rednovae's comments

rednovae · on May 20, 2015

I have reported vulns to NetGear before. They don't have any sort of security department, nor a method to handle vulnerability reports.

I have no idea what the truth actually is, but my experience would lead me to believe worst case.

MichaelGG · on May 20, 2015

I know it's illegal, but it'd be eye opening to worm these machines, then have them inject a banner sometimes, to alert the user. I suppose that's an ethics question overall. I know many exploits that can and are being used for financial gain. [1] The vendors respond very poorly (lying or getting angry at me). Companies and customers are at risk. But no one cares. Unless a major incident occurred...

1: One expensive (8 digit) system that was targeted at multi tenant setups used Java for the UI. Annoying but OK. But, how did the Java app determine your login privileges? Oh, easy! The app would download the root credentials for the system, use them to login to MySQL over the Internet, then "SELECT Permissions from user where...".

I met the developers and their response was " yes that's a known issue in the current version ". Ignoring that many users were stuck on that version for a long time. For bonus points, this system logged the root credentials to debug log, in the user's home directory. I'll let you guess if their updated version was vulnerable as all hell, too.

Edit: This was a major VoIP switch vendor (NexTone, now killed/bought by Genband IIRC), so exploits were easily turned into money. (Just route traffic on someone else's trunk for a bit.) Though I've dealt with other VoIP providers, ones that keep much more info (full end user info, CALEA module available) that had SQL injection-> root takeover on the login page. That puts end users at risk, too. Their response? " Our programmers are top notch C/C++ guys, they just aren't perfectly familiar with PHP... "

rednovae · on May 9, 2015

Not an article, but this is a register-based VM that should be simple and straight-forward to understand. Also comes with an assembler, disassembler and debugger.

https://github.com/endeav0r/hsvm

rednovae · on May 4, 2015

This isn't an article, it's a paragraph!

_lce0 · on May 4, 2015

..and it somehow managed to get to FP

we should stop upvoting such clickbaits

rednovae · on April 24, 2015

https://github.com/endeav0r/hsvm - 16-bit virtual machine with a bunch of reversing and exploitation challenges.

https://github.com/endeav0r/rdis - Visual reverse-engineering tool for Linux with custom graph layout stuff.

kristopolous · on April 24, 2015

That documentation is so awesome.

You may think about doing a version with https://github.com/kristopolous/BOOTSTRA.386 ...

rednovae · on Jan 28, 2015

If my password is catsanddogs, there is not much entropy in this password. If the connection was based off symmetric crypto from the get go, where the key was seeded from that password, you could capture some traffic and offline attack the key based off a weak user password.

The alternative is safer. You would have to brute force the login online.

I think you don't know what an IV is. The IV is not secret. Maybe that's where the confusion comes from?