/dev/urandom

Heartbleeding Private Keys via Metasploit

2014-04-16 21:58:00 +0000

I’ve resisted posting about Heartbleed, just because I don’t think there’s much more to be said, so I’ll keep this brief. By now you know that it allows for reading raw server memory including things like credentials, session tokens, and whatever else happens to be in the web server processes memory near where your request is allocated. This also includes encryption keys used to secure SSL/TLS sessions.

continue reading ->

Open Redirect in benefits.gov for Eight Years

2013-10-14 08:10:00 +0000

While digging into some old phishing campaigns, I came across something interesting. It’s nothing earth-shattering, but the sheer length of time this vulnerability has remained viable, even after being identified in the press as actively exploited in the wild, is noteworthy.

continue reading ->

Hack My iPhone's TouchID @ Derbycon - win $100

2013-09-24 17:09:00 +0000

Just like the title says, if you’re the first to hack my iPhone 5s’ TouchID during Derbycon, I’ll give you $100.

continue reading ->

OTP, Stream Ciphers, and key reuse

2013-08-12 17:08:00 +0000

During (and just prior to) DEF CON, Druid ran a series of challenges for entrance into his LOLBitcoin party. I decided to give them a shot, and thought I’d document my approach to one of the challenges here.

continue reading ->

RoR CVE-2013-0156 In the Wild

2013-05-28 08:09:00 +0000

Ruby on Rails CVE-2013-0156 has recently been exploited in the wild. This vulnerability was the subject of much discussion, and an emergency RoR advisory back in January. It’s pretty suprising that it’s taken this long to surface in the wild, but less suprising that people are still running vulnerable installations of Rails. It also appears to be affected some web hosts

continue reading ->