Posted by jpluimers on 2024/10/10
Despite messages of the Internet Archive and Wayback Machine were fully up again after the DDoS in the last few days (usually starting at around 20:00 UTC, lasting for hours at a time, but today at 10:00 UTC), countermeasures of their password breach at the end of September and defacement yesterday, today they still had Wayback Machine archiving issues:
Posted in Internet, InternetArchive, Power User, Security, WayBack machine | Tagged: Darkmeta, Sn_blackmeta, Sn_darkmeta | Leave a Comment »
Posted by jpluimers on 2024/09/30
Based on [Wayback/Archive] Windows 10/11: Skip Security Questions When Adding Local User, [Wayback/Archive] Remove Security Questions when setting up Local Account in Windows and others:
Via [Wayback/Archive] windows 10 skip security questions – Google Search.
–jeroen
Posted in Authentication, Power User, Security, Windows, Windows 10, Windows 11 | Leave a Comment »
Posted by jpluimers on 2024/09/27
This is why I do not trust ordering via QR-code: you never know how good (or usually bad, often even non-existent) their security is.
[Wayback/Archive] What’s inside the QR code menu at this cafe? – by peabee is a really bad example about Google backed DotPe: they have zero-auth and by now have rated limited API access by IP address.
…
I went to a cafe near my home. I sat down and scanned the QR code on the table. It took me to a website displaying the cafe’s menu. It asked me for my name and Whatsapp mobile number. I entered the details and placed the order.
In 5 mins my order arrived at the table. There was no OTP verification, and no one came to confirm the order. Is this what the peak ordering experience looks like?
It was a slow workday, and I thought I might as well open this QR code website on my laptop and have a quick look under the hood. Maybe I should’ve just made my own coffee and stayed home because I didn’t realize I was opening a can of worms.
…
This kind of zero-auth is not infrequent: the Panels API and CDN were wide-open too: [Wayback/Archive] https://storage.googleapis.com/panels-api/data/20240916/media-1a-i-p~s
Posted in Authentication, Development, Infosec (Information Security), LifeHacker, Phishing, Power User, Security, Software Development | Tagged: 1 | Leave a Comment »
Posted by jpluimers on 2024/09/24
Quite a while ago [Wayback/Archive] string – Check if MyString[1] is an alphabetical character? – Stack Overflow asked by [Wayback/Archive] User Jeff was answered by [Wayback/Archive] Andreas Rejbrand:
The simplest approach is
function GetAlphaSubstr(const Str: string): string; const ALPHA_CHARS = ['a'..'z', 'A'..'Z']; var ActualLength: integer; i: Integer; begin SetLength(result, length(Str)); ActualLength := 0; for i := 1 to length(Str) do if Str[i] in ALPHA_CHARS then begin inc(ActualLength); result[ActualLength] := Str[i]; end; SetLength(Result, ActualLength); end;but this will only consider English letters as “alphabetical characters”. It will not even consider the extremely important Swedish letters Å, Ä, and Ö as “alphabetical characters”!
Slightly more sophisticated is
function GetAlphaSubstr2(const Str: string): string; var ActualLength: integer; i: Integer; begin SetLength(result, length(Str)); ActualLength := 0; for i := 1 to length(Str) do if Character.IsLetter(Str[i]) then begin inc(ActualLength); result[ActualLength] := Str[i]; end; SetLength(Result, ActualLength); end;
Back in 2011 I added a comment that for more than a decade would redirect to the most current documentation on the IsLetter method:
+1 for using
IsLetterwhich checks the Unicode definition for being a letter or not [Wayback] docwiki.embarcadero.com/VCL/en/Character.TCharacter.IsLetter
Back then, Delphi X2 was current, so it would redirect
After a long outage in 2022 (see The Delphi documentation site docwiki.embarcadero.com has been down/up oscillating for 4 days is now down for almost a day.) only the Alexandria help was restored.
This killed the above redirect.
Luckily [Wayback/Archive] George Birbilis noticed that and commented this:
@JeroenWiertPluimers the correct link now is: docwiki.embarcadero.com/Libraries/Alexandria/en/…
In order to refer to the most recent Delphi version, now you have to use [Wayback] http://docwiki.embarcadero.com/Libraries/en/System.Character.TCharacter.IsLetter.
This redirects:
The above breaks the help integration from older Delphi products which is bad. It is also bad because it makes it harder to port legacy Delphi code to more modern Delphi versions.
