the grugq is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Ba92562a85280ad1

the grugq @thegrugq

the grugq boosted
the grugq boosted

"In Praise of Drop-In Libraries"

Just today I was mentioning how SQLite (drop-in library) and youtube-dl (drop-in Python "script") are case studies in how simplicity of adoption can make the success of something (even complex).

gpfault.net/posts/drop-in-libr

the grugq boosted
the grugq boosted

Privacy-Enhancing Identity Federation is a very interesting problem. NIST has a call for collaborators to work on federated identity federalregister.gov/documents/

the grugq boosted

to reiterate: there will be _no_ #openbsd 6.1 cd set made. and it is very unlikely there will be future cd sets made, either.

Theo talks about it here: marc.info/?l=openbsd-misc&m=14

the grugq boosted

Are you a fan of the Red Team Field Manual (RTFM)? Check out the new Blue Team Field Manual (a.co/0nEjco2). All that stuff you normally have to go look up? Yeah, it's in there.

the grugq boosted

Note to Blue Team folks. Anti-phishing education is great. Periodic phishing awareness campaigns are also great. However, make sure to clarify what legit email looks like so if you ever have to mail your employees something that requires them to click on a link, they don't dismiss it as yet another phishing test.

the grugq boosted

@krogoth flashing and using are different.

the grugq boosted

IDA related RSI injuries on the rise this week.

@dildog it was never meant to be public. There's no opsec failure when there was no anticipated security exposure. That stuff is pure high side juice.

the grugq boosted

@HalvarFlake in larger organizations and agencies, people and teams specialize. I'm sure you see it in your corporate experiences.

I remember bursting into laughter walking through the halls of NSA when I heard: "specialization... it's not just for insects!". Very true!

More specialization and focus is needed to eek out the remaining wins in a well picked over field. What I don't see, and I think of you as a kindred soul here, are lots of folks really looking for new *applied* green fields. :)

the grugq boosted

In a surprising twist of the story, serversides aren't dead, they just went underground.

the grugq boosted

Visited the RSS memorial today. After all these years, it's still amazing to see the lightning hit it—every hour, on the hour—and then watch as the sparks ripple out to the aggregator towers at all the cemeteries that are still subscribed.

@argp I like the 500 chars, mostly. I can't find ppl I know anymore, and I can't really figure out the site. The iOS mobile app is practically unusable, and most of the ppl I have on lists (which dont exist) aren't on here, so I can't replace Twitter. But it does have a more relaxed feeling than Twitter.

Update on the the Linux UDP RCE. From what I've seen from ppl that do kernel exploiting... they can't really see a way to turn it into a useful exploit.

It looks like a vulnerability with the right scary characteristics, but practically not a major concern.

It is not (likely to be) a "one shot remote ring 0" exploit.

me: get me a Celtics football shirt
Friend: where would you wear it?!
me: ...Irish pubs?
Friend: and who owns them?
me:...English Defence League thugs?
Friend: right. You really want one?
me: yeah, but better send an Armalite too...

the grugq boosted

For any tooters out there who may not know about this yet, please take a look at the BSidesCBR CTF challenges over here: buffered.io/posts/bsidescbr-ct The CTF is all over, so don't be scared to ask for hints; I'm more than happy to give them. The aim here is for people to learn and have a bit of a fun. I know PicoCTF is on right now and that's taking up some attention. These will be here whenever you're ready to try them out. Thanks!

the grugq boosted

RCE in Linux (inc Android) via UDP. CVSS 10.0. I'm a little confused as to why a bigger fuss isn't being made of this
nvd.nist.gov/vuln/detail/CVE-2
Is it that the vuln doesn't have a cool brand name and logo and website?
I was pleasantly surprised to find out that my nexus phone was patched for this last week. Other androids are probably going to be fucked

the grugq boosted
http://blog.plover.com/2017/04/02/
"A Unix system administrator of my acquaintance once got curious about what people were putting into /dev/null. I think he also may have had some notion that it would contain secrets or other interesting material that people wanted thrown away. Both of these ideas are stupid, but what he did next was even more stupid: he decided to replace /dev/null with a plain file so that he could examine its contents.

The root filesystem quickly filled up and the admin had to be called back from dinner to fix it. But he found that he couldn't fix it: to create a Unix device file you use the mknod command, and its arguments are the major and minor device numbers of the device to create. Our friend didn't remember the correct minor device number. The ls -l command will tell you the numbers of a device file but he had removed /dev/null so he couldn't use that.

Having no other system of the same type with an intact device file to check, he was forced to restore /dev/null from the tape backups."