home

Bookmarks - Tagged with "security"

The Long Hack: How China Exploited a U.S. Tech Supplier

china, politics, security

The CCP is the enemy.

Infectious Executable Stacks

binary-exploitation, c, security

Deanonymizing Tor Circuits

c, computer-networks, distributed-systems, programming, security, tor

This is one of many excellent articles written by Dr. Neal Krawetz on security in Tor. I would encourage reading other articles on his website, if you are interested in this sort of thing.

Crackpot Cryptography and Security Theater

crypto, security, quackery

Move Fast & Roll Your Own Crypto

crypto, reversing, security

Despite the imperative title, this is not a suggestion to roll one's own crypto. This is an analysis of the abysmal security in the Zoom video conferencing software.

The PGP Problem

crypto, math, pgp, security

While I feel the author's suggestion to "[u]se Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger" is well-intentioned, I strongly dislike advocating for nonfree software and network services that are run unethically. I am a proponent of OMEMO/XMPP.

I may start using signify for my own software. Of course, I won't entirely give up on PGP, but I think that signing with both would be enough to signal my endorsement of the former.

The lack of a suggested alternative for email is particularly depressing to me. Why haven't we come up with a better system yet?

And the author does well to admit that PGP is still a fair choice for encrypting files. I see myself continuing to use pass for years to come.

Update:I've come back to this article a few years after adding it to this page. I now walk back on the rather inflammatory suggestion that Signal is "nonfree software and network services that are run unethically". While I prefer services that are federated rather than centralized, Signal currently serves as a secure messenger for the less technically inclined. Not to mention, OMEMO/XMPP is derived from the Signal protocol.

Furthermore, I did not verify the claims made in this article. It happens to be quiterubbish.

How to use Trend Micro's Rootkit Remover to Install a Rootkit

reversing, security, windows

Creating a Rootkit to Learn C

c, security, linux

Smashing the heap by overflowing the stack

c, linux, rust, security

Modifying Telegram's "People Nearby" feature to pinpoint people's homes

security

Just use Signal, folks.

Tony Hawk’s Pro Strcpy – I Code 4 Coffee

binary-exploitation, game-hacking, x86, xbox, security, video, video-games

Arbitrary Code Execution in Ocarina of Time

binary-exploitation, game-hacking, mips, n64, security, video, video-games