Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,153,504 members, 7,819,828 topics. Date: Tuesday, 07 May 2024 at 01:48 AM |
Nairaland Forum / EvilSec's Profile / EvilSec's Posts
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (of 11 pages)
Programming / Re: Here's What Nairaland Looked Like In 2005 by EvilSec: 7:47pm On Jul 09, 2020 |
continuation... 1 Share
|
Programming / Re: Here's What Nairaland Looked Like In 2005 by EvilSec: 7:45pm On Jul 09, 2020 |
Continuation
|
Programming / Here's What Nairaland Looked Like In 2005 by EvilSec: 7:44pm On Jul 09, 2020 |
I was bored earlier, so I went back in time to grab screenshots and show nairalanders what this site looked like from when it was created in 2005 till now. Drop your comments if you think it's UI went through any major changes. Here's the order of the pictures sorted according to year: 2005 2006 2007 2008 2010 2011 2012 2013 2014 2020 2 Likes 3 Shares
|
Programming / Let's Stop Talking About Password Strength by EvilSec: 2:01pm On Jul 09, 2020 |
Near the top of most security recommendations is to use "strong passwords". We need to stop doing this. Yes, weak passwords can be a problem. If a website gets hacked, weak passwords are easier to crack. It's not that this is wrong advice. On the other hand, it's not particularly good advice, either. It's far down the list of important advice that people need to remember. "Weak passwords" are nowhere near the risk of "password reuse". When your Facebook or email account gets hacked, it's because you used the same password across many websites, not because you used a weak password. Important websites, where the strength of your password matters, already take care of the problem. They use strong, salted hashes on the backend to protect the password. On the frontend, they force passwords to be a certain length and a certain complexity. Maybe the better advice is to not trust any website that doesn't enforce stronger passwords (minimum of 8 characters consisting of both letters and non-letters). To some extent, this "strong password" advice has become obsolete. A decade ago, websites had poor protection (MD5 hashes) and no enforcement of complexity, so it was up to the user to choose strong passwords. Now that important websites have changed their behavour, such as using bcrypt, there is less onus on the user. But the real issue here is that "strong password" advice reflects the evil, authoritarian impulses of the infosec community. Instead of measuring insecurity in terms of costs vs. benefits, risks vs. rewards, we insist that it's an issue of moral weakness. We pretend that flaws happen because people are greedy, lazy, and ignorant. We pretend that security is its own goal, a benefit we should achieve, rather than a cost we must endure. We like giving moral advice because it's easy: just be "stronger". Discussing "password reuse" is more complicated, forcing us discuss password managers, writing down passwords on paper, that it's okay to reuse passwords for crappy websites you don't care about, and so on. What I'm trying to say is that the moral weakness here is us. Rather then give pertinent advice we give lazy advice. We give the advice that victim shames them for being weak while pretending that we are strong. So stop telling people to use strong passwords. It's crass advice on your part and largely unhelpful for your audience, distracting them from the more important things. 28 Likes 6 Shares
|
Programming / Re: Mummy Lied To Me. by EvilSec: 11:14pm On Jul 06, 2020 |
mentro:This writeup is a great read. |
Nairaland / General / Re: SCAM ALERT!!! Please Help by EvilSec: 2:42pm On Jul 02, 2020 |
rasheedatt:Go peep at your account statement. You'll find what has been swallowing your money. 1 Like |
Programming / Re: I Have Switched To Vim As My Primary Editor, You Should Too by EvilSec: 11:41am On Jul 02, 2020 |
melodyogonna:Vim is pretty cool and has a ton of amazing easter eggs. I once found an editor configuration that vim doesn't have. I asked on the mailing list if they could add it and they lectured me on how options are bad... in vim?! � 2 Likes |
Programming / Re: What They Taught You About The OSI Model Was A Lie by EvilSec: 5:44pm On Jul 01, 2020 |
SegFault:That can't be true. 2 Likes |
Programming / Re: What They Taught You About The OSI Model Was A Lie by EvilSec: 4:56pm On Jul 01, 2020 |
stanliwise:Sadly, I barely code anymore these days... What about you? 1 Like |
Programming / Is Public Wifi Still Safe In 2020? by EvilSec: 3:50pm On Jul 01, 2020 |
