Forgot your password?

Comment: Re:What a shame (Score 1) 159

by Qzukk (#46762081) Attached to: Snowden Used the Linux Distro Designed For Internet Anonymity

Just like a malicious client can suck data out of a vulnerable server, the same can work in reverse, though clients tend not to keep an SSL connection open any longer than they need to (unless, it's IMAPS or FTPS or chat or some other application with persistent connections).

If you suck the private key out of a bank webserver's RAM, then perform a MITM attack on the bank users using the bank's own certificate, not only can you get their bank credentials (by them filling in the form and sending it to you), depending on the browser you may or may not be able to suck up other accounts from them (eg user logs into a credit card company site to see their bill, then logs into your fake bank to see if they can pay it).

Comment: Re:Subtle attack against C/C++ (Score 1) 175

by Qzukk (#46761237) Attached to: The Security of Popular Programming Languages

std::containers don't need to store their size as a separate variable

C strings don't either. It's the protocol that said "hey, rather than null terminating strings, let's put a length byte like Turbo Pascal never went out of style!"

The fun thing is that that design decision has lead to an entire CLASS of SSL bugs (in all stacks, not just openSSL) eg invalid certs validating because of a null byte in the Common Name. And heartbleed was just one more in that heap.

Comment: Re:MK Observer (Score 1) 236

by Qzukk (#46730571) Attached to: GM Names Names, Suspends Two Engineers Over Ignition-Switch Safety

It reads like it was spewed out by a markov chain generator trained on a tiny subset of language to make sure that its rambling stays on topic, but still makes no guarantees that it comes out in English.

Maybe that's what the MK means? I had a look at the other stories on the site:

The issue is these venues value their transactions off of the distributed costs on the exchanges – in addition, if those costs need uprightness, then “darkpool” evaluating will itself be twisted.


Whatsoever it is, the tinkle about the blip demonstrates that individuals are looking at the rover photographs nearly. An imaging master at NASA’s laboratory imparts his hypothesis: An “cosmic beam hit” influenced Curiosity.


Some of the less gibberish articles have writing/editing citations at the bottom, maybe they are generated by a computer then cleaned up afterwards? Others are quite clearly press releases.

Comment: Re:fake website (Score 3, Informative) 84

by Qzukk (#46715185) Attached to: Stung By File-Encrypting Malware, Researchers Fight Back

That's a pretty common ad-delivered site that's been around for a while. It has an "onunload" function that pops up an error message when you try to leave the site. Chrome added a checkbox to disable the message, so they made their error message so long it goes off the bottom of the screen and since its a dialog box, you can't scroll the text to get to the checkbox, you just have to trust it's there after the third or fourth alert: hit tab, space to check the box, tab again, space to hit ok.

Comment: Re:And nothing of value was lost (Score 1) 145

by Qzukk (#46664913) Attached to: GameSpy Multiplayer Shutting Down, Affecting Hundreds of Games

made getting those games running orders more difficult

I agree. The worst of it was that the companies apparently didn't know a damn thing about how the outsourced networking system worked and you had to dig through dozens of incorrect posts in forums where people basically waved dead chickens and sacrificed frogs until someone figured out what collection of ports you had to forward to make your server visible in the list AND joinable by other people.

These days you install hamachi, and as the saying goes, "now you have two problems".

Comment: Re:It will have a better field of view (Score 1) 496

by Qzukk (#46645441) Attached to: Will Cameras Replace Sideview Mirrors On Cars In 2018?

It's been shown that curved side view mirrors can almost completely eliminate the blind spots, but the NHTSA dictates what size and shape your mirrors are.

Personally, I'd rather keep the side view mirrors and use the camera to eliminate the big rear view mirror placed right in the center of my windscreen. These are almost always placed for midgets, at my height it completely obstructs the right half of my field of view (If I pull up to a four way stop, any vehicle stopped at the sign to my right is completely obscured if it's smaller than a F150 or so) unless I drive hunched over or adjust it as far down as possible and look out over it.

Comment: Re:What about the alternative virtual coins ? (Score 1) 275

by Qzukk (#46597133) Attached to: Operation Wants To Mine 10% of All New Bitcoins

Yes. To prove that you have 2.9 bitcoins, you start at the beginning of the blockchain and add up all the transactions putting money into your bitcoin wallet and subtracting money from it to get a total.

This is also why the currency isn't exactly anonymous. Everyone can trace everywhere you've sent bitcoins to and everywhere you've gotten them from.

Comment: Re:What about the alternative virtual coins ? (Score 2) 275

by Qzukk (#46593401) Attached to: Operation Wants To Mine 10% of All New Bitcoins

how the "what" (bitcoin in this case) came into existence.

It's a number, written in on the ledger. Just like how when the fed wants to give a bank a few billion dollars some zeroes appear in their computer.

The way bitcoin works is ALL in the blockchain. Each block consists of:

[data from previous block]
Qzukk gives himself 0.x BTC for solving this block
Bob gave 1.2 BTC to Dave
Sam gave 0.8 BTC to Bob
James gave 0.9 BTC to Bob
[variable data]

In order for this block to be valid, Qzukk has to find [variable data] that makes the SHA-256 of the block be 0x0000000000... (the number of zeroes in the hash is how the "speed" of mining is set. Because of the "Qzukk gives himself x" transaction, everyone is working on a different block (yours would say "gnupun gave himself..."). Furthermore, because of the data from the previous block being used, whoever solves the block and gets it in the blockchain first means everyone else has to start over on the next block, which is why it's pointless for small fry to try and mine now.

Comment: Re:Sweet revenge (Score 1) 109

by Qzukk (#46592963) Attached to: Weev's Attorney Says FBI Is Intercepting His Client's Mail

If someone goes to the cable company office and says "Say, can I have this persons bill?" who is at fault when they give it up? The person who asked, or the company that handed out the information.

I pointed that out in the last weev thread. It's apparent the general consensus is that the receptionist is personally responsible for giving it out and the programmer is not personally responsible for giving it out.

Comment: Re:Unintended consequences (Score 1) 394

by Qzukk (#46568699) Attached to: Is the Tesla Model S Pedal Placement A Safety Hazard?

with a large vertical separating, the big footed guy might find his foot trapped under the brake pedal when trying to quickly shift over.

I actually had this happen the other day in my Honda (and yeah, I have size 13). Fortunately I felt my foot hit the underside of the brake pedal so I recovered and avoided crashing into anything.

Comment: Re:So if you forget to lock your front door (Score 1) 246

He had to *request* the address for each, individual, ICC

If he had walked into the office building and asked the receptionist at the front "hey what is the email address for customer #1234" and it was given to him, would that be identity theft? Trespassing? What if he asked for all the customers' email addresses, and got them?

The CFAA has no requirements for a proof of authorization

Oh right, you have the CFAA. It's different because it's on the Internet. Thanks to all our representatives who are scared witless by the Internet.

Comment: Re:An NPR reporter confessed to the same crime (Score 1) 246

So no online banks, credit card companies, etc.

Sure, if your bank is dumb enough I can walk up to a teller and say "hey, my account is 1234 give me all my money" and they do so, no questions asked, and not even asking to see my ID. And then I walk to the next teller and say "hey my account is 1235..."

In that case we're doing the world a favor by banning them from the internet.

"Regardless of the legal speed limit, your Buick must be operated at speeds faster than 85 MPH (140kph)." -- 1987 Buick Grand National owners manual.