But if it's invisible, that's when everything becomes interesting. They use AES-GCM-SIV to encrypt the device name in the MDNS service record. The key for that is derived from that same QR code key, also with HKDF, but with "encryptionKey" instead of "advertisingContext" for the "info" parameter […]
Original post on mastodon.social
mastodon.social
August 5, 2025 at 9:26 PM
But if it's invisible, that's when everything becomes interesting. They use AES-GCM-SIV to encrypt the device name in the MDNS service record. The key for that is derived from that same QR code key, also with HKDF, but with "encryptionKey" instead of "advertisingContext" for the "info" parameter […]
January 11, 2025 at 10:10 AM
ID: CVE-2024-39888
CVSS V4.0: HIGH
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in...
#security #infosec #cve-alert
CVSS V4.0: HIGH
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in...
#security #infosec #cve-alert
nvd.nist.gov
July 9, 2024 at 12:18 PM
ID: CVE-2024-39888
CVSS V4.0: HIGH
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in...
#security #infosec #cve-alert
CVSS V4.0: HIGH
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in...
#security #infosec #cve-alert
Ransomware scum who hit Indonesian government apologizes, hands over encryption key
https://www.theregister.com/2024/07/04/hackers_of_indonesian_government_apologize/
##Infosec ##Security ##Cybersecurity ##CeptBiro ##Ransomware ##IndonesianGovernment ##EncryptionKey
https://www.theregister.com/2024/07/04/hackers_of_indonesian_government_apologize/
##Infosec ##Security ##Cybersecurity ##CeptBiro ##Ransomware ##IndonesianGovernment ##EncryptionKey
Hackers of Indonesian government apologize and give key
Brain Cipher was never getting the $8 million it demanded anyway
www.theregister.com
July 4, 2024 at 12:43 PM
Ransomware scum who hit Indonesian government apologizes, hands over encryption key
https://www.theregister.com/2024/07/04/hackers_of_indonesian_government_apologize/
##Infosec ##Security ##Cybersecurity ##CeptBiro ##Ransomware ##IndonesianGovernment ##EncryptionKey
https://www.theregister.com/2024/07/04/hackers_of_indonesian_government_apologize/
##Infosec ##Security ##Cybersecurity ##CeptBiro ##Ransomware ##IndonesianGovernment ##EncryptionKey