Categories
Uncategorized

Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel

Oh dear. You can’t even trust your photocopiers these days. Spot the difference.

The implications are huge. Imagine what happens if the following happens as a result of your copy getting messed up (excerpt from article):

  1. Incorrect invoices
  2. Construction plans with incorrect numbers (as will be shown later in the article) even though they look right
  3. Other incorrect construction plans, for example for bridges (danger of life may be the result!)
  4. Incorrect metering of medicine, even worse, I think.

Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel.

Categories
security

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0

How not to release a security patch. Or, don’t take the security community for a fool.

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0.

Categories
security

Errata Security: Pin-pointing China’s attack against GitHub

Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.

Errata Security: Pin-pointing China's attack against GitHub.

Categories
security

Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube

Scary how easy it is to gain control over physical building systems.

Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.

Categories
security sysadmin

China’s Man-on-the-Side Attack on GitHub – NETRESEC Blog

Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.

China's Man-on-the-Side Attack on GitHub – NETRESEC Blog.

Categories
sysadmin

How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –

The hard truths – cloud is not always the answer.

Great comment from HN:

The reason why it is extremely hard to engineer robust large scale AWS cloud apps can be summarized under the umbrella of performance variance:

– machine latency varies more, you can’t control it
– network latency varies more
– storage latency varies more (S3, Redshift, etc.)
– machine outages are more frequent

How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –.

Categories
privacy security

Lenovo Caught Installing Adware On New Computers

Good grief! Has no one learned from Sony’s rootkit incident yet? If you are a Lenovo owner, you may want to check if there’s a Superfish certificate in your certificate chain by running certmgr.msc. Other than injecting unwanted ads in your browser, in theory the adware could sniff on your banking transactions ‘cos it’s performing a MiTM on your HTTPS.

Lenovo Caught Installing Adware On New Computers.

Categories
security

The Great Bank Robbery: the Carbanak APT – Securelist

The greatest bank robbery of all times? Some says hundreds of millions have been stolen, some say up to 1 billion. Given the extent of attack, it could be hard to know the exact amount. But one thing is clear, we have come a long way since the playful days of prank worms and viruses. Cyber criminals are now extremely well-organized, funded and motivated by huge monetary rewards.

The Great Bank Robbery: the Carbanak APT – Securelist.

Categories
security

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica

A stunning look at the extent some organizations would go to achieve its objectives. From a technical perspective, it’s brilliant. This will no doubt be used as a template for other state actors to follow, as some already did earlier.

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica.

Categories
programming

Main is usually a function. So then when is it not?

A break from the usual cybersecurity stories. Here’s a nice one on obfuscated C, if you can call it that.

$ cat test.c
const int main[] = {
-443987883, 440, 113408, -1922629632,
4149, 899584, 84869120, 15544,
266023168, 1818576901, 1461743468, 1684828783,
-1017312735
};
$ gcc test.c -o a.out
$ ./a.out
Hello World!

Yes I tested and it works. Want to know how it works? Here’s the link:
Main is usually a function. So then when is it not?.