Search found 115 matches

by morganism
Sat Feb 16, 2019 8:46 pm
Forum: Web Tech
Topic: Adblockers Performance Study
Replies: 0
Views: 138

Adblockers Performance Study

Duck Duck doesnt fare so well...

https://whotracks.me/blog/adblockers_pe ... study.html

"That all popular content-blockers are very efficient, having sub-millisecond median decision time per request"
by morganism
Sat Feb 16, 2019 8:05 pm
Forum: Web Tech
Topic: Artificial intelligence, algorithmic pricing, and collusion
Replies: 0
Views: 108

Artificial intelligence, algorithmic pricing, and collusion

"This column uses experiments with pricing algorithms powered by AI in a controlled environment to demonstrate that even relatively simple algorithms systematically learn to play sophisticated collusive strategies. Most worrying is that they learn to collude by trial and error, with no prior knowled...
by morganism
Sun Oct 21, 2018 9:46 pm
Forum: Security
Topic: Redirect Detective
Replies: 0
Views: 80607

Redirect Detective

Learn where the redirects go... http://redirectdetective.com/ Redirect Detective is a free redirect checker that allows you to see the complete path a redirected URL goes through. "Some of the many uses for Redirect Detective are: See where an affiliate link goes to and what affiliate network is bei...
by morganism
Wed Oct 17, 2018 8:22 pm
Forum: Security
Topic: Reverse engineering of a Huawei P20 from China
Replies: 0
Views: 80690

Reverse engineering of a Huawei P20 from China

Reverse engineering of a Huawei P20 from China

https://twitter.com/fs0c131y/status/1051568180748013569

In this request, the phone is sending - your country - your province - your city - phone locale - the website you requested
by morganism
Sun Sep 23, 2018 11:19 pm
Forum: Security
Topic: ungoogled-chromium is a set of configuration flags, patches,
Replies: 0
Views: 83573

ungoogled-chromium is a set of configuration flags, patches,

"due to Chrome’s new user-unfriendly forced login policy — I won’t be using it going forward." https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ "ungoogled-chromium is a set of configuration flags, patches, and custom scripts. These components altogether strive to accomplish...
by morganism
Sat Sep 22, 2018 8:52 pm
Forum: Security
Topic: Mozilla is malware, sorry but no other way to put it.
Replies: 1
Views: 84555

Re: Mozilla is malware, sorry but no other way to put it.

"But this time I had to go further and open the “Debug add-ons” page, and there I saw two add-ons not listed anywhere else — fxmonitor@mozilla.org.xpi and telemetry-coverage-bug1487578@mozilla.org. https://medium.com/@neothefox/firefox-installs-add-ons-into-your-browser-without-consent-again-d3e2c8e...
by morganism
Sat Aug 18, 2018 10:27 pm
Forum: Security
Topic: Is serverless insecure? Let's find out..aws
Replies: 1
Views: 84753

Is serverless insecure? Let's find out..aws

Is serverless insecure? Let's find out.. "This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare. Do whatever you want. Ultimate goal: take over the account, escalate...
by morganism
Sat Feb 17, 2018 11:44 pm
Forum: Security
Topic: Stealing Data With CSS: Attack and Defense
Replies: 0
Views: 86617

Stealing Data With CSS: Attack and Defense

CSS exfil this didn't come up in search, so will post https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense "By utilizing CSS alone, browser protections like NoScript can't block the egress of data (although NoScript's XSS auditor is more effective than Chrome at blocking so...
by morganism
Wed Jan 24, 2018 7:31 pm
Forum: Security
Topic: 7-Zip: Multiple Memory Corruptions via RAR and ZIP
Replies: 0
Views: 86809

7-Zip: Multiple Memory Corruptions via RAR and ZIP

In the following, I will outline two bugs that affect 7-Zip before version 18.00 as well as p7zip. The first one (RAR PPMd) is the more critical and the more involved one. The second one (ZIP Shrink) seems to be less critical, but also much easier to understand. https://landave.io/2018/01/7-zip-mult...
by morganism
Thu Jan 18, 2018 12:03 am
Forum: Security
Topic: New free public DNS service blocks malicious domains
Replies: 9
Views: 89456

Re: New free public DNS service blocks malicious domains

ugh, you guys were right.

Here is a DNS lookup over HTTPS that may help

https://github.com/curl/curl/wiki/DNS-over-HTTPS

Do DNS resolves over HTTPS for privacy, performance and security. Also makes it easier to use a name server of your choice instead of the one configured for your system.
by morganism
Sat Jan 13, 2018 12:43 am
Forum: Security
Topic: Real World Crypto 2018
Replies: 0
Views: 86680

Real World Crypto 2018

live talks on crypto implemention in streaming and cloud Real World Crypto 2018 Real World Crypto Symposium aims to bring together cryptography researchers with developers implementing cryptography in real-world systems. The conference goal is to strengthen the dialogue between these two communities...
by morganism
Sat Jan 13, 2018 12:04 am
Forum: Security
Topic: Your browser config
Replies: 7
Views: 88739

Re: Your browser config

pretty good list here for configs

Firefox telemetry and spy removal

https://gist.github.com/MrYar/751e0e5f3 ... c8aa237b72
by morganism
Wed Jan 10, 2018 4:25 am
Forum: Security
Topic: What Spectre and Meltdown Mean For WebKit
Replies: 1
Views: 87574

What Spectre and Meltdown Mean For WebKit

What Spectre and Meltdown Mean For WebKit https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/ "WebKit relies on branch instructions to enforce what untrusted JavaScript and WebAssembly code can do. Spectre means that an attacker can control branches, so branches alone are no long...
by morganism
Mon Jan 01, 2018 6:52 pm
Forum: Security
Topic: Rowhammer cloud and hypervisor attack
Replies: 0
Views: 87657

Rowhammer cloud and hypervisor attack

"I would not be surprised if we start 2018 with the release of the mother of all hypervisor privilege escalation bugs, or something similarly systematic. On the kernel mailing list we can see, in addition to the names of subsystem maintainers, e-mail addresses belonging to employees of Intel, Amazon...