|
Most stupid: Keylogger I wrote in about 500 bytes that I stuck into the bss of the Netware drivers (they hosed up and didn't declare that section as a true bss so you had about 1k of stsic zeros that the virus scanners didn't look at) that loaded before anything else on the systems. It spread around by dumping a Word template file in the users home directory which back then was auto-loaded every time you started Word. This then dumped the modified network driver on a new machine. Thankfully while I was a mad destructive teenager I also didn't do anything with it. Code was loving sweet though. Funniest: Whatever we had as Net Nanny back in 1997, the regexes on the URLs were case sensitive.
|
# ¿ May 10, 2019 22:20 |
|
|
# ¿ Apr 27, 2024 09:07 |
|
Truga posted:https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md in band communication is a hell of a thing. also, now rewriting many .vimrc, I don't even use the bloody thing any more.
|
# ¿ Jun 11, 2019 21:39 |
|
Shaggar posted:anything that uses javascript should be considered insecure. It's fine, I'm sure one of the many machine local databases that are accessible by a website are totally isolated from any other sites code touching it. Or that I couldn't paste a link here that'd email me your entire html5 web storage. That has never happened.
|
# ¿ Jul 30, 2019 02:10 |
|
D. Ebdrup posted:Linus has managed to piss a lot of people off in very short order: What are you meant to do if getrandom returns an error. I mean, in what case in any reasonable program can you recover from that, apart from calling it again.
|
# ¿ Sep 18, 2019 22:10 |
|
Farmer Crack-rear end posted:i think it's less about needing a specifically non-secure random number and more about being assured that a random number will be delivered regardless of whether it is secure or not, because if i'm understanding correctly there are scenarios in which the current secure random number generator may fail, timeout, or otherwise be unable to deliver a secure random number. That's Linus' point "do we just kill your process if this call doesn't work - that's stupid, lots of stuff relies on this even though as designed it isn't determinate what it should actually do". And.. I'm kind of in the kill the process camp, that isn't going to make me particularly popular and is a reason I'd be terrible at kernel dev.
|
# ¿ Sep 18, 2019 22:45 |
|
suffix posted:python had to deal with this and tediously hashed out exactly what required blocking on entropy (anything that users in turn will be relying on to be secure) and what didn't (hash table randomization) I'm still amazed we haven't built timing issues into our system programming languages. I should rephrase that, we have timing issues in our system programming languages on real systems but ignore them. More Pi calculus required.
|
# ¿ Sep 18, 2019 23:56 |
|
Half-wit posted:Maybe I'm loving dumb, but why not just make a Linux kernel compile flag to toggle /dev/urandom behavior between "don't start launching non-kernel code until '/dev/urandom' is seeded" (ALA BSD) and the more traditional "just boot that poo poo up and gently caress userspace, make userspace deal with it". Y'know, let people decide whether they want their OS boots to take longer in order to secure their god-drat entropy pool. Because a whole load of your user space will fail horribly and unpredictably. I’m paranoid enough that tests for code I’ve written do statistical tests on things that should be pseudo random, most of the code your’re relying on doesn’t.
|
# ¿ Sep 19, 2019 12:01 |
|
yoloer420 posted:You and me both. It's two years since I finished my PhD. I still can't put a dent in a novel. I really hope this gets better. Takes about a decade after you leave uni.
|
# ¿ Sep 19, 2019 14:36 |
|
they finally managed to give everyone vxd
|
# ¿ Jan 14, 2020 19:34 |
|
Mr.Radar posted:https://twitter.com/dosnostalgic/status/1218916376817164288 I think I still have a magazine article about it from like 1992 that I cut out and put on my bedroom wall. I miss you boot sector viruses, you were crapper than the 30 byte Bulgarian file infectors but easier to reverse engineer. And now I've just remembered Sarah Gordon.
