Jason Stangroome

@[email protected]
170 Followers
392 Following
1.4K Posts

He/him. Principal Infrastructure Engineer. CISSP. Futurama and Factorio enthusiast. Privacy advocate.

Australia.

#infosec #cybersecurity

githubhttps://jstangroome.github.io/jstangroome/
justmytootshttps://justmytoots.com/@jstangroome@infosec.exchange
Jason Stangroome21h ago
Matthew GarrettMar 21
Blog post about my #bsidessf talk on using SSH certificates for git signing: https://codon.org.uk/~mjg59/blog/p/ssh-certificates-and-git-signing/
SSH certificates and git signing

When you’re looking at source code it can be helpful to have some evidence indicating who wrote it. Author tags give a surface level indication, but it turns out you can just lie and if someone isn’t paying attention when merging stuff there’s certainly a risk that a commit could be merged with an author field that doesn’t represent reality. Account compromise can make this even worse - a PR being opened by a compromised user is going to be hard to distinguish from the authentic user.

Matthew Garrett's Blog
Jason Stangroome21h ago
occult1d ago

Watching the livestream of the Artemis II launch, I just witnessed one of the astronauts type in the password on their tablet while sitting in the capsule on camera.

#ArtemisII #Artemis #Artemis2 #NASA #InfoSec #cybersecurity #OpSec #Privacy #SpaceExploration

Jason Stangroome21h ago
arXiv cs.CR bot23h ago

LightGuard: Transparent WiFi Security via Physical-Layer LiFi Key Bootstrapping

Shiqi Xu, Yuyang Du, Mingyue Zhang, Hongwei Cui, Soung Chang Liew
https://arxiv.org/abs/2604.01092 https://arxiv.org/pdf/2604.01092 https://arxiv.org/html/2604.01092

arXiv:2604.01092v1 Announce Type: new
Abstract: WiFi is inherently vulnerable to eavesdropping because RF signals may penetrate many physical boundaries, such as walls and floors. LiFi, by contrast, is an optical method confined to line-of-sight and blocked by opaque surfaces. We present LightGuard, a dual-link architecture built on this insight: cryptographic key establishment can be offloaded from WiFi to a physically confined LiFi channel to mitigate the risk of key exposure over RF. LightGuard derives session keys over a LiFi link and installs them on the WiFi interface, ensuring cryptographic material never traverses the open RF medium. A prototype with off-the-shelf WiFi NICs and our LiFi transceiver frontend validates the design.

toXiv_bot_toot

LightGuard: Transparent WiFi Security via Physical-Layer LiFi Key Bootstrapping

WiFi is inherently vulnerable to eavesdropping because RF signals may penetrate many physical boundaries, such as walls and floors. LiFi, by contrast, is an optical method confined to line-of-sight and blocked by opaque surfaces. We present LightGuard, a dual-link architecture built on this insight: cryptographic key establishment can be offloaded from WiFi to a physically confined LiFi channel to mitigate the risk of key exposure over RF. LightGuard derives session keys over a LiFi link and installs them on the WiFi interface, ensuring cryptographic material never traverses the open RF medium. A prototype with off-the-shelf WiFi NICs and our LiFi transceiver frontend validates the design.

arXiv.org
Jason Stangroome1d ago

RE: https://infosec.exchange/@jstangroome/116258676706100766

And then the autoloaders come along and reintroduce code magically appearing from who knows where. 😮‍💨

Show threadJason Stangroome1d ago
@NanoRaptor pictures you can hear.
Jason Stangroome2d ago
Joining the LackRack club.
Show threadJason Stangroome3d ago

@decryption I know the new four port NTDs have a 10Gbit port and three 2.5Gbit ports so at least that's not the bottleneck.

I only learned the limits on the old NTD by going through the sign up process and being told by the second provider they couldn't provision more than 100Mbps unless I downgraded the first service.

Show threadJason Stangroome3d ago

@decryption good question. I have the pre-2000Mbit NTD with multiple Uni-D ports and hit the limit of only being able to have one port connected at 1000Mbit with the rest at 100Mbit max.

My NTD failed in December after ~5 years of solid use and the NBN tech still swapped it for the same model despite the 2000Mbit NTDs being available then.

I'm very tempted to move from a 1000/400 plan to a 2000/500 plan but I'd end up spending way too much replacing my switches and APs with 2.5Gbit variants.

I priced replacing my main 8-port PoE switch at a 4x difference between 2.5Gbit and 1Gbit 😥

Jason Stangroome3d ago

Made my first attempt to convert a simple Golang CLI tool to a TUI tool today. Charm Bubble Tea seemed like the most appropriate TUI framework to use.

Quickly discovered I was going to need to explicitly manage a lot more of the UI state (e.g. which view is active, which control has focus) than I expected.

Working with web UIs (even framework-less) and WinForms (many, many years ago) has apparently spoiled me.

Bubbles components, Huh forms, and Lipgloss composition may reduce some of the explicit state management, but it's a non-trivial learning curve, exacerbated by my need to understand not just the "how" but which approach is most idiomatic.

Show threadJason Stangroome5d ago

@nicolas17 @siguza given the official definition of the IP space, I appreciate it is a reasonable default for routers to drop packets using those IPs to mitigate abuse.

Unfortunately whether it's a router firmware update, or a trivial configuration toggle, there are going to be router operators unwilling to make those changes.

And then there's the end-of-support router hardware that would need replacing.

*Sigh*.