maltfield @ maltfield @monero.town

I make and sell [BusKill laptop kill cords](https://buskill.in/). Monero is

---

Read more

Posts

38

Comments

36

Joined

2 yr. ago

Why? It defaults to just locking your screen. So you stand-up, the magnetic breakaway cable separates, and then you just have to type your password...

If you're the type of person that would forget to lock your computer before standing up and walking away, then it's exactly what you'd want.

You associate everything that can be bought with cryptocurrency as a scam? It sounds like you haven't even read the post. I spent a lot of time making it easily accessible here on Lemmy. You don't even have to click the link. Just scroll-up and read :)

Yes, it's clearly disclosed in my profile that I am the founder of the BusKill project.

This is a PSA that our sale has started. I've had inquiries from members of our community asking about Black Friday sales.

10% off is barely any discount anyway.

Sorry, we're a very small open-source shop. I’ve paid myself nothing so-far. The price just barely breaks-even for the business.

All of this is explained in-detail in “The Finances” section here.

Prices would drop dramatically if we could do production runs (and actually sell) >10,000 units at a time. Currently we only sell a few cables per month. If you want to help, please tell all your security-conscious friends about BusKill :)

How exactly did you come to the conclusion that this is a scam? We're a fully open-source hardware & software project that's been around for a few years. If you don't want to buy from us, we go out of our way to help users build their own 3D-printed BusKill cables (currently in prototype stage).

• https://www.buskill.in/tag/3d-printing/

Our software is free as in speech and free as in beer under the CC BY-SA and GNU GPL licenses.

• https://github.com/buskill/buskill-app

Hi, this is not spam but a useful PSA that's full of information, not just about the sale.

BusKill is useful for many groups, including human rights defenders, activists, journalists, whistleblowers, etc. You can read more about the use-cases of our community at our documentation here:

• https://docs.buskill.in/buskill-app/en/stable/introduction/what.html#who-uses-buskill

Yes, BusKill works with any USB drive.

• https://github.com/buskill/buskill-app

In fact, the BusKill cable is just a USB Drive. The only thing "fancy" that it has is a magnetic coupler in the middle of the 1-meter cable so that it will breakaway at any angle. But, if you'd like, you can build your own. The instructions are here:

• https://docs.buskill.in/buskill-app/en/stable/hardware_dev/bom.html

It's run by the folks at dys2p.

Besides running ProxyStore in Leipzig, they have published some pretty great articles:

• Random Mosaic – Detecting unauthorized physical access with beans, lentils and colored rice
• Revealing Traces in printouts and scans
• On the security of the Linux disk encryption LUKS

You can follow them on Mastodon here https://chaos.social/@dys2p

Yes BusKill works similarly -- any USB drive can use the BusKill software

• https://github.com/buskill/buskill-app

The BusKill cable is just nice because it includes a magnetic breakaway, so it works when the laptop is snatched-away at any angle. There's actually a ton of anti-forensics software like usbkill and BusKill; we enumerate them all on our documentation's Similar Projects section

• https://docs.buskill.in/buskill-app/en/stable/attribution.html#similar-projects

You may want to check ^ it out :)

I made a video of this (demo in Windows, MacOS, Linux, TAILS, and QubesOS) with the old DIY model here (sorry for the terrible audio quality)

• https://www.buskill.in/demo-2/

We're currently working on an updated video with someone who is much better at video production than me; it should be finished in early 2024.

It has a magnetic (de)coupler, which allows it to break away at any angle if your laptop is physically snatched away from you.

Some of our users actually use the BusKill cable with a Yubikey:

• https://humandecoded.io/qubes-os-yubikey-buskill/

If that's not clear, I highly recommend watching this 2-minute explainer video

• https://www.buskill.in/#demo

I've paid myself nothing so-far. The price just barely breaks-even for the business. There's one-time costs like a few grand for a CNC'd injection mold and assembly jig, but also certification fees, product boxes, cardstock paper for documentation inserts, printing fees, artist commissions, packaging materials, warehousing, shipping, other logistics fees, etc.

All of this is explained in-detail in "The Finances" section here.

I prefer open-source hardware to be designed using common off-the-shelf items that are easily found everywhere in the world. Unfortunately, the one vendor of a USB-A magnetic breakaway couplers decided to EOL their product shortly after I published a guide on how to build your own BusKill cable. After we published, they all got sold-out, and we had to go to manufacturers for a custom component.

Prices would drop dramatically if we could do production runs (and actually sell) >10,000 units at a time. Currently we only sell a few cables per month. If you want to help, please tell all your security-conscious friends about BusKill :)

It should only be posted once to this community. It's also been cross-posted to other relevant communities.

Unfortunately, that's what it costs to make open-source hardware at small-scale.

There's a cheaper $59 cable available or you could build your own.

Good bot

Theft of high-risk users' data. Data could include private keys (eg theft of cryptocurrency assets), contacts of correspondence (eg sources of a journalist -- such as whistleblowers), etc.

For more information, see the Who Uses BusKill? section of the documentation.

• https://docs.buskill.in/buskill-app/en/stable/introduction/what.html#who-uses-buskill

I'm curious if any security engineers have covered this incident.

Stripe does support generating Restricted API Keys. With "Restricted API Keys" you're able to mint a key that can live on your e-commerce website that has permission to accept payments but does not have permission to modify your merchant account's payout methods (eg adding a new "Instant Payments" debit card to the merchant account as this attacker did).

Unfortunately, I've asked WooCommerce to support Restricted API Keys 1 year ago, but they marked it as "low priority"

• https://github.com/woocommerce/woocommerce-gateway-stripe/issues/634#issuecomment-1168340952

...I would appreciate if more people would jump-in on ^ that ticket and scold WooCommerce so that they add support for Restricted API Keys ;)