How I hacked Github again posted February 2014
comment on this storyThis is a story about 5 Low-Severity bugs I pulled together to create a simple but high severity exploit, giving me access to private repositories on Github.
Quick access to articles on this page:
- - February 2014 - How I hacked Github again
- - February 2014 - Why are people so bothered about truly random numbers?
- - February 2014 - Manually making a transaction in bitcoins
- - February 2014 - Belgian professor in cryptography hacked
- - January 2014 - How I Lost My $50,000 Twitter Username
- - January 2014 - Initial Permutations in DES
- - January 2014 - VPN hacked and server used to mine bitcoins
- - January 2014 - Jamaican team raises $25,000 in Dogecoin
more on the next page...
Why are people so bothered about truly random numbers? posted February 2014
Question on superuser.com : Why are people so bothered about truly random numbers instead of ones generated by a program?
comment on this storyManually making a transaction in bitcoins posted February 2014
Ken Shirriff has posted an amazing post on his blog on how he managed to manually make (meaning, he didn't use the official bitcoin application) a transaction in the bitcoin ecosystem.
I'm reading through it as I'm typing this, and it's really well explained, you get to see exactly what he does in Python and there are pictures!
comment on this storyBelgian professor in cryptography hacked posted February 2014
Jean-Jacques Quisquater, a renowned Belgian professor in cryptography got his computer hacked, seems like NSA has something to do about it.
comment on this storyHow I Lost My $50,000 Twitter Username posted January 2014
So this guy owned @N on twitter and got extorted his account by a phishing attack. The story is well written and you should read it here : https://medium.com/p/24eb09e026dd
but for a tl;dr the attacker called his paypal account to ask them for his credit card's last 4 digits. Then he called godaddy to ask them to reset the password. They only asked him for the 2 first digits and the last 4s. The attacker just had to guess the 2 first digits (and he did it on the first try, he could have kept calling and trying otherwise).
Now that he had @N's domain's name, he could now see his emails. Took over @N's facebook account and started mailing him "threats".
It's pretty crazy how easy phishing is.
comment on this storyInitial Permutations in DES posted January 2014
I have to code a whitebox using DES encryption in a class. Which is pretty cool (I would have prefered doing it with AES but the other group got tails and we got heads).
Here is where the Stanford course I passed on Coursera shines. The explanation of DES on it is brilliant. I was wondering about the initial and final permutations that occurs in the algorithm though and Dan Boneh doesn't really talk about it besides saying it's not for cryptographic purposes.
I found a solution on a new sub-stackoverflow dedicated to Cryptography : http://crypto.stackexchange.com/questions/3/what-are-the-benefits-of-the-two-permutation-tables-in-des
5 commentsVPN hacked and server used to mine bitcoins posted January 2014
That kind of stuff happens and it's always pretty hard to know it happened and how it happened.
Here's an article about a guy who doesn't seem to know much about security but does a fine job finding out what happened to him and what he can do to avoid future hacks.
http://www.corrspt.com/blog/2014/01/18/tale-vps-hacked/
comment on this storyJamaican team raises $25,000 in Dogecoin posted January 2014
Dogecoin, the bitcoin parody, just saw its price reaching a new level AND is going to allow the jamaican bobsled team to go to the 2014 winter Olympics.
comment on this story