My latest research is out today. USBAnywhere let's you plug in any USB device to Supermicro servers over IP. More over at Eclypsium's blog: https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
My son noticed our unlocked ZTE Trek 2 HD tablet showed LTE on Google Fi but Firefox claimed it was offline. Best I can gather, AT&T/ZTE stopped shipping updates after Android 7.1. Guessing Fi won't let such an old patch level on the network. Trying to update to LineageOS has been 2 hours of frustration due to bootloader nonsense. Tablets aren't supposed to be disposable.
I spent all day looking for vulns in a IoT clothes dryer. What did I find?
* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door
Best I could do was get the DHCP server to serve the same IP to every request.
Well done GE.
he/him. Engineer, tinkerer, 🏎️,🔧,🔌,💻, FOSS FPGA tools.
[Notice Regarding the Transfer of the mstdn.jp / mastodon.cloud Services] We have received several inquiries showing interest in a transfer following the announcement of the end of the mstdn.jp and mastodon.cloud services. As a result of subsequently evaluating the situation and making preparations, we have decided that the corresponding services will be transferred to a company in the United States on June 30. We will make an announcement regarding the name of the company that the services will be transferred to once preparations have been made. Thank you.