It looks like everyone's favourite FIDO token provider might have an unpatchable vulnerability! Much Sturm und Drang from the usual sources. But how bad is it really? Not so bad - but it does expose some weaknesses in the very idea of having physical tokens. First up, as the research paper's abstract says: The attack requires physical access to the secure element So, straight off the bat, this reduces the likelihood of attack. Someone would need to actively target you. Of course, if…
Continue reading →
This book is outstanding. It's the mid 1980s, you're administrating a nascent fleet of UNIX boxen, and you are tasked with accounting for a 75¢ billing discrepancy. Naturally that eventually leads into an international conspiracy involving the FBI, NSA, and an excellent recipe for chocolate chip cookies. It is a fast paced, high-tension, page turner. There's also a sweet moral core to the story - as well as the somewhat saddening death of naïvety. It's hard to overstate just how fun this book …
Continue reading →
A bit of a thought experiment - similar to my Minimum Viable XSS and SVG injection investigations. I recently found a popular website which echoed back user input. It correctly sanitised < to < to prevent any HTML injection. Except… It let through <h2> elements unaltered! Why? I suspect because the output was: <h2>Your search for ... returned no results</h2> And, somehow, the parser was getting confused. OK, what can we do with this little vector? The first thought is to u…
Continue reading →
This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Verdicts Some of the lab tasks were impossible without looking at the cheat sheet. I got stuck on one because the question told me to go to one URl, but I had to guess the one which was vulnerable. Felt like a bit of a "gotcha" moment. Perhaps in a proper lab environment it might have made more sense - but…
Continue reading →
This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! The penultimate day. Try not to worry about the upcoming exam! Today was lots of HTTP, TLS, and other low-ish level stuff like that. But mostly focussed on common website attacks. Verdict Bit of a repeat of yesterday's Windows session to make up for the broken labs. The exam requires 50% right answers to…
Continue reading →
This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Day 3 - the day I was dreading most of all… Windows! I've been avoiding M$ WinDoze (LOL!!!) since long before it was fashionable. Even at my earliest jobs, I'd find a way to convince the IT department to let me run Linux on their kit. I'm penguin-powered, baby! So, what can an Ubuntu toting geek learn about …
Continue reading →
This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Day 1 was all about password cracking and metasploit. Today? Linux Hacking! Sadly, we aren't learning anything to do with distributing 1337 cracks for warez (so 1998!). One point to note is that the questions we're set are extremely vague. Here's a sample: Exploit the HeartBleed vulnerability on…
Continue reading →
As part of my MSc, I have to take three "Professional Practice" courses. The course provider, QA.com, let me choose anything from their online catalogue. The first I'm doing is Certified in The Art of Hacking. As regular readers will know, I'm pretty reasonable at hacking. I have received bug bounties from Google, Twitter, Samsung, and a bunch of others. I don't claim to be an expert - and I doubt I'll be on any top-10 lists - but I have a reasonable, albeit informal, background. It's that…
Continue reading →
This is a two-part blog post about rewriting the rules. I hated playing sports as a teenager quelle surprise. In a vain attempt to get me to love the beautiful game, a PE teacher once made me team captain for a kickabout. My rival? Sporty Dave. Head boy, house captain, and conqueror of puberty. The PE teacher made us pick our teams. I went first and, naturally, chose the weakest of my classmates - Fat Derek. He was overjoyed not to be picked last for once. "You idiot!" whispered Dave. He…
Continue reading →
Last year, I blogged about why I make my work calendar public. It is useful to have a public website where people can see if I'm free or busy. But the version I created relied on Google Calendar which, sadly, isn't that great. It doesn't look wonderful, especially on small screens, and is limited to only one calendar feed. So I used the mighty power of Open Source to build my own! https://edent.tel/calendar It uses two cool components. First, the DHTMLX Scheduler tool - a GPL-licensed…
Continue reading →
Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down. I'm a civil servant in the UK. Luckily, I suppose, I don't often have access to TOP SECRET information. I suppose I could leak the canteen's lunch menu, but that won't make headlines. What drives a person to jeopardise their career, their f…
Continue reading →
The Netherlands is a world leader in responsible disclosure. The Dutch like to resolve conflicts through a process of general consultation: the famous ‘polder model’. In this book, we hear from the hackers, system owners, IT specialists, managers, journalists, politicians and lawyers who have been key players in a number of prominent disclosures. Their stories offer a glimpse into the mysterious world of cyber security, revealing how hackers can help us all. A short but essential volume. A …
Continue reading →