet # For maps in your terminal from OpenStreetMap. Use arrow keys to move around and a/z to zoom in/out. Or use your mouse if your terminal supports that.

Even after working at Apple and Google, I identify as a 1x engineer:

I did a podcast interview:

I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.

"Never underestimate the power of proving someone wrong with hard data." - @jessfraz


First security-focused talk submission accepted! Looking forward to sharing β€œCommon BMC vulnerabilities and how to avoid repeating them” at in September.

Francine underwent a radiator replacement recently. With an aluminum radiator, electric fan, and her heater core reconnected, she's keeping cool even in stopped traffic on a hot California day.

Show more

Generalistic and moderated instance.