I'm going to rebut almost all articles that claims you shouldn't connect to Public WiFi. The short answer is, Yes, it is okay to use public WiFi, it is not extremely dangerous. Instead, companies who want to sell you something hype the danger. A decade ago, public WiFi was extremely dangerous, as demonstrated with "sidejacking", etc. These days, major websites have their act together, and HTTPS is secure -- as long as you don't bypass HTTPS warnings. It's not perfectly "safe", of course, it's just that it's not particularly dangerous vs. all your other online activities. Moreover, it's often not an option: these days, you have to connect to the Internet, and through your mobile phone is not always an option for travelers. Now, "open" WiFi is stupid, like that in airport lounges that still require a password to be entered in a landing page. Such things should always be WPA2 encrypted. It's only marginal protection, of course, but will stop a lot of passive eavesdropping. Also protip: If you don't entrust your employees to pay attention to HTTPS errors, then you can force them through a VPN. So while public WiFi is mostly safe, you can make it still safer. 3 Likes |
Programming / Re: What They Taught You About The OSI Model Was A Lie by EvilSec: 3:16pm On Jul 01, 2020 |
stanliwise:Hahaha! Stanliwise the badass coder! Took some time off bro... I also lost your number a long time ago, is that your group still up? 2 Likes |
Programming / Re: Thread closed by EvilSec: 10:51am On Jul 01, 2020 |
MetasP:you know it's about something shady when you get quotes from accounts created 2 days ago. How about you use your real account "franklyn4" xD 1 Like |
Programming / What They Taught You About The OSI Model Was A Lie by EvilSec: 10:26am On Jul 01, 2020 |
So let's discuss the "OSI Model". There's no such thing. What they taught you is a lie, and they knew it was a lie, and they didn't care, because they are jerks. You know what REALLY happened when the kid pointed out the king was wearing no clothes? The kid was punished. Nobody cared. And the king went on wearing the same thing, which everyone agreed was made from the finest of cloth. The OSI Model was created by international standards organization for an alternative internet that was too complicated to ever work, and which never worked, and which never came to pass. Sure, when they created the OSI Model, the Internet layered model already existed, so they made sure to include today's Internet as part of their model. But the focus and intent of the OSI's efforts was on dumb networking concepts that worked differently from the Internet. OSI wanted a "connection-oriented network layer", one that worked like the telephone system, where every switch in between the ends knows about the connection. The Internet is based on a "connectionless network layer". Likewise, the big standards bodies wanted a slightly different way of how Ethernet should work, with an LLC layer on top of Ethernet. That never came to pass. Well, an LLC layer exists in WiFi packets, but as a vestigial stub like an appendix. So layers 1 - 4 are at least a semblance of reality, incorporating Ethernet and TCP/IP, but it's layers 5 - 6 where is goes off the rails. There's no Session or Presentation Layer in modern networks. Sure, the concepts exist, but not as layers, and not with the functionality those layers envisioned. For example, the Session Layer wanted "synchronization points" to synchronize transactions. Their model never worked, and how synchronization happens on the Internet is vastly more complex, with pretty much everybody designing their own method. Another example, is how Google does Paxos synchronization at scale is a big reason for their success. It's an incredibly tough problem for which it's impractical to create a standard. In any case, you wouldn't want it as a "layer". Sure, HTTP has "session cookies" and SSL has a "session" concept, but that doesn't make these "session layer" protocols. The OSI Presentation Layer (layer 6) is even more stupider. It was based on dumb terminals connected to mainframes. It was laughably out-of-date before it was even created. Back then, terminals needed to negotiate control codes and character sets. It's not simply "dumb terminals", it's the fact most everyone was still stuck on the concept that computer networks were for human-computer communications, rather than computer-computer communications. The OSI Model they teach is a retconned (retroactive continuity) one that just teaches the TCP/IP model and calls it the OSI Model, and does major handwaving over the non-existent Session and Presentation layers. I suppose "OSI Model" can be justified if everyone taught the same thing, if it were all based on the same specification. But it isn't. Everyone makes up their own version, like which where to put SSL. (The correct answer is "Transport Layer", btw). As for the popular question "in which layer does encryption belong?", the correct answer is "all the layers". And then some. 2 Likes |
