Mastodawn

John Carroll Nov 16, 2022

I’m the annoying guy that makes you think about what you’re doing, and why you’re doing it.

John Carroll Nov 16, 2022

Dimitris Papapetros Nov 16, 2022

I’m #hiring for a Senior Cyber Threat Intelligence Analyst at PlayStation! This is a full-time remote position in Germany.

https://grnh.se/545f13774us

#infosecjobs #cyberjobs #cybersecurity #threatintelligence #cyberthreatintelligence

Senior Cyber Threat Intelligence Analyst (Remote - Germany)

Germany, Remote

John Carroll Nov 14, 2022

Rmogull Nov 14, 2022

Kubernetes is nearly always the wrong answer. Nearly.

Prove me wrong please.

John Carroll Nov 14, 2022

Łukasz

Nov 14, 2022

Let's do hardware hacking: how to measure the power.

The previous post is here:
https://infosec.exchange/@maldr0id/109337314917322015

The first big obstacle in measuring the power are the capacitors. These are included on the boards to stabilise the current, but they will have a significant impact on the power measurement. So, in order to properly measure the power we need to get rid of them, by, for example, removing the CPU from the board and putting it on the breadboard (see the first picture).

The second obstacle is the fact that most tools (e.g. oscilloscopes, logic analysers with analogue channels) measure voltage, not current (unless you have some fancy equipment).

In order to measure current we will use Ohm's law:

V = R * I

As you can see if R is constant (as is the case with a resistor) then measuring voltage is the same as measuring the current. In fact the shape of the chart of voltage measurements and current measurements will be exactly the same.

So let's introduce a small resistor and measure voltage across it (like in the second picture).

Now, you want the resistor resistance to be as high as possible (since it will magnify small changes in the current when measuring voltage - look at the Ohm's Law) but also not so high as to use all the power. For Arduino Uno 47 ohms is a good trade-off. 47 ohms is a lot and you'd usually use 1 or even 0.1 ohms for this job, but it works so I don't question it.

Now just attach logic analyser with analogue channels or better yet oscilloscope and you can measure the CPU power usage!

Łukasz :verified: (@[email protected])

Attached: 1 image Let's start hardware hacking posts with simple power analysis. Each instruction executed on the CPU will use different amounts of power (whatever it means, just go with me, don't listen to the physics part of your brain). Based on the power usage you can determine not only what instruction is being executed but also what arguments it took! Seriously. Let's take the following example: bool checkPass(String buffer) { bool result = true; for (int i = 0; i < PASSWORD.length(); i++) { if (buffer[i] != PASSWORD[i]) { result = false; } } return result; } As you can see it's a very simple password check, without the usual timing attack bug. It's worth noting that the whole if is one assembly instruction on Arduino (hence it doesn't take longer to execute the loop because of the value assignment). Now if we assume that the password is just 5 digits we can try ten different passwords: 00000, 11111, ..., 99999 and get 10 power traces. If we overlay all of them we will see the odd ones out (like in the picture below). If you look closely at the picture below you will see that there are five distinct places in which the power traces differ. If you match the colours of traces to the password attempts you will get the 5 digits password in just 10 tries! Magic!

Infosec Exchange

John Carroll Nov 14, 2022

@wimremes how long until votes are counted ?

John Carroll Nov 14, 2022

Accurate

John Carroll Nov 14, 2022

https://github.com/KULeuven-COSIC/Starlink-FI

GitHub - KULeuven-COSIC/Starlink-FI

Contribute to KULeuven-COSIC/Starlink-FI development by creating an account on GitHub.

GitHub

John Carroll Nov 14, 2022

Jason Scott Nov 13, 2022

Hey there, Admin of the Internet Archive Mastodon here. I've seen some people speculate/rumor that the Archive's mastodon instance is set up to be an involuntary vacuum spot for all toots passing back into the Wayback, and it is NOT that. Any archiving of toots would be some other project (and outside my knowledge) but the Internet Archive Mastodon is just another instance, doing the mastodon thing. Communicate with us at will.

John Carroll Nov 14, 2022

https://twitterisgoinggreat.com

Twitter is Going Great!

Twitter is Going Great is a project inspired by Web3 is Going Just Great to track the latest examples of how Twitter is actively falling to pieces thanks to its current owner Elon Musk (with special guests Jack Dorsey and the Saudi Arabian royal family).

John Carroll Nov 13, 2022