The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Archive for the ‘Security’ Category

« Previous Entries
Next Entries »

The Blast-RADIUS bomb logo reminded me of “Kaputt” in the original Castle Wolfenstein game

Posted by jpluimers on 2024/07/12

There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.

The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):

The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at

[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf

Screenshot

The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.

Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.

Back to Blast RADIUS

Read the rest of this entry »

Posted in 6502, Apple, Apple ][, Authentication, Hashing, History, md5, Power User, Security | Leave a Comment »

Firex 230V koppelbare rookmelders, type KF20 en KF20R, levensduur 10 jaar

Posted by jpluimers on 2024/06/28

Een aantal PDF bestanden, omdat we Kidde rookmelders hadden en deze daarmee koppelbaar zijn: “Koppelmogelijkheden: 24 Firex en Kidde melders zijn bedraad koppelbaar”

  • [Wayback PDF View/PDF View] [Wayback/Archive] 14fcff3ca6395ea19180-e28dea9290b98a380fe8af8e9eca99dc.ssl.cf3.rackcdn.com/pdf-16131960.pdf “Firex 230V koppelbare rookmelders, type KF20 en KF20R, levensduur 10 jaar”

    Montage methode

    De Firex melders zijn voorzien van een “push-fit” stekker met 15 cm bekabeling om de melder op de huisbedrading aan te sluiten.

    De KF20 en KF20R passen direct op de montageplaat van de eerdere modellen Firex 4973 en 4985. Om stof tijdens verhuizing te voorkomen wordt een stofkap bijgeleverd.

    Koppelmogelijkheden

    Maximaal 24 Firex en Kidde rook-, hitte-, en CO-melders kunnen doorgekoppeld worden, met 6 melderaccessoires (relaismodule, flitslicht, trilkussen etc.).

    Vervuilingscompensatie

    Vervuiling van de optische kamer wordt automatisch gecompenseerd om onnodige alarmen tegen te gaan.

    Rookmelders worden toegepast in ontsnappingsroutes en verblijf- ruimtes van woonhuizen waar gevaar is voor ontbranding van meubilair en/of elektrische installaties. Plaats de Firex hitte- melder KF30 of KF30R in stoffige, vochtige ruimtes of in keukens.

Read the rest of this entry »

Posted in DIY, Power User, Security | Leave a Comment »

Thread by @malmoeb on attacks: Visibility is key for eradication

Posted by jpluimers on 2024/06/28

[Wayback/Archive] Thread by @malmoeb on Thread Reader App: Visibility is key for eradication.

The thread is about attacks on networks with Windows machines, but the concept works on all networks.

Start of thread: [Wayback/Archive] Stephan Berger on Twitter: “1/ Visibility is key for eradication 🥷 In a recent IR case, the TA created persistences with #QakBot on almost every system in the network. If only individual systems in the network were forensically examined, one or more infected systems would undoubtedly be missed. 🧵”

The gist is to setup your network monitoring in such a way that you can quickly identify compromised systems based on network traffic patterns.

–jeroen

Posted in LifeHacker, Pen Testing, Power User, Security, Windows | Leave a Comment »

Cyberteletekst

Posted by jpluimers on 2024/06/17

With the ever decreasing content on Teletekst and and Teletext, this is so cool: [Wayback/Archive] Cyberteletekst

Via:

–jeroen

Posted in Cable TV/Radio, Hardware, History, Power User, Security | Leave a Comment »

Script alternatives to the Windows-L keyboard shortcut (SwitchUser / LockWorkstation)

Posted by jpluimers on 2024/05/23

More than a decade ago I wrote about Programmatic alternatives to Windows-L keyboard shortcut (SwitchUser / LockWorkstation).

Still, I see many scripts invoke rundll32.exe or  to call the [Wayback/Archive] LockWorkStation function (winuser.h) inside user32.dll. Don’t!

The BOOL LockWorkStation()function has a calling convention that is incompatible with rundll32.exe () which will corrupt the call stack likely will lead to random problems as after two decades, this post from Raymond Chen still holds: [Wayback/Archive] What can go wrong when you mismatch the calling convention? – The Old New Thing

Read the rest of this entry »

Posted in .NET, Batch-Files, C#, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Security, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Server 2016 | Leave a Comment »

Albert Heijn needs to give their AH-mobiel pre-paid user-experience more love

Posted by jpluimers on 2024/05/09

If you have an prepaid Dutch AH-mobiel SIM card, topping it up or refilling is a hell as none of the web-links you get via SMS or top vouchers function.

When you get an SMS warning that your account is almost running out, it contains the link to [Wayback/Archive] ah.nl/opwaarderen which has no indication how to refill.

