it’s complex.
having a complex system that has a lot of requirements makes it hard to manage and get right, giving attackers a chance to exploit any holes during the process.
SSL (Secure Sockets Layer) is a security protocol that establishes a link between a web server and a client. SSL allows the secure transmission of sensitive information such as credit card numbers, login credentials and more, providing a layer of security that utilises a public/private key pair. By encrypting all information sent in-between, someone eavesdropping on the network will not be able to see exactly what is being sent.
The SSL protocol is enabled through something called a SSL Certificate, which allows you to create a secure connection in the first place. First the server needs to GET a SSL Certificate by requesting a Certificate Signing. This certificate then needs to be sent to a Certificate Authority, that is trusted digital signers who verify the security of your server and that it adheres to certain standards.
Once a Certificate Authority signs this, the server’s certificate is then associated with that certificate, and you are able to see which CA signed off on it in the Subject of the Certificate.
Thanks to browsers coming with a pre-installed list of trusted organisations and CAs, a server certificate who had their certificate signed off by any of these organisations is automatically trusted. By a company signing off on this, they are claiming that an trusted third party has verified the identity of the server host (authenticated).
PKI
SSL alone isn’t enough to secure a web connection. SSLs alone can be susceptible to a man-in-the-middle attack where an attacker could intercept the key exchange protocol (like Diffie Hellman) and replace the server public key with their own. This way, once a ‘secure connection’ is established between the client and server, all traffic and requests sent by the client are directly transmitted to the attacker and decrypted for them.
This is where PKI comes in - the idea is that we don’t blindly trust that a public key provided by a server is the genuine public key, until it is verified or ENDORSED by someone we do trust. So we trust a few select key entities and also trust anyone they say is trustworthy (kinda sus).
As mentioned before, there are a few root certificate authorities who have been hard-coded/pre-installed into our browsers or OS whom we trust. This means they have power to determine what is secure/not...
Found that some of my old emails had accounts tied to it which were compromised. Unfortunately I couldn’t narrow down to which platforms that were attacked, but that actually doesn’t matter. All platforms that you might think are secure and safe end up getting broken into eventually like LinkedIn and Yahoo - so the best way to secure yourself against that is to use better passwords.
As revealed by TroyHunt and his password g4ngs, using a password manager and generating better passwords that are unique and follow a set of requirements will be effective even if passwords are leaked. That way even if they are using a broken hash like MD5 to store the passwords, you’re at least able to protect against that in some way. But pray for your soul if they’re storing them in plaintext.
I did a bit of research on PasteBin to look up my email in any of the leaks. I recall a few years ago I did a similar search up and I think I found my email on there (yikes). So that’s a big player in terms of password leaks.
I actually browsed there for a few hours and tried out some of the passwords in the leaks - and oh boy even from a few months ago, a lot of those account still haven’t changed their passwords! They’re pretty weak passwords too, so even with the hashes a simple lookup gives the plain-text for free.
I’d say if you’re interested (you should be), don’t just see if your email has been compromised (https://haveibeenpwned.com/), look up you and your friends on PasteBin because your old accounts may still be on there.
After finding out your trash has so much information leakage about you - I’ve gotten a bit wary about throwing things out that have my details on it. Theoretically speaking if an attacker was after me, they would be able to gather a lot of knowledge about me just by digging through what I throw away.
So over the past few weeks I’ve been doing something similar to Richard, by destroying documents with sensitive information responsibly. And for things I need to throw out, I’ve been going around and slipping them in other bins across the neighbourhood, as well as public bins to spread confusion about.
I’m not exactly sure how effective this is, but at the very least it’s some deterrent and confidentiality about my trashabouts.
After sifting through my information, I’ve made the wise decision to go and update my privacy settings on the platforms that I use. Not only will this serve as a form of OpSec, but also to deter any third-party information coming through against my case.
Digging into my Facebook settings, there’s a lot of things left unchecked by default such that they ‘optimize’ the regular individual’s experience. Everything is linked and pretty much public for everyone which is less than ideal in terms of privacy.
Facebook is tracking when and wherever you log in and on what devices you’re accessing your account from. Looking at this list, there’s a lot of things I’m still logged in on - so let’s just go ahead and sign out of all of them and do a massive overhaul.
Setting up Layers
Here we can do a security bump too. Although you might think it’s not important enough to secure your account - that’s probably because you don’t think that you’re at a high risk of losing your account. In fact, if this account were to be compromised, I personally wouldn’t be too happy about it. It’ll be an inconvenience to go up and set up another one. Either way I could do with 2FA because if not I’m pretty much just saying to the world ‘go hack me’. Adding other layers of security like encrypting my emails is definitely a better option than none at all too.
Facial Recognition?
Previously I just given up all rights to tagging me in photos and posting all that fun facebook jazz. But that’s just like taking away the option for me to approve things that are being posted about me. What if like that CIA director my wife or someone I know posts some sensitive information about me? I want to have the ability to control what information pops up and prevent it from occurring in the first place, rather than doing damage control after. Like what’s the dealio with this Facial Recognition being on by default?
