Security: Curl, Two Factor Authentication (2FA) and Hacking With Kali Linux
-
There seems to be no end to updated posts about bug bounties in the curl project these days. Not long ago I mentioned the then new program that sadly enough was cancelled only a few months after its birth.
Now we are back with a new and refreshed bug bounty program! The curl bug bounty program reborn.
-
Liz mentions that by adding passphrase encryption, the private keys become resistant to theft when at rest. However, when they are in use, the usability challenges of re-entering the passphrase on every connection means that “engineers began caching keys unencrypted in memory of their workstations, and worse yet, forwarding the agent to allow remote hosts to use the cached keys without further confirmation”.
The Matrix breach, which took place on April 11 showcases an example of what happens when authenticated sessions are allowed to propagate without a middle-man. The intruder in the Matrix breach had access to the production databases, potentially giving them access to unencrypted message data, password hashes, and access tokens.
-
Before I talk about the series that I am going to start, let us briefly talk about who should follow this series.
I know there are so many people out there who are very curious to learn hacking just to hack their partner's social media account. Well, if you are such a person, please listen to me. Hacking is not about getting into somebody's personal life and steal their information. It is illegal.
Somebody well said - “We need to have a talk on the subject of what's yours and what's mine.”
So you should not hack information that is not yours.
But if you are a tech enthusiast who wants to make a career as a penetration tester or white hat hacker, this series can be really a good way to start. So for such enthusiasts, I am creating a page where you can follow the series. You can also follow our social media pages so you get a notification when a new informative article comes out.
| Mozilla: VoxelJS, AiC and Mozilla B-Team
-
A couple of weeks ago I relaunched VoxelJS with modern ThreeJS and modules support. Today I'm going to talk a little bit about how VoxelJS works internally, specifically how voxels are represented and drawn. This is the key magic part of a voxel engine and I owe a tremendous debt to Max Ogden, James Halliday and Mikola Lysenko
Voxels are represented by numbers in a large three dimensional array. Each number says what type of block goes in that block slot, with 0 representing empty. The challenge is how to represent a potentially infinite set of voxels without slowing the computer to a crawl. The only way to do this is to load just a portion of the world at a time.
-
One of my goals was that we could, at least for a moment, disconnect people from their particular position and turn their attention towards the goal of achieving a shared and complete summary. I didn’t feel that we were very succesful in this goal.
For one thing, most participants simply left comments on parts they disagreed with; they didn’t themselves suggest alternate wording. That meant that I personally had to take their complaint and try to find some “middle ground” that accommodated the concern but preserved the original point. This was stressful for me and a lot of work. More importantly, it meant that most people continued to interact with the document as advocates for their point-of-view, rather than trying to step back and advocate for the completeness of the summary.
In other words: when you see a sentence you disagree with, it is easy to say that you disagree with it. It is much harder to rephrase it in a way that you do agree with – but which still preserves (what you believe to be) the original intent. Doing so requires you to think about what the other person likely meant, and how you can preserve that.
However, one possible reason that people may have been reluctant to offer suggestions is that, often, it was hard to make “small edits” that addressed people’s concerns. Especially early on, I found that, in order to address some comment, I would have to make larger restructurings. For example, taking a small sentence and expanding it to a bullet point of its own.
Finally, some people who were active on the thread didn’t participate in the doc. Or, if they did, they did so by leaving comments on the original GitHub thread. This is not surprising: I was asking people to do something new and unfamiliar. Also, this whole process played out relatively quickly, and I suspect some people just didn’t even see the document before it was done.
If I were to do this again, I would want to start it earlier in the process. I would also want to consider synchronous meetings, where we could go try to process edits as a group (but I think it would take some thought to figure out how to run such a meeting).
In terms of functioning asynchronously, I would probably change to use a Google Doc instead of a Dropbox Paper. Google Docs have a better workflow for suggesting edits, I believe, as well, as a richer permissions model.
Finally, I would try to draw a harder line in trying to get people to “own” the document and suggest edits of their own. I think the challenge of trying to neutrally represent someone else’s point of view is pretty powerful.
-
Bugfixes + enabling the new security feature for API keys.
|
Programming Leftovers
-
We are happy to announce that several NumFOCUS projects are applying for the inaugural Google Season of Docs, a new program to foster collaboration between technical writers and open source projects sponsored by Google.
NumFOCUS is excited about this opportunity to welcome technical writers into our community and share the experience of what it is like contributing to an open source project. We hope the improved documentation resulting from participating in the program will make it easier for more people to start using our projects in their own research and work.
| Devices: Radiant Software, ASRock and Microsoft
-
In addition to supporting Windows, Radiant Software 1.1 adds support for the popular Ubuntu LTS 16.4 distribution of Linux. Radiant Software 1.1 is now available for download from Lattices website and currently can be used with a free license.
-
ASRock announced four products based on Intel’s 8th Gen Whiskey Lake-U: a thin Mini-ITX “IMB-1216” board, a 3.5-inch “SBC-350,” and a NUC 4×4 form-factor “iBox-8365U” mini-PC and NUC-8365U mainboard.
ASRock Industrial has been busy lately tapping the latest embedded-oriented x86 chips in products such as the Intel 8th Gen Whiskey Lake-U based iBox-8265U mini-PC, as well as the iBox-R1000 industrial PC and NUC-R1000 mainboard built around the AMD Ryzen Embedded R1000. Now it has announced four more Whiskey Lake-U products aimed at the embedded market.
Making Sense of Microsoft’s Acquisition of Express Logic [Ed: Windows is worthless, so Microsoft is buying the competition. Microsoft also bought Danger, Sidekick etc. and it never ended well. Anything Microsoft touches turns to dust. When it bought Skype it was (back then) near-monopoly, but not anymore. Microsoft sometimes announces financial losses.]
Even the Linux Foundation, home of the Linux kernel, hosts a project called Zephyr, which is an RTOS designed for use-cases, beyond the reach of Linux.
|
.svg_.png)
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
6 hours 7 min ago
6 hours 17 min ago
10 hours 13 min ago
10 hours 17 min ago
12 hours 21 min ago
17 hours 1 min ago
17 hours 2 min ago
17 hours 22 min ago
18 hours 26 min ago
18 hours 33 min ago