Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 [medium.com]
2021-02-11 14:14
tags:
development
exploit
security
turtles
KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card
https://medium.com/realmodelabs/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08 [medium.com]
2021-01-22 04:16
tags:
email
exploit
ioshit
malware
security
Some time ago, we noticed at Realmode Labs that Amazon Kindle has an interesting feature called “Send to Kindle”. This feature allows Kindle users to send e-books to their device as email attachments. We immediately thought of the potential security concerns of this feature: what if we can send malicious e-books to unsuspecting users?
source: R
Baby Sharks - Injecting small order points to threshold EdDSA
https://medium.com/zengo/baby-sharks-a3b9ceb4efe0 [medium.com]
2020-12-11 07:03
tags:
blockchain
crypto
math
security
We showcase one example of how an attacker can inject a low order subgroup group element in threshold EdDSA protocol secure against malicious adversaries, bypassing existing protections.
source: green
Ethereum is a Dark Forest
https://medium.com/@danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff [medium.com]
2020-08-28 20:22
tags:
blockchain
cloud
finance
security
In the Ethereum mempool, these apex predators take the form of “arbitrage bots.” Arbitrage bots monitor pending transactions and attempt to exploit profitable opportunities created by them. No white hat knows more about these bots than Phil Daian, the smart contract researcher who, along with his colleagues, wrote the Flash Boys 2.0 paper and coined the term “miner extractable value” (MEV).
Phil once told me about a cosmic horror that he called a “generalized frontrunner.” Arbitrage bots typically look for specific types of transactions in the mempool (such a DEX trade or an oracle update) and try to frontrun them according to a predetermined algorithm. Generalized frontrunners look for any transaction that they could profitably frontrun by copying it and replacing addresses with their own. They can even execute the transaction and copy profitable internal transactions generated by its execution trace.
source: HN
Path Building vs Path Verifying: Implementation Showdown
https://medium.com/@sleevi_/path-building-vs-path-verifying-implementation-showdown-39a9272b2820 [medium.com]
2020-06-24 19:04
tags:
library
networking
security
standard
turtles
In my previous post, I talked about what the issue with Sectigo’s expired root was, from the perspective of the PKI graph, and talked a bit about what makes a good certificate verifier implementation. Unfortunately, despite browsers and commercial OSes mostly handling this issue, the sheer variety of open-source implementations means that there’s a number of not-so-good verifiers out there.
In this post, I’ll dig in a little deeper, looking at specific implementations, and talking about how their strategies either lead to this issue, or avoided this issue but will lead to other issues.
It’s pretty much all terrible, except the parts that are extremely terrible.
10 Things I Hate About PostgreSQL
https://medium.com/@rbranson/10-things-i-hate-about-postgresql-20dbab8c2791 [medium.com]
2020-05-17 05:50
tags:
database
development
sql
Over the last few years, the software development community’s love affair with the popular open-source relational database has reached a bit of a fever pitch. This Hacker News thread covering a piece titled “PostgreSQL is the worlds’ best database”, busting at the seams with fawning sycophants lavishing unconditional praise, is a perfect example of this phenomenon. While much of this praise is certainly well-deserved, the lack of meaningful dissent left me a bit bothered. No software is perfect, so exactly what are PostgreSQL’s imperfections?
I’ve been hands-on with PostgreSQL in production since 2003 with deployments ranging from small (gigabytes) to modest to very large (~petabyte). My perspective is largely from building and running systems that are at least intended to be continuously available. Needless to say, I have gained first-hand experience with PostgreSQL’s particular idiosyncrasies through some painful production issues over the years.
is-promise post mortem
https://medium.com/javascript-in-plain-english/is-promise-post-mortem-cab807f18dcc [medium.com]
2020-04-28 17:17
tags:
development
javascript
library
testing
I had been intending to set up more of my projects to be automatically published via CI, instead of manually published from my local machine, but because is-promise is such a tiny library, I figured it probably wasn’t worth the effort. This was definitely a mistake. However, even if I had setup publishing via CI is-promise may not have had sufficiently thorough tests.
source: L
Non-blocking I/O in Go
https://medium.com/@cpuguy83/non-blocking-i-o-in-go-bc4651e3ac8d [medium.com]
2019-12-05 20:26
tags:
go
programming
Whether you know it or not, if you are using Go you are probably using non-blocking I/O. This post will dig in a little into that, but go further into how you can actually take more control of the I/O handling in Go. This is especially nice as go1.11 and go1.12 add some very interesting interfaces to help with this.
