Oops, your WiFi/Bluetooth chip can inadvertenly broadcast your encryption keys as electromagnetic noise from the CPU gets amplified and transmitted too
http://s3.eurecom.fr/tools/screaming_channels/
Also, hat tip to them for sharing source code and setup details.
http://s3.eurecom.fr/tools/screaming_channels/
Also, hat tip to them for sharing source code and setup details.
Keys for Pektron keyless entry systems (used in Tesla, McLaren and other high-end cars) are copyable within minutes. Tesla at least acknowledges the issue, unlike other vendors 🤦🏼♂️ (via @atemerev)
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/
do you really need files?
https://oleksandr.works/2018/09/16/accidental-complexity-files/
PS. Maybe I should create a separate channel mirroring my blog? Or keep it here?
https://oleksandr.works/2018/09/16/accidental-complexity-files/
PS. Maybe I should create a separate channel mirroring my blog? Or keep it here?
oleksandr.works
Accidental Complexity: Files | Understand the World
When I wrote about ideas and competition, I said: “you can beat large companies by spotting accidental complexity and avoiding it.” Pick a…
Hamiltonian Descent Methods: generalization of the momentum
https://arxiv.org/abs/1809.05042
via @karfly
https://arxiv.org/abs/1809.05042
via @karfly
TLDR: CloudFlare edge servers as Tor hidden services. Suspicious at first, very reasonable after closer look
https://blog.cloudflare.com/cloudflare-onion-service/
https://blog.cloudflare.com/cloudflare-onion-service/
The Cloudflare Blog
Introducing the Cloudflare Onion Service
Two years ago this week Cloudflare introduced Opportunistic Encryption, a feature that provided additional security and performance benefits to websites that had not yet moved to HTTPS.
cyberpunk reality in full swing
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Bloomberg.com
China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies
The attack by Chinese spies reached almost 30 U.S. companies by compromising America's technology supply chain.
"oops" [TLDR: you can tell libssh "i'm logged in" and you'll be logged in]
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Orca: Search engine that finds bugs in code!
TLDR: On large projects reduces time to find the offending commit (of hundreds that went into latest and previous releases) 3x on average, 7x median, up to 45x.
https://www.usenix.org/conference/osdi18/presentation/bhagwan
TLDR: On large projects reduces time to find the offending commit (of hundreds that went into latest and previous releases) 3x on average, 7x median, up to 45x.
https://www.usenix.org/conference/osdi18/presentation/bhagwan
X.org local privilege escalation (most Unix/Linux systems affected; launch X and enjoy superuser rights)
For added fun, combine with recent libssh vuln :)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665
For added fun, combine with recent libssh vuln :)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665
cve.mitre.org
CVE -
CVE-2018-14665
CVE-2018-14665
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
in environments that are only sparsely rewarding, curiosity is a very big deal. also, lazy robots who decide to watch TV instead of exploration :D
https://blog.openai.com/reinforcement-learning-with-prediction-based-rewards/
https://blog.openai.com/reinforcement-learning-with-prediction-based-rewards/
"Let's remove Quaternions from every 3D Engine", An Interactive Introduction to Rotors from Geometric Algebra
http://marctenbosch.com/quaternions/
http://marctenbosch.com/quaternions/
beautiful red team detective story // btw, reaching this level of InfoSec requires one hell of an asset inventory
https://threader.app/thread/1063423110513418240
https://threader.app/thread/1063423110513418240
threader.app
Threader - Good threads every day
Get a selection of good threads from Twitter every day
Vacuum tubes strike back!
https://spectrum.ieee.org/nanoclast/semiconductors/devices/new-metalair-transistor-replaces-semiconductors
https://spectrum.ieee.org/nanoclast/semiconductors/devices/new-metalair-transistor-replaces-semiconductors
IEEE Spectrum: Technology, Engineering, and Science News
New Metal-Air Transistor Replaces Semiconductors
A novel field emission transistor that uses air gaps could breathe life into Moore’s Law
when robots get sufficiently smart, they start to avoid work too 🙂
> CycleGAN learns to “hide” information about a source image into the images it generates in a nearly imperceptible, high frequency signal. This trick ensures that the generator can recover the original sample and thus satisfy the cyclic consistency requirement, while the generated image remains realistic
CycleGAN, a Master of Steganography via @vzezin
> CycleGAN learns to “hide” information about a source image into the images it generates in a nearly imperceptible, high frequency signal. This trick ensures that the generator can recover the original sample and thus satisfy the cyclic consistency requirement, while the generated image remains realistic
CycleGAN, a Master of Steganography via @vzezin
my head is fuzzy today, but the post is still entertaining (summarizes multiple papers)
https://rjlipton.wordpress.com/2012/04/14/tabulation-hashing-and-independence/
https://rjlipton.wordpress.com/2012/04/14/tabulation-hashing-and-independence/
Gödel's Lost Letter and P=NP
Tabulation Hashing and Independence
A technical tool of computer games thinks bigger Mihai Pătraşcu and Mikkel Thorup are part of the great research tradition at AT&T Labs in New Jersey, which branched out from Bell Lab…
that's how NSA attacked SSH and HTTPS (most likely). it's so simple, as always. ingenious.
note: not applicable to bitcoin, the vulnerable spot here is key generation, not the math itself :)
https://algorithmsoup.wordpress.com/2019/01/15/breaking-an-unbreakable-code-part-1-the-hack/
note: not applicable to bitcoin, the vulnerable spot here is key generation, not the math itself :)
https://algorithmsoup.wordpress.com/2019/01/15/breaking-an-unbreakable-code-part-1-the-hack/
Algorithm Soup
The (Almost) Secret Algorithm Researchers Used to Break Thousands of RSA Keys
RSA encryption allows for anyone to send me messages that only I can decode. To set this up, I select two large random primes $latex p$ and $latex q$ (each of which is hundreds of bits long), and r…
one more possible cause of Alzheimer, now bacterial (note: in mice)
http://advances.sciencemag.org/content/5/1/eaau3333
http://advances.sciencemag.org/content/5/1/eaau3333
Science
Porphyromonas gingivalis in Alzheimer’s disease brains: Evidence for disease causation and treatment with small-molecule inhibitors
Porphyromonas gingivalis , the keystone pathogen in chronic periodontitis, was identified in the brain of Alzheimer’s disease patients. Toxic proteases from the bacterium called gingipains were also identified in the brain of Alzheimer’s patients, and levels…