Programming / Re: I Build Game Awsome Income by EvilSec: 9:03pm On Jun 30, 2020 |
MetasP:What infiltration? |
Phones / Re: India Bans 59 Chinese Mobile Apps (Full List) by EvilSec: 10:34am On Jun 30, 2020 |
Incase you're wondering why TikTok took the lead of the most toxic app ever, A guy on reddit reversed engineered TikTok... Here’s what he found on the data it collects on you. It’s far worse than just stealing what’s on your clipboard: 4 Likes 2 Shares
|
Programming / Re: I Build Game Awsome Income by EvilSec: 11:04am On Jun 29, 2020 |
valzey:This is true. Game dev is only interesting as a team. 1 Like |
Programming / Re: I Build Game Awsome Income by EvilSec: 2:52pm On Jun 28, 2020 |
valzey:That's Unity 1 Like 1 Share |
Programming / Re: Why Do Self Taught Programmers Over Exaggerate by EvilSec: 7:17am On Jun 28, 2020 |
lawrenzooo: EvilSec: 2 Likes 2 Shares |
Programming / Re: A Thread For Tutorial On Python Programming by EvilSec: 8:33am On Jun 27, 2020 |
Lolo24:Why would anyone want to write a book on python when there's a shit ton of books on python already? Well unless you're willing to shake a bag of coin xD. 3 Likes 1 Share |
Technology Market / Re: RC Planes For Sale by EvilSec: 6:09pm On May 03, 2020 |
RCDIY:Hi! Just sent you an email, let's talk. 1 Like |
Programming / Re: Have Never Heard About HACKING, Dont We Have Serious HACKERS ? by EvilSec: 6:05pm On May 03, 2020 |
Bahat:Don't have a group... I might have to create one though, but I'm not sure if people would be interested. 3 Likes 1 Share |
Programming / Re: Have Never Heard About HACKING, Dont We Have Serious HACKERS ? by EvilSec: 5:35pm On May 03, 2020 |
Bahat:Reversing linux execs is a lotta fun... I'm getting into into binary exploitation soon. Btw, we don't have bug bounty programs in Nigeria. I work at hackerone and bugcrowd. 4 Likes |
Programming / Re: Have Never Heard About HACKING, Dont We Have Serious HACKERS ? by EvilSec: 5:27pm On May 03, 2020 |
Bahat:I'm a bug bounty hunter, I also reverse malware when I'm bored... What's the good news? 3 Likes 1 Share |
Programming / Re: Have Never Heard About HACKING, Dont We Have Serious HACKERS ? by EvilSec: 5:23pm On May 03, 2020 |
Bahat:One is a crit and the other two is medium severity... XSS, CSRF and Open Redirect... Exploit works out great btw, wrote a PoC for them all. 4 Likes 1 Share |
Programming / Re: Have Never Heard About HACKING, Dont We Have Serious HACKERS ? by EvilSec: 5:06pm On May 03, 2020 |
Bahat:Sure we can! Was originally planning to open a thread where I disclose some of the vulns I've found on NL... I'm trying to show people how hacking works in the wild. Most people think it's by sitting back, and running a bunch of automated tools then hope to find a crit. 3 Likes 1 Share |
Programming / Re: Have Never Heard About HACKING, Dont We Have Serious HACKERS ? by EvilSec: 4:55pm On May 03, 2020 |
Bahat: You up for a little challenge? 2 Likes 1 Share |
Foreign Affairs / Re: Iran Reopens For Business As No End In Sight To Coronavirus Pandemic by EvilSec: 5:28pm On Apr 29, 2020 |
So basically Iran now runs on face masks, hand sanitizers, insha Allah and vibes. 4 Likes 1 Share |
Programming / Re: Calculate Your Future Wealth With Python by EvilSec: 6:38pm On Apr 23, 2020 |
codeigniter:Awesome vid! Loved it. 1 Like |
Programming / Re: LEARN ETHICAL HACKING,TIPS AND TRICKS by EvilSec: 8:37pm On Apr 16, 2020 |
nurain150:I see you've registered on h1... Play a couple of CTF's to earn private invites, and shoot me a message if they're eligible for bounties/if the payouts are juicy and we hack 'em together. Collabs are fun xD. 2 Likes 1 Share |
Programming / Re: LEARN ETHICAL HACKING,TIPS AND TRICKS by EvilSec: 2:45pm On Apr 10, 2020 |
JayJayGee:Thanks for the kind words Do get in touch when you're ready. 4 Likes 1 Share |
Programming / Re: LEARN ETHICAL HACKING,TIPS AND TRICKS by EvilSec: 10:37am On Apr 10, 2020 |
nurain150: The KLCP is not free, it costs a couple hundred quids. Hey! I love your thread btw, if you ever wanna collab on a bug bounty program or need a CTF buddy, let me know. 1 Like |
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (of 11 pages)
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 68 |