|
# ¿ Jan 20, 2020 12:47 |
|
Potato Salad posted:when you discover bits of a client's HVAC infra via shodan, there's work to be done adiabatic thinking, number one
|
# ¿ Feb 23, 2020 23:27 |
|
fins posted:From the Huawei tweet linked doc You missed my favourite bit: quote:In the first version of the software, there were 70 full copies of 4 different
|
# ¿ Mar 8, 2020 03:16 |
|
rjmccall posted:avoiding ret would be a total disaster, the return-branch predictor is absolutely critical for performance The last time I tested any code that avoided rets and did everything by self modifying jumps (etc) was on a pentium II, and you could get away with it if you were rewriting the instructions about 2000 machine cycles in front of you. I'm pretty sure that any processor since 1999 is performance hosed if you lose the branch predictor. Pipeline PTSD.
|
# ¿ Mar 10, 2020 20:56 |
|
mystes posted:Did anyone post this yet? Oh, something about ubuntu I can actually know about for once. Been working on an embedded box for visualisation stuff that is based on ubuntu, specifically nvidia embedded boxes, but it works on other embedded linux stuff too. gdm3. Oh. God. The race conditions. I'm not a long time linux coder, so my only long term linux debugging experience is on this. I've done MacOS/Windows kernel/graphics stuff for a long time but this is weirdo. Question, have you ever switched the window manager to say, openbox (for speed on a very slow box), and then tried to get gdm3 to restart it in a way where it always comes up when a monitor is plugged in, or two monitors are? 3 months later and 2 new system monitoring processes I can! Things I learned; btw, if you use ubuntu and the default window manager, these work by fluke, they haven't been engineered in any way at all: gdm3 doesn't know how to talk to the security subsystem really, like it's feeble. There is sometimes a cascade of timeouts if your window manager starts up too fast where gdm'll be trying to get pam auth but already need to have it and core dump. Repeatedly. This can actually blow up a monitor through rapid mode changes. The default window manager works because it starts up too slow to cause a problem. gdm3 doesn't know how to shut down a session it started, especially so if you've punted off graphics into its own limited user. I mean, it looks like it does, but if you start it up and start it up again (because you have no way to know it actually did start correctly), or start it up and it hangs, it'll keep trying and panic the box - all by itself, because they'll be 3 of it. Because it has zero locks on any of its internal processes so, good luck, you need to write the locks yourself externally. If you think this is just me and not the (fairly broken in other ways) nvidia dev boxes, look at any ubuntu forum for people trying to use alternate window managers and trying to get them to restart/recognise monitor plugins and failing with endless screen resets and panics.
|
# ¿ Nov 11, 2020 04:14 |
|
redleader posted:mitigation: abandon technology, return to the wild mitigation: get entire internet on dvd via subscription.
|
# ¿ Mar 1, 2021 20:07 |
|
Pardot posted:because of DeCSS?
|
# ¿ Mar 1, 2021 20:44 |
|
Achmed Jones posted:i just kind of assume that any website i go to can uniquely identify me if it wants, even if it doesn't directly have access to my name or whatever. i have yet to see any indication that i am incorrect If you access site one when you wake up, site two every time you go for a poo poo, and site three when you have dinner and site four when you're going to bed, chances are that's pretty unique and regular. Give up, everyone knows you go to the kitchen electricals fetish site.
|
# ¿ Mar 1, 2021 21:13 |
|
BlankSystemDaemon posted:Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical. PoC. Make rdtsc privileged, and I say that as someone that's spent a huge amount of time writing soft real-time code where it's been super useful.
|
# ¿ Mar 8, 2021 19:02 |
|
Wiggly Wayne DDS posted:why exactly is this incredibly specific line in a policy doc? security by eula is npm's only hope.
|
# ¿ Apr 29, 2021 22:43 |
|
Shifty Pony posted:so it is pretty drat likely that it is taking so long to revert the changes because whatever procedure they have in place to allow authentication and access into the systems which hosed up got taken down by the fuckup, right? It's very funny, I'm going to guess any kind of backup manual code/key based system for access to the info they need to sort it is locked behind their single signon stuff. It's always DNS!
|
# ¿ Oct 4, 2021 20:47 |
|
hobbesmaster posted:except for when its bgp lol, someone's got a lot of phone calls to make.
|
# ¿ Oct 4, 2021 21:17 |
|
Penisface posted:why does this functionality even exist in a logging library? enterprise
|
# ¿ Dec 10, 2021 13:40 |
|
Lain Iwakura posted:well actually, you see, regular expressions can solve everything and in this essay... lol, so even if you write a regex to block this family of strings I'm still going to be able to DOS your logging server outside of spacetime by sending a string that makes the backtracking engine go O( n^many ). Good luck.
|
# ¿ Dec 14, 2021 17:21 |
|
Chris Knight posted:he keeps spawning child processes, i'd assume so orphaned child processes if some stories I've been told about a few of his kids are true. Fucker doesn't pay child support.
|
# ¿ Dec 14, 2021 19:38 |
|
Oh dear, why has this binary in my mactex installation got the string "org.apache.logging.log4j" in it. Thanks java, it's 2am, now I have to work out what the gently caress that is.
|
# ¿ Dec 15, 2021 03:25 |
|
bleeding kansas posted:im trying to make shadowrun real well I know who to call the next time I spot a lol bug. cinci zoo sniper posted:not quite. denuvo (go-to gaming drm vendor since like 2015) under the hood is a custom vmprotect fork hardened against attaching debuggers Took the crackers ~6 months to reverse engineer that the first go around, it's substantially faster now to the point where the tools are open source.
|
# ¿ Dec 19, 2021 22:22 |
|
Quackles posted:Shoulda done what Chris Crawford did, and deliberately abuse the memory allocation patterns of the C compiler to leave the list of valid copy-protection passwords in unallocated memory, then allocating space around it later to sneak the password list past debuggers. That kind of thing never works btw, if it's something totally degenerate you single step all the through with some guesses (fast tapping fingers useful!), but mainly you just do a break somewhere nearby where you think something's checked (on windows, the msgbox api when computer says no). Then reverse, work out where that came from, go from start with a new breakpoint again. It's really hard to win unless you do the VM approach which is loving pain to deal with unless you're a student with loads of free time, I couldn't RE anything like that anymore. e: For this reason I'm somewhat interested in libtriton and dynamic symbolic execution.
|
# ¿ Dec 20, 2021 00:45 |
|
Ulf posted:hi yossec! clicking here will make all your dreams come true: Thanks for this!
|
# ¿ Apr 22, 2022 22:10 |
|
Chris Knight posted:𝐁𝐌𝐎𝐀𝐋𝐄𝐑𝐓 Jesus! My loving BMOs!
|
# ¿ Jan 1, 2023 01:16 |
|
well-read undead posted:or worse, github copilot or whatever other godforsaken ai services there are plugins for The redhat ansible extension for vs code really really wanted to talk to a remote AI code assisstant service when I installed it. I then uninstalled it.
|
# ¿ Oct 30, 2023 03:43 |
|
|
# ¿ Apr 27, 2024 09:07 |
|
SIGSEGV posted:now this may strike people as an odd question but why does the UEFI spec allow image handling libs instead of mandating a bitmap at most? I just grabbed a copy of the UEFI spec and you've got PNG and JPEG availble for general bitmaps and font glyphs - we never find any bugs in those decoders ever. Then there's this, which I want to look at now, because it's always the easiest way to get something running inside firmware that you shouldn't. The wonderful vendor extension (please never allow your spec to have these). Never checked, never debugged, always written by the lowest bidder. Section 34.6: "The image decoder protocol can publish the support for additional image decoder names other than the ones defined in this specification. This allows the image decoder to support additional image formats that are not defined by the HII image block types. In that case, callers can send the image raw data to the image decoder protocol instance to retrieve the image information or decode the image." So likely buggy PNG/JPEG in there by specification decoders, but you never know, your firmware vendor may have put in an extension library for something else.
|
# ¿ Dec 6, 2023 22:27 |