After 3 straight years of pwn2own invincibility, someone finally bested all of chrome’s mighty security to downloaded and run code. French security research firm @vupen used two exploits to bypass ASLR, DEP, and leave the sandbox to run a calculator (in this demo). The calculator might be innocuous, but method is quite significant. Impressive work by the good guys.
Category: Web
Making stuff! in order to break stuff.
I slapped together a possibly useful php wrapper for highly useful open source tools. Now you can strip the passwords from your pdfs with only a web browser. Don’t thank me, thank the guys over at mupdf for pdfclean or maybe my sister for needing my help with pdfs. check it out: https://be3n.com/toybox/breakpdf/
FYI, it only helps with DRM, not encryption. enjoy.
Gawker fiasco and what we’ve learned about password reuse.
Gawker Media (Lifehacker, Gizmodo, etc.) was hacked by a group calling themselves #gnosis and their entire user database (as well as source code for the sites) was posted to a popular torrent site. Downloaded already no doubt by hundreds or even thousands of would be nar do wells. What does this mean? what can we learn? More then 50,000 users used “password” for their password. Read the oficial statement here. I did enjoy the irony of Facebook connect users being safe from this. If you had an account on any of these sites, your information is compromised and i prey you don’t reuse your password. Change it, change it fast. Millions of user’s Data was exposed (names, emails, passwords). The ramifications of this breach will continue over the next few weeks as users accounts on other services begin to wreak havoc.
here is a humerious comic about password reuse:
http://xkcd.com/792/
Enemies of freedom don’t get my business!
When amazon dropped wikileaks from it’s servers under government pressure without any actual criminal or copyright wrongdoing they showed where they stood in regards to the first amendment. Anyone who disregards their principals at the approach of a powerful adversary is spineless. Without proof, or at least due process, we are innocent in this country. At least that is how it is supposed to be. I encourage all holiday shoppers to avoid amazon.com. These are scary times and we don’t need our interent providers abusing their authority and helping censor our internet. Now dyndns.com joins the ranks of the enemies of freedom. I did business with them for years, but no longer. If you stand against freedom, i will vote in the most powerful way i have: with my wallet.
When COICA came up it looked dangerous, however it turns out that it’s power was already granted inside the DMCA. The government can already seize any website that they even suspect of copyright infringement. however, the US government does not copyright its documents, and thus wikileaks was a terrible target. These laws should not apply at all. Using these methods to silence dissenters is NEVER effective. especially in this: the information age.
Firefox 3.6.12 Released! fixes serious security problem.
The vulnerability has been seen in the wild. it’s more then theoretical now. be safe(r), update.
Viacom vs Youtube! Great Retort!
vlogbrothers John Green explains how viacom has broken it’s own rules! EFF linked to it, and they make some amazing points.
EDIT: thanks anne for the correction.
new facebook integration!
lets see how well this works!
coding til 5am. Again.
php is amazingly easy to get things done in. i’ve started so many projects i’ve had to make a toybox to put them in. i think i’ll try my hand at a wordpress plugin. that should be fun. but i have one unbelievably useful tool that i think i might be able to bang out first. useful to me anyhow. i’ll talk more about it when it’s actually useful.
i wanted to learn php so i ported an ascii art generator!
20 minutes to make php work. 3 hours to make the javascript work.
check it out: http://be3n.com/figlet/
_ _ _ __, _|_ __ / |/ | |/ / | | / \_ | |_/|__/\_/|_/|_/\__/
/
test of my new short url system
here is a link (i hope): be3n.com/1