Language Selection

English French German Italian Portuguese Spanish

Daniel Stenberg: Mr Robot curl

Filed under
Software
Movies

Vasilis Lourdas reported that he did a “curl sighting” in the show and very well I took a closer peek and what do we see some 37 minutes 36 seconds into episode 8 season 4…

(I haven’t followed the show since at some point in season two so I cannot speak for what actually has happened in the plot up to this point. I’m only looking at and talking about what’s on the screenshots here.)

Elliot writes Python. In this Python program, we can see two curl invokes, both unfortunately a blurry on the right side so it’s hard to see them exactly (the blur is really there in the source and I couldn’t see/catch a single frame without it). Fortunately, I think we get some additional clues later on in episode 10, see below.

He invokes curl with -i to see the response header coming back but then he makes some questionable choices. The -k option is the short version of --insecure. It truly makes a HTTPS connection insecure since it completely switches off the CA cert verification. We all know no serious hacker would do that in a real world use.

Perhaps the biggest problem for me is however the following -X POST. In itself it doesn’t have to be bad, but when taking the second shot from episode 10 into account we see that he really does combine this with the use of -d and thus the -X is totally superfluous or perhaps even wrong. The show technician who wrote this copied a bad example…

Read more

More in Tux Machines

Gpg4KDE & GPG4win Approved for Transmission & Processing of National Classified Information

Something that may have slipped you by: Back in November, the German Federal Office for Information Security approved Gpg4KDE and Gpg4win for the transmission and processing of national classified information. Gpg4KDE is the encryption system that you use each time you encrypt and sign messages in KMail. Gpg4win, used for encrypting and signing emails on Windows, is built upon KDE's certificate manager Kleopatra. The German Government has now ranked both secure enough to be used when transmitting messages with VS-ONLY FOR SERVICE USE (VS-NfD), EU RESTRICTED and NATO RESTRICTED levels of confidentiality. In view of the recent Rubicon/Crypto AG/CIA scandal, this is further evidence that FLOSS encryption technology is the only reliable encryption technology. Read more

Today in Techrights

Android Leftovers

Raspberry Pi 4 UEFI+ACPI Firmware Aims to Make the Board SBBR-Compliant

As Arm wanted to enter the server market, they realized they had to provide systems that could boot standard operating system images without modifications or hacks – just as they do on x86 server -, so in 2014 the company introduced the Server Base System Architecture Specification (SBSA) so that all a single OS image can run on all ARMv8-A servers. Later on, Arm published the Server Base Boot Requirement (SBBR) specifications describing standard firmware interfaces for the servers, covering UEFI, ACPI and SMBIOS industry standards, and in 2018 introduced the Arm ServerReady compliance program for Arm servers. While those are specific to Arm server, some people are pushing to implement SBBR compliant for Arm PCs, and there’s one project aiming to build an SBBR-compliant (UEFI+ACPI) AArch64 firmware for the Raspberry Pi 4. Read more