home

Bookmarks - Tagged with "security"

The Long Hack: How China Exploited a U.S. Tech Supplier

china, politics, security

The CCP is the enemy.

Infectious Executable Stacks

binary-exploitation, c, security

Deanonymizing Tor Circuits

c, computer-networks, distributed-systems, programming, security, tor

This is one of many excellent articles written by Dr. Neal Krawetz on security in Tor. I would encourage reading other articles on his website, if you are interested in this sort of thing.

Crackpot Cryptography and Security Theater

crypto, security, quackery

Move Fast & Roll Your Own Crypto

crypto, reversing, security

Despite the imperative title, this is not a suggestion to roll one's own crypto. This is an analysis of the abysmal security in the Zoom video conferencing software.

The PGP Problem

crypto, math, pgp, security

While I feel the author's suggestion to "[u]se Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger" is well-intentioned, I strongly dislike advocating for nonfree software and network services that are run unethically. I am a proponent of OMEMO/XMPP.

I may start using signify for my own software. Of course, I won't entirely give up on PGP, but I think that signing with both would be enough to signal my endorsement of the former.

The lack of a suggested alternative for email is particularly depressing to me. Why haven't we come up with a better system yet?

And the author does well to admit that PGP is still a fair choice for encrypting files. I see myself continuing to use pass for years to come.

Update:I've come back to this article a few years after adding it to this page. I now walk back on the rather inflammatory suggestion that Signal is "nonfree software and network services that are run unethically". While I prefer services that are federated rather than centralized, Signal currently serves as a secure messenger for the less technically inclined. Not to mention, OMEMO/XMPP is derived from the Signal protocol.

Furthermore, I did not verify the claims made in this article. It happens to be quiterubbish.

How to use Trend Micro's Rootkit Remover to Install a Rootkit

reversing, security, windows

Creating a Rootkit to Learn C

c, security, linux

Smashing the heap by overflowing the stack

c, linux, rust, security

Modifying Telegram's "People Nearby" feature to pinpoint people's homes

security

Just use Signal, folks.

Arbitrary Code Execution in Ocarina of Time

binary-exploitation, game-hacking, mips, n64, security, video, video-games