The reference implementation of CryptoNote wallets start a JSON-RPC server
listening on a localhost port that allows an attacker to execute wallet
functions due to a lack of authentication.
An attacker may exploit this vulnerability to steal cryptocurrency from
vulnerable wallet…
Read more...
Nebula is a virtual machine from Exploit Exercises that
goes through basic local Linux exploitation. Quoting from the website,
Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at
SUID files
…
Read more...
DNSSEC is a hugely complex protocol. The current specification is defined in
three RFCs: RFC4033, RFC4034 and RFC4035. This post will attempt to
explain the core of the protocol and what is required to sign a DNS zone with
DNSSEC. The process of validating DNSSEC records shall be…
Read more...
I came across an interesting tweet by Juliano Rizzo.
The correct answer is that the statement is true if several (very unlikely to
happen in the real world) conditions are met. Let us take a look at why it
happens and what conditions have to be met for this to work.
1. HMAC
I …
Read more...
I came across a blog post titled "PBKDF2: performance matters"
where the author discusses how most implementations of PBKDF2 are slower than
it otherwise could be.
After reading the blog post, I decided to write some Python bindings to
see how much of a performance incr…
Read more...