Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Links for 2020-02-02

February 02, 2020 — Carlos Fenollosa

💣 Remote exploit in OpenSMTPd

OpenSMTPD advisory dissected (5 min, via)

The author of OpenSMTPd does a good post-mortem of the catastrophic bug that has left a remote exploit available for three years and a half.

We can’t prevent human mistakes, they will happen because tools won’t help spot that a human-described logic is flawed. What we need is to make changes so that OpenSMTPD becomes more resistant to human errors. In other words, we need safe-guards that are not dependant on sanity checks and input, we need safe-guards that will guarantee that even if OpenSMTPD lets completely untrusted input pass through, this will have the most limited consequences... then we ensure that it doesn’t let untrusted input pass through.

Agreed. There is no such thing as bug-free code.

🖥 CacheOut, another Intel CPU vulnerability

CacheOut, Leaking Data on Intel CPUs via Cache Evictions (5 min, via)

Every single one of these would be a scandal. Now, we've gotten used to it. Shame on Intel.

👴 UNIX lore

The Unix Heritage Society (RH, via)

Great resource to learn more about UNIX history.

Make sure to browse their wiki

💉 Antivirus selling user data

Leaked Documents Expose the Secretive Market for Your Web Browsing Data (1 min, via)

An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

How ironic.

🎨 Oldschool web design trends

Dark Ages of The Web (2 min, via) is a visual trip through old web design trends.

It contains, of course:

  • Tables
  • Animated gifs
  • The Web 2.0
  • Flash
  • The "Home Page"

and more

🏴‍☠️ Whatsapp hack for Jeff Bezos

Technical Report of the Bezos Phone Hack (20 min, pdf, via)

Besides the actual forensics of the hack, which are not very in depth, this report provides an interesting insight into the tools and environments that real security firms use to study malware. It seems that Cellebrite's software is very popular.

Be sure to read the HN discussion, which seems to agree with my point: the forensic analysis was not very good, but the between-lines content is insightful.

🍎 Vintage Apple magazines

VintageApple, Information from the early Apple era (RH, via) is an archive of vintage Apple material, like magazines, books, pictures, and more.

Make sure to check this one out if you're a retro Apple fan.

👁 The Eye, another internet archive

The Eye (RH, via)

I hope you already know about The Internet Archive, a non-profit effort to archive a lot of content on the Web. If you don't, contgratulations! Play with MS-DOS software in your browser, read free books and watch copyright-free movies

Then, check out The Eye. It's another non-profit project aimed at file archival, a bit more chaotic, which makes browsing through its pages a real archeology dig.

The-Eye is a non-profit, community driven platform dedicated to the archiving and long-term preservation of any and all data including but by no means limited to... websites, books, games, software, video, audio, other digital-obscura and ideas.

🕹 Starfox into Zelda

This amazing glitch puts Star Fox 64 ships in an unmodified Zelda cartridge (15 min, via)

The fact that these glitches can be run, and that there is people actively looking for them, makes me very happy.

Let's give due credit: Zfg1 on Twitch

Related link: Ocarina of Time glitches and code execution

Tags: roundup

Comments? Tweet