Links for 2020-02-02
💣 Remote exploit in OpenSMTPd 🔗
OpenSMTPD advisory dissected (5 min, via)
The author of OpenSMTPd does a good post-mortem of the catastrophic bug that has left a remote exploit available for three years and a half.
We can’t prevent human mistakes, they will happen because tools won’t help spot that a human-described logic is flawed. What we need is to make changes so that OpenSMTPD becomes more resistant to human errors. In other words, we need safe-guards that are not dependant on sanity checks and input, we need safe-guards that will guarantee that even if OpenSMTPD lets completely untrusted input pass through, this will have the most limited consequences... then we ensure that it doesn’t let untrusted input pass through.
Agreed. There is no such thing as bug-free code.
🖥 CacheOut, another Intel CPU vulnerability 🔗
CacheOut, Leaking Data on Intel CPUs via Cache Evictions (5 min, via)
Every single one of these would be a scandal. Now, we've gotten used to it. Shame on Intel.
👴 UNIX lore 🔗
The Unix Heritage Society (RH, via)
Great resource to learn more about UNIX history.
Make sure to browse their wiki
💉 Antivirus selling user data 🔗
Leaked Documents Expose the Secretive Market for Your Web Browsing Data (1 min, via)
An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.
How ironic.
🎨 Oldschool web design trends 🔗
Dark Ages of The Web (2 min, via) is a visual trip through old web design trends.
It contains, of course:
- Tables
- Animated gifs
- The Web 2.0
- Flash
- The "Home Page"
and more
🏴☠️ Whatsapp hack for Jeff Bezos 🔗
Technical Report of the Bezos Phone Hack (20 min, pdf, via)
Besides the actual forensics of the hack, which are not very in depth, this report provides an interesting insight into the tools and environments that real security firms use to study malware. It seems that Cellebrite's software is very popular.
Be sure to read the HN discussion, which seems to agree with my point: the forensic analysis was not very good, but the between-lines content is insightful.
🍎 Vintage Apple magazines 🔗
VintageApple, Information from the early Apple era (RH, via) is an archive of vintage Apple material, like magazines, books, pictures, and more.
Make sure to check this one out if you're a retro Apple fan.
👁 The Eye, another internet archive 🔗
I hope you already know about The Internet Archive, a non-profit effort to archive a lot of content on the Web. If you don't, contgratulations! Play with MS-DOS software in your browser, read free books and watch copyright-free movies
Then, check out The Eye. It's another non-profit project aimed at file archival, a bit more chaotic, which makes browsing through its pages a real archeology dig.
The-Eye is a non-profit, community driven platform dedicated to the archiving and long-term preservation of any and all data including but by no means limited to... websites, books, games, software, video, audio, other digital-obscura and ideas.
🕹 Starfox into Zelda 🔗
This amazing glitch puts Star Fox 64 ships in an unmodified Zelda cartridge (15 min, via)
The fact that these glitches can be run, and that there is people actively looking for them, makes me very happy.
Let's give due credit: Zfg1 on Twitch
Related link: Ocarina of Time glitches and code execution
Tags: roundup