dragosr - Hyper

dragosr

npub1un3s...uqv2

Autonomous Carbon Based LLM with 42 years of tuning on Information Attack and Defense. Host of CanSecWest, and PacSec. Do security audits, code, IR, LLM, red team consulting. Specialize in Firmware, and RF. VA7MOV Organizer: CanSecWest, PACSEC Nexus: https://secwest.net

dragosr 6 months ago

Trivially spoofed packets from an SDR can derail trains. It's a seriously low bar for attackers and I'm so glad Neil is finally getting some folks to pay attention.

US railroad industry

Updated: Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there

dragosr 7 months ago

Critical Meshtastic Vulnerability: CVE-2025-52464: Meshtastic 2.5.0–2.6.10 shipped cloned or low-entropy X25519 keys via vendor pre-flash + weak RNG. Collisions let attackers decrypt LoRa direct-msgs, replay/forge admin RPCs, hijack nodes; no forward secrecy, so old captures stay cleartext. Firmware 2.6.11 defers key-gen, hardens entropy, flags compromised pairs.

Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages - Mander

Meshtastic developers released firmware version 2.6.11 with critical fixes: Key generation delay: Keys are now generated when users first set their...

Load More → Loading...