Verifying myself: I am kontaxis on Keybase.io. 48aChilCrFSgjyJ_X54MuLZU9vQiNSiXEWmG / keybase.io/kontaxis/sigs/48a…

Inflight wifi didn't work so of course I had to debug it. It appears the problem is lack of DHCP lease. The WiFi was using 8 hour leases, which was time enough for many planeloads of passengers to embark/disembark. A quick ARP scan at the time showed there were 55 devices on the network, almost entirely mobile devices (which randomize their MAC addresses, whereas laptops don't). Given the number of takeoffs and landings in the 8 hour period, the lease table can easily fill up. The fun fact about DHCP is that when this condition happens, it sends no response to the client. In other words, when trying to diagnose why " the wifi isn't working", there's no difference between this cause and half a dozen other causes. I have to guess this is the cause simply by looking at the fact lots of other people seem to have successfully gotten a DHCP response but I haven't. I told the flight attendant "the WiFi isn't working". She then "reset the Internet", after which I could get a lease. Apparently in the front near the entrance/exit, there's a button simply labeled "INTERNET RESET" that she presses whenever a customer complains. Obviously, one solution to the problem is that DHCP leases on planes should be drastically shorter, like at 1 hour intervals. Secondly, the number of leases should be drastically increased.

SMTP Smuggling - Spoofing E-Mails Worldwide sec-consult.com/blog/detail/…

Today @FTC took action against Rite Aid for recklessly using facial recognition tools, leading to innocent people being wrongly accused of shoplifting. Our order prohibits the firm from using facial surveillance tools for 5 years, among other protections. ftc.gov/news-events/news/pre…

The full text of "Firewalls and Internet Security, Second Edition”, by Bill Cheswick, Avi Rubin, and myself, has been released under a Creative Commons license at wilyhacker.com/. We include the full LaTeX source of the book, since we typeset it ourselves.

Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues papers.mathyvanhoef.com/usen…

Messaging Layer Security: Secure and Usable End-to-End Encryption ietf.org/blog/mls-secure-and…

OpenSSL support for RFC7250 raw public keys has been merged into the 3.2 development branch (master): github.com/openssl/openssl/p… This supports trust validation via DANE TLSA records! I have pre-release code that adds DANE-with-RPK support to Postfix: github.com/vdukhovni/postfix…

Zoom and dark patterns. Click a meeting link. It auto-downloads Zoom. Ignore that. The 'launch meeting' page gives no indication that you can join via browser but suggests install the Zoom Client. Click 'launch meeting' & you get the choice to 'Join from your Browser'.

From the TLS newsletter: Mike Malone wrote a blog post about using short-lived certificates to avoid having to deal with revocation. buff.ly/3Jn8QUg

When can two TCP sockets share a local address? blog.cloudflare.com/the-quan… @jkbs0 did a cool investigation on when bind-before-connect can reuse local port occupied by connect() and vice-versa. The results will shock you! :)

📢Our work on automated discovery of memory safety vulnerabilities in DL frameworks has been accepted at @USENIXSecurity 2023! Jointly with @neochristou @di_jin42 @Vatlidak @baishakhir | arxiv.org/abs/2209.14921 | gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎🤘💣#ivysyn #brownssl #usesec23

Really excited to see Google doing OHTTP with Fastly. My sources tell me it only took Fastly 45 minutes to build this. Amazing! Awesome to see this technology being used in the wild. Next up, OHTTP for DNS. developer.chrome.com/blog/ob…

I'm very excited about the types of things OHTTP infrastructure will enable, so it's great to see it deployed in practice. e.g., I could imagine collecting signals of page breakage from tracking protection.

Google Chrome - Partnering with Fastly—Oblivious HTTP relay for FLEDGE 𝑘-anonymity server developer.chrome.com/blog/ob…

MVP?

Windows 98 Setup

Let’s move the web PKI forward - together. chromium.org/Home/chromium-s…

Lemmings (1991)

That brings up the question of what should be revoked? For ages, I have been saying revocation reasons don't make sense in the WebPKI. Well Mozilla agreed and has worked on defining those reasons better blog.mozilla.org/security/20…

Well this is not awesome. @Raspberry_Pi Camera v3 produces RF EMI on the GPS L1 frequency when enabled. Enough to make a GPS receiver maybe 20cm away from the camera cable drop lock. Camera v2 doesn't do this.