Hopefully the above gives you a bit insight how the docwiki help system was designed and what is left of that design.
–jeroen
Posted in Communications Development, Conference Topics, Conferences, Delphi, Development, Encryption, Event, HTML, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »
Posted by jpluimers on 2024/09/23
[Wayback/Archive] Thread by @LetheForgot on Thread Reader App:
What we did was use the advanced restart options to launch the command prompt, skip the bitlocker key ask which then brought us to drive X and ran “
bcdedit /set {default} safeboot minimal“which let us boot into safemode and delete the sys file causing the bsod.Not scalable at all but let us get vital systems running while we try to solve the bootloop en masse
Don’t forget to renable normal booting afterwards by doing the same but running “
bcdedit /deletevalue {default} safeboot“
Just in case another event like the 2024 Crowdstrike debacle happens.
--jeroen
Posted in Encryption, Power User, Security, Windows | Leave a Comment »
Posted by jpluimers on 2024/09/06
[Wayback/Archive] MokupiPogisho👁️ on Twitter: “How to find hidden cameras in AirBnB 👁 “ quoted a TikTok movie that basically both that a lot of devices can contain very tiny cameras and how to find many of them in a reliable way:
[Wayback/Archive] https://video.twimg.com/ext_tw_video/1475152238213484555/pu/vid/320×5…
Posted in Awareness, LifeHacker, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/08/21
This is cool: [Wayback/Archive] aspnet-contrib/AspNet.Security.OAuth.Providers: OAuth 2.0 social authentication providers for ASP.NET Core.
Based on ideas at [Wayback/Archive] TerribleDev/OwinOAuthProviders: OAuth providers for Owin.
Via [Wayback/Archive] David Fowler 🇧🇧🇺🇸 on Twitter: “Since we’re on the auth topic, there’s a repository maintained by @martin_costello and @kevin_chalet for interacting with pretty much every oauth provider on the planet github.com/aspnet-contrib/AspNet.Security.OAuth.Providers… #dotnet #aspnetcore”.
OAuth 2.0 providers covered at the time of writing are in the [Wayback/Archive] AspNet.Security.OAuth.Providers/README.md: Providers at dev · aspnet-contrib/AspNet.Security.OAuth.Providers.
–jeroen
Posted in .NET, .NET Core, Authentication, C#, Development, OAuth, Power User, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2024/08/01
Remember to adapt what you pack and tailor it for each red team training event as the blue team should expect the unexpected. Believable pretext is key.
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “Need to pack enough breaking and entering stuff to pull a good show during the RedTeam training but not too much to get arrested on my way to work. Then again, I might pull it off when I put YMCA on in a loop, in case I get pulled over. “
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “This will do for now ;-)”
Posted in Blue team, Power User, Red team, Security, Uncategorized | Leave a Comment »
Posted by jpluimers on 2024/07/12
There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.
The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):
The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at
[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf
The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.
Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.
Posted in 6502, Apple, Apple ][, Authentication, Hashing, History, md5, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/06/28
Een aantal PDF bestanden, omdat we Kidde rookmelders hadden en deze daarmee koppelbaar zijn: “Koppelmogelijkheden: 24 Firex en Kidde melders zijn bedraad koppelbaar”
Montage methode
De Firex melders zijn voorzien van een “push-fit” stekker met 15 cm bekabeling om de melder op de huisbedrading aan te sluiten.
De KF20 en KF20R passen direct op de montageplaat van de eerdere modellen Firex 4973 en 4985. Om stof tijdens verhuizing te voorkomen wordt een stofkap bijgeleverd.
Koppelmogelijkheden
Maximaal 24 Firex en Kidde rook-, hitte-, en CO-melders kunnen doorgekoppeld worden, met 6 melderaccessoires (relaismodule, flitslicht, trilkussen etc.).
Vervuilingscompensatie
Vervuiling van de optische kamer wordt automatisch gecompenseerd om onnodige alarmen tegen te gaan.
…
Rookmelders worden toegepast in ontsnappingsroutes en verblijf- ruimtes van woonhuizen waar gevaar is voor ontbranding van meubilair en/of elektrische installaties. Plaats de Firex hitte- melder KF30 of KF30R in stoffige, vochtige ruimtes of in keukens.
Posted in DIY, Power User, Security | Leave a Comment »
The Wiert Corner - irregular stream of stuff 