Once again, after tech reclaimers launched officially over the past two weeks with talks at #fedicon and #defcon , I cannot advise you more to watch what @TheBulletin is up to.
They are going to break a lot of NEOs out of the matrix.
We're going to need more landlines.
Burning, man
「 DEF CON attendees appeared to pay little attention to the human rights atrocities committed by CACI while resting their Vegas-priced beverages on a table prominently displaying the company’s backlit logo 」
https://jackpoulson.substack.com/p/when-counterculture-and-empire-merge
Burning, man
「 DEF CON attendees appeared to pay little attention to the human rights atrocities committed by CACI while resting their Vegas-priced beverages on a table prominently displaying the company’s backlit logo 」
https://jackpoulson.substack.com/p/when-counterculture-and-empire-merge
Yet another amazing time at #DEFCON.
Shout out to all the cool people I was able to spend time with.
Thank you to @thegibson for... all the things.
Yet another amazing time at #DEFCON.
Shout out to all the cool people I was able to spend time with.
Thank you to @thegibson for... all the things.
Lots of awesome stuff at #defcon this year, lots to improve too. Feel like I’m aging out, but also excited for its future.
Which brings me to part two, MeshMarauder.
An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.
MeshMarauder will demostrate:
- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages
The scale of meshtastics avoidance of building security into the design is pretty epic.
It allows for the formation of an entire mesh just for MITMing it.
This ONE liner here in the PKI attack means that once a node gets poisoned the key we created is based on the MAC so -anyone- who knows your MAC can read your MITM'd traffic.
When attackers run mesh marauder against the DEFCON 33 firmware they are all working together. Anyone in range can read the MITM'd DMs.
https://github.com/datapartyjs/meshmarauder/blob/channel-chat/src/lorapipe-raw-packet.mjs#L191-L193
So when it's this easy to get a MITM going things like making posts in public chats as anyone you want feels kinda low key.
But I do hope that extended warranty works out, everyone seems pretty concerned about them.
Which brings me to part two, MeshMarauder.
An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.
MeshMarauder will demostrate:
- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages
The Cybertiger lurks during #DEFCON, waiting for his moment to strike with trivia questions! Join EFF for Tech Trivia at the Contest Stage at 19:00 tonight: https://www.eff.org/event/tech-trivia-def-con-33
Shuttle from Tuscany to #defcon with the door closed. I still appreciate this
What I heard about #Defcon always felt weird, but what's currently circulating really are, if true, nails to its coffin. No way I'd attend a "hacker" conference with fucking military people present (on stage no less), or where the main organizer openly supports the US Army without being friendly but decisively stripped of his position and complimented out of the venue.
If this really happened like this that isn't a hacker conference, it's a fucking joke and insult.
https://kolektiva.social/@twintrouble/114995569315542629
A space for Bonfire maintainers and contributors to communicate
