Showing posts with label so. Show all posts
Showing posts with label so. Show all posts
Friday, April 14, 2017
Not so super hooper
Not so super hooper
So, I am trying to lose some weight. Medication, chocolate and too much wine have combined against me. My well meaning neighbor asked me recently if I was having another baby. No, Just fat! But thanks for asking!!
A few weeks ago, I had a brain wave. It is notoriously hard to
Hula Hooping!!
I picked up a couple of hula hoops from Big W and was filled with a new motivation and sense of purpose. I was ready to hula the shit outta that hoop and lose my wine belly before you could say, "Semillion Blanc, anyone?"
But guess what? I cant hula hoop.
That thing hit the floor a millisecond after I flung it around my waist. My hips and waist seemed to be fighting on opposite sides of a very uncoordinated battle.
The thing is, I just ASSUMED I would be able to do it. Who knew that hula hooping is an acquired talent?!? I thought everyone could do it.
I told my Lovely Husband of my failure.
Lovely Husband: "Show me. Surely it cant be that bad?"
Fling. Clatter. (the sound of stupid hoop hitting the floor)
Lovely Husband: "Wow. I thought it would at least go around once or twice. You really cant do that, can you?"
Me: "I KNOW! It is so disappointing and confusing cos I was REALLY AWESOME at hula hooping on the Wii."
Lovely Husband: "You realise there is no actual hoop involved with Wii hula hooping. Its just wiggling your hips."
Me: "Hhhmmm. That explains a lot."
Available link for download
Saturday, March 4, 2017
Not So Random Numbers Take Two
Not So Random Numbers Take Two
How can we get mt_rand seed via PHPSESSID?
PHPSESSID is generated this way:
md5( client IP . timestamp . microseconds1 . php_combined_lcg() )
- client IP is known to the attacker;
- timestamp is known through Date HTTP-header;
- microseconds1 – a value from 0 to 1000000;
- php_combined_lcg() – an example value is 0.12345678.
To generate php_combined_lcg(), two seeds are used:
S1 = timestamp XOR (microseconds2 << 11)
S2 = pid XOR (microseconds3 << 11)
- timestamp is the same;
- microseconds2 is greater than microseconds1 (when the first time measurement was made) by 0–3;
- pid is the id of the current process (0–32768, 1024–32768 on Unix);
- microseconds3 is greater than microseconds2 by 1–4.
The greatest entropy is contained in microseconds1, however with the use of two techniques it can be substantially reduced.
Adversarial Time Synchronization
The technique is aimed at sending pairs of requests so that to determine the moment when the second in the Date HTTP header changes.
HTTP/1.1 200 OK
Date: Wed, 08 Aug 2012 06:05:14 GMT
…
HTTP/1.1 200 OK
Date: Wed, 08 Aug 2012 06:05:15 GMT
If it happened, the microseconds between our requests zeroed. By sending requests with dynamic delays it is possible to synchronize local value of microseconds with the server one.
Request Twins
The principle of this technique is simple. The attacker needs to send two requests: the first one — to reset their own password and the second one — to reset that of an administrator. The gap between microseconds will be minimal.
To sum up, an MD5 PHPSESSID hash is bruteforced for microseconds, the deltas of subsequent time measurements, and pid. As for pid, the authors have not mentioned such a great helper as Apache server-status which reveals among other information the pids of the processes which serve the requests.
To realize the bruteforce, a module for the popular program PasswordsPro has been initially created. However, this solution made it impossible to take into account the positive linear correlation between deltas of microseconds, so it bruteforced the full range of values. The speed was about 12 million hashes per second.
That is why we created our own GUI application for this task.
The speed is about 16 million hashes per second, seed calculation takes less than an hour on 3.2 GHz Quad Core i5.
Having pid and php_combined_lcg one can compute the seed used in mt_rand. It is generated this way:
(timestamp x pid) XOR (106 x php_combined_lcg())
Besides, php_combined_lcg is used as additional entropy for the uniqid function (if it is called with the second argument being true).
So, if a web application uses standard PHP sessions, it is possible to obtain the random numbers generated via mt_rand(), rand(), and uniqid().
How can we get mt_rand seed through one of the random numbers leakage?
The seed used for mt_rand is an unsigned integer 2^32. If a random number leaked, it is possible to get the seed using PHP itself and rainbow tables. It takes less than 10 minutes.
The scripts to generate rainbow tables, search the seed, and ready-made tables are available here: http://www.gat3way.eu/poc/mtrt/
What to look for in the code?
All the mt_rand(), rand(), uniqid(), shuffle(), lcg_value(), etc. The only secure function is openssl_random_pseudo_bytes(), but it is rarely used in web applications. The main ways of defense against such attacks are the following:
- MySQL function RAND() — it can be also predicted though.
- Suhosin patch — does not patch mt_srand, srand. The Suhosin extension should also be installed.
- /dev/urandom — the securest way.
