Adding exceptions for certain protocols, IP ranges (maybe multicast, even) are certainly ways around this, but I imagine with every hole you poke to allow something, you are also opening a hole for data to leak.
Client isolation is done at L2. You can't add exceptions for IP ranges / protocols / etc this way because that's up the stack. Even if devices can learn about each other in other ways, isolation gets in the way of direct communication between them.
The paper makes the point that you need to consider L3 in client isolation too - they call this the gateway bouncing attack. If you can hairpin traffic for clients at L3, it doesn't matter what preventions you have at L2
Could this work in something like Proxmox; where you get this installed and configured with some decent hardware specs to the VM, and then just mount your ISO to the VM to experiment with it before deploying a dedicated VM with the unique ISO?
I have to assume this runs the risk of opening the floodgates for potential vulnerabilities to be discovered now. Hopefully they're prepared to start working on a bunch of new bug reports.
Closed-source code isn't that much less secure than open one that I think this is a legitimate worry, especially in this case where the obfuscation doesn't sound like it was effective much
Whether is obfuscated or not. Minecraft java runs most logic in java, and write the save and network handling in parse & validate style instead of serialization/deserialization style. So there isn't much "vulnerabilities" for you though. The game probably isn't best in performance, but there aren't much vulnerabilities either.
Well I mean if you have an external endpoint where users/customers are reporting packet loss or connectivity issues and you have determined that your actual endpoint is not having issues for example, and you believe it to be a network issue somewhere along a route, then you can run this tool from various geolocations in the drop-down. I also like https://mtr.ping.pe/ which runs from a bunch of locations simultaneously
Makes sense to me. Its like a free manual alternative to Thousand Eyes. I like the layout and responsiveness of the site. I especially like the compact view.
Is the plan to keep the site free? All the sites like this I have used throughout the years ultimately end up pay-walled or highly rate limited.
Do this device and the other alternative mentioned (Capibara Zero) have the same level of software support as the Flipper Zero? I imagine the strong community behind the Flipper Zero is a big factor in its ongoing popularity.
Exactly, the flipepr have a enormous community that help, beyond all the people that work for flipper. So in this case is no, the software support is not even remotely comparable
Having a SATA or M2 is something what I would consider definitely better, however software is usually garbage stuck on one specific Linux Kernel and that's the reason why better hardware will never catch on.
Matter specifies that all firmware images must be signed so the device can verify authenticity before installation, ensuring they haven’t been tampered with. Matter further requires mechanisms to prevent unauthorized firmware execution and ensure that firmware can't be downgraded.
Matter states that firmware images “may be encrypted.” This is not a requirement, though encryption is allowed and may add security
This sounds like it only affects OTA updates going through the Matter stack, not an explicit requirement to block serial flashing.
Disclaimer: I haven't tried serial flashing of Shelly/Sonoff Matter-enabled devices myself, just remember some complaints of customers that failed to re-flash such devices.
reply