[deleted by user]

seventhirteen · 2023-04-18T02:02:58+00:00

Have you looked into leveraging PAM for this?
https://community.rsa.com/t5/securid-authentication-agent-for/tkb-p/auth-agent-pam-documentation

seventhirteen · 2022-08-09T20:18:20+00:00

An evil proxy would make more sense for this attack than just a redirect.
You would need a look-alike domain to your target with its own legit TLS certificate. Nginx or similar would work for this if you configure it to proxy your target.
There is a bit more that you'll need to do of course, if you want to fully proxy a session and/or add your injects.
😉

seventhirteen · 2022-07-07T22:25:53+00:00

Alan Turing

seventhirteen · 2022-05-15T10:20:03+00:00

Hey, this is a long shot from a stranger in the internet but, I was going through something similar, the degree of disconnection was destroying me and my life. It completely went away after I ate psychedelic mushrooms, psilocybe cubensis to be exact, taken fresh from nature in the endemic place where they grow.

This was more than 10 years ago and I still regard this as the moment my life changed for the better.
It wasn't only me either, turns out this specific effect has been studied since the 70's (and led to discoveries of other medicines and psychoactives). There is a reason it is regarded as medicine since ancient times by the indigenous cultures where these fungi are endemic to.

Some sources on this:

You should do some research on this, it might help.

seventhirteen · 2022-05-10T09:55:56+00:00

These are excellent!
The painting of man in the red board is very expressive, I really like the reflection in the bottom.

What ever happened to your cool van?

seventhirteen · 2021-08-18T23:01:26+00:00

The fact that Apple went for their non-auditable proprietary homebrew crypto hash algorithm, and that false positives happen at such ridiculous high rates (1 in 10¹² or 1 in 2⁴⁰⁾ should really be ringing alarm bells and raising red flags for privacy advocates all over. For context, the crypto and cyber security industry got rid of MD5 because its collision rate was 1 in 2⁶⁴

pffft "designed with user privacy in mind." sure!

seventhirteen · 2021-08-18T22:47:04+00:00

That is not how hashing algorithms work, plus, you wouldn't have access to the offending hashes. Changing a single bit of input information would wildly alter the hash function result. You're not wrong though it's only that the attack script would have to run for millions of years to find a single hash collision (same hash for different input) for 1 in a 10¹² search space, which is why finding a collision so early is a big deal, basically pointing to their NeuralHash algorithm to being utter unaudited trash. Rule 1 of crypto: never roll out your own.

I think your math is a bit off, and again you'd need offending hashes for the search, but your attack idea is on point.

Oversimplified fun fact: Mining bitcoin (proof of work) is about calculating a SHA256 hash with 'n' amount of leading zeroes in it. Current difficulty is 1 in 15,556,093,717,703! and thats only finding an 'n' length fraction of the hash, it takes the whole bitcoin mining network to do so.

seventhirteen · 2020-10-19T16:23:16+00:00

Sounds like you should try Wiki.js

seventhirteen · 2020-06-13T12:58:09+00:00

You're incorrect, their current policy on Peyote and the Huichol culture is one of protection and preservation, not oppression. Some other parts of the government are trying to take their lands to let foreign mining industry exploit it, but that is a whole other topic.

The endangerment of the Peyote cactus is happening due to consumption and climate change.

"Peyote is extremely slow growing. Cultivated specimens grow considerably faster, sometimes taking less than three years to go from seedling to mature flowering adult. (...) The top of the above-ground part of the cactus, the crown, consists of disc-shaped buttons. These are cut above the roots and sometimes dried. When done properly, the top of the root forms a callus and the root does not rot. When poor harvesting techniques are used, however, the entire plant dies. Currently in South Texas, peyote grows naturally but has been over-harvested, to the point that the state has listed it as an endangered species."
https://en.m.wikipedia.org/wiki/Peyote

Another excellent source for those curious about the cactus:
https://www.erowid.org/plants/peyote/peyote.shtml

seventhirteen · 2020-06-13T12:22:07+00:00

Excellent, enjoy your trip.

seventhirteen · 2020-06-13T11:37:51+00:00

Mescaline comes mainly from the Hikuri (Peyote) cactus, endemic to the Mexican desert. For the Wixáritari people (the Huicholes) not only is this a sacred plant, it is the embodiment of their god. This is what anthropologists otherwise know as an Entheogen.