Writing a Texture Painter: Part #1
https://medium.com/@strattonbrazil/writing-a-texture-painter-part-1-f0d732d287d1 [medium.com]
2019-12-02 05:59
tags:
gl
graphics
programming
visualization
Many programmers appreciate being able to see their code render something interesting to the screen. For a while I’ve wanted to write a texture painter, where I can import a model, paint colors on it, and then export those textures back to a file. I’m using OpenGL in my code, but I’ll focus on the actual mechanics and less on the language or code.
source: L
Function Currying in Go
https://medium.com/@meeusdylan/function-currying-in-go-a88672d6ebcf [medium.com]
2019-10-11 15:17
tags:
go
intro-programming
Go can be used to program in a functional style, previously I’ve written about how we can use this to implement Continuation Passing Style programming. As such, it is possible to implement currying in Go as well. Before we take a look at how we can implement this in Go, let’s take a practical look at what function currying actually is, and why we want this.
source: HN
The Invention of Recombinant DNA Technology
https://medium.com/lsf-magazine/the-invention-of-recombinant-dna-technology-e040a8a1fa22 [medium.com]
2019-09-23 21:41
tags:
article
biology
science
tech
valley
In the early 1970s, a momentous series of events in the history of science unfolded at points around the San Francisco Bay. Lines of inquiry pursued at the Stanford University School of Medicine and the University of California, San Francisco converged on a set of discoveries that vastly expanded the productive capabilities of molecular genetics, disrupted the customary rhythms and routines of the scientific community, sparked bitter disputes about risks and responsibilities in scientific experimentation, and generated a tsunami of technological change that spread rapidly across multiple domains of productive activity and all around the globe.
The first recombinant molecule containing DNA from different organisms was assembled late in 1971, in Paul Berg’s laboratory at Stanford. Berg hoped to transduce bacterial and mammalian cells with a recombinant virus in order to study gene expression systems, but subsequently chose not to carry out the planned experiments. He was persuaded by scientific colleagues to consider potential biohazard risks before moving ahead.
The technology for propagating and expressing recombinant genes was invented by Stanley Cohen and Herbert Boyer in 1973. It enabled the transformation of bacterial cells into living factories for the directed manufacture of select proteins. The technology was immediately recognized as a tool without parallel in genetics research, and was soon applied to practical ends in a wide variety of fields including medicine, pharmaceuticals, agriculture, chemicals, and energy. It has since transformed the world in which we live.
The history is complicated.
How to Design Interruptions
https://medium.com/microsoft-design/how-to-design-interruptions-b93c0c667e6f [medium.com]
2019-08-19 02:00
tags:
design
development
ux
We’re alerted hundreds of times per day. Some are useful and non-invasive, like an oven burner turning orange when it’s hot. Some are needed, like a critical security update, while others are just generally helpful, like a feature suggesting something new. But when they appear at inopportune moments, even the most useful notifications often have detrimental results like anxiety, frustration, and reduced productivity. While a pop-up might be nearly invisible to one person, to another it might stop a critical task completely for hours. We must examine when our communications are helpful vs. harmful.
source: E
xargs wtf
https://medium.com/@aarontharris/xargs-wtf-34d2618286b7 [medium.com]
2019-08-04 17:00
tags:
sh
swtools
unix
A one liner to rename files.
ls | grep ‘aaa’ | sed ‘p;s/aaa/bbb/’ | xargs -n2 | xargs -L1 bash -c ‘mv $0 $1’
source: Dfly
Survey of Alternative Displays
https://medium.com/@laserpilot/survey-of-alternative-displays-82d928480b9d [medium.com]
2019-07-25 21:36
tags:
graphics
hardware
physics
reference
retro
The purpose of this article is to collect and consolidate a list of these alternative methods of working with displays, light and optics. This will by no means be an exhaustive list of the possibilities available — depending on how you categorize, there could be dozens or hundreds of ways. There are historical mainstays, oddball one-offs, expensive failures and techniques that are only beginning to come into their own.
There’s more to life than the LCD.
source: L
Age-Weighted Voting
https://medium.com/@william.macaskill/age-weighted-voting-8651b2a353cc [medium.com]
2019-07-25 02:08
tags:
ideas
policy
So one way of extending political time horizons and increasing is to age-weight votes. The idea is that younger people would get more heavily weighted votes than older people, very roughly in proportion with life expectancy.
I suspect this has very little chance of becoming reality.
source: MR
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 [medium.com]
2019-07-09 01:05
tags:
browser
exploit
security
turtles
web
On Mac, if you have ever installed Zoom, there is a web server on your local machine running on port 19421. You can confirm this server is present by running lsof -i :19421 in your terminal.
I also found that, instead of making a regular AJAX request, this page instead loads an image from the Zoom web server that is locally running. The different dimensions of the image dictate the error/status code of the server. You can see that case-switch logic here.
One question I asked is, why is this web server returning this data encoded in the dimensions of an image file? The reason is, it’s done to bypass Cross-Origin Resource Sharing (CORS). For very intentional reasons, the browser explicitly ignores any CORS policy for servers running on localhost.
And it only gets better.
The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise
https://medium.com/@logicbomb_1/the-unusual-case-of-open-redirection-to-aws-security-credentials-compromise-59acc312f02b [medium.com]
2019-06-04 04:40
tags:
cloud
security
web
The redirection that I got in the first step was now becoming a Server Side Redirection, not just a client-side redirection. Now if its a server side redirection then there would definitely be a big chance of SSRF (Server Side Request Forgery) attack.
Stealing Downloads from Slack Users
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63 [medium.com]
2019-05-18 02:30
tags:
browser
cloud
security
turtles
The vulnerability could have allowed a remote attacker to submit a masqueraded link in a slack channel, that “if clicked” by a victim, would silently change the download location setting of the slack client to an attacker owned SMB share. This could have allowed all future downloaded documents by the victim to end up being uploaded to an attacker owned file server until the setting is manually changed back by the victim.
source: ars
How I Couldn’t Stop Poking at Mysterious CompuServe Server Hard Disk Images
https://medium.com/@mpnet/trying-to-make-sense-of-compuserve-server-hard-disk-images-posted-on-archive-org-b1c62ce6012b [medium.com]
2019-04-03 02:22
tags:
investigation
retro
storage
This is about digital archeology. I hope people interested in the legacy of early online services will find it useful. And I hope other digital archeologists more knowledgable than me will find it and provide additional information. Maybe someone even feels compelled to pick up where I left off? Please bear in mind that this is the work of just a couple of long winter evenings. My knowledge of traditional mainframes and minicomputers was close to zero before I started this project. I might have misconceived things or overlooked others.
source: L
Unsolved research problems vs. real-world threat models
https://medium.com/@catherio/unsolved-research-problems-vs-real-world-threat-models-e270e256bc9e [medium.com]
2019-04-01 10:21
tags:
ai
development
security
I personally think adversarial examples are highly worth studying, and should inspire serious concern. However, most of the justifications for why exactly they’re worrisome strike me as overly literal.
One: they’re a proof of concept: an incontrovertible demonstration that a certain type of problem exists. As a result of easily finding small-perturbation adversarial examples, we can say with certainty that if the safety of your system depends on the classifier never making obvious mistakes, then that guarantee is false, and your system is unsafe.
source: grugq