Show more

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

Someday I'll stop being amazed when I run across RC4 in a modern app.

45 minutes of sorting out Minecraft mod version conflicts was totally worth it. I've never heard my kids work well together as well as they are on a shared Minecraft server.

OpenBIOS - open source Forth firmware 

telnet mapscii.me # For maps in your terminal from OpenStreetMap. Use arrow keys to move around and a/z to zoom in/out. Or use your mouse if your terminal supports that.

Even after working at Apple and Google, I identify as a 1x engineer: 1x.engineer/

I did a podcast interview: unnamedre.com/episode/24

I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.

"Never underestimate the power of proving someone wrong with hard data." - @jessfraz

πŸ’―

First security-focused talk submission accepted! Looking forward to sharing β€œCommon BMC vulnerabilities and how to avoid repeating them” at osfc.io in September.

Francine underwent a radiator replacement recently. With an aluminum radiator, electric fan, and her heater core reconnected, she's keeping cool even in stopped traffic on a hot California day.

Show more
mastodon.cloud

[Notice Regarding the Transfer of the mstdn.jp / mastodon.cloud Services] We have received several inquiries showing interest in a transfer following the announcement of the end of the mstdn.jp and mastodon.cloud services. As a result of subsequently evaluating the situation and making preparations, we have decided that the corresponding services will be transferred to a company in the United States on June 30. We will make an announcement regarding the name of the company that the services will be transferred to once preparations have been made. Thank you.