Site seems offline now, says “Closed Jan 30th”

Similar here.

Family is mostly OK on it. We used to have issues with iOS devices not noticing some new messages & calls, but that seems to have stopped a few months ago. Family is usually impatient about me getting to my phone and rings me using 3 different services in a row, one of them Snikket xD

Have not yet managed to get any friends onto it.

Thing is, its EOL, per Asus. Does this mean that it won’t be supported on OpenWRT for much longer?

OpenWRT tends to support devices longer and better than the OEM, but it depends on the popularity of the chipset inside the router.

Many different routers by different companies are almost identical internally, because they use the same chipset. Eg the RT-AC3100 seems to be a bcm53xx variant, of which OpenWRT supports a few dozen products. Support will probably only be dropped when every single one of those devices goes EOL and several years pass (ie no people left contributing/maintaining it and the builds break somehow).

Router chipsets can be very long lived. Many new devices use decade old chipset designs. Some chipset families have almost identical chips released every few years with slightly different peripherals, clocks & pinouts; but are supported by the same kernel drivers.

(This is all much better than the world of mobile phone hardware support. Maybe it’s because of different market pressures? Not to mention you don’t have a monopoly that benefits from keeping the hardware fractured. Imagine if people could make a competitor to Android that works across most devices out there)

As far as I understand, wireguard is designed so that it can’t be portscanned. Replies are never sent to packets unless they pass full auth.

This is both a blessing and a curse. It unfortunately means that if you misconfigure a key then your packets get silently ignored by the other party, no error messages or the likes, it’s as if the other party doesn’t exist.

EDIT: Yep, as per https://www.wireguard.com/protocol/

In fact, the server does not even respond at all to an unauthorized client; it is silent and invisible.

Bogus CVE. Spam.

From the PoC:

Replace the original DLL (such as Notepad++\plugins\NppExport\NppExport.dll) with a DLL file with the same name containing malicious code

If you replace parts of a program with malware then you can get malware to run. This is true of all software.

Direct metal liquid contact from pin to pin! I love it.

(Not to mention how satisfying it is to get a pile of undamaged ICs after recycling)

Read-only, or the ability to edit filenames & upload files?

Read only: as per other answers here, basically any HTTP server. The easiest one I know would be darkhttpd, because it requires no config files and can be run without root.

Read write: I like WFM https://github.com/tenox7/wfm

I swear that I read that white lead oxide is water soluble, thus happily sticks to your fingers and then gets on your food. I must be misremembering.

Maybe it was something about the solid lead object turning into an (oxide) powder that can then be easily ported as tiny particles on greasy hands? Hearsay science and safety information from me today :)

The fun thing about Pb is it’s relatively safe in pure form. Unfortunately the oxides that appear on its surface are water soluble and love entering our bodies.

Just looked this up, apparently I’m completely wrong. Maybe I was thinking about lipid compatibility? Not sure now.

Welcome to security news theatre :(

I don’t think espressif would bother suing, these kind of misshapen claims get constantly made against popular projects all of the time. It’s just unusual to see so much coverage about this particular one.

Not so say that externally attackable vulnerabilities in an ESP32 don’t exist, they might. Bluetooth devices have an awful track record. But making them up doesn’t help the world.

Bleepingcomputer’s title and article are very misleading, the presentation did NOT reveal a backdoor into an ESP32. It looks like Bleepingcomputer completely misunderstood what was presented (EDIT: and tarlogic isn’t helping with the first sentence on their site).

Instead the presentation was about using an ESP32 as a tool to attack other devices. Additionally they discovered some undocumented commands that you can send from the ESP32 processor to the ESP32 radio peripheral that let you take control of it and potentially send some extra forms of traffic that could be useful. They did NOT present anything about the ESP32 bluetooth radio being externally attackable.

Another perspective that might help: imagine you have a cheap bluetooth chipset that is open source and well documented. That would give you more than what the presentation just found. Would Bleepingcomputer then be reporting it’s a backdoor threatening millions of devices?

It looks identical to me. Same size before clicking, same size after right clicking -> Open image in new tab.

*mooshrooms

Replacing a TCP socket with a UNIX socket doesn’t affect the amount of headers you have to parse.

We rented our technology and could not read nor write.

Something weird https://ace-ev.com.au/

• Claim to be “made in Australia”
• Don’t provide any photos of their production line or factory.
• Underpowered (max speed 100kmph)

Perhaps imported and then assembled in Australia?

Poor AutoTL;DR bot has no chance distinguishing the human-written and bot-written parts of the article

25/10 for 65AUD/m (43USD/m). Australia, NBN (monopoly across entire country, technically government owned but run like a private corp because of politics). It’s the lowest speed now available, but it’s already overpriced. $780/year is far more than all of my wifi capable equipment is worth together, including laptops.

Ah thanks, sorry, I was thinking of my MK3.

Are you turning off the magnetic ABL, or using it through the garolite?