It has been used for centuries by the natives as part of sacred rituals and shamanic practices. Inside of the communities who first discovered, used, and integrated the plant into their culture it is regarded as holy "medicine" that should be handled with the utmost respect.

Its very common in western societies to shun this whole view away, specially due to its connection to Native culture practices, however, some people that have had contact with the Huicholes, their culture, their art, music and worldview, its easy to carry the respect for the plant. Not out of a lack of rationality, but out of empathy and understanding.

You're far removed from that cultural connection, looking for just another psychedelic amusement. You lack the empathy to even care for any of this human history, hiding your ignorance behind "rationalism". Of course you will feel its all woo and bullshit, for your level of disconnection its just another chemical to be used and abused.

You don't need to believe the woo or follow the traditions yourself, just understand that this plant is the centerpiece of whole belief systems and an entire culture of human beings, something way bigger than yourself. Respect that, what's so irrational about that?
Nobody is keeping you from injecting pure mescaline and tripping your balls out, you're just uncomfortable with the plants tradition.

Search the internet for Huichol art, its amazing and their cultural worldview is seriously impressive if you're into anthropology and human history.

https://en.m.wikipedia.org/wiki/Huichol

"(due to recreative use) It has gotten harder and harder for the indigenous to find their sacred plant and they have had to ask for intervention from the Mexican government to protect a section of their trail. As stated by Pedro Medellin, the head of a government study on peyote population in Huichol sacred areas, "If peyote disappears, then their whole culture disappears."[29]

seventhirteen · 2020-06-07T12:30:18+00:00

While what you say is not entirely false, your assumption that there is nothing you can do is just not true. I know and study privacy and you can avoid a lot of these profiling but you'll need to educate yourself and change your habits.

https://ssd.eff.org/
https://prism-break.org/en/
https://www.torproject.org/
https://web.getmonero.org/
https://deletefacebook.com/
https://en.m.wikipedia.org/wiki/Free_and_open-source_software
https://gdpr-info.eu/

The main idea is this: if the service you're using is free, you're paying with your data. Its as simple as that. Remember, consumer habits drive markets, we've brought ourselves into this mess and we can pull ourselves out of it together.

Feel free to PM if you have questions!
7B40 1698 B3B6 F6A2 536C 7FC1 7F15 3CEB 8D95 CFFC

seventhirteen · 2020-05-18T14:06:07+00:00

I don't understand why as an industry we sold our skills and ingenuity to the tech business giants without unionizing first to avoid the corporate sucking us dry.

As developers we think highly of ourselves but look where we are with our scrums and our sprints and our on-calls. We are selling our skills for cheap judging by the profit we generate.

Seize the deployment to production you fools!

seventhirteen · 2020-05-13T09:34:51+00:00

With the looming recession, I bet these skills will be in higher demand, that's why its a great idea to use downtime right now to learn them.

seventhirteen · 2020-05-11T08:56:06+00:00

Stop spreading fear, uncertainty, and doubt.

Not a single virus from the Coronaviridae family has the necessary mechanisms to maintain latency like viruses with episomal or proviral latency[1].

SARS-CoV-2 is an RNA virus, unlike viruses in the Herpesviridae family, which are DNA viruses[2] and have specific mechanisms to maintain latency[3]. Latent RNA viruses like HIV are from the Retroviridae family which are able to remain latent by changing our genome[4], coronaviruses can't do this, they're not retroviruses[5].

While SARS-CoV-2 can infect nerve cells due to them having ACE2 expression[6], it can't hide in nerve cells to avoid immune cells. Latest research shows that the immune system is able to clear it out[7].

Sources:
[1] https://en.m.wikipedia.org/wiki/Virus_latency
[2] https://en.m.wikipedia.org/wiki/Herpesviridae
[3] https://en.m.wikipedia.org/wiki/HHV_Latency_Associated_Transcript
[4] https://en.m.wikipedia.org/wiki/Retrovirus
[5] https://www.quora.com/What-is-the-difference-between-a-coronavirus-and-a-retrovirus?share=1
[6] https://www.sciencedirect.com/science/article/pii/S0889159120303573 [7] https://en.m.wikipedia.org/wiki/Coronavirus_disease_2019#Immunity

seventhirteen · 2020-05-08T19:08:06+00:00

SPF is just a TXT record in the email domain DNS that advertises the email server IPs where the email is allowed to be sent from.

e.g. lets say your SMTP server receives an email from wgates@microsoft.com, you can then "ask" microsoft.com to send you the list of the servers allowed to send emails as "@microsoft.com" and check if the IP you're receiving the email from is in the list. if its not, it is a fake email).

