nods of approval, winces of sympathy

thereifixedit.com, for sysadmins and hackers | submit a hack

Oct 1
"Memorize the 8086 opcodes, why not?" (via https://twitter.com/nocsi_/status/440358188492148736)

"Memorize the 8086 opcodes, why not?" (via https://twitter.com/nocsi_/status/440358188492148736)


“Even though the UNIX system introduces a number of innovative programs and techniques, no single program or idea makes it work well. Instead, what makes it effective is the approach to programming, a philosophy of using the computer. Although that philosophy can’t be written down in a single sentence, at its heart is the idea that the power of a system comes more from the relationships among programs than from the programs themselves. Many UNIX programs do quite trivial things in isolation, but, combined with other programs, become general and useful tools.” Unix philosophy - Wikipedia, the free encyclopedia

Sep 3

Aug 21

Aug 20

Aug 18

WinSCP

httpshaming:

The WinSCP website is hosted on insecure HTTP, and the binary executable downloads over HTTP too. While the site does have checksums for the downloads, the checksums are hosted on the same HTTP website, and could easily be modified in a man-in-the-middle attack. 

Screenshot

image

image

(Submitted by Lenard Szolnoki)


Jul 24

Jul 23

Jul 21

thinksquad:

Forensic scientist and author Jonathan Zdziarski has posted the slides (PDF) from his talk at the Hackers On Planet Earth (HOPE/X) conference in New York called Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices.

The HOPE conference started in 1994 and bills itself as “one of the most creative and diverse hacker events in the world.”

In December 2013, an NSA program dubbed DROPOUTJEEP was reveled by security researcher Jacob Appelbaum that reportedly gave the agency almost complete access to the iPhone.

The leaked document, dated 2008, noted that the malware required “implant via close access methods” (presumably physical access to the iPhone) but ominously noted that “a remote installation capability will be pursued for a future release.”

According to one slide the iPhone is “reasonably secure” to a typical attacker and the iPhone 5 and iOS 7 are more secure from everybody except Apple and the government. But he notes that Apple has “worked hard to ensure that it can access data on end-user devices on behalf of law enforcement” and links to Apple’s Law Enforcement Process Guidelines, which clearly spell this out.

http://www.zdnet.com/forensic-scientist-identifies-suspicious-back-doors-running-on-every-ios-device-7000031795/

(Source: thinksquad)


Jul 18

Page 1 of 45