1
8
2
29

cross-posted from: https://lemmy.world/post/18283290

… "The first of two versions of the RayV Lite will focus on laser fault injection (LFI). This technique uses a brief blast of light to interfere with the charges of a processor’s transistors, which could flip them from a 0 value to a 1 value or vice versa. Using LFI, Beaumont and Trowell have been able to pull off things like bypassing the security check in an automotive chip’s firmware or bypassing the PIN verification for a cryptocurrency hardware wallet.

The second version of the tool will be able to perform laser logic state imaging. This allows snooping on what’s happening inside a chip as it operates, potentially pulling out hints about the data and code it’s handling. Since this data could include sensitive secrets, LSI is another dangerous form of hacking that Beaumont and Trowell hope to raise awareness of." …

3
9
4
17

The headline was bit sensationalist. So, I shortened it.

5
2

A video summary by Faan Rossouw of the Malware of the Day - XenoRAT///

🔗 Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

6
2

Today we're ecstatic to publish our first demo showing a homemade BusKill Cable (in the prototype 3D-printed case) triggering a lockscreen.

3D-Printed USB Dead Man Switch (Prototype Demo)
Watch the 3D-Printed USB Dead Man Switch (Prototype Demo) for more info youtube.com/v/vFTQatw94VU

via @Goldfishlaser@lemmy.ml

In our last update, I showed a video demo where I successfully triggered a lockscreen using a BusKill prototype without the 3D-printed body for the case and N35 disc magnets. I realized that the N35 disc magnets were not strong enough. In this update, I show a demo with the prototype built inside a 3D-printed case and with (stronger) N42 and N52 cube magnets.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

What is BusKill? (Explainer Video)
Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Why?

While we do what we can to allow at-risk folks to purchase BusKill cables anonymously, there is always the risk of interdiction.

We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. Rather, the solution to these attacks is to build open-source, easily inspectable hardware whose integrity can be validated without damaging the device and without sophisticated technology.

Actually, the best way to confirm the integrity of your hardware is to build it yourself. Fortunately, BusKill doesn't have any circuit boards, microcontrollers, or silicon; it's trivial to print your own BusKill cable -- which is essentially a USB extension cable with a magnetic breakaway in the middle

Mitigating interdiction via 3D printing is one of many reasons that Melanie Allen has been diligently working on prototyping a 3D-printable BusKill cable this year. In this article, we hope to showcase her progress and provide you with some OpenSCAD and .stl files you can use to build your own version of the prototype, if you want to help us test and improve the design.

Print BusKill

Photo of the 3D-Printed BusKill Prototype

If you'd like to reproduce our experiment and print your own BusKill cable prototype, you can download the stl files and read our instructions here:

Iterate with us!

If you have access to a 3D Printer, you have basic EE experience, or you'd like to help us test our 3D printable BusKill prototype, please let us know. The whole is greater than the sum of its parts, and we're eager to finish-off this 3D printable BusKill prototype to help make this security-critical tool accessible to more people world-wide!

7
1
8
1
9
1

Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing.https://openwall.com/lists/oss-security/2024/03/2...

10
1
11
1

AI summary of transcript:

groundbreaking exploration into transmitting LoRaWAN signals via unconventional means—utilizing microcontrollers lacking native radio functionalities. By tweaking GPIO pins on devices like the CH32V203, ESP32-S2, and ESP8266, OP demonstrates how to generate RF signals strong enough to communicate with commercial LoRaWAN gateways and access the internet. This method deviates from traditional approaches that rely on specific radio chips or RF capabilities. The experiment not only surpasses expectations in terms of signal transmission distance but also showcases a novel blend of ingenuity and technical prowess. Through this project, the resilience and adaptability of LoRa technology are put on full display, proving its capability to facilitate long-range communications under inventive conditions. The venture into RF technology and signal generation through hardware manipulation opens new avenues for utilizing microcontrollers in ways previously deemed impractical, marking a significant achievement in the field.

12
0
submitted 7 months ago by SLfgb@feddit.nl to c/cypherpunk@infosec.pub
13
1
14
1
submitted 8 months ago* (last edited 8 months ago) by cyph3rPunk@infosec.pub to c/cypherpunk@infosec.pub

DO NOT try this EVER.

The feds will show up at your house and arrest you in less than 30 minutes.

15
1
16
1

Welcome to the Advanced Meshtastic Series. We'll be getting into some of the more advanced things you can do with Meshtastic.

17
1
submitted 10 months ago by Jake_Farm@sopuli.xyz to c/cypherpunk@infosec.pub
18
1

Programs aren't capable of generating true random numbers, so how can we? Are they even useful? Dr Valerio Giuffrida demonstrates how to get a true random number from most computers.

19
1

cross-posted from: https://infosec.pub/post/4424216

Intell-dragonfly: A Cybersecurity Attack Surface Generation Engine Based On Artificial Intelligence-generated Content Technology. (arXiv:2311.00240v1 [cs.CR])

20
1

I just learned about this podcast today. Enjoy!

21
1
Pigpen Cypher IV (lemmy.world)
22
1
Pigpen Cypher III (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by Damaskox@lemmy.world to c/cypherpunk@infosec.pub
23
1
Pigpen Cypher II (lemmy.world)
24
1
Pigpen Cypher I (lemmy.world)
25
1
view more: next ›

cyph3rPunk

756 readers
2 users here now

The people in this community hope for a world where an individual's informational footprints—everything from an opinion on abortion to the medical record of an actual abortion—can be traced only if the individual involved chooses to reveal them; a world where coherent messages shoot around the globe by network and microwave, but intruders and feds trying to pluck them out of the vapor find only gibberish; a world where the tools of prying are transformed into the instruments of privacy. There is only one way this vision will materialize, and that is by widespread use of cryptography. Is this technologically possible? Definitely. The obstacles are political—some of the most powerful forces in government are devoted to the control of these tools. In short, there is a war going on between those who would liberate crypto and those who would suppress it. The seemingly innocuous bunch strewn around this community represents the vanguard of the pro-crypto forces. Though the battleground seems remote, the stakes are not: The outcome of this struggle may determine the amount of freedom our society will grant us in the 21st century. To the Cypherpunks, freedom is an issue worth some risk.


Relevant Links:


"Security is mostly a superstition. It does not exist in nature, nor do the children of man as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing." Helen Keller

founded 1 year ago
MODERATORS