Posted by jpluimers on 2018/05/07
I need to check out if it finally got available for OpenSuSE: [WayBack] CoreFreq – A Powerful CPU Monitoring Tool for Linux Systems
via:
Posted in *nix, *nix-tools, Linux, openSuSE, Power User, ps, SuSE Linux | 2 Comments »
Posted by jpluimers on 2018/05/04
Source: [WayBack] How to move Gmail sub-label out of hiearchy – Web Applications Stack Exchange
–jeroen
Posted in GMail, Google, Power User | Leave a Comment »
Posted by jpluimers on 2018/05/04
This message was sent because you may have an older version of the Google+ app installed on one of your mobile devices.
Now if the message would tell on which device, I could find it….
Source: [WayBack] Old Google+ versions and photo backup may stop working on May 20, 2018 – Google+ Help
–jeroen
Posted in G+: GooglePlus, Google, Power User | Leave a Comment »
Posted by jpluimers on 2018/05/04
Via [WayBack] Penetration Testing Tools Cheat Sheet https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ #Security – This is why I Code – Google+
Penetration testing tools cheat sheet, a high level overview / quick reference cheat sheet for penetration testing.
Source: [Archive.is] Penetration Testing Tools Cheat Sheet
Nmap Cheat Sheet, examples and practical examples
Source: [Archive.is] Nmap Cheat Sheet
Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »
Posted by jpluimers on 2018/05/04
Apparently Twitter not only logged plain text passwords, but they handle them in a masked form:
Keeping your account secure
When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. Learn more
This seems to imply passwords are not hashed, but can be recovered into plain text.
Please Twitter, ensure that passwords are never recoverable.
Note: after changing your password at https://twitter.com/settings/password visit https://twitter.com/settings/applications
–jeroen
Posted in LifeHacker, Power User | Leave a Comment »
Posted by jpluimers on 2018/05/04
Since it is password day, please read [WayBack] Use a password manager. Don’t reuse passwords. – The Isoblog.
Background:
Lock it down. Add another layer to your password. PasswordDay.org #PasswordDay
–jeroen
Posted in LifeHacker, Power User | Leave a Comment »
Posted by jpluimers on 2018/05/03
via: [WayBack] Yet another reason to be very careful with what you put in version control: GitLeaks – Search Engine for exposed secrets on the web https://gitleaks.com/ – This is why I Code – Google+
[Archive.is] GitLeaks – Search Engine for exposed secrets on the web
–jeroen
Posted in Development, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2018/05/03
Interesting thought on client-side password hashing: [Archive.is] Client-Side Password Hashing – DelphiTools.
I’ve ambivalent feelings on it, especially since it will expose salt and other settings to the client.
On the other hand it tremendously helps when there are transparent proxies in between. Read the article for full details; here is just one quote below.
Maybe dual hashing would be in place: once at the client to prevent plain-text to go over MITM channels, and a second hash server side with different settings like salt to prevent brute force attacks.
I need to give this more thought.
The quote:
If you are using a regular Windows and a regular browser, access to HTTPS will go through the regular certificate chain, using regular certificate authority. You also benefit from extra security layers like Public Key Pinning.
But when a custom Root CA is installed, all that goes through the window: the custom Root CA allows the corporate proxies to issue “valid” certificates for any website (even google.com and the rest), and the public key pinning features are disabled:
How does key pinning interact with local proxies and filters?
Chrome does not perform pin validation when the certificate chain chains up to a private trust anchor.
A key result of this policy is that private trust anchors can be used to proxy (or MITM) connections, even to pinned sites. “Data loss prevention” appliances, firewalls, content filters, and malware can use this feature to defeat the protections of key pinning.
All the major browsers have a similar behavior… because it is required to allow transparent proxies. And transparent proxies are the means through which the legal logging requirements are fulfilled.
So besides introducing a major MITM opportunity, this also means that there are legally-required corporate logs somewhere of all that went through HTTPS… including plain text passwords, if you did not hash them on the client-side.
These logs will have varying degrees of security when in the corporate domain… and next to none if they are ever requested by the legal system for an investigation.
