HackerTrans
TopNewTrendsCommentsPastAskShowJobs

aleks224

no profile record

Submissions

[untitled]

1 points·by aleks224·anno scorso·0 comments

Multinational Small Business (1993)

nakamotoinstitute.org
1 points·by aleks224·3 anni fa·0 comments

comments

aleks224
·8 mesi fa·discuss
So this would be the first stack overflow after the Morris' fingerd one (well, first one that's widely publicized):

https://seclists.org/bugtraq/1995/Feb/109

> we've installed the NCSA HTTPD 1.3 on our WWW server (HP9000/720, HP-UX 9.01) and I've found, that it can be tricked into executing shell commands. Actually, this bug is similar to the bug in fingerd exploited by the internet worm. The HTTPD reads a maximum of 8192 characters when accepting a request from port 80.
aleks224
·8 mesi fa·discuss
This was great to read. Related: Morris also discovered the predictable TCP sequence number bug and described it in his paper in 1985 http://nil.lcs.mit.edu/rtm/papers/117.pdf. Kevin Mitnick describes how he met some Israeli hackers with a working exploit only in only in 1994 (9 years later) in his book "Ghost in the Wires" (chapter 33). I tried to chronicle the events here (including the Jon Postel's RFC that did not specify how the sequence number should be chosen) https://akircanski.github.io/tcp-spoofing
aleks224
·10 mesi fa·discuss
There's a quote in the bible that says something similar:

"Verily, verily, I say unto you, Except a corn of wheat fall into the ground and die, it abideth alone: but if it die, it bringeth forth much fruit.”

(John 12:24)
aleks224
·anno scorso·discuss
This blog post exposes the badness of SMS-based recovery. I think other recovery options such as Yubikey aren't ideal either, as a Yubikey may simply stop working and you're completely locked out. The specific situation the author of the blog post isn't dramatic - he can't receive SMS - personal decision to avoid roaming charges.

But in all seriousness, if there's an authentication recovery standard, it should serve all people including those who are in seriously difficult circumstances (e.g. homeless or ill). The question then is what should recovery look like in those cases.

To me it looks like good old recovery code on paper is the best solution, as it doesn't depend on ever-changing device ports, or hardware malfunction due to lack of use long-term (such as 10-15 years).

I wonder whether authentication apps nowdays address that aspect and make and I kinda doubt so (i.e. can you print out a QR code with all account information in your typical TOTP app?).
aleks224
·anno scorso·discuss
Do TOTP authentication apps typically provide recovery codes option? Can they squash all of the added TOTP codes you have in the app into one code?
aleks224
·anno scorso·discuss
Some folks claimed it's a LRAD https://en.wikipedia.org/wiki/Long-range_acoustic_device

However, there was no perceptible sound and folks describe it kinetic force that causes a state of panic and rush in the chest.

From the other angle: https://x.com/alef_pendule/status/1900980300093468844
aleks224
·3 anni fa·discuss
For a set of primitive operations (such as those in Turing machine), how can you be sure that it spans all possible computations? It sounds that's one of the challenges Turing had - so he went at lengths to show that by various "soft arguments", e.g. that it's possible to build a VM (Turing machine that runs other Turing machines IIRC). Later on, it was shown that the Turing machine is equivalent to machines other folks came up with (Goedel's recursive functions, lambda calculus, etc) and a consensus emerged that they are all describing a full set of computations.