Downgrade prevention has been a cat-and-mouse game between consumers and companies since the inception of remote updates. The Nintendo Switch adopts a worrisome-strategy of preventing firmware downgrades by permanently modifying your device every time it updates. While this isn’t a new concept (the Xbox 360 was doing it back in 2007), it is part of a greater effort to prevent end users from modifying their devices to their liking.
The Nintendo Switch use an Nvidia Tegra X1 SoC, which comes with a fuse driver. …
When building complex pieces of software, regardless of language, you start to notice a pattern in your testing habits. The same similar-looking issues will arise across different platforms or projects. Regardless of whether you’re building another simple to-do list demo for a talk or architecting a comprehensive back-end for a PaaS startup, the same generic patterns begin to emerge.
There are six cases that should be tested that will shine a light on a surprising number of issues. These are not meant to be comprehensive, or a complete test suite of their own. …
A couple months ago, I was traveling outside of the U.S. and wanted to show a friend a link on my personal (static) site. I tried navigating to my website, but it took much longer than I anticipated. There’s absolutely nothing dynamic about it — it has animations and some responsive design, but the content always stays the same. I was pretty appalled at the results, ~4s to DOMContentLoaded, and 6.8s for a full page load. There were 20 requests for a static site, with 1mb of total data transferred. I was accustomed to my 1Gb/s, low latency internet in…
Are you a Netflix power user? Check out NEN to maximize your watching-to-waiting times!
It’s features include:
The extension is still under active development, so if there are any suggestions or improvements, feel free to reach out!
Named after the Egyptian god of finding lost things, Anubis and AnubisDB, two companion projects, were created due to a lack of free and open APIs for subdomain enumeration. Subdomain enumeration is one of the first steps in the information gathering phase, and is required to get a full scope of the attack surfaces of your target.
Anubis collates data from a variety of sources to provide one of the most comprehensive tools for subdomain enumeration. It pulls subdomains from public sources, indexed search results, and AnubisDB, a centralized, open API for subdomains.
The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.
A temporary fix is to enable the root superuser with a password, although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability.
Additionally, you could change the root password from terminal with
sudo passwd -u root
On security as a spectrum, attack vectors, and how people who don’t understand security focus on the wrong things
Imagine there’s a house you are trying to protect, with a large front door. What is the front door protecting, and who is it protecting these things from? Perhaps it’s in a rough area of town, and you went out of your way to purchase a triple deadbolt, upper- and lower-locks, and an alarm system. No matter what you do you’re mostly operating under the false pretense of security. Any measure you take will only deter a specific subset of people…
Author Note: This write-up will not examine any new vulnerability. Rather, it explores a common methodology used in trivially hacking iOS apps, in which you perform a man-in-the-middle (MitM) attack on yourself.
Additionally, you will need a perfunctory knowledge of man-in-the-middle attacks, SSL, and the HTTP protocol. It was written for a general audience, so some examples have been simplified for the purposes of the article.
As an iOS developer, you often want to push updates/changes at a faster rate than Apple will let app updates through. …
If you’re familiar with the travel hacking world, you’ll know that the best way to amass large amounts of points is through credit card sign up bonuses. Recently, this hobby has been gotten a much higher profile with the release of the CSR, which had an unprecedented sign up bonus. These sign up bonuses can be elusive, however — they could disappear one day, or have hidden links to a higher version of the sign up bonus (see the Amex Platinum 100,000 links, where the regular bonus is just 40,000 MR — this can be a difference worth upwards of…