Link to the GitHub issue: https://github.com/spesmilo/electrum/issues/5072#issuecomment-683356052
I've had episodes with encryption of the entire hard drive. Now I don't have it encrypted on my computer (but I will be changing my computer) and there is an experience that has changed my life.
On Wednesday I ordered a hard drive to resuscitate my old laptop (to present it). The choice fell on 128GB SSD, which I ordered in the shop - as a new one.
I connected the drive to my laptop and tried to upload Windows (not for me :D). Unfortunately the laptop had a problem with booting the flash drive, but finally I saw a driver charging window. It was weird for me, because there is usually an installer window.
However, the computer restarted all the time and I noticed that it's not from the Flash Drive that the system is booting, but from the disk - WTF I thought.
I plugged the disk into a USB pocket and started to check what is happening. I was surprised to see the data ... and this is someone else's.
The drive was corrupted and did not allow to write the data (in SSD it's a protection). Someone brought the drive to be repaired probably, but the service technician probably decided that the drive was to be thrown away and the store tried to sell it a second time ... with someone's data.
I think encryption is good practice. Ofc. in EU if you buy something by internet, you can return it in 14 days and received money back (any reason ... no reason is also reason :D)
I'd compare it to Paged Out! (btw, issue 3 comes soon!). Actually I'd compare Paged Out! to PoC||GTFO because it's older.
As with many good books, I haven't read it completely (yet?). But I am sure you'll find at least 1 in this huge pack of articles.
Maybe it's "ELFs are Dorky, Elves are Cool"?
( ) ( ) )\ ) ( /( ( ( * ) )\ ) ( /( (()/( )\()) )\ )\ ) ` ) /((()/( )\()) /(_))((_)\ (((_) (()/( ( )(_))/(_))((_)\ (_)) ((_) )\___ _ _ /(_))_ (_(_())(_))_| ((_) | _ \ / _ \((/ __|| || |(_)) __||_ _|| |_ / _ \ | _/ | (_) || (__ | || | | (_ | | | | __| | (_) | |_| \___/ \___|| || | \___| |_| |_| \___/ |_||_|
As I have a little "holiday" today because of the next project - something for you. A film not mine, but very interesting - about a Polish hacker who was not an expert on hacking ... And yet he managed to do a lot of damage.
Back in January of 2016, he had bought around $10K or $15K of Bitcoin and put the keys in an encrypted zip file. Now they were worth upwards of $300K and he couldn’t remember the password.
Found on hackernews.
A collection of links and videos that I saved. What's fuzzing?
Check out fuzzingbook.org.
I recently found some WAF bypasses that I thought could have been automatically generated.
Obviously I went down that road and started to write my own fuzzers.
This post is actually just to share some of the links I saved during the past months.
I want to share some things that helped my computer find some neat bugs!
The Fuzzing Book is probably the first thing I'd recommend to everyone that asks me something about fuzzing.
It's huge, so huge you probably won't read it completely before a fuzzer you made finds a bug.
And the authors know it's huge, they'll guide you through the book as you need it.
I think I've read about 50% already, (re)visiting different chapters at different times, resulting in different fuzzers.
There's still a lot to read, a lot to code. But I'm happy, the book tought me to automate a huge part of my work.
Here's a post about AFLs mutations that helped me a lot, I stole some "magic values" there.
This is an awesome talk, not recommended for beginners. Skim through the book first!
This video will make you hungry for more fuzzing, it isn't just about binaries! Actually I originally started to search for sql and command injections.
Here's a stream, I haven't watched it completely but Gynvael is a more than credible source for stuff like this!
"You have probably heard of the
SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer."
Read more @ blog.reconless.com
|Vulnerability Type||Affected by SameSite|
|JSONP Leaks||😦Partly Dead|
|Data Exfiltration||☠️Totally Dead|
|CORS Misconfigurations||😃Mostly Fine|
|Cross-Site WebSocket Hijacking||☠️Totally Dead|
Everyone who wishes to better preserve his privacy can ask anonymous question by asking it to us - and we will publish it from but from our account "anonask" thus hidding your identity. We can send back the reply if we see it. (email,Matrix,Reddit,others).
Details: on tor page: http://4vxkzqehjxw4m6323yrlzpewhzdl5ym3lnf4jnefcx7m624zap4325id.onion/
My PGP key: 53B98CB54F3E5AE89F67DBF2B06161EB39DA6329