So below is the basic structure of the stack (for local variables) once you’re in the doCheck() function. We simply need to write 32 characters to the name and access name[32] to overwrite the team variable. gets() the lovely vulnerable function as it is, will naively take that and we can happily enter the win() function!
1.1 whereami
This is pretty similar to the one before, where instead of the variable team = ‘A’, we have the void function pointer, ‘function’. So again, we simply need to overflow the buffer, by writing the address that is printed for the win() function. Simple stuff.
1.2 Blind
For this we have no source code or information really to go off. Therefore we take the following steps:
Run the code first (see what it does)
Verify that it is vulnerable to a buffer overflow
Find the address at which the win() function is stored at
Using external tool
Overflow the buffer and overwrite the return address
She uses 2-step verification for her email account using Google Authenticator, and she signs up with new websites by using 'Sign in With Google', and for when she is at a computer she doesn't trust, she has generated a set of 10 one-use only passwords for her Gmail account.
Create a fake website to phish her and she’ll sign in with Google - then once that’s done send her a text and she’ll enter the Google Authenticator code. From there, you can just copy that code and log into her account!
Find an example of something that has been faked or spoofed. Describe how it was achieved, and how it could be detected or prevented.
The moon landing.
Lmao nah but the TripAdvisor is the example given. It was done by keeping the restaurant discrete and closed off such that those who had not been could never validate how bad it was and review it. This was done together with the efforts of his friends who helped craft genuine looking reviews, which altogether built up the status of the restaurant.
It doesn’t take that many to really build your restaurant up, since there’s not a huge population who will actually take their time out to review a restaurant. In general, most people review only if their experience has been REALLY GOOD or REALLY BAD; there aren’t many in-between. This is the case for a real restaurant, so for a fake one that can control their ratings and only have 5 stars coming in, getting to the top like that is quite easy.
The issue that allowed this to happen is that there isn’t a formal verification process for TripAdvisor. They pretty much took it upon good faith that it existed as a restaurant, despite it not being registered as a business or anything. There were no third party checks or multiple steps to becoming a legitimate restaurant on TripAdvisor. To prevent such things from occurring in the future, more rigid processes should be developed for validating and getting your restaurant up there. In fact, with the scale that TripAdvisor is, they should be able to afford having someone from their company come down and actually check that the restaurant actually exists and to taste their food and such.
Find an example of something in everyday life that could be easily faked and explain how it might be achieved.
Certificates and credentials on ambiguous things. You can easily develop your own course, and in the same vein as the restaurant create accounts and fake the reviews. If you make the course require payments, people will be discouraged initially until it gets popular.
DeepFakes
At the moment this technology is quite limited, so it’s not too hard to spot it by eye. However, eventually it’ll get good enough that will make it hard for the human eye to spot out. Although it remains to be seen a ‘perfect’ deepfake, perhaps we can spot the artificiality (but I guess that wouldn’t be perfect). The solution to that will then have to be to resort to machines to identify fakes, or analysis in other means, such as the binary data or formal tests like modifying real and fake videos for comparison.
Viral Videos
Viral videos are also getting extremely hard to determine - especially with a low quality or high quality video. With low quality videos, the problem is that there’s not enough information to be able to visually determine if something is fake. Perhaps on a binary level or pixel state a computer may be able to differentiate things just like DeepFakes - but that still isn’t clear.
yo okAY this was hella tough and honestly we didn’t come up with a perfect solution
so the premise is that you are a general army dude right and you sent one of your mates to the nether portal (goes to alien planet) and goes to do recon and meet the aliens. he talks to one of the aliens and asks if he can come back with him, but upon returning, your mate is dead and turns into a ghost. so now there’s just you and your squad standing outside the portal looking at this deadass alien and confused and scared as heck.
so how do you know that:
A) your friends ghost is with the alien (authentication)
B) the alien comes in peace (non-malicious intent)
if the alien can hear your mate speaking:
how do you know that he’s speaking the truth
that your friend is actually there
that he’s not modifying the message
like your friend is telling him to tell you that he (the alien) killed him (your friend)
so what I came up with was we need something that gives:
Authentication
Integrity
Non-Repudiation
Proof of non-malicious intent
So this is kind of like Houdini. Taking the first three into account, I considered what we use in Security today to solve this issue and came up with Signatures. If we were to take the report of your friend, and he in his ghostly form were to first HASH it, then sign that hash then we would be able to verify it was from him (authentication), and the message was not tampered with (integrity) and he would not be able to take it back and say that it wasn’t from him (non-repudiation).
However the fact of the matter is that we’re dealing with a threat that we have NO KNOWLEDGE of. all the knowledge is in that report which we can’t get caues our friend is dead. So with an alien there’s alien technology and things that we are unable to know.
Like how do we know the alien didn’t kill our mate
and that he didn’t steal all his memories and brain power
and that he’s not controlling the ghost friend
or that he’s not torturing him for the answers
And so far in reality we don’t have a successful attempt of measuring good intent. We can’t tell. Humans are corruptible, and probably the same for aliens. There’s no guarantee that this alien comes in peace and so I couldn’t come up with a perfect solution given this.
dededos
turnnoffyourmind
discoholicmusic
gummygunk