Nostr notes by dragosr

A walkthrough on patching Dell UEFI firmware at the SPI flash ...

2026-03-29T21:06:01Z

A walkthrough on patching Dell UEFI firmware at the SPI flash level to disable pre-boot DMA protection — bypassing the BIOS password entirely. The interesting part: the UEFI UI still reports the setting as enabled, and TPM measured boot doesn't detect the NVRAM change, so BitLocker unlocks normally. The patch also persists through official Dell BIOS updates. From there it's DMAReaper to kill IOMMU + PCILeech for a SYSTEM shell. Significant measured boot policy gap. https://www.mdsec.co.uk/2026/03/disabling-security-features-in-a-locked-bios/

Who cares? The new models are awesome. A new performance ...

2025-08-08T07:28:32Z

In reply to nevent1q…dlp7
_________________________

Who cares? The new models are awesome. A new performance benchmark.

Trivially spoofed packets from an SDR can derail trains. It's ...

2025-07-14T21:44:35Z

Trivially spoofed packets from an SDR can derail trains.

It's a seriously low bar for attackers and I'm so glad Neil is finally getting some folks to pay attention.

https://www.theregister.com/2025/07/14/train_brakes_flaw/

Critical Meshtastic Vulnerability: CVE-2025-52464: Meshtastic ...

2025-06-26T06:36:21Z

Critical Meshtastic Vulnerability:

CVE-2025-52464: Meshtastic 2.5.0–2.6.10 shipped cloned or low-entropy X25519 keys via vendor pre-flash + weak RNG.

Collisions let attackers decrypt LoRa direct-msgs, replay/forge admin RPCs, hijack nodes; no forward secrecy, so old captures stay cleartext.

Firmware 2.6.11 defers key-gen, hardens entropy, flags compromised pairs.

https://mander.xyz/post/32783704

Time to update microcode on your Intel processors (gen >9)... ...

2025-05-13T16:57:44Z

Time to update microcode on your Intel processors (gen >9)...

New speculative prediction bug lets you capture /etc/shadow with 99% reliability. They didn't make anything like it work on AMD or ARM... yet...

https://comsec.ethz.ch/research/microarch/branch-privilege-injection/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512

The Czech Republic, Ukraine joint satellite reconnaissance ...

2025-03-27T02:39:09Z

The Czech Republic, Ukraine joint satellite reconnaissance project sucessfully launched TROLL satellite, developing the higher-resolution Drak satellite, to provide Ukraine with independent, high-quality optical intelligence to enhance defense capabilities, autonomy.

https://news.satnews.com/2025/03/26/first-satellite-of-planned-czech-ukrainian-network-launched/

Oh, is that all? A few (billion?) ESP32 devices let attackers ...

2025-03-08T23:03:59Z

Oh, is that all? A few (billion?) ESP32 devices let attackers establish persistency in local flash using an undocumented commands set accessible from an over the air pivot, and low level protocol injection and spoofing control...

ESP32 chips have 29 undocumented Bluetooth vendor-specific HCI commands (0xFC01–0xFC44) allowing direct RAM/Flash access, MAC address spoofing, injecting LMP and LLCP packets, direct Bluetooth register manipulation.

https://tinyurl.com/ESP32-backdoor

https://tinyurl.com/esp32bd

Framework Desktop: It's not a $3k 1Petaflop 128k Blackwell ...

2025-03-01T04:14:53Z

Framework Desktop: It's not a $3k 1Petaflop 128k Blackwell DIGITS, but it does have Strix Halo/Ryzen AI Max+ 395 unified memory(DDR5x tho) with a 256 wide bus soldered memory on the board - capability that would cost $6k in a Macbook for $2k.

New Framework desktop, engineering sample torn down by iFixit - skip to 7:20.

https://www.youtube.com/watch?v=5mGzEsRM3hs&t=553s

Admittedly below our already not high expectations for a WiFi ...

2025-02-05T01:50:52Z

Admittedly below our already not high expectations for a WiFi accessible space heater:

An unverified OTA update process in a Govee smart space heater—using HTTP with weak integrity checks (a simple checksum and HMAC with a hardcoded key)—allows MITM attackers to inject modified firmware, enabling arbitrary control or bricking. Exposed debug interfaces with weak credentials compound the vulnerability.

https://blog.includesecurity.com/2025/02/replacing-a-space-heater-firmware-over-wifi/

Congratulations to the new American administration, achieving ...

2025-02-02T19:41:29Z

Congratulations to the new American administration, achieving something no Canadian politician has been able to - rallying the entire country around the flag.

Uniting BC's left wing Eby, Ford's right wing Conservatives, Trudeau/Carney's centrist Liberals, even separatist CAQ François Legault saying Quebec must stand together with the rest of Canada and fight (!!!).

I don't think we have seen ALL of Canada synchronize and unify like this to respond to a threat since WW2.

The CCC 38 Saal1 Presentation - BlinkenCity: Radio-Controlling ...

2024-12-28T22:06:09Z

The CCC 38 Saal1 Presentation - BlinkenCity: Radio-Controlling Street Lamps and Power Plants by Fabian Bräunlein and Luca Melette

...on reversing streetlamps, ripple controls, Versacom and Semagyr, power gear, smart meters, controlling FREs with flashlights and flipper zero's(!), was a tour de force in reverse engineering, critical infrastructure risk analysis, and hacking excellence. If you use electricity or streets, you should watch it.

https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/HSNZGR/

right after you band screwdrivers.

2024-11-29T20:53:36Z

In reply to nevent1q…0vvh
_________________________

right after you band screwdrivers.

Trying to extend reach of GDPR to BlueSky LLM training is ...

2024-11-29T20:52:01Z

Trying to extend reach of GDPR to BlueSky LLM training is problematic. Data is declared public, so free to train on it. The problems start trying to claim GDPR rights *after the data is no longer needed.*

The GDPR right to access, erasure, and modification do not extend to mandated memory wipes for any human who has ever viewed(processed) the data. It's unreasonable, and technically infeasible, to expect that kind of access to LLMs.

Significant technical and legal challenges are coming up.

For those going home to visit family this weekend: • Samsung ...

2024-11-28T01:04:01Z

For those going home to visit family this weekend:

• Samsung calls it Auto Motion Plus
• LG calls it TruMotion
• Sony calls it Motionflow
• Roku calls it Action Smoothing
• Google TV calls it Motion Enhancement
• Vizio calls it Smooth Motion Effect.
• Panasonic calls it Intelligent Frame Creation (IFC)
• Philips calls it Perfect Natural Motion
• Sharp calls it AquoMotion
• Toshiba calls it ClearScan
• JVC calls it Clear Motion Drive
• Magnavox calls it Perfect Pixel HD

D-Link tells users to trash old VPN routers over bug too ...

2024-11-20T16:19:02Z

D-Link tells users to trash old VPN routers over bug too dangerous to identify.

Hopefully folks realize they should replace it with another vendor.

This vuln was covered at DEF CON 32 by Sam Curry. TR-069 is an admin access protocol that lets DLink work with your router remotely (reset device, etc.). Bad actors use spoofed requests to change config data, read the MAC address, monitor traffic, and use them as botnets. TR-069 is industry standard

https://www.theregister.com/2024/11/20/dlink_rip_replace_router/