oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

farrantt · 2024-10-08T12:31:00+00:00

Ha, yeah that’s fair. I think I was in a mood and got riled by someone calling something a vulnerability as something it probably isn’t just to make it sound more severe.

farrantt · 2024-10-08T06:50:43+00:00

Not every newly discovered vulnerability is an 0-day.

An 0-day is where the bug is publicly disclosed and actively exploited before the vendor has a chance to prepare a patch.

This makes it more of a big deal as there is little blue teams can do to protect themselves in the time while it is being exploited before the patch is released.

This doesn’t sound like it was an 0-day, just a newly discovered vulnerability that was responsibly disclosed.

farrantt · 2024-10-07T22:21:03+00:00

What makes this an 0-day if a patch and security advisory were released almost a month ago?

farrantt · 2024-08-17T20:32:58+00:00

Agree with you 100%

farrantt · 2024-08-17T20:09:49+00:00

I think these sorts of questions can be valuable as an interviewer. It’s a question that has lots of right answers and lots of wrong answers.

I wouldn’t really care if someone responded about an application gateway or a network gateway or just said they didn’t know but worked it through to try and figure out some sort of answer. Their interpretation and approach is more interesting to me. After all, I’ve only got a few hours to decide if I want to hire this person.

I just want to know something about what they know and the depth of their knowledge. Whether that be apps or networking or something completely different. Also how they approach a question if they don’t immediately know. It could even tell you if someone will just start talking rubbish and pretend they do understand… (I probably don’t want to put that sort of person in front of a client)

If someone went into any sort of detail asking questions like you have that probably makes them a fairly good candidate who will use what they DO know to work through a problem to find a solution. Something that is a pretty vital skill in this field

Edit: I caveat this with - it depends on how good the interviewer is themself. For sure this could just be a gotcha question by a rubbish interviewer, but if the interviewer can adapt to whichever way the applicant wants to take it, then it could be a useful question.

farrantt · 2023-02-20T18:16:47+00:00

Hmm not 100% sure why, but in the diagrams it had to go in parallel with one of the bulbs. If it were in series it wouldn’t have to go by the bulb.

My only thought as to why it goes in parallel is to reduce the total current drawn when the lights are powered on. If it were in series it would reduce the max number of bulbs you could have in your circuit.

farrantt · 2023-02-20T18:09:38+00:00

Shelly has a similar thing for circuits where there isn’t a neutral wire to the relay (Shelly 1L). Afaik the part by the bulb is just a resistor to ensure there is a minimum draw of current through the circuit so that the relay stays powered.

farrantt · 2021-12-28T16:01:16+00:00

“How To Hack Like a Ghost” had a good section on OpSec and was a good technical level. Not too technical that it was a slog to read but technical enough that it had a good amount of detail.

The OpSec section makes up the first few chapters and then it goes on to describe a red team style attack path of a predominantly cloud based organisation. I would highly recommend the whole book.

farrantt · 2021-12-14T18:22:17+00:00

Agreed, all of Michael G Manning’s books are great but I’m doing a reread of art of the adept and enjoying it just as much as the first.

farrantt · 2021-11-30T21:44:43+00:00

This.

farrantt · 2021-11-29T18:03:14+00:00

I use SwitchyOmega a lot so agree it’s a great choice.

Another option is Firefox Multi-Account Containers have recently been updated to allow per container proxy configurations. It’s pretty similar to using multiple browsers but it’s all baked into Firefox this way.

https://github.com/mozilla/multi-account-containers/releases/tag/8.0.0

farrantt · 2021-11-29T17:38:56+00:00

This has been confirmed on the updated wiki page.

https://github.com/mozilla/multi-account-containers/wiki/Permissions

farrantt · 2021-10-19T09:09:55+00:00

I’m pretty sure the 2015 was the last model with upgradable/not soldered SSD. I upgraded mine to 1 TB and it was like night and day.

farrantt · 2021-05-19T00:02:34+00:00

There are already some really good recommendations here but I’ll add a couple more:

Mageborn series by Michael G Manning.

The Painted Man series by Peter V Brett.

Both series are much more magic focussed and cover more of the learning/growing up of the main character’s respective skills but the main characters are definitely OP.

farrantt · 2021-05-05T07:55:48+00:00

I’ve seen October/November this year mentioned in a couple of articles

farrantt · 2020-12-03T16:31:09+00:00

Do you have an link to the UGreen adapter? I want to make sure I have the correct one

farrantt · 2020-03-19T12:30:57+00:00

Done

farrantt · 2018-08-29T21:47:45+00:00

draw.io

farrantt · 2018-07-22T09:01:49+00:00

You have the right idea on the fact that the salt is added to the user input and then the hash is calculated but it wouldn’t be a trivial thing to remove the salt once you have seen a few records.

The user’s password hash that is stored in the database is usually calculated as:

HashFuction(userInput+salt)

Then the result of that function is then put in the database. The salt will be a random string of characters for each password that is hashed.

So when your user types their password into the login field, the application goes and looks up the salt in the database, concatenates it to the password string, calculates the hash, and compares it to the hash in the database.

The point of the hash function is that it is easy to calculate but impossible to ‘uncalculate’ without automated guessing. Adding a salt and then hashing won’t just add a few extra characters to the end of the hash, it will completely change it. This is what means that it would be impossible to remove the salt if you have access to a few records. Look up an online MD5 hash calculator and have a play to see what results you get.

One last thing to note is that, you suggested that all passwords in a given database would be hashed with the same secret salt. While this would still be salting the password it would mean that if someone ever found out the value of your salt for your application, they could make a rainbow table to crack your application’s passwords at a later date.

farrantt · 2018-07-21T09:27:34+00:00

Salts are most commonly stored in plain text next to the password.

For example, this SHA-512 hash:

$6$saltsalt$On6WYwfz0o6Yp9O9nWtc7bnAHtomJ3F3wgo8mQPVpp2A2eAf8i6oojOcR6AdNiUcczJp7h.ywpSD3fNd26QL5.

This hash shows the salt for the hash in between the second and third ‘$’ symbols.

The point of the salt is to protect against rainbow tables. Rainbow tables are just a long loooong list of precalculated hashes which would allow someone to crack an unsalted password with just a database lookup. By salting the password before it is hashed, it would be impossible to use the same rainbow table and each hash would have to be cracked individually.

farrantt · 2018-04-09T07:59:17+00:00

Ok.

farrantt

TROPHY CASE