DJI drone firmware exposes private keys on Github for years

November 17, 2017 ~ hucktech ~ Leave a comment

Welp… here it is. The @djiglobal @djienterprise AWS key leak writeup & why I walked away from $30,000 bounty loot. https://t.co/GiRp52IJKO pic.twitter.com/Z5nCMLcoJW

— KF (@d0tslash) November 16, 2017

As reported by the Register, security researcher Kevin Finisterre discovered the Chinese firm had left the private keys of the DJI HTTPS domain on GitHub, exposed for all to see for roughly four years. To make matters worse, DJI had also made AWS credentials and firmware AES keys available for anyone to search for through the GitHub repository.[…]Earlier this year the US Army issued a blanket ban on the use of DJI products by its personnel. It gave no reason for doing so, other than unspecified “cyber vulnerabilities,” and was rapidly followed in doing so by the Australian military. Several British police forces also use DJI drones for operations, in place of helicopters.[…]

https://www.theregister.co.uk/2017/11/16/dji_private_keys_left_github/

http://www.zdnet.com/article/bug-bounty-hunter-reveals-dji-ssl-firmware-keys-have-been-public-for-years/

Click to access WhyIWalkedFrom3k.pdf

Tianocore transitioned to Github

February 3, 2016 ~ hucktech ~ Leave a comment

Jordan Justen of Intel announced the transition of the Tianocore EDK2 project from Sourceforge to Github. Transition began Friday February 2nd and is apparently now complete. It is a big deal when a large codebase moved to another version control system… excerpting Jordan’s status message:
And, for months, quite a few people at Intel have been working behind the scenes to get everything ready for the transition. Thanks!

Merry EDK II Git Day!

More information:
https://github.com/tianocore/tianocore.github.io/wiki/Transition-to-GitHub
https://lists.01.org/mailman/listinfo/edk2-devel

Note there is also an #edk2 channel on OTFC, http://www.oftc.net/

Tianocore moving to Github

December 4, 2015 ~ hucktech ~ Leave a comment

https://twitter.com/Intel_UEFI/status/672556665288327168

“This message is to notify you that near the end of January 2016 the active repository for EDK2 development will switch from using SourceForge to GitHub. The repository found at SourceForge will continue to be a read-only mirror of the master branch on GitHub. […] As part of this change a number of process changes will be adopted to support better use of git. This includes the method for sending out patches for review and other minor changes. […] “

Full article:

http://www.tianocore.org/news/2015/12/03/Git_Transition.html