|
Segmentation Fault posted:I'm the embedded system running standard Windows 7 oh no, its worse
|
#
¿
Jan 6, 2017 03:13
|
|
|
|
| # ¿ May 4, 2024 21:34 |
|
|
a true embedded system would be running linux with a bsp not updated since 2004
|
|
#
¿
Jan 6, 2017 03:13
|
|
|
I guess they're worried about CBC attacks?
|
|
#
¿
Jan 6, 2017 23:30
|
|
|
Westie posted:just got owned via plesk, i'd like to sha- the first thing I noticed is that you're using nano time to grow a beard and wait for it to go grey I guess
|
|
#
¿
Jan 9, 2017 16:47
|
|
|
embedded device security: now on desktops!
|
|
#
¿
Jan 10, 2017 02:37
|
|
|
OSI bean dip posted:https://twitter.com/Viss/status/819685780247298048 hope he likes gitmo
|
|
#
¿
Jan 13, 2017 01:29
|
|
|
Cardboard Box A posted:http://www.techrepublic.com/videos/video-rudy-giuliana-explains-how-we-need-to-fix-the-cybersecurity-crisis/ hmmm, yes, that is definitely someone that knows all about cyber security
|
|
#
¿
Jan 15, 2017 23:20
|
|
|
which protocols are they actually using? zigbee? Lora? something else?
|
|
#
¿
Jan 17, 2017 23:13
|
|
|
Lutha Mahtin posted:do you really think it is likely that all those devices will use different chips and totally unique custom software stacks? even across different manufacturers i would (again) bet money that we are going to see the exact same poo poo we've been seeing for years now in consumer routers and iot crap: they will all use cheapo misconfigured software stacks full of old non-updated FOSS stuff written in unsafe languages like C. "oh but the protocol is pretty limited"! sure that's great but even if it's very locked down, it will mean jack if these devices have any alternate communication modes, or if other devices (like laptops or iot crap) have the ability to talk to the appliances via that protocol, because then all it will take is someone to discover a flaw in the 7-year-old version of linux that all these things are running, or a misconfiguration that exists across the software stacks of the 3 most popular smart-grid middleware providers. and on that point, i have a hard time believing that appliance makers can resist the temptation to add in features like "manage your kenmore appliances from ANYWHERE IN THE WORLD with the kenmore app!" and bolting on some kind of wi-fi interface which is of course then managed by the same main CPU/SoC that also does the locked-down smart-grid protocol stuff zigbee devices and wifi internet of things devices are in very different worlds. a "powerful" edge device is running on something like a cortex m4, a m0 or an 8bit micro will be more typical. these edge devices will communicate with the power company's routers which hopefully has a backhaul over an air gapped network. those routers would certainly be vulnerable, but the edge devices don't seem like they'd be a very good target.
|
|
#
¿
Jan 18, 2017 07:16
|
|
|
flosofl posted:Most infosec breach legislation as it impacts customers is on the state level IIRC. I imagine (hope) states are going initiate investigations in the wake of the federal investigation unless you mean a federal investigation into why yahoo engineers weren't in the crowd at the inauguration or if any of them voted for clinton, 
|
|
#
¿
Jan 25, 2017 17:11
|
|
|
Dolomite posted:i wonder if they're all like that. we have a sign for the football stadium that doesn't check anything, it just displays what the scheduler tells it. as long as the filename is the same you could swap out the image or movie and it won't care. they're all completely different because of course they are
|
|
#
¿
Jan 31, 2017 19:17
|
|
|
fisting by many posted:gaming law is complicated and varies state by state but a general rule is that it's cheating if you use any sort of device note that most people get charged for stuff like "counting cards" or whatever because the sneak back in or use fake ids
|
|
#
¿
Feb 7, 2017 01:36
|
|
|
Subjunctive posted:does your passport have your place of birth on it? all us passports do unless you were born in international waters or on an international flight in which case it will say AT SEA or IN THE AIR
|
|
#
¿
Feb 10, 2017 23:57
|
|
|
apseudonym posted:I mean, yeah? That's been the legal precedent and its not like they're going to say "darn, foiled by this clever nerd" when you refuse to provide them access. there isn't precedent - all the cases have been mooted before they got to a high enough court to get a definitive ruling on exactly how it works
|
|
#
¿
Feb 13, 2017 00:29
|
|
|
Also, from the article:quote:Rawls was thrown in the slammer on September 30, 2015 "until such time that he fully complies" (PDF) with a court order to unlock his hard drives. A child-porn investigation focused on Rawls when prosecutors were monitoring the online network, Freenet. They executed a search warrant in 2015 at Rawls' home. The authorities say it's a "foregone conclusion" that illicit porn is on those drives. But they cannot know for sure unless Rawls hands them the alleged evidence that is encrypted with Apple's standard FileVault software. then do you loving job and put it in front of a jury
|
|
#
¿
Feb 13, 2017 00:34
|
|
|
what's the mcu?
|
|
#
¿
Feb 21, 2017 03:52
|
|
|
stm32? its easier to do it right
|
|
#
¿
Feb 21, 2017 04:22
|
|
|
Harik posted:It's got CHACHA20-POLY1305 for AEAD but everything else is piece-parts. if you want more foolproof mbed tls has you covered
|
|
#
¿
Feb 21, 2017 05:21
|
|
|
the only problem is...quote:mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint. sounds like a challenge. someone is going to push keys of straight 0s into production
|
|
#
¿
Feb 21, 2017 05:23
|
|
|
"im trying to scan your device but everything is blocked, how do I fix that" - an actual customer
|
|
#
¿
Feb 21, 2017 23:06
|
|
|
Shaggar posted:I think the problem is more that its configured incorrectly out of the box so its disabled with the intent that you configure it properly before enabling rather than deploying misconfigured by default. i work for a company with an iot gateway that by default blocks all incoming connections on whatever the wan interface is detected as guess what the number one question for the gateways is
|
|
#
¿
Feb 23, 2017 16:35
|
|
|
Shaggar posted:probably ssh logins? or if its web probably some php admin login. yeah basically "how do I expose the default logins to the entire world?"
|
|
#
¿
Feb 23, 2017 18:34
|
|
|
Jimmy Carter posted:HID will do cooler stuff the more money you get them i interviewed at hid, i asked a bunch of security questions that got answers like "uhhh, would you be interested in working on that?" (it was mostly for the printers and I was really not interested in doing that )
|
|
#
¿
Feb 28, 2017 17:50
|
|
|
Volmarias posted:DoJ drops Playpen case because they don't want to reveal what their "network investigative techniques" were. I assume this means nobody has published the exploit yet?
|
|
#
¿
Mar 6, 2017 22:42
|
|
|
COACHS SPORT BAR posted:I tried about a year ago to do android sans google, and it's a loving mess. Even if you install apps from alternate stores (f-droid, etc), drat near everything expects the play framework to be present and will just crash when the api calls fail. Android without google these days basically means android without apps, I doubt there are really that many people in that segment there's an alarming number of embedded devices doing this though
|
|
#
¿
Mar 7, 2017 20:30
|
|
|
infernal machines posted:roughly, something mandating ongoing manufacturer support and minimum levels of security for internet connected devices. literally nothing would currently pass, the cries from industry would be amazing
|
|
#
¿
Mar 14, 2017 17:56
|
|
|
was their defense "don't kink shame"
|
|
#
¿
Mar 14, 2017 20:18
|
|
|
Volmarias posted:I'm sure that the company that operates entirely from China is going to actually provide those updates after pinky swearing to do it. Are you going to mandate that the retailer does it instead? whoever the importer is would be liable, if that's the retailer then 
|
|
#
¿
Mar 15, 2017 03:42
|
|
|
well what material losses do you have as a result of your doorbell being part of a botnet?
|
|
#
¿
Mar 15, 2017 05:45
|
|
|
Subjunctive posted:yeah, that's a good one. I just don't think anyone is going to make a case stick against Amazon can't sue the steel supplier if your bridge was designed wrong in the first place well, you can but you'd lose
|
|
#
¿
Mar 15, 2017 06:06
|
|
|
moot point anyways because a Trump admin won't regulate any of this
|
|
#
¿
Mar 15, 2017 06:08
|
|
|
Lutha Mahtin posted:no, his mycrimes.txt were encrypted with FDE. that's why they nabbed him at the library. they wanted a place where both (a) he had the computer on, encryption password activated, screen unlocked, and (b) where they could sneak up behind him, cause a distraction, and snag the machine from him while it was in the unlocked state my favorite random little detail in this story is that he didn't bring his laptop charger with him so the FBI agents had to scramble to find an ac adapter compatible with that type of laptop
|
|
#
¿
Mar 18, 2017 01:39
|
|
|
flosofl posted:Not sure if I missed this in thread, found it amusing as hell: quote:Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer. obviously the solution is for all iot devices to come with instructions for getting into uboot
|
|
#
¿
Apr 7, 2017 22:28
|
|
|
redleader posted:haha no loving way out of band, out of mind
|
|
#
¿
Apr 10, 2017 02:24
|
|
|
pseudorandom name posted:it's a standard feature on all cellular wifi boxes for some reason. presumably because it adds nothing to the cost and everybody else is doing it. all cellular radios support sms out of band management over SMS is absolutely not a requirement for gateways. it's a commonly requested feature for gateways/bridges/etc though
|
|
#
¿
Apr 10, 2017 14:31
|
|
|
I assumed that they were breaking some sort of oob feature but you're right it's probably even worse
|
|
#
¿
Apr 10, 2017 15:54
|
|
|
theflyingexecutive posted:just for fun question: can a stingray remotely update your iPhone radio firmware, kick you off wifi, and tunnel all your info through the fake cell tower? dunno why wifi would break because that's a separate radio. it does sound like the carrier settings are hosed so it may be as simple as a bad flash. if it happens again it's almost certainly the cell radio dying
|
|
#
¿
Apr 11, 2017 04:16
|
|
|
theflyingexecutive posted:well it happened immediately after I asked a LEO eyebrow-raising question, kicked me off wifi, and seemed to act like it couldn't establish secure connections which all screamed mitm to me. it's been 100% after the restore, but dying radio is certainly an option or your radio was sending invalid credentials to the carrier and the data connection was trying to redirect you to a registration page cycling airplane mode will force your cell radio to try and register itself again with the cell network so try that if it happens again
|
|
#
¿
Apr 11, 2017 04:39
|
|
|
theflyingexecutive posted:I def tried that and also resetting my cell network. authentications over https worked (but slowly) and I could access apple pw reset just fine which carrier? sounds like you only had gprs service
|
|
#
¿
Apr 11, 2017 05:05
|
|
|
|
| # ¿ May 4, 2024 21:34 |
|
|
it wouldn't be gprs on Verizon; that'd be cdma 1x random tangent: Verizon wants all cdma stuff off their network fast, with a complete shutdown of their cdma networks in the next couple of years
|
|
#
¿
Apr 11, 2017 05:22
|
|