Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away:
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
I love these kinds of attacks. Via @dangoodin at @arstechnica
This #reconmtl talk by Ang Cui looks epic: Ice Ice Baby: Coppin' RAM With DIY Cryo-Mechanical Robot https://cfp.recon.cx/2023/talk/HCJHBW/
(coverage at https://www.theregister.com/2023/06/09/cold_boot_ram_theft/ by @thomasclaburn)
A little cheeky of PrinterLogic to warn against PrintNightmare vulnerabilities after this savage thrashing on full-disclosure: https://seclists.org/fulldisclosure/2023/May/16
Shodan is only showing ~15 on the internet at least: https://www.shodan.io/search?query=title%3Aprinterlogic
The @runZeroInc query is similar: https://console.runzero.com/inventory/services?search=_asset.protocol%3Ahttp%20protocol%3Ahttp%20%28html.title%3A%3D%22Printer%20Logic%22%20OR%20favicon.ico.image.md5%3A%3Dab2fc8886bfbf3e986f8015539d29736%29
hat tip to @campuscodi for flagging at https://riskybiznews.substack.com/p/risky-biz-news-iranian-hacktivists (and @riskydotbiz for the mention)
Fun times this week coming up with a @runZeroInc query for the actively-exploited MOVEit SQL injection vulnerability:
https://www.runzero.com/blog/finding-moveit-file-transfer-services/
Nicky Mouha just posted a follow-up to his work on the SHA-3 reference implementation buffer overflow from last year: https://mouha.be/sha-3-buffer-overflow-part-2/
Excellent reporting by @dangoodin : Critical Barracuda 0-day was used to backdoor networks for 8 months https://arstechnica.com/information-technology/2023/05/critical-barracuda-0-day-was-used-to-backdoor-networks-for-8-months/ ... and who says Perl isn't relevant anymore =D
I fell into a rabbit hole today on memcmp() timing analysis for a remote service that verifies a MD5 digest... hours later, it's clear that due to compiler optimizations this is _really_ hard to exploit on most 64-bit machines (it can turn into 2^64 brute force in many cases).
Any tips on modern (remote) timing analysis of memcmp() implementations?
Also, Erlang should probably stop using memcmp() for cookie digest verification.
Using Aurora RDS? A new billing mode ("I/O Optimized") was introduced on May 11th that may save you a ton on database costs. Changing this setting for one of our IOPS-heavy workloads will save us ~70% on our monthly bill: https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-aurora-i-o-optimized/
You’ve seen the smart plug, but have you seen the smartest plug?