Uwe Hermann @uwehermann@fosstodon.org

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

https://sha-mbles.github.io/

I decided to start the new year with some PCB Layout. Can you tell what it is? I am not sure if it is a good or a bad thing if you can recognize the footprint, but you are definitely in good company I recognize them pretty much instantly on other boards. :)

Visualising the amount of microplastic we eat https://graphics.reuters.com/ENVIRONMENT-PLASTIC/0100B4TF2MQ/index.html

Microphones are vulnerable to laser attack - https://lightcommands.com/
Smarter Every Day demonstrates controlling devices via laser, even through a window. https://www.youtube.com/watch?v=ozIKwGt38LQ

Setup is summarized at https://osmocom.org/projects/retro-bbs/wiki/36C3 - feel free to connect yourself with analog or ISDN lines to the patch panel (its labelled) in my absence.

#libsigrok 0.5.2 is released!

Roughly 40 or so additional devices (or whole device series) supported, improved USB HID support via HIDAPI, Bluetooth/BLE support (Linux-only for now, via BlueZ), and tons of improvements and bugfixes.

https://www.sigrok.org/blog/libsigrok-052-released

#sigrok

#fossmendations wanted! I'm looking for video editing software for Linux. Does anyone have experience with this?

"Zuckerberg won't speak to the Guardian, so they built a bot trained on hundreds of thousands of his words and interviewed that instead. The result is golden." https://www.theguardian.com/technology/2019/dec/22/zuckerbot-mark-zuckerberg-facebook-botnik

(RT @allytibbitt@twitter.com)

@uint8_t "because of decisions made in the 1930s", HDMI and EDID are worse than you can imagine: https://mjg59.dreamwidth.org/8705.html

#libsigrok now supports the MASTECH MS6514 2-channel, USB-based thermometer.

It supports K,J,T,E,R,S,N thermocouple types.

Full teardown and protocol docs available in the wiki.

#sigrok

https://www.sigrok.org/blog/mastech-ms6514-support

#libsigrok recently gained #Bluetooth and #BLE support.

Currently only a #BlueZ based, (#Linux only) backend is implemented. Contributions for other OSes welcome!

Supported devices so far: #EEVBlog 121GW, #Mooshimeter, some DMMs with Bluetooth cables.

#sigrok

https://www.sigrok.org/blog/bluetooth-and-ble-support-libsigrok

#libsigrokdecode 0.5.3 is released!

New decoders: lin, x2444m, ds2408, cc1101, enc28j60, pca9571, seven_segment, amulet_ascii, tdm_audio, signature, nes_gamepad, flexray, ir_rc6, ieee488, hdcp.

Total PDs supported in this release: 109.

#sigrok

https://www.sigrok.org/blog/libsigrokdecode-053-released

#libsigrokdecode now supports the #HDCP protocol decoder (stacked on i2c).

#sigrok #hdmi

https://www.sigrok.org/blog/new-protocol-decoder-hdcp

Do not use the Android clipboard for passwords, logins, card numbers, or any kind of sensitive data.

With Android, the clipboard can be read anytime by any app. No permission needed. And the app can then send your data to someone else. If you want to see this, fetch the Clip Stack app from Fdroid, it shows you the clipboard history, and lets you access previous content. #android

https://f-droid.org/de/packages/com.catchingnow.tinyclipboardmanager

How to fight back against Google AMP as a web user and a web developer https://markosaric.com/google-amp/

I did a detailed privacy check of the Tiktok app and website. You can read my article æt Süddeutsche Zeitung. Tiktok commits multiple breaches of law, trust, transparency and data protection. Here are the technical and legal details
Long thread⤵️

#libsigrokdecode now supports the seven_segment protocol decoder.

https://www.sigrok.org/blog/new-protocol-decoder-sevensegment

#sigrok