Aug 12, 2022
give mari a pet rock you coward
Mari: Mewo's baby brother, Wemo!
seen from United States
seen from Latvia
seen from Malaysia
seen from United States
seen from Netherlands
seen from Ireland
seen from T1
seen from China
seen from Singapore
seen from China
seen from Malaysia
seen from China
seen from Netherlands
seen from Italy
seen from United States
seen from Türkiye
seen from Malaysia
seen from China
seen from Macao SAR China
seen from Malaysia
give mari a pet rock you coward
Mari: Mewo's baby brother, Wemo!
Check out the new review on the gosund wifi smartplugs with "how to setup"
My attempt at getting back to my emo roots resulting in my tights cutting into the back of my heel bc I thought socks weren't necessary and lots of pain 👌✌👍
gives kris jr a blanket for if they are ever a lil eepy
wemo PETTA は実用性はともかく微妙にカワイイ
オッサンなのでカワイイとかファンシーとかようわからんのですが、最近このwemo PETTAというやつを見かけて、あまりに間が抜けた見た目に感銘を受けて衝動買いした。 貼って剥がせるメモというか、ようするに紙ではなくシリコンゴムの付箋で、ボールペンで書いて消せるという触れ込みなのだが、今どき主流の低粘度油性ボールペンは跡が残るから使えないとか24時間以内にすぐ消せとかいろいろうるさくて、実用性という意味ではいろいろ疑問は残るのである(私が愛用するウェットニーはいいらしい)。残るのだが、ブタや他の穏当な動物はともかく、このタコがねえ。なんで突然タコなの?…
https://bit.ly/3Op1x2F - 🔎 Sternum recently reverse-engineered the Wemo Mini Smart Plug V2, a popular device aiding users in remote control of electric devices. A buffer overflow vulnerability, coined as the 'FriendlyName', was discovered which could potentially be used for remote command injection. #Wemo #SmartPlug #CyberSecurity 🔧 Gaining firmware access to the device was a challenge, but through booting into recovery mode and changing the root password, Sternum gained system access. Various tools were then uploaded to the device for debugging purposes. #Firmware #Debugging 🐞 The 'FriendlyName' vulnerability was pinpointed after bypassing app restrictions and identifying the processes handling this variable. However, uncovering the exact source of heap metadata corruption required more in-depth analysis. #Vulnerability #HeapCorruption 🎯 The breaking point was identified via a gdb script tracking down the bug causing heap corruption. Observing the $pc pointer's behaviour during an overflow incident shed light on the potential exploitation of the vulnerability. #Exploit #ROPchains 💻 Sternum exploited the vulnerability using a binary exploitation technique known as ROP chains. Despite limitations due to the Wemo_ctrl loading address and the 80-byte payload size, a successful command injection was achieved through the snprintf() function. #BinaryExploitation #CommandInjection 📬 Sternum disclosed the vulnerability to Belkin via Bugcrowd on January 9th, 2023. However, Belkin responded stating that the device is at the end of its life and will not address the vulnerability. This leaves a potential attack vector open via the Wemo infrastructure. #Disclosure #SecurityAdvisory ⚠️ Users are advised to exercise caution when using Wemo Mini Smart Plug V2 due to the unaddressed 'FriendlyName' vulnerability.