Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fluffytail.org/objects/fffc10c8-186c-409c-85f5-454b3d6d551f">Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:54:40 JST</a><a href="https://fluffytail.org/users/phnt" title="phnt@fluffytail.org"><img src="https://gnusocial.jp/avatar/158739-48-20230808204705.webp" width="48" height="48" alt="Phantasm" style="position: absolute; left: 0; top: 0;">Phantasm</a><div><a href="https://majestic12.airforce/objects/8934859f-bd75-4b92-9f7f-e851adc73dfa" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/100757" title="dcc@annihilation.social">✙ dcc :pedomustdie: :phear_slackware:</a></li><li><a href="https://gnusocial.jp/user/158199" title="sysrq@lab.nyanide.com">tsoifan1997</a></li><li><a href="https://gnusocial.jp/user/256293" title="ins0mniak@majestic12.airforce">ins0mniak</a></li><li><a href="https://gnusocial.jp/user/284087" title="nyanide@lab.nyanide.com">nyanide :nyancat_rainbow::nyancat_body::nyancat_face:</a></li></ul></div></section><article><a href="https://majestic12.airforce/users/ins0mniak">@ins0mniak</a> <a href="https://annihilation.social/users/dcc">@dcc</a> <a href="https://lab.nyanide.com/users/nyanide">@nyanide</a> <a href="https://lab.nyanide.com/users/sysrq">@sysrq</a> <a href="https://p.mr64.net/users/mr64bit">@mr64bit</a> IoT is a goldmine of security vulns. It almost seems impossible to someone that hasn't dabbled in it. Like UART root shells, hard-coded passwords across multiple products, weak custom encryption and raw HTTP traffic are basically the norm to this day. Especially on products from Asia.<br><br>To this day basically no sysadmin updates firmware for most of the embedded devices on network. The Hollywood camera stuff presented at Blackhat a decade ago still mostly holds true. It's ridiculous.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4473694#notice-8759506">In conversation</a><time datetime="2025-01-30T07:54:40+09:00" title="Thursday, 30-Jan-2025 07:54:40 JST">about 2 months ago</time> <span>from <span><a href="https://fluffytail.org/objects/fffc10c8-186c-409c-85f5-454b3d6d551f" rel="external" title="Sent from fluffytail.org via ActivityPub">fluffytail.org</a></span></span><a href="https://fluffytail.org/objects/fffc10c8-186c-409c-85f5-454b3d6d551f">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:54:40 JSTPhantasm
in reply to
@ins0mniak @dcc @nyanide @sysrq @mr64bit IoT is a goldmine of security vulns. It almost seems impossible to someone that hasn't dabbled in it. Like UART root shells, hard-coded passwords across multiple products, weak custom encryption and raw HTTP traffic are basically the norm to this day. Especially on products from Asia.

To this day basically no sysadmin updates firmware for most of the embedded devices on network. The Hollywood camera stuff presented at Blackhat a decade ago still mostly holds true. It's ridiculous.
In conversation2 months ago from fluffytail.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice