Yep, I am AT keyboard and DB9 serial mouse connector old. We can add editing AUTOEXEC.BAT and CONFIG.SYS with COPY CON to that list too...
Larry Pesce 
- 782 Followers
- 299 Following
- 27 Posts
Just a reminder to my friends that if you are also this old, you probably should top off your upstairs, downstairs, basement, car, kitchen, etc Advil (not all at one go of course, because at our age thats a lot of activity all at once).
This was a great write up on getting RCE on some Wemo smart plugs. It figures, I use a few of these at home, so maybe its time find something new and send them to the "lab"!
‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 | Sternum https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 | Sternum
Part of our work at Sternum includes constant security research of IoT vulnerabilities to better understand IoT security gaps, boost the security capabilities of our platform and help device manufacturers improve their security postures. In this post, we wanted to provide a behind-the-scenes look at our work and talk about our latest discovery—a buffer overflow […]
While the cat's away the mice will play! Paul is out for tonight's episode of Security Weekly, so it will be hosted by yours truly! Join us for the news, and some fun with my good friend Kevin Johnson!
https://www.scmagazine.com/podcast-episode/pauls-security-weekly-785
PSW #785 – Kevin Johnson
Kevin Johnson joins us to discuss pen testing, automated testing, why AI testing is not pen testing! In the security news: How AI Knows Things No One Told It, Dragos Employee Gets Hacked, VMProtect Source Code Leaks, CISA Vulnerabilities, SHA-1 is a Shambles, Microsoft Scans Inside Password Protecte...
Thanks Google for releasing a few new TLDs! I'm not quite sure who thought .zip and .mov were a good idea, but I registered rofl.zip, firmware.zip and sbom.zip. This could get interesting.
Google TLDs: https://www.blog.google/products/registry/8-new-top-level-domains-for-dads-grads-tech/
I'm redoing a little bit of my desk to add a new monitor to my ham shack, but there wasn't a specific model that fit me. I think I'm quickly changing from a varietoy of Chaotic Good to a variety of Chaotic Evil.
...and we are live with Paul's Security Weekly episode 784!
https://www.scmagazine.com/podcast-episode/pauls-security-weekly-784
For one of the last updates that I did to SANS SEC617: Wireless Penetration Testing and Ethical Hacking, we added some iBeacon detection and creation/spoofing to the course. But using Send My to send arbitrary data from a non-iBeacon device to the Find My network for distribution? Freaking Genius.
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security https://positive.security/blog/send-my
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application to retrieve, decode and display the uploaded data.
My recent fascniation with all things AI and making my life easier, this is a CTF I can get behind: AIcrowd | HackAPrompt 2023 | Challenges https://www.aicrowd.com/challenges/hackaprompt-2023
