A couple of years back, when we thought that the covid pandemic might actually be over someday I did some research on RFID blocking fabric to see if it was actually worth anything. Somewhat surprisingly, I discovered that it does actually do what it says it does, within certain parameters (if you don't use something right it won't work; who knew?)
Late last year two noteworthy things happened: First, I finally got my hands on a Flipper Zero after waiting many months for it to arrive (no thanks to US Customs seizing the shipment for unspecified reasons) and spent some …
EDIT - 20200804 - Updated the Nginx stanzas because the newer versions of Certbot do all the work of setting up SSL/TLS support for you, including the most basic Nginx settings. If you have them there you'll run into trouble unless you delete them or comment them out. Also, Certbot centralizes all of the appropriate SSL configuration and hardening settings into a single includable file (/etc/letsencrypt/options-ssl-nginx.conf) for ease of maintenance.
A couple of years ago I spent some time trying to set up Matrix, a self-hosted instant messaging and chat system that works a little like Jabber, a …
A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen. If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated. Good times.
You've probably wondered why stolen passwords are dangerous. There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services. Coupled with the fact that many online services use e-mail addresses as usernames, this means that all …
Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.
The reason I've been quiet so much lately and letting my constructs handle posting things for me is because I was getting ready to attend DefCon 22, one of the largest hacker cons in the world. It's been quite a few years since I last attended DefCon (the last one was DefCon 9, back in 2001.ev) due to the fact that Vegas is, in point of fact, stupidly expensive and when you get right down to it I need to pay bills more than I need to fly to Las Vegas for most of a week. I'm also in …
When I was in DC a couple of weeks ago, I noticed that the lamps in my hotel room had USB ports in them, presumably for plugging in smart devices to recharge in the event that the traveler did not bring a power strip. Most hotels aren't known for offering a surplus of power outlets.
Seeing as how I was back in Washington, DC, called by some The City of Spies, I couldn't help but wonder how such a thing could be used offensively. Let's say I wanted to gig somebody's smartphone with some canned exploits and a malware package …
A couple of days ago a research team comprised of faculty at Nanyang Technological University in Singapore, the University of Southampton in the UK, and IQFR-CSIC in Madrid, Spain published a paper containing a creative solution to a problem known to be NP-complete, namely a version of the traveling salesman problem. The TSP, in summary, postulates a scenario in which you have an arbitrary number of towns spread over a large area and an arbitrary number of paths connecting them. What is the shortest possible path one can take in which the traveler visits each town only once and returns …
Set a Google Alert on the phrase "we take security very seriously" and leaf through it every time you get hits. Often, if a popular website gets compromised, they'll post about it on their blog a couple of days before the e-mail announcement hits your inbox. It may not buy you a lot of time but two days is better than none at all.