If the NSA[1], GrapheneOS[2], and Apple[3] all believe that rebooting your mobile phone regularly is something that protects your data, you might consider doing it more often. Shortcuts on iOS make this super easy to setup.
2. https://grapheneos.social/@GrapheneOS/112204443465440601
3. https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/
Orson Peters' recent post "Breaking CityHash64, MurmurHash2/3, wyhash, and more..." is a fantastic dive into hash collisions in common algorithms: https://orlp.net/blog/breaking-hash-functions/
PS. Want to confuse various network security scanners? MurmurHash3 collide your /favicon.ico file with something arcane. See previous work by Jorian Woltjer at https://jorianwoltjer.com/blog/p/coding/shodan-favicon-preimage
I learned at least four neat things in this post on "Looking into the Nintendo Alarmo": https://garyodernichts.blogspot.com/2024/10/looking-into-nintendo-alarmo.html
1. mmWave sensors are actually shipping in consumer products (not just nerdy things*)
2. "OCTOSPI" region maps to external RAM and includes most of the firmware
3. You can hijack the CRYP interface with enough keystream to decrypt more stuff
4. The CRYP interface places partial keys in 4 x registers and you can brute force the 4×2^32 to recover the original key
* I spent far too long on a Go serial library for Seeed Studio mmWave sensors but gave up after the cross-room heartbeat/respiration detection required too long to lock the signal (and the logic is in the fw, so no raw data to work with to improve it)
Pretty cool to see GPUs with RISC-V co-processors, erm, main CPUs (the size/cost disparity always gets me -- the entire PC feels like an add-on card to GPUs these days): https://www.tomshardware.com/pc-components/cpus/risc-v-cpu-demoed-with-rx-7900-xtx-gpu-in-debian-linux-amd-flagship-gpu-paired-with-milk-v-megrez-board-and-sifive-p550-cores
It's not 20 minutes, but Orbital's "The Box - Full Version" YT has been my pomodoro timer for over a decade (two if you count the original CDs); queuing it up is my sure-fire way to focus for 30 minutes: https://www.youtube.com/watch?v=cONv26K0vL8
Matthew Bryant's (@mandatory) @defcon 32 talk is amazing: Secret Life of Rogue Device: Lost IT Assets on the Public Marketplace: https://www.youtube.com/watch?v=QgeEHdAmJDg
Way more entertaining than anything currently on Netflix.
(thank you @jduck for the link!)
LASCON.org is a blast. Exciting to see this local Austin conference bigger than ever after COVID lockdowns. Great talks, amazing volunteers, and a really friendly environment. Sponsors are definitely getting their money's worth with a packed expo hall (the nearby cookies help too).
If you weren't able to make my keynote this morning, you can find the presentation online at: https://hdm.io/decks/2024-LASCON-Numerology/
Huge thank you to the @jawncon organizers and volunteers; a really fun conference with a great vibe (and still the coolest badge ever). You can find a recording of my talk (covering wardialing, AOL, internet scanning, and lots of other random things) online at: https://youtu.be/-mkJzOy3P1U?t=8117
Slides from my (super short) @jawncon 0x1 talk - A Pebble Down the Well:
https://hdm.io/decks/JCPEBB~1.pdf
Couldn't make it[1] to @jawncon 0x1? Grab the live stream at https://www.youtube.com/watch?v=-mkJzOy3P1U -- Kai Pfiester is wrapping up "Leveraging the Adversarial Mindset to Become a Better Cybersecurity Professional" and I'm up next @ 11am ET with "A Pebble Down the Well: Network Exploration". Find the full schedule at https://jawncon.org/schedule0x1.html
1. You missed out on the most amazing badge ever (mini-Hayes-modem; functional and WiFi linked!)