–jeroen
Posted in Algorithms, Design Patterns, Development, Hashing, Power User, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2018/05/02
Cool tool that integrates into the Delphi IDE: [WayBack] Dproj changed or not changed? Normalize it! | The Art of Delphi Programming
Via: [WayBack] Introducing DprojNormalizer: http://www.uweraabe.de/Blog/2017/01/18/dproj-changed-or-not-changed/ – Uwe Raabe – Google+
Note there is also RadCLI that requires Python and does it via the command-line:[WayBack] joshkel/RadCli: Command-line utilities for RAD Studio / Delphi / C++Builder
DprojNormalizer supports Delphi XE7 and up.
Updates at [WayBack] Downloads | The Art of Delphi Programming: DprojNormalizer
Note that it requires an elevation to Administrator for installing. If you run Delphi as a normal user, then afterwards you need to register the package yourself, for instance with a batch file like this:
reg add "HKEY_CURRENT_USER\Software\Embarcadero\BDS\18.0\Known Packages" /v "C:\Program Files (x86)\DprojNormalizer\DprojNormalizer240.bpl" /t REG_SZ /d "Dproj Normalizer" /f
reg add "HKEY_CURRENT_USER\Software\Embarcadero\BDS\19.0\Known Packages" /v "C:\Program Files (x86)\DprojNormalizer\DprojNormalizer250.bpl" /t REG_SZ /d "Dproj Normalizer" /f
Adjust your BDS and DllSuffix in the BPL file names using the table at Delphi version info table: C# Builder, Delphi 8 through 10.2 Tokyo and Appbuilder.
If you want to temporarily disable it:
reg add "HKEY_CURRENT_USER\Software\Embarcadero\BDS\18.0\Disabled Packages" /v "C:\Program Files (x86)\DprojNormalizer\DprojNormalizer240.bpl" /t REG_SZ /d "Dproj Normalizer" /f
reg add "HKEY_CURRENT_USER\Software\Embarcadero\BDS\19.0\Disabled Packages" /v "C:\Program Files (x86)\DprojNormalizer\DprojNormalizer250.bpl" /t REG_SZ /d "Dproj Normalizer" /f
If you want to re-enable it: remove the values under Disabled Packages.
–jeroen
Posted in Conference Topics, Conferences, Delphi, Development, Event, Software Development | 1 Comment »
Posted by jpluimers on 2018/05/02
The [WayBack] delphi – How to get rid of exception 80000003? – Stack Overflow got me on the right track:
When I run my program (admittedly, it was built in debug mode), I get an error “External exception 80000003”.
According to Win32 Exception/Access Violation Errors it means
0x80000003 EXCEPTION_BREAKPOINT A breakpoint was encountered.
What happened was that during debugging a multi-threaded application doing quite a bit of Windows API stuff and CPU debugger Windows stuff by single-stepping through it.
Single-stepping involves the debugger putting a lot of temporary breakpoints similar to how other debuggers do this:
when stepping at the source level, the debugger uses temporary breakpoints to stop execution at the specified location
Source: [WayBack] ARM Information Center – ARM DS-5 Using the Debugger – Stepping through an application
On Intel platforms, temporary breakpoints are usually done using an INT 3 instruction as that encodes in the single-byte 0xCC opcode. which is very simple for the debugger to patch and remove: just keep a list of addresses and the original byte content.
Note that some debuggers even allow you to manually set temporary breakpoints that disappear after 1-time use; see [WayBack] Temporary Breakpoint – Now You See It, Now You Don’t – mohit.io:
Have you faced the problem of breakpoint clutter where breakpoints keep piling up only to hinder the debugging session? It is then that one realizes that there are some breakpoints that can be deleted and others disabled. A useful feature in a debugger is a temporary breakpoint that automagically gets deleted when hit thereby reducing the clutter of unnecessary breakpoints.
Somehow this doesn’t work well all the time in the Delphi debugger when using multi-threading, but not in a reproducible way: you get a 0x80000003 exception at irregular moments, but more often when you use more threads.
The solution:
The above is far more painstaking than using single-stepping but suffers from far less problems.
–jeroen
PS: Thanks David Heffernan for indicating “Websearch for NTSTATUS. Knowledge of that macro name is the key.”
Posted in Delphi, Delphi XE8, Development, Software Development | 1 Comment »
The Wiert Corner - irregular stream of stuff 