"The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced."

knobattack.com/

Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." theguardian.com/technology/201

"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."

googleprojectzero.blogspot.com

WPA3 – two new vulnerabilities were discovered:

wpa3.mathyvanhoef.com/#new

– CVE-2019-13377: Brainpool curves introduce a second class of side-channel leaks in the Dragonfly handshake of WPA3
– CVE-2019-13456: information leak in FreeRADIUS' EAP-pwd due to aborting when needing more than 10 iterations
– according to @vanhoefm (Twitter), "Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1"

#wpa3 #wifi #wlan #security #infosec #cybersecurity

3 reasons for a false sense of security:

infosec-handbook.eu/blog/discu

– reason 1: Legacy configuration and outdated security tips
– reason 2: No threat model
– reason 3: No checks and no monitoring

Don’t just assume security; actually check it.

#security #infosec #cybersecurity #falsesense #assumption #configuration #monitoring

I discovered my first hidden camera at an AirBnB last week in Yerevan, Armenia. Always scan the wifi when you get to a new place!! #surveillance #nmap #privacy #dystopia #security #badposture

Show more
Social feed

This is a personal and private instance.