Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Matthew Green (matthew_d_green@ioc.exchange)'s status on Friday, 09-Aug-2024 23:42:51 JST Matthew Green

It’s been a while since we had a good 512-bit RSA key controlling anything important, and I’m here for it. https://arstechnica.com/security/2024/08/home-energy-system-gives-researcher-control-of-virtual-power-plant
In conversation about 3 months ago from ioc.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  
  512-bit RSA key in home energy system gives control of “virtual power plant”
  
  It took $70 and 24 hours for Ryan Castellucci to gain access to 200 MW of capacity.
- Embed this notice
  Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 09-Aug-2024 23:44:21 JST Ryan Castellucci :nonbinary_flag:
  in reply to
  - Filippo Valsorda :go:
  - Jonathan Yu
  @matthew_d_green @jawnsy @filippo I'm absolutely going to use this as leverage to get OpenSSL to drop 512 bit RSA if need be, but they seemed receptive to my PR over the weekend even without this.
  
  In conversation about 3 months ago permalink
- Embed this notice
  Matthew Green (matthew_d_green@ioc.exchange)'s status on Friday, 09-Aug-2024 23:44:22 JST Matthew Green
  in reply to
  - Filippo Valsorda :go:
  - Jonathan Yu
  @jawnsy @filippo Fortunately there will always be C.
  
  In conversation about 3 months ago permalink
- Embed this notice
  Matthew Green (matthew_d_green@ioc.exchange)'s status on Friday, 09-Aug-2024 23:44:22 JST Matthew Green
  in reply to
  - Filippo Valsorda :go:
  - Jonathan Yu
  @jawnsy @filippo And Java!
  
  In conversation about 3 months ago permalink
- Embed this notice
  Jonathan Yu (jawnsy@mastodon.social)'s status on Friday, 09-Aug-2024 23:44:23 JST Jonathan Yu
  in reply to
  - Filippo Valsorda :go:
  @matthew_d_green And @filippo is trying to ruin the fun in Go by preventing use of these small keys 😤
  https://github.com/golang/go/issues/68762
  
  In conversation about 3 months ago permalink
- Embed this notice
  Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 09-Aug-2024 23:45:52 JST Ryan Castellucci :nonbinary_flag:
  in reply to
  - Filippo Valsorda :go:
  - Jonathan Yu
  @matthew_d_green @jawnsy @filippo oh gods, I don't want to talk to Oracle about this, someone else please take point on that one
  
  In conversation about 3 months ago permalink
- Embed this notice
  Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 09-Aug-2024 23:49:41 JST Ryan Castellucci :nonbinary_flag:
  in reply to
  - Filippo Valsorda :go:
  - Jonathan Yu
  @filippo @matthew_d_green @jawnsy amazing 🤩
  
  In conversation about 3 months ago permalink
- Embed this notice
  Filippo Valsorda :go: (filippo@abyssdomain.expert)'s status on Friday, 09-Aug-2024 23:49:42 JST Filippo Valsorda :go:
  in reply to
  - Ryan Castellucci :nonbinary_flag:
  - Jonathan Yu
  @ryanc @matthew_d_green @jawnsy the appropriate person was paged to the courtesy phone
  
  In conversation about 3 months ago permalink
- Embed this notice
  Jonathan Yu (jawnsy@mastodon.social)'s status on Saturday, 10-Aug-2024 00:15:50 JST Jonathan Yu
  in reply to
  - Filippo Valsorda :go:
  - Ryan Castellucci :nonbinary_flag:
  @ryanc @matthew_d_green @filippo Joking aside, thank you to y'all and everyone else working tirelessly to remove some of the footguns from this stuff. Things have gotten much better in security - there's always more to be done, but I think it's also nice to recognize that the industry has come a long way. HTTPS everywhere, short-lived keys, memory-safe languages. All thanks to people like you!
  
  In conversation about 3 months ago permalink

Public

Conversation

Notices

Feeds