I always thought I could reduce the amount of time slacking if I could track my time on facebook, reddit, hackernews... like I track my calories intake to reduce my weight. I couldn't find a good firefox plugin for that so I decided to make one.
I'm opensourcing the code right here: https://github.com/mimoo/FirefoxTimeTracker
I'm pretty surprised with Firefox SDK and it's actually easier than what I thought to build a browser plugin. It might also help that everything Mozilla documents is clear and pretty.
At the moment the code successfully logs the time passed on different websites across sessions. It just lacks nice graphs. If you want to try it just wait a couple days until I ship.
A kleptographic attack is an attack which uses asymmetric encryption to implement a cryptographic backdoor. For example, one such attack could be to subtly modify how the public and private key pairs are generated by the cryptosystem so that the private key could be derived from the public key. In a well-designed attack, the outputs of the infected cryptosystem would be computationally indistinguishable from the outputs of the corresponding uninfected cryptosystem. If the infected cryptosystem is a black-box implementation such as a hardware security module, a smartcard, or a Trusted Platform Module, a successful attack could go completely unnoticed.
I've seen implementations of this in the wild, here on reddit (python) and here on lobsters (C#)
Here's a funny topic on CS Theory StackExchange: https://cstheory.stackexchange.com/questions/4491/powerful-algorithms-too-complex-to-implement?newreg=dbe44b3dd8ca41019f6a4a23b9fea6d3
What are some algorithms of legitimate utility that are simply too complex to implement?
Here's an awesome explanation of shellshock: https://bitbucket.org/carter-yagemann/shellshock/src/f0a88573f912?at=master
This repository contains useful documents which I have written to help educate the cybersecurity community on the "ShellShock" bash vulnerability. These documents are designed to help facilitate learning, including on how to identify possibly vulnerable services and how to remediate such vulnerabilities.
It's actually the clearest explanation I've seen on the subject.
Made by these guys from Syracuse:
- Carter Yagemann
- Amit Ahlawat
Excellent finding from Adam Back.
If I understand the article correctly, when exporting encrypted content with Lotus-Notes, 24 bits of the 64 bits key would be encrypted under one of the NSA's public key and then appended to the encrypted content (I guess). This would allow NSA to decrypt those 24 bits of key with their corresponding private key and they would then have to brute force only 40 bits instead of 64 bits.
This shouldn't allow any bad attacker to get any advantage if they don't know the NSA's private key to decrypt those bits. And if they do acquire it, and they do decrypt 24bits of key, they would still have to have the computing power to brute force 40 bits of key. I have no idea what I'm talking about but I have the feeling the NSA might be the most powerful computing power when it comes to brute forcing ciphers.
I posted a tutorial of awk a few posts bellow. But this one is easier to get into I found. It says Awk in 20 minutes but I would say it takes way less than 20 minutes and it's concise and straight to the point, that's how I like it.
EDIT1: And here's a video of someone using a bunch of unix tools (awk, grep, cut, sed, sort, curl...) to parse a log file, pretty impressive and informative: https://vimeo.com/11202537
EDIT2: Here's another post playing with grep, sort, uniq, awk, xargs, find... http://aadrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html
I wanted to get into educational videos and this is my first big try (of 13minutes). I made some quick animations in Flash and some slides and I recorded it. I didn't want to spend too much time on it. It doesn't feel that clear, my English kinda got stuck sometimes and my animations were... crappy, let's say that :D but it's a first try, I will release other videos and improve on the way hopefully :) (I really need to get more pedagogical). So I hope this will at least help some of my fellow students (or people interested in the subject) in understanding Differential Power Analysis
Note: I made a mistake at the start of the video, DPA is non-invasive (source)
$cur = 'plaintext'
$cur = md5($cur)
$salt = randbytes(20)
$cur = hmac_sha1($cur, $salt)
$cur = cryptoservice::hmac($cur)
[= hmac_sha256($cur, $secret)]
$cur = scrypt($cur, $salt)
$cur = hmac_sha256($cur, $salt)
the explanation is here
tl;dr: the md5 is here for legacy purpose, cryptoservice::hmac is to add a secret salt, scrypt (which is a kdf not a hash) is for slowing brute force attempts and the sha256 is here for shortening the output.