If you are on the ball already and just want the new vulnerability, scroll to the "client side SSL verification" section. tl;dr The Komodia/Superfish proxy can be made to allow self-signed certificates without warnings. Recap Some Lenovo laptops shipped with Superfish preinstalled - an ad injecting software. How… »
Hello, a quick post to allow everyone to play along at home with this Superfish thing. (In case this isn't clear: this post is for security professionals only) Disclaimer: sleep deprived and exhausted. Been working on Badfish for 16 hours now, expect inconsistencies. If you don't know what this is… »
I got my WD My Book World Edition II NAS out of the closet. The reason it went in the closet is that I locked myself out of SSH access, and in the meantime I forgot most of its passwords. Still, I need a NAS, so let's get it back… »
If you take away only one thing from this post let it be this: If you have a human password, scrypt it. The reason passwords suck is because humans are terrible at generating and storing entropy. (That and password reuse, but that's another story.) And the reason that's a problem… »
I want you to do a quick inventory of all the boxes, VPS, servers etc. you have root on. Ok, now tell me, when is the last time you updated the one you almost forgot about? Is it vulnerable to ShellShock? Is it vulnerable to Heartbleed? Go patch it now,… »
Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
