Pen Test Partners<p>🔧 Right to repair, but not to fix security?</p><p>Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch.</p><p>On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing passwords, Secure Boot, and more.</p><p>We flagged this to Framework. Their response?<br>"It's a feature..."</p><p>That’s risky. This reset might help with recovery, but it also hands an attacker physical access to critical settings.</p><p>Kieran explains the issue, what this means for security, and how to protect your device.</p><p>📌Read here: <a href="https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/framework-13-press-here-to-pwn/</span></a></p><p><a href="https://infosec.exchange/tags/RightToRepair" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RightToRepair</span></a> <a href="https://infosec.exchange/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a> <a href="https://infosec.exchange/tags/FrameworkLaptop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FrameworkLaptop</span></a> <a href="https://infosec.exchange/tags/BIOSReset" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BIOSReset</span></a> <a href="https://infosec.exchange/tags/SecurityByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityByDesign</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
243active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#hardwaresecurity
3 posts · 3 participants · 1 post today
David Chisnall (*Now with 50% more sarcasm!*)<p>The <span class="h-card" translate="no"><a href="https://infosec.exchange/@cheri_alliance" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cheri_alliance</span></a></span> has around a thousand followers on LinkedIn and just joined the Fediverse today. Let’s see how quickly we can get them to more than that here!</p><p><a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CHERI</span></a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.exchange/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a> <a href="https://infosec.exchange/tags/FollowFriday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FollowFriday</span></a></p>
CHERI Alliance<p>👋 Hey infosec.exchange! We’re the CHERI Alliance — excited to join the community!</p><p>🔐 We’re all about CHERI (Capability Hardware Enhanced RISC Instructions) — a powerful hardware-based approach to making memory safety and software security actually enforceable, by design.</p><p>💡 CHERI helps stop things like buffer overflows and use-after-free bugs before they cause trouble — with hardware-enforced protections built right into the architecture.</p><p>We’re here to:<br>- Share news about the CHERI community in general<br>- Talk about what our members are building with CHERI<br>- Connect with folks who care about deep, meaningful security improvements<br>Check us out 👉 cherialliance.org</p><p>Give us a follow if this sounds like your kind of thing!</p><p><a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CHERI</span></a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.exchange/tags/SecureByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureByDesign</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a></p>
Seth G.<p>Has anyone done a proper <a href="https://chaos.social/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a> analysis on the <a href="https://chaos.social/tags/Fairphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fairphone</span></a> yet? I know <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> has said, "it doesn't meet their requirements" (fair enough), but what about for the OEM-installed <a href="https://chaos.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> ROM?</p><p><a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://chaos.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a></p>
Privacy Guides<p>Always remember, when it comes to hardware security keys: Two is one, one is none.</p><p>Our latest article covers the setup process for two YubiKeys (from Yubico's YubiKey 4 or 5 series) to keep your online accounts safe and secure 🔒 + it goes through resetting your existing keys to a blank slate, and the reasons you might want to do so!</p><p><a href="https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/03/06/yubikey-reset-and-backup/</span></a></p><p><a href="https://mastodon.neat.computer/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a> <a href="https://mastodon.neat.computer/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a> <a href="https://mastodon.neat.computer/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.neat.computer/tags/Yubico" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubico</span></a> <a href="https://mastodon.neat.computer/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.neat.computer/tags/PrivacyGuides" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivacyGuides</span></a> <a href="https://mastodon.neat.computer/tags/Article" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Article</span></a></p>
Chris Gammell<p>I chatted with the embedded team at Raspberry Pi about the <a href="https://chaos.social/tags/RP2350" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RP2350</span></a> on The Amp Hour. It's an amazing "dual dual-core" part that is finding its way into many products. We chatted <a href="https://chaos.social/tags/hardwaresecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardwaresecurity</span></a> and <a href="https://chaos.social/tags/lowpower" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lowpower</span></a>, as those were key enhancements over the <a href="https://chaos.social/tags/RP2040" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RP2040</span></a>. </p><p><a href="https://theamphour.com/687-the-rp2350-with-the-raspberry-pi-team/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">theamphour.com/687-the-rp2350-</span><span class="invisible">with-the-raspberry-pi-team/</span></a></p>
⚜ Ån̶t̶hiǝ¯₣ab̷r̷ε ⚜ ☮️<p>RT @helpnetsecurity@twitter.com</p><p>USB armory Mk II: A secure computer on a USB stick featuring open source hardware design - <a href="https://www.helpnetsecurity.com/2020/02/05/usb-armory-mk-ii/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2020/02/05</span><span class="invisible">/usb-armory-mk-ii/</span></a> - @FSecure@twitter.com <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> @AndreaBarisani@twitter.com <a href="https://mastodon.social/tags/securitynews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitynews</span></a> <a href="https://mastodon.social/tags/hardwaresecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardwaresecurity</span></a> <a href="https://mastodon.social/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p><p>🐦🔗: <a href="https://twitter.com/helpnetsecurity/status/1224996246445862912" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/helpnetsecurity/st</span><span class="invisible">atus/1224996246445862912</span></a></p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload