Sept 17, 2012
I've been telling a few of my friends that I've been writing a game. I have an entire game engine with a tiny amount of gameplay sitting in my vault under the names "Hack Mars" and "AltSci Cell" (Cell is where this blog comes from).
Oct 10, 2010 10:43 am
No files officially released yet. See below.
Firmware hacking is an impressively difficult yet rewarding task. Most people are afraid of it because it depends on reversing binaries for embedded architectures that do not have good tools. Many tools that do exist are expensive and have a high learning curve even for experts in the field. Firmware hacking is actually a fun and simple process if you know what you're looking for. Projects for cell phones, video game consoles, and calculators are often out of the league of amateurs until the initial work is done. After the system has been successfully hacked, the code (if made available as open source) can be modified by anyone to improve the software.
Read more »
Aug 10, 2010
Sudo and Su Bruteforce 0.1 [sig]
Two years ago I noticed that su and sudo both contain a fatal flaw: administrator passwords. Administrator passwords have found themselves at the core of our security. OpenSSH does not allow root to login by default because on rare occasion administrator passwords can be bruteforced. Nearly all Linux and BSD systems recognize this. Some system administrators still don't recognize this due to business constraints. Users that have insecure passwords can be bruteforced if an attacker knows their name. The common system of first letter and last name or handle as the username gives an attacker a good list of users to bruteforce. How many administrators use the username jsmith? How many administrators use the username admin? Su and sudo may be considered harmful if we consider that usernames can be learned and that passwords can be bruteforced.
Removing the password component, we can compare sudo and su to the Windows Vista and Windows 7 administrator access security model: give a user administrator access when they ask for it. This person must be designated as an administrator by the original owner of the system. This seems obvious and tautological but we have yet to introduce an attacker with two different methods of attack.
Read more »
Jun 3, 2010
*nix have some strange concepts. This will be a brief blog because I have little to say. In the grep manual, I found a reference to an obscure option:
-Z, --null
Output a zero byte (the ASCII NUL character) instead of the character that normally
follows a file name. For example, grep -lZ outputs a zero byte after each file name
instead of the usual newline. This option makes the output unambiguous, even in the
presence of file names containing unusual characters like newlines. This option can be
used with commands like find -print0, perl -0, sort -z, and xargs -0 to process arbitrary
file names, even those that contain newline characters.
Did you read that? It's saying that you can have a newline in a filename, so I tested that out:
jvoss@localhost ~ $ touch 'blah > yak > dah' jvoss@localhost ~ $ ls Desktop j0anna1.crt regdev asos2l.txt j0anna1a.crt src blah?yak?dah j0anna1a1.crt stage3-amd64-20090611.tar.bz2 emerge_kate1.txt libusb-1.0.8.tar.bz2 suzy_make.conf emerge_kdebase-runtime-meta1.txt lin2632.cfg suzy_world.txt emerge_kdebase-startkde1.txt lin2632a.cfg time1.py emerge_konsole1.txt media use1.txt iwlist1.txt necessary.txt wmii+ixp-3.9-2.tbz iwlwifi-5000-ucode-8.24.2.12 portage-2010a.tgz wpa_lev1.conf iwlwifi-5000-ucode-8.24.2.12.gz recent xness.txt
See that blah?yak?dah file there? It's replacing newlines with ? because it doesn't want to display something else. That's probably very smart. Tab completion however, shows a completely different story:
Read more »