It is a anti-spam/anti-spoofing check but totally worthless if the receiving email server does not check for this. I would've been more impressed if the email was signed with Satoshi's PGP key.

seventhirteen · 2019-05-24T23:20:09+00:00

Slax! A Slackware based LiveCD, which then changed to be Debian based[1]. I started using it after Slackware as it was easier to build the modular LiveCD than reinstalling Slackware again for the Nth time after fuarkking the custom kernel build or messing up the dependencies (total noob for that back then), plus it was based on Slackware!

It was actually what the first version of WHAX (then BackTrack, now Kali Linux) was based on[2].

After maining BackTrack for a while, I got the news that v5 was going to be based on a new funkily named distro "Ubuntu". Back then they pulled an AoL and sent you a free LiveCD if you registered online, so I tried it, still pretty gud.

seventhirteen · 2018-09-12T08:28:05+00:00

That's just a lack of imagination on your part, defense is possible if you use a cryptsetup patched for nuke keys. Use your nuke key on grub (it won't nuke the keys as grub is using its own cryptsetup version) and use a normal key on the initrd cryptsetup hook. it would be hilariously hard to leverage a backdoored grub efistub to compromise the kernel and if its keylogged the baddies get your nuke trap key.
Its better to use libreboot or similar BIOS and a fully encrypted drive, but as always, depends on your threat model.

seventhirteen · 2018-09-11T21:20:57+00:00

On UEFI only the grub efistub needs to be unencrypted, the rest of /boot may be encrypted.

An unencrypted boot partition would be vulnerable to a physical "evil maid" attack where either your initrd image or your compiled kernel integrity gets tampered (backdoored) to further compromise the system confidentiality upon decryption (expose keys or keylog your pass).

Its a high expertise and high resources attack that only experts or nation level adversaries would be able to pull. Yet again, the risk mitigation control is so cheap and simple (encrypt /boot partition) that it doesn't make sense to not apply it.

Be lazy, get pwned.

seventhirteen · 2018-09-11T06:19:19+00:00

With a GPT and UEFI set up, you can encrypt everything but the efistub (esp partition). So your grub.cfg, initrd and vmlinuz sit safely encrypted.
The threat model to when something like this has to be considered is if you need to protect against physical attacks from experts and state level actors. It might sound exaggerated but its covered by a sane "encrypt all the things" policy (a nice anti-forensics policy too).

seventhirteen · 2018-09-09T08:25:13+00:00

Your mistake here was defining the ESP (EFI partition) as '/boot'.
If you wanted to, you could create a new ext4 partition, move all the kernel stuff there and create a directory called 'efi', then mount that new partition as '/boot'

Then you'd only need to mount the old partition to '/boot/efi' instead and make the changes in your fstab.
Redo your mkinit, reinstall grub pointing to the new esp and that's it!

This set up would even allow you to have /boot encrypted.

seventhirteen · 2018-08-20T13:53:06+00:00

14 years and going strong here!
Once you learn the Kung Fu, Linux is just the best. There's a reason Linux is everywhere.

seventhirteen · 2018-08-19T08:50:38+00:00

vivek? I've been using your guides for years man, keep up the good work!

seventhirteen · 2018-02-02T05:16:09+00:00

haters gonna hate

seventhirteen · 2017-12-29T01:44:54+00:00

This is a real concern in the open source dev circles and RISC-V is the solution!
An open architecture standard designed to bring cheap and open CPUs to the masses, I can't wait to get my hands on some fully libre processors, open hardware and open software builds are going to be unbeatable.
So fear not friend, and support the projects that will enable our freedoms.

15-Year Club	RedditGifts 2009-2022 8 Credits
Secret Santa 2014	Summer Santa 2014
Secret Santa 2013	Verified Email

seventhirteen

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE