Author: tongwing

Categories
programming security

Cracking JXcore… Again | markhaase.com

JXcore butchered. Twice. Ouch.

Besides being quite easy to reverse engineer, the central flaw here is that they still don’t obfuscate your source code! It’s sitting there in its original form, ready for easy extraction by anybody that you distribute your application to. I mentioned obfuscation in my previous article on JXcore and I’ll repeat that assertion here: obfuscation is the only reasonable protection to defend high level source code from reverse engineering. Nothing can prevent reverse engineering, but good obfuscation can raise the cost substantially.

Source: Cracking JXcore… Again | markhaase.com

Categories
security

Debugging and reverse engineering: Samsung deliberately disabling Windows Update

Ok this is not as bad as Superfish, but it’s bad enough. Samsung is disabling Windows Update so that it doesn’t have to deal with driver update issues.

When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.

via Debugging and reverse engineering: Samsung deliberately disabling Windows Update.

Categories
privacy security

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data | Ars Technica

The leakage of OPM data has been well-reported but this article provides more details about how it happened. In the worse case, “personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government”.

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data | Ars Technica.

Categories
security

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register

iOS and OS X attacks are likely to get more frequent as the platform becomes a valuable attack target, just like Windows in the past.

via Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register.

Categories
Uncategorized

Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel

Oh dear. You can’t even trust your photocopiers these days. Spot the difference.

The implications are huge. Imagine what happens if the following happens as a result of your copy getting messed up (excerpt from article):

  1. Incorrect invoices
  2. Construction plans with incorrect numbers (as will be shown later in the article) even though they look right
  3. Other incorrect construction plans, for example for bridges (danger of life may be the result!)
  4. Incorrect metering of medicine, even worse, I think.

Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel.

Categories
security

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0

How not to release a security patch. Or, don’t take the security community for a fool.

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0.

Categories
security

Errata Security: Pin-pointing China’s attack against GitHub

Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.

Errata Security: Pin-pointing China's attack against GitHub.

Categories
security

Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube

Scary how easy it is to gain control over physical building systems.

Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.

Categories
security sysadmin

China’s Man-on-the-Side Attack on GitHub – NETRESEC Blog

Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.

China's Man-on-the-Side Attack on GitHub – NETRESEC Blog.

Categories
sysadmin

How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –

The hard truths – cloud is not always the answer.

Great comment from HN:

The reason why it is extremely hard to engineer robust large scale AWS cloud apps can be summarized under the umbrella of performance variance:

– machine latency varies more, you can’t control it
– network latency varies more
– storage latency varies more (S3, Redshift, etc.)
– machine outages are more frequent

How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –.