Downgrade prevention has been a cat-and-mouse game between consumers and companies since the inception of remote updates. The Nintendo Switch adopts a worrisome-strategy of preventing firmware downgrades by permanently modifying your device every time it updates. While this isn’t a new concept (the Xbox 360 was doing it back in 2007), it is part of a greater effort to prevent end users from modifying their devices to their liking.

The Nintendo Switch was released on March 3, 2017, and is currently on version 5.0.2

The Nintendo Switch use an Nvidia Tegra X1 SoC, which comes with a fuse driver. …

When building complex pieces of software, regardless of language, you start to notice a pattern in your testing habits. The same similar-looking issues will arise across different platforms or projects. Regardless of whether you’re building another simple to-do list demo for a talk or architecting a comprehensive back-end for a PaaS startup, the same generic patterns begin to emerge.

There are six cases that should be tested that will shine a light on a surprising number of issues. These are not meant to be comprehensive, or a complete test suite of their own. …

A couple months ago, I was traveling outside of the U.S. and wanted to show a friend a link on my personal (static) site. I tried navigating to my website, but it took much longer than I anticipated. There’s absolutely nothing dynamic about it — it has animations and some responsive design, but the content always stays the same. I was pretty appalled at the results, ~4s to DOMContentLoaded, and 6.8s for a full page load. There were 20 requests for a static site, with 1mb of total data transferred. I was accustomed to my 1Gb/s, low latency internet in…

Are you a Netflix power user? Check out NEN to maximize your watching-to-waiting times!

Never Ending Netflix is a Chrome extension for when you don’t want to take your arms from under your bed to skip the title sequence in that 10th-episode-in-a-row binge you’ve been going on.

It’s features include:

  • Skip intro/title sequences (2 minutes saved right there!)
  • Automatically play the next episode when the previous one finished (like, at least 5 seconds)
  • Skip the prompt that asks if you’re still watching after 8 hours uninterrupted (who do they think we are?)
  • Search through all of Netflix’s genres (over 3000!)

The extension is still under active development, so if there are any suggestions or improvements, feel free to reach out!

Named after the Egyptian god of finding lost things, Anubis and AnubisDB, two companion projects, were created due to a lack of free and open APIs for subdomain enumeration. Subdomain enumeration is one of the first steps in the information gathering phase, and is required to get a full scope of the attack surfaces of your target.

Anubis collates data from a variety of sources to provide one of the most comprehensive tools for subdomain enumeration. It pulls subdomains from public sources, indexed search results, and AnubisDB, a centralized, open API for subdomains.

The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.

This allows you to sign in to any device running macOS High Sierra as the root superuser, bypassing all security mechanisms that are currently in place.

Entering “root” as the username and leaving the password blank gives you access after a few attempts

A temporary fix is to enable the root superuser with a password, although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability.

Additionally, you could change the root password from terminal with

sudo passwd -u root

On security as a spectrum, attack vectors, and how people who don’t understand security focus on the wrong things

Credit to

Imagine there’s a house you are trying to protect, with a large front door. What is the front door protecting, and who is it protecting these things from? Perhaps it’s in a rough area of town, and you went out of your way to purchase a triple deadbolt, upper- and lower-locks, and an alarm system. No matter what you do you’re mostly operating under the false pretense of security. Any measure you take will only deter a specific subset of people…

Author Note: This write-up will not examine any new vulnerability. Rather, it explores a common methodology used in trivially hacking iOS apps, in which you perform a man-in-the-middle (MitM) attack on yourself.

Additionally, you will need a perfunctory knowledge of man-in-the-middle attacks, SSL, and the HTTP protocol. It was written for a general audience, so some examples have been simplified for the purposes of the article.

Common design patterns

As an iOS developer, you often want to push updates/changes at a faster rate than Apple will let app updates through. …

If you’re familiar with the travel hacking world, you’ll know that the best way to amass large amounts of points is through credit card sign up bonuses. Recently, this hobby has been gotten a much higher profile with the release of the CSR, which had an unprecedented sign up bonus. These sign up bonuses can be elusive, however — they could disappear one day, or have hidden links to a higher version of the sign up bonus (see the Amex Platinum 100,000 links, where the regular bonus is just 40,000 MR — this can be a difference worth upwards of…

JonLuca De Caro

Security & Programming |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store