When buying a refill voucher at the Albert Heijn store, it contains two links that lead to HTTP 404 error pages:

Albert Heijn has their own [Wayback/Archive] ah.nl domain (which sometimes is totally down), but the refill link is on a completely different domain which – from a phishing point of view – is ideal to lure people into other refill pages.

The only Albert Heijn web-page linking to the actual refill link is [Wayback/Archive] Sim Only | Albert Heijn: ah.nl/over-ah/winkelservices/mobiel/sim-only.

The on-line refill link is [Wayback/Archive] AH mobiel opwaarderen: https://reload.alphacomm.network/web/ah which raises all kinds of red phishing flags:

Read the rest of this entry »

Posted in Cellular telephony, Development, Power User, Security, Software Development, Telephony, User Experience (ux), Web Development | Leave a Comment »

RBAC: root based access control

Posted by jpluimers on 2024/04/01

From a while ago, but a good day to share this:

Although for some scenarios, having two roles “all access” and “no access” is quite sufficient.

–jeroen

Posted in Access Control, Apri1st, Fun, Power User, Security | Leave a Comment »

XZ 5.6.x are backdoored and present in many systems: downgrade to 5.4.x or earlier now; consider libarchive compromised until proven otherwise

Posted by jpluimers on 2024/03/30

Edit 20240331: because of

https://mastodon.social/@kobold/112183756981119562

Debian is working on reverting back to even earlier than 5.4.x

[Wayback/Archive] #1068024 – revert to version that does not contain changes by bad actor – Debian Bug report logs

> I'd suggest reverting to 5.3.1. Bearing in mind that there were security
> fixes after that point for ZDI-CAN-16587 that would need to be reapplied.

Note that reverted to such an old version will break packages that use
new symbols introduced since then. From a quick look, this is at least:
- dpkg
- erofs-utils
- kmod

Having dpkg in that list means that such downgrade has to be planned
carefully.

Original post:

Everything I know about the XZ backdoor

Note that because of the Wayback Machine limit of 5 archivals per URL per day, the archived versions are rapidly getting out-of-date.

It is way worse:

[Wayback/Archive] Thread by @_ruby on Thread Reader App – Thread Reader App

@_ruby: The setup behind the CVE-2024-3094 supply-chain attack is fascinating. I originally wanted to finish and share a tool to audit other OSS projects for anomalous contributor behavior, but I feel what I found tr……

How it was found:

Analogy on how it was found:

Via:

Related:

If you are running homebrew on a Mac, then update too:

Of course this “XKCD dependency” adoption applies:

[Wayback/Archive] GJ4KvbeWIAAS_mu (535×680)

Posted in C, Compression, Development, Infosec (Information Security), Power User, Security, Software Development, xz | Leave a Comment »

VoIP: passing on a phone number from one Fritz!Box to another Fritz!Box

Posted by jpluimers on 2024/03/11

Most Fritz!Box VoIP configurations have a phone number configured to only work on telephony devices (i.e. handsets) on the same Fritz!Box.

But it is possible to define a telephony device that itself is another VoIP end-point.

This way you can hook a second (or more) Fritz!Box up to the phone number(s) of the first Fritz!Box.

I am using this for two reasons:

Below is how to get this going, assuming the first Fritz!Box is a 7490 running firmware 7.29 and the second is a a 7360 with firmware 6.33 (other versions and firmware versions vary slightly).

But first the related post: Many links about free modem/router choice and their configurations for the Dutch KPN internet/VoIP provider where I figured out that just using a 7360 won’t cut it any more.

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Authy, DECT, Fritz!, Fritz!Box, Hardware, ISDN, Network-and-equipment, Power User, PSTN, Security, Telephony, VoIP | Leave a Comment »

thuddevort on Twitter: “You can disable the extra confirmation under System > FRITZ!Box Users > Additional Confirmation”

Posted by jpluimers on 2024/02/16

My ISP did auto-update the Fritz!Box, but did not send release-notes, so I was not aware this feature had been added eons ago:

[Wayback/Archive] thuddevort on Twitter: “@jpluimers @wijnands @b0rk @xs4all You can disable the extra confirmation under System > FRITZ!Box Users > Additional Confirmation”.

I know a second factor is better for security, but doing that on both sites at the same time when setting up LAN2LAN VPN is tough (Fritz!Box names this either “LAN-LAN coupling” or “VPN Connections between the FRITZ!Box and Other Networks”.

A better feature at the same configuration page is instead of disabling, enabling to confirm using apps like Google Authenticator and Authy:

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Authy, Fritz!, Fritz!Box, Hardware, Network-and-equipment, Power User, Security | Leave a Comment »

« Previous Entries
Next Entries »