14 Jul 2023 |
| Mostafa Moradian joined the room. | 17:15:47 |
| Mostafa Moradian changed their profile picture. | 17:15:51 |
16 Jul 2023 |
| Matthew Habtezgi joined the room. | 04:43:55 |
17 Jul 2023 |
| Dmitrii Okunev joined the room. | 15:21:46 |
Dmitrii Okunev | If you have questions about PCR0, feel free to tag me in the question. For example this locality logic and things like that we published in https://github.com/9elements/converged-security-suite a while ago. | 15:24:07 |
19 Jul 2023 |
hudson | I'm mostly a fan of remote attestation for device security, but definitely not like this to "prove" that you're using an unmodified web browser https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md | 11:42:52 |
Dmitrii Okunev | What's the point of attestation if you are not validating the whole stack up to the top? 🙂 | 12:12:16 |
Otto | The relevant issue 😄
https://github.com/RupertBenWiser/Web-Environment-Integrity/issues/28 | 14:48:09 |
Daniel aka CyReVolt | Ooof... that is the whole soup of trust issues I talk about when explaining "trust" in computing.
Consumers do not trust the chip vendors, content (media, game etc) publishers do not trust consumers, and in the end, we have little security and horrible UX on the customer/consumer side. Yep, that issue/thread describes it well.
If you wanted to transfer that idea to housing, oof, we would have cameras in our very own apartments so that guests could check whether everything is tidy before visiting us. Imagine that. | 17:04:18 |
hudson | https://github.com/RupertBenWiser/Web-Environment-Integrity/pull/29/files | 18:09:16 |
Dmitrii Okunev | Redacted or Malformed Event | 18:17:07 |
Daniel aka CyReVolt | Has some vibes of Elon open sourcing "the algorithm" | 21:09:12 |
20 Jul 2023 |
Daniel aka CyReVolt | I hope that the ad industry doesn't get into DRM...
Because they are facing pushback (thank goodness):
https://docs.google.com/document/u/1/d/e/2PACX-1vSVUwlTGIywViXvKoJ6A3q7tNsUO44XfBxP9kKv83Sm0--GiAo-rXjrWSzBsH3OwQ/pub | 10:58:20 |
21 Jul 2023 |
| Ayan Agrawal joined the room. | 05:58:17 |
| MT joined the room. | 11:21:49 |
| Tony Perez joined the room. | 17:42:34 |
22 Jul 2023 |
Daniel aka CyReVolt | High score, 10 points
https://eclypsium.com/research/bmcc-lights-out-forever/ | 09:45:36 |
24 Jul 2023 |
| Jonathon Hall changed their display name from Jonathon Hall to Jonathon Hall (away). | 18:55:38 |
26 Jul 2023 |
hudson | wild interview with spokesdroid from TETRA radio group, the one that was just shown to be shipping backdoored radios: https://zetter.substack.com/p/interview-with-the-etsi-standards | 13:04:36 |
hudson | The radios in some modes use an 80-bit key with reduced entropy so it was only really a 32-bit key that is now trivial to brute force. The algorithms were secret so that customers couldn't find this out; a team reverse engineered a radio to determine the algorithm and found the backdoor. The org says they have fixed it in the new algorithms, but those are also SECRET and of course they can't reveal them, because (and I'm quoting from the interview): "obscurity is] also a way of maintaining security" | 13:07:02 |
Daniel aka CyReVolt | Oddly enough, it works for quite some cases for quite a while.
One legit case I am somewhat concerned with is attacke on APIs. Quite some apps have infra behind them that needs to apply rate limiting where certain amounts of requests are definitely not within the bounds of regular usage. When it comes to low enough amounts where requests may cause harm though, it gets really tricky, so metrics like user behavior on their device plays a role. Think of requests that are very expensive to handle. A tough field. 😬 | 13:13:02 |
Felix Held | Security by obscurity only increases the cost of creating an exploit a bit, but I don't see how it could make things any more secure. And rolling your own crypto is usually also a very bad idea for securing things... | 15:23:34 |
27 Jul 2023 |
| pietrushnic (Old) changed their display name from pietrushnic to pietrushnic (Old). | 10:52:05 |
| pietrushnic (Old) invited pietrushnic. | 13:43:57 |
| pietrushnic joined the room. | 15:17:43 |
28 Jul 2023 |
| Chanho Park joined the room. | 03:54:00 |
29 Jul 2023 |
| Chanho Park changed their display name from _slack_osfw_U05K8UMA6E8 to Chanho Park. | 01:23:46 |
| Chanho Park set a profile picture. | 01:23:47 |
31 Jul 2023 |
| Jonathon Hall changed their display name from Jonathon Hall (away) to Jonathon Hall. | 13:07:27 |
| Joey Buiteweg changed their profile picture. | 23:23:02 |