Readit News logoReadit News
4mnt commented on Crouching T2, Hidden Danger   ironpeak.be/blog/crouchin... · Posted by u/xrayarx
StavrosK · 5 years ago
Does anyone else see only two replies for the first tweet? It says "THREAD" but then I don't see the thread anywhere. Twitter is terrible.
4mnt · 5 years ago
The thread is in the body of the tweet. Here is the start: https://twitter.com/axi0mX/status/1313620262768635904
Posted by u/4mnt 6 years ago
New NextCry Ransomware Encrypts Data on NextCloud Linux Serversbleepingcomputer.com/news...
4mnt commented on FOSDEM 2018 schedule   fosdem.org/2018/schedule/... · Posted by u/simon_acca
adaxi · 8 years ago
It seems that language rooms are less popular: Guile, Python, Ruby, Lua rooms are not present compared to last year. Nevertheless there are bunch of talks that seem interesting to me:

  - Automating Your Lights with Open Source
  - Using Cryptographic Hardware
  - Smart Cards in Linux and why you should care
  - Inside Monero
I will probably be there for both days.

4mnt · 8 years ago
They decided to skip a year for some rooms to allow other interesting topics to have a room.

https://twitter.com/fosdem/status/915543798763139074

4mnt commented on Wildcard Certificates Coming January 2018   letsencrypt.org//2017/07/... · Posted by u/darwhy
kharms · 9 years ago
Question on this topic - is there a method of encrypting subdomains when you don't own the domain?

An example: I run a vm that exposes mysubdomain.azure.com, can I turn on ssl at that level? A google search says "no" but I figure this is a place where someone might have a workaround.

4mnt · 9 years ago
Sure, LetsEncrypt can issue certificates for that domain. If you have a webserver you control that runs on port 80, you can use Certbot[1] to get a certificate for that domain. [1]: https://certbot.eff.org/
4mnt commented on Login Forms Over HTTPS, Please   hacks.mozilla.org/2016/01... · Posted by u/_jomo
throwaway7767 · 10 years ago
> If someone is logged in and then back to normal http, someone can just grab the cookie and pretend to be that person already-logged-in.

If the cookie is set through HTTPS, the browser won't send it when loading HTTP resources. So the cookie won't be exposed that way.

We should still be using HTTPS for all traffic in 2016.

4mnt · 10 years ago
> If the cookie is set through HTTPS, the browser won't send it when loading HTTP resources.

If the cookie is set through HTTPS and does not have the Secure flag set, the browser will happily send it along when loading HTTP resources.

4mnt commented on How much is Reddit making from Reddit gold?   gold.reddit-stream.com/?f... · Posted by u/bemmu
nhebb · 11 years ago
There must be a bug in the tabulation, because the data I'm seeing is:

    $5,740,989,156
    last 24 hrs ($239207881.50 / hr)

    $67,463
    last month ($93.70 / hr)

    $2,506
    last week ($14.91 / hr)
Either that, or someone bought an awful lot of reddit gold in the last 24 hours.

4mnt · 11 years ago
It seems it is fixed now,.

    $2,506
    last 24 hrs ($104.41 / hr)
Seems somewhat more reasonable

4mnt commented on Show HN: pm2-webshell - Expose a fully capable terminal within your browser   keymetrics.io/2015/06/10/... · Posted by u/sassyalex
humbleMouse · 11 years ago
Didn't read the article, but it seems like having a fully capable terminal in your browser would present all sorts of attack surface that would create even more security issues than browsers already have.
4mnt · 11 years ago
If you read the article, you would know that it is a terminal emulator written in javascript that gives you access to the computer the webserver runs on.

There is no change to the browser itself at all, just plain javascript that shows a terminal running on a remote computer.

4mnt commented on Poisonous MD5 – Wolves Among the Sheep   blog.silentsignal.eu/2015... · Posted by u/4mnt
jimrandomh · 11 years ago
No, the property you describe is called "preimage resistance". Collision resistance is stronger; it states that an attacker should not be able to create a pair of inputs with the same hash. In the case of md5, creating a pair of inputs with the same hash is easier than creating another input with the same hash as something else which you didn't yourself generate.

The MD5 algorithm is known to lack collision resistance, but whether it has preimage resistance is less certain; mathematical advances have weakened its preimage resistance, but not yet to the point of demonstrating a practical preimage attack.

4mnt · 11 years ago
> In the case of md5, creating a pair of inputs with the same hash is easier than creating another input with the same hash as something else which you didn't yourself generate.

This is the case with all instances of seeking a collision, due to the birthday paradox [0]

0: https://en.wikipedia.org/wiki/Birthday_attack

Posted by u/4mnt 11 years ago
Poisonous MD5 – Wolves Among the Sheepblog.silentsignal.eu/2015...
4

u/4mnt

KarmaCake day277June 3, 2013View Original