サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
買ってよかったもの
blog.erratasec.com
Yea, I've got 3 hours to kill here in this airport lounge waiting for the next leg of my flight, so let's discuss the "OSI Model". There's no such thing. What they taught you is a lie, and they knew it was a lie, and they didn't care, because they are jerks. You know what REALLY happened when the kid pointed out the king was wearing no clothes? The kid was punished. Nobody cared. And the king went
HTTP/3 is going to be standardized. As an old protocol guy, I thought I'd write up some comments. Google (pbuh) has both the most popular web browser (Chrome) and the two most popular websites (#1 Google.com #2 Youtube.com). Therefore, they are in control of future web protocol development. Their first upgrade they called SPDY (pronounced "speedy"), which was eventually standardized as the second
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed v
Like you, I was displeased by the lack of details on the "Venom" vulnerability, so I thought I'd write up what little I found. The patch to the source code is here. Since the note references CVE-2015-3456, we know it's venom: http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c Looking up those terms, I find writeups, such as this one from RedHat: https://securityblo
So Microsoft has an important web-server bug, so naturally I'd like to scan the Internet for it. I'm running the scan now, but I'm not sure it's going to give any useful results. The bug comes from adding the following header to a web request like the following Range: bytes=0-18446744073709551615 As you can see, it's just a standard (64-bit) integer overflow, where 18446744073709551615 equals -1.
For the past week, the website "GitHub" has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute. GitHub is a key infrastructure website for the Internet, being the largest host of open-source projects, most famously Linux. (I host my code there). It's also a popular blogging platform. Among the zillions of projects are https://github.co
Just so you know, x86 machine-code is now a "high-level" language. What instructions say, and what they do, are very different things. I mention this because of those commenting on this post on OpenSSL's "constant-time" calculations, designed to avoid revealing secrets due to variations in compute time. The major comment is that it's hard to do this perfectly in C. My response is that it's hard to
As discussed in my previous blogpost, it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours. The hardware You need a computer to be the WiFi access-point. Notebook computers are good choices, but for giggles
Thursday, February 19, 2015 Some notes on SuperFish By Robert Graham What's the big deal? Lenovo, a huge maker of laptops, bundles software on laptops for the consumer market (it doesn't for business laptops). Much of this software is from vendors who pay Lenovo to be included. Such software is usually limited versions, hoping users will pay to upgrade. Other software is add supported. Some softwa
I extracted the certificate from the SuperFish adware and cracked the password ("komodia") that encrypted it. I discuss how down below. The consequence is that I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot. Note: this is probably trafficking in illegal access devices under the proposed revisions t
Heartbleed and Shellshock allowed hacks against servers (meaning websites and such). POODLE allows hacking clients (your webbrowser and such). If Hearbleed/Shellshock merited a 10, then this attack is only around a 5. It requires MitM (man-in-the-middle) to exploit. In other words, the hacker needs to be able to to tap into the wires between you and the website you are browsing, which is difficult
Early results from my scan: there's about 3000 systems vulnerable just on port 80, just on the root "/" URL, without Host field. That doesn't sound like a lot, but that's not where the bug lives. Update: oops, my scan broke early in the process and stopped capturing the responses -- it's probably a lot more responses that than. Firstly, only about 1 in 50 webservers respond correctly without the p
NOTE: malware is now using this as their User-agent. I haven't run a scan now for over two days. I'm running a scan right now of the Internet to test for the recent bash vulnerability, to see how widespread this is. My scan works by stuffing a bunch of "ping home" commands in various CGI variables. It's coming from IP address 209.126.230.72. The configuration file for masscan looks something like:
Today's bash bug is as big a deal as Heartbleed. That's for many reasons. The first reason is that the bug interacts with other software in unexpected ways. We know that interacting with the shell is dangerous, but we write code that does it anyway. An enormous percentage of software interacts with the shell in some fashion. Thus, we'll never be able to catalogue all the software out there that is
The only thing stopping corporations from putting NSA backdoors into their products is the risk of getting caught. RSA got caught backdooring BSAFE. If nobody seems to care, if RSA doesn't suffer consequences, then nothing will stop other corporations from following suit. RSA is the singular case. The Snowden leaks make us suspicious of other companies, like Google, Yahoo, Apple, Microsoft, and Ve
After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to buil
I’m writing a series of posts based on my Shmoocon talk. In this post, I’m going to discuss “multi-core scaling”. In the decade leading to 2001, Intel CPUs went from 33-MHz to 3-GHz, a thousand-fold hundred-fold increase in speed. In the decade since, they’ve been stuck at 3-GHz. Instead of faster clock speeds, they’ve been getting more logic. Instead of one instruction per clock cycle, they now e
Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious. Backdoors are common, but rarely malicious Backdoors are a common problem in software. About 20% of
This post from last year was posted to a forum, so I thought I'd write up some rebuttals to their comments. The first comment is by David Chisnall, creator of CHERI C/C++, which proposes we can solve the problem with CPU instruction set extensions. It's a good idea, but after 14 years, CPUs haven't had their instruction-sets upgraded. Even mainstream RISC V processors haven't been created using th
#Anonymous hackers have announced "Operation Global Blackout", promising to cause an Internet-wide blackout by disabling the core DNS servers. DNS is the phonebook of the Internet that translates machine names (like "www.facebook.com") to network addresses (like "66.220.158.25"). If hackers can disable the global DNS name system, then typing in your favorite website into your browser will produce
Somebody claiming to be the "Comodo hacker" has released a statement here http://pastebin.com/74KXCaEZ, decompiled code here http://pastebin.com/DBDqm6Km, and account database here http://pastebin.com/CvGXyfiJ. As a pentester who does attacks similar to what the ComodoHacker did, I find it credible. I find it probable that (1) this is the guy, (2) he acted alone, (3) he is Iranian, (4) he's patrio
このページを最初にブックマークしてみませんか?
『Errata Security』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