Arseny Reutov
Timur Yunusov
Dmitry Nagibin
Available link for download
Wednesday, March 1, 2017
Not So Functional 90s Fashion Trends
Not So Functional 90s Fashion Trends
We may not all be slaves to fashion, but at one point or another most of us are guilty of following the crowd. Whether were trend dabblers or wanted in six states for crimes of fashion, many of us gave in to the glittering allure of certain fads for no reason other than that everyone else was doing it. These fashion statements did not generally jive with any normal rhyme or reason of functionality; everyone else was simply jumping off that bridge and we decided we might as well take the plunge ourselves.Everything is clearer in retrospect, so its tough to admonish our former selves for not having the good sense to realize these trends were bad ideas at best. Fashion and trends are not about utility and function, of course, but these items are fairly high on the list of unjustifiable offenders. There remains no real solid explanation for their existence other than that magazines and stores told us they were worth sacrificing scarce allowance money. If we cant defend their usefulness, we may retrospectively embrace their complete lack of function.
There are many, many totally non-functional 90s fashion items to choose from, but heres a selection of some of the least defensible. If you wish to plead your case condoning their existence, feel free to use the comments section as an issues platform:
Tearaway Pants
Okay, fine, I admit these arent completely without their merits. To professional athletes I imagine there was some millisecond saved when coming in from off the bench. For everyone else out there, these were generally inexcusable. These pants were held together not by stitching and solid fabric, but rather by well-ventilated snap buttons running down the outside of either leg. While it is something of an innovation to be able to remove your athletic pants in one single well-coordinated motion, it is not a necessary function by any means.
Shirt Ties/Clips
This may not be the authentic product, but its the best Google Images has to offer. Plus, doesnt it make you want to get some for your next 80s/90s Halloween costume? Those things are sparkly to the max...and apparently "80s to the max" tooThere are truly no excuses for these; they serve no purpose whatsoever, nor is the look particularly flattering. For some reason, though, it was all the rage in the late 80s and early 90s for young girls to clip or tie their oversized t-shirts on one side. Im only telling you this because Ive finally come to terms with the ridiculousness of it all, but at one birthday slumber party I had kits for each girl to paint and decorate her very own shirt clip. Humiliating, I know, but Im willing to take one for the team in the name of exposing key shirt clip evidence circa 1994.
Skorts
If youre playing tennis, Ill grant you this one, but if youre just looking for the comfort of shorts with the dressiness of a skirt you have no excuses for humoring that whim by wearing this garment. From the front, a skirt. From the back, shorts. If youre not in an athletic situation, its not a particularly flattering look to sport (some pun intended) a hybrid skort-shorts. In typical 90s clever coinage, we called them "skorts" but we may well have labeled them "fashion mistakes." Off the courts, there are no situations where its necessary to be wearing one outfit from the front and another from the back, period. The built-in shorts with a full-around skirt cover is a little better, but its all relative in non-functional skort territory.
Giant Platform Shoes
I blame the Spice Girls for making these seem so darn appealing. In reality, they were impractical, cartoonish, and a bit dangerous. We started off in familiar territory with sandals and dress shoes, but things quickly escalated to a red-alert level when shoe companies started throwing these platform soles on sneakers. For that, there is truly no defense.Fleece Vests
Dont you ever get really cold in the general torso area, but your arms remain comfortably warm? Well, have I got the product for you! Complete with its own insanely irritating Old Navy television commercial theme song, polar fleece exploded onto the scene in the late 90s in a major way. These vests were particularly popular, proving that many of us are willing to sacrifice arm comfort in the name of fashion. Stores marketed these as utilitarian and outdoorsy, but unless youre participating in a cold weather activity that requires exceptional arm freedom, these things are not exactly the most useful of warming winter garments.
Mini Backpacks
What, youve never had the urge to carry around a receptacle that holds approximately three nickels, a stick of gum, and a handful of M&Ms? Thats a totally legitimate haul warranting a bag of its own. We all know how tough it is to hold an incredibly small quantity of items in our hands, so when these mini-backpacks cropped up in stores we were all too eager to hop on the scaled-down container bandwagon. They were sort of cute, yes, but usefulness was not high on their list of positive qualities.
Scrunched/Slouchy Socks
Its not so much that the socks themselves serve no purpose, but rather that the style in which we preferred to wear them was moderately mind-baffling. The scrunching served no real need outside of an alleged aesthetic purpose. It was simply the preferred style of sock self-expression. Why buy short ankle socks when you can just buy enormous tube socks and scrunch them into a fold-ridden mass? Its an airtight defense for slouchiness.
Overalls
Coveralls may be functional in a manual labor slash farm hand type situation, but they serve no real protective purpose in everyday suburban civilian life. If you have no use for that hammer hook on the back, you probably could have just made do with a regular shirt-and-slacks combo. Just saying.We may claim the primary purpose of clothing is purely functional: to cover our nakedness and protect us from the elements. Somewhere along the way, though, weve evolved a sense of crowd mentality that works against our primal instinct to wear things that serve some purpose. We may not be able to defend our past fashion choices, but at the very least we can laugh at them. A lot. Really. These are just terrible. Commence mocking.
Available link for download
Subscribe to:
Posts (Atom)