Random #2

Return to dashboard ⇪

Sections

lang: |
RSS: |
About me
Tools
→ YT YouTube (EN)
→ D Discord
→ M Mastodon
→ T Twitter
→ GH GitHub

My company's website

27-28 May 2024
Kraków (Poland)

Paged Out! zine

Dragon Sector CTF Team

Links / Blogs

Posts

// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris

/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */

Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek

2010-10-10:

Random #2

press

Another portion of things that I found interesting. Mostly (but not only) low-level stuff.

-=*) Research (Windows internals)
http://www.piotrbania.com/all/articles/allocate_deadlock.txt
“Why you shouldn't allocate usermode memory from PsSetLoadImageNotifyRoutine routine callbacks”. Worth to know :)

-=*) Low-Level
http://visual6502.org/
A simulator (don't confuse with an "emulator") of 6502 CPU, written in Python and/or JavaScript. Just awesome.

-=*) Low-Level
http://www.pagetable.com/?p=406
An interesting case study of ROR instruction on early versions of MOS 6502. It's something for those interested in computer history, especially on assembly/CPU level.

-=*) Gamedev
http://www.gamedev.pl/screens.php?x=view&id=7588
Balllloooooooon project published a new screenshot. Reminds me of Magic Carpet (must be the balloon :)

-=*) Code
http://regedit.gamedev.pl/news_1403_building_json_parser_library_for_c.html
Ah... sometimes I dream of a package system full of ready-to-use libraries for C/C++ for Windows. Alas, I am yet to find such a thing. Of course, there some package systems already exist, e.g. the http://devpaks.org/, but I'm talking about some really popular package system (i.e. having many more miscellaneous libraries).
If you're a dev on Windows, you probably went a few times through the Compilation Labyrinth and the FUUU Path when trying to compile some random open source library with your favorite compiler. Well, in the above link we have just another example of that ;)

-=*) Security
http://news.discovery.com/tech/online-passwords-could-be-a-map.html
An interesting idea: a location on the map instead of a normal typed-in password! If sounds like the extension of the idea of selecting a few places on an image/photo.
However, the biggest problem here imo is the "coverness" of the password. I mean, let's say I have a 20' LCD. And what? Am I supposed to resize down the browser window to some drastically low size and try to cover it with my hand when I select the secret location? What about malware that makes screenshots?
Well, but all in all it goes in the right direction. It just might be applicable in some places, and not applicable in others.

-=*) Low-Level
http://j00ru.vexillium.org/?p=632&lang=pl
j00ru has published a post about the SecDay conference, where he talked about differences in exploiting on Windows between x86 and x86-64. Alas, both the post and the slides are in Polish.

-=*) Electronics
http://www.lucidscience.com/pro-lazarus-64%20prototype-1.aspx
Lazarus-64 Retro Game System prototype. Looks cool :)

-=*) Low-Level + Games
http://hackaday.com/2010/09/29/16-bit-alu-in-minecraft/
This you just have to see for yourself :)
It reminds me of a game-of-life CPU made as a Java applet (but it seems I've misplaced the link ;<)

And thats that.

Nick:
URL (optional):
Math captcha: 3 ∗ 6 ＋ 6 =

Sections

Links / Blogs

Posts

Random #2

Add a comment: