Ryan Castellucci’s blog - posts on computer security, programming, systems administration, electronics and general geekery| rya.nc
Last week, a backdoor was discovered in xz-utils. The backdoor processes commands sent using RSA public keys as a covert channel. In order to prevent anyone else from using the backdoor, the threat actor implemented a cryptographic signature check on the payload. I have seen a number of people claim that this would necessarily result in an obviously invalid RSA public key, or at least one with no corresponding private key. This is incorrect, and someone nerd sniped me into proving it.| rya.nc
Kemi made her plan clear — anywhere offering “self-id” was going to be purged from the approved list. A statutory instrument to do that was introduced 6th December 2023. It was approved yesterday, 18th March 2024. The changes are extensive — twenty-five US states (plus Washington, DC), four Australian territories, and twenty-five entire countries have been cut.| rya.nc
The UK's “Minister for Women and Equality”, Kemi Badenoch, who openly espouses hate for LGBTQ+ people, has said that many of these countries and territories no longer meet British standards.…| rya.nc
I recently had solar panels and a battery storage system from GivEnergy installed at my house. A major selling point for me was that they have a local network API which can be used to monitor and…| rya.nc
I remember attending Dan Kaminsky’s talk at DEFCON 12 and being blown away by it. Three years later, I went on the original “Hackers on a Plane” trip and ended up seated next to Dan on one of…| rya.nc
In the early 90s, when I was in elementary school, I got assigned to write a report on a topic of my choosing. I decided to write about computer viruses. There weren’t many books at the time I…| rya.nc
If you’re like most people, there’s a good chance that it’s been years since you’ve sent an email that wasn’t cryptographically signed. You don’t use PGP, you say? Well, even if you are…| rya.nc
Sometimes hacking requires doing things that, while possible to do with some algorithm, simply aren’t supported by any existing implementation. Usually for good reason. A good example of this…| rya.nc
It recently came to my attention that John McAfee has been advertising a cryptocurrency hardware wallet from a company called Bitfi, with the claim that it is “unhackable”. There’s even a…| rya.nc
At DEFCON 22, Dan Kaminsky and I talked a little bit about something I built which he dubbed “Storybits”. Storybits can reversibly transform short strings of binary data into a series of words…| rya.nc