Show more

"The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced."

knobattack.com/

Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." theguardian.com/technology/201

"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."

googleprojectzero.blogspot.com

I discovered my first hidden camera at an AirBnB last week in Yerevan, Armenia. Always scan the wifi when you get to a new place!! #surveillance #nmap #privacy #dystopia #security #badposture

So the government of Kazakhstan is MITM'ing all SSL'ed traffic lobste.rs/s/uqj8nq/mitm_on_all

The way they are doing this is by adding a Certificate Authority (CA) that allows them to snoop all traffic.

This is, by the way, why SSL is criticized as being "only as secure as the weakest CA in your system". Here it's deliberate, but that's a problem in general.

Show more
Social feed

This is a personal and private instance.