We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: 2024-08-10 12:00 - 13:45
Where: W303 – Third Floor – LVCC West Hall

BusKill is presenting at DEF CON 32

via @Goldfishlaser@lemmy.ml

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: Sat Aug 10 12PM – 1:45PM
Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

1. a usb-a extension cord,
2. a usb hard drive capable of being attached to a carabiner,
3. a carabiner,
4. the plastic pieces in this file,
5. a usb female port,
6. a usb male,
7. 4 magnets,
8. 4 pogo pins,
9. 4 pogo receptors,
10. wire,
11. 8 screws,
12. and BusKill software.

Golden DIY BusKill Print

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

• ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 | 236),
• Hacker Kareoke (Friday and Sat 20:00-21:00 | 222),
• Goth Night (Friday: 21:00 – 02:00 | 322-324),
• QueerCon Mixer (Saturday: 16:00-18:00 | Chillout 2),
• EFF Trivia (Saturday: 17:30-21:30 | 307-308), and
• Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 | 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

Come to my presentation @ DEF CON for some free BusKill swag

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

Today, May 15, 2024, BreachForums, a notorious hub for cybercriminal activities, was taken down by the FBI and DOJ, with help from several international law enforcement agencies. While this is a big win for law enforcement, the real buzz is about the bold statement made by the threat actor known as USDoD. He’s promised to bring the forum back and keep the community alive.

I tried using standard notes, but it doesn't work with Tor on the safest settings, which defeats the purpose for me. It seems to me like the entire Proton suite at this point is targeting privacy normies for the most part. Really wondering whether Proton is going to copy Google and Microsoft completely and acquire other projects to build a productivtiy suite with office tools and video chat.

I've been trying to find some options for a separate project I have which needs to accept Monero. I found some open source projects, but this one seems to be easiest.

I'm putting together a spreadsheet that lists out different web hosting providers that accept crypto in some form or another. Additionally, it contains information on each of the providers, server locations, AUP, and other information that may be useful when choosing a provider.

It is a WIP, so I will be updating this on the go. Other criteria that will be added is located in the previous lemmy post https://lemmy.kikuri.moe/post/13.

I'm open to feedback and other recommendations that we could add to the spreadsheet.

DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes.

In late January, the Bureau of Industry and Security of the US Department of Commerce published a formal proposal for a new KYC (Know Your Customer) rule regulating infrastructure as a service (IaaS) products, i.e., cloud infrastructure providers.

The KYC component in question here is the Customer Identification Program (CIP), among other requirements related to IaaS.

In the notice, which also calls for comments to be submitted by the end of April, the government agency cites the January 2021 Cyber Executive Order on “Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” and claims that a proposal is “a significant step” toward implementing it.

This order was issued by the Trump administration; but in the fall of last year, Biden’s White House issued its AI Executive Order that reports said requires foreign resellers of US IaaS services “to undertake almost identical KYC activities to those proposed in the Cyber Executive in relation to US providers.”

The department claims that the proposed rule was prompted by the desire to advance US national security interests, specifically targeting malicious foreign actors and hackers that cause damage either to critical infrastructure or said national interests.

If adopted, the rule would require US IaaS providers and those reselling their services abroad to “verify the identity of their foreign customers” and report to the department if those products are used to train large AI language models.

The minimum identification requirements include name, address, means and source of payment, email address, phone number, and IP address of a customer.

US IaaS providers who are found to violate the rule will face civil (money fines) and criminal penalties envisaged in the International Emergency Economic Powers Act – either a quarter of a million dollars or twice the value of a violating transaction, whichever is higher, while criminal consequences range from a fine of up to one million to 20 years in prison – or both.

The US government claims that US-run cloud servers are being used by malicious foreign actors for espionage, intellectual property theft, and targeting of critical infrastructure, and uses this argument to justify drafting the upcoming new rule.

It also complains that temporary registration “and ease of replacement for such services” makes it difficult for the government to track its targets.

And because currently, foreign resellers are not under obligation to track identity – US law enforcement finds it difficult to “obtain identifying information about malicious actors through service of compulsory legal process.”

Visa – one of the world’s two biggest payments processors – appears to be moving into biometric data-based authentication, at least according to a patent it has applied for. And Visa claims that this would be fully privacy-friendly.

Visa is in this way joining Mastercard, but also Microsoft and Google, who are all exploring ultimately similar methods, for the sake of what they say is preventing physical data theft, and abuse of deepfakes.

And Google’s, Apple’s and Samsung’s payment services already provide the so-called seamless payment experience – while Amazon app’s Just Walk Out replaces checkout with what’s said to be “a similar experience” to what Visa plans to achieve.

If Visa’s patent – designed, according to the giant’s filing, to provide “biometric templates for privacy preserving authentication” – is approved and implemented, the end result would be replacement of PINs with biometric identification.

The method would be used at ATMs, payment checkouts, and Visa made sure to note that the technology’s use can be extended to unlocking apartments or letting people into venues like theaters, amusement parks, etc.

These latter, non-payment scenarios would allow Visa to monetize the patent via licensing to other companies.

The rationale for using such a system is said to be to improve security of user information in physical spaces.

The patent states that the system would work by customers enrolling into the program which means creating “a biometric template” on their device.

This data is encrypted and signed, and that signature, rather than the biometric information, is used by “access device” to verify the signature.

This, Visa said in the filing, is what preserves privacy, since the templates are stored on the user device rather than “in some giant database.”

This appears to be the key point the company is trying to make with the proposed patent, and was careful to stress that security breaching of such databases results in “disastrous” consequences.

That’s because the use of biometrics is at once safer than that of PINs and passwords, but also much riskier, given that unauthorized access provides those behind a hack to a large amount of personal information.

New documents pull back the curtain on the federal government's shocking push for mass financial surveillance that reportedly targeted millions of Americans.

cross-posted from: https://lemmy.kikuri.moe/post/16

Keeping the data on your devices safe is a crucial part of practicing good digital hygiene and operational security, including keeping your data private from threat actors and ensuring data integrity. In times like these, if you want your data to remain private and secure, you will have to take additional steps to securing your data. Luckily, encryption tools like VeraCrypt make this process easy and mostly painless.

Ruling states that under Charter, there is 'reasonable expectation of privacy' associated with IP addresses