Hack of the Day: How do I run untrusted shell code? posted October 2014

I've run into a nice series of video called "hack of the day" from Vivek-Ramachandran.

In this first video he explains two techniques :

• jump-call-pop
• xor decoding

I also got nice tips like the examining string function in gdb : x/s $ebx or the folder usr/include/asm that contains plenty of information about assembly.

The full playlist can be found on securitytube.net

POODLE: new attack on SSL posted October 2014

A new attack on SSL 3.0 has been discovered. It's relevant because most browsers (except for Opera) allow a downgrade to SSL 3.0 if it cannot seem to use newer versions. Of course an attacker could disturb the connection and force someone to use SSL 3.0 in order to use the POODLE attack.

Full and clear explanation here

You might want a reminder of what is CBC to read it:

tl;dr: attack happens because of the way padding works in CBC in SSL 3.0

Vim Adventures posted October 2014

It's old but I just discovered it! And since it's not always fun to learn a new text editor, especially one like vim, here's a fun way to do just that!

http://vim-adventures.com/

Erasmus & Korean posted October 2014

A new year starting means new erasmus coming. And this year I've done things a bit differently, instead of just meeting the newcomers I've joined the Erasmus association of Bordeaux "Inter'action Bordeaux" and I've helped them organized many events. Parties of course but also some really cool stuff like:

• A welcome erasmus week-end in a camping next to the Sanguinet lake (and for the first time of my life I slept on the beach! Not really comfy).

• The Feria of Bordeaux, and no worries, no animals were injured, it was more like a silly cow running around people :)

Aside from participating in this new adventure, I've also started taking Korean classes at the same place where I was taking russian classes last year. And I already learned how to write/read korean. It's actually not that hard at all and if you have a few hours to spare you could learn it too :)

I forgot that I also spent quite some time learning Romanian on Memrise this summer and I fell in love with Memrise again. I was actually the first of many romanian classes rankings for many weeks.

Bitcoin mining by hand posted September 2014

Ken Shirriff, still writing about bitcoin, has found a new hobby: mining bitcoin blocs with only a paper and a pen.

Here we go again posted September 2014

So here's to a new school year in Bordeaux. My initial plan was to do my first year in Bordeaux and do my second year in Rennes. I liked Bordeaux so much that I decided to stay here instead, for better or worse.

First, I found a new place. It's way better than my last place (which was really, really bad). And I couldn't have asked for a better location. I'm right in the middle of everything. Bordeaux is small enough that I basically have to walk less than 5 minutes to go to restaurants, shops, supermarkets, the laundry, my friends, etc... Life is easy :)

A few weeks ago an article has been written about my website 3pages in Telerama (a nationwide paper). It's small but that's something :)

Also I started classes last week. But I'll make another post about that!

Slim posted August 2014

I talked about Slim the other day. I wanted to do a similar project not so long ago that I would have called weblang.

I first thought about an indented language with no symbols to declare html elements. Something like that:

p
  a 'more info' href: 'http://www.google.com'
ul
  li
    hey !

But then I thought, how will I distinguish markups from text. If I want to write ul without it being translated to <ul></ul>, how do I do that?
And if I want to write several lines of text, will I have to indent them all the time ?

That's why I quickly thought the language would need brackets and a symbol to distinguish markup from plain text (I used $).

Slim is somehow what I had imagined at the beginning and it's working!

The above example in Slim would be written as such:

p
  a href="http://www.google.com" more info
ul
  li
    | hey !

Not so far from what I had in mind :)

If you're not convinced yet, try this html to Slim conversion app on a heavy html page of yours that you can't really understand anymore and you'll see how amazing it is!

Rails 4 Tutorial posted August 2014

I'm still deep in Rails. The official documentation is okay but kind of bloated. Fortunately I stumbled on Kevin Skoglund's Ruby on Rails 4 Essential Training Course on Lynda and it is fabulous. Plenty of small videos I can watch when I want to get educated on a specific topic. And it's way easier to digest than the official's guide. I recommend it!