Centralization of Thoughts

Keeping track of my thoughts with regards to programming ᕕ( ͡° ͜ʖ ͡°)ᕗ

FREAKy week

March 8th, 2015 Cool/Rainy Sundayn0tr00t

Talk about a week! Yet again another vulnerability has surfaced and this one is possibly even more of a threat to secure data than Heartbleed. This exploit has been an issue since the 1990s and only now are researchers realizing that the exploit has been around since then.

Codenamed: FREAK(Factoring RSA Export Keys)

This SSL/TLS exploit is a result of US Government regulation which prevented companies in the 90s from shipping products overseas that contained strong encryption methods. Instead, these products were loaded with "Export Grade" encryption which were weak and crackable with few resources.

What does this mean to me?

Researchers and hackers will be able to force a user's connection with a webpage to use a weaker encrpytion method than is standard for pages. This allows the person carrying out the attack to decrypt your encrypted connection to a webpage and read in plaintext your passwords, emails, and other data you input and retrieve.

As of Sunday, Android, iOS, and Windows are still vulnerable. Google has pushed out an Android update to their manufacturing partners, so it is now up to them to push it live to the phone, for example Samsung to the S5.

Am I Effected?

You should check this site by the researcher's that discovered the issue to see if your browser is still vulnerable: FREAK Check

Below is some information from the researcher's website at SmackTLS

" Vulnerable TLS client libraries include

  • OpenSSL (CVE-2015-0204): versions before 1.0.1k are vulnerable.
  • BoringSSL: versions before Nov 10, 2014 are vulnerable.
  • LibReSSL: versions before 2.1.2 are vulnerable.
  • SecureTransport: is vulnerable. A fix is being tested.
  • SChannel: is vulnerable. See the security advisory. A fix is being tested.
  • Mono: versions before 3.12.1 are vulnerable.
  • IBM JSSE: is vulnerable. A fix is being tested.
  • Other disclosure pending

Web browsers that use the above TLS libraries are vulnerable, including:

  • Chrome: versions before 41 on various platforms are vulnerable. Update to Chrome 41
  • Internet Explorer: is vulnerable. Wait for a patch and see the security advisory.
  • Safari: is vulnerable. Wait for a patch.
  • Android Browser: is vulnerable. Switch to Chrome 41.
  • Blackberry Browser: is vulnerable. Wait for a patch.
  • Opera: on Mac and Android is vulnerable. Update to Opera 28 (when stable).

Other client applications (such as email) that use vulnerable TLS libraries may also be vulnerable."

Blog 64.0

March 1st, 2015 Cold/Rainy Sundayn0tr00t

I have decided to completely revamp the blog once again. If not for like the 64th time! I am really enjoying the way that this blog is taking shape so that is definitely a bonus. I plan to keep up with the blog and continually post new content and live updates on my coding progress.

I found a resourceful javascript and css script on the web called highlight.js! It will allow me to easily keep up with code documentation with syntax highlighting and lined numbers! You can find the script over at HighlightJS, would be useul for any blogger that writes code.

"Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time."Thomas A. Edison

I shall now present an example of the beautiful highlighter!

Python Square

            
    class getSquare():
    def area(self):
    return self.wall ** 2

    def main():
    sq = getSquare()
    sq.wall = int(input("Insert number: "))
    print sq.area()
    main()

Beauty in the eye's of the Beholder

So I am of the opinion that the above highlighting does a wonderful job of the purpose it was designed for. It has functionality for many different languages which will make presenting examples of HTML, CSS, JS, Python, Ruby, and others very simple.

Moment of thought

Currently there are some fantastic resources out there for programmers to learn from. A place I would like to give a shout-out to currently is edX, they have fantastic courses on their site from some extremely intelligent professors. Plenty of courses to choose from and many of them are free, an example course one can start with is the MITx 6.00.1x Computer Science class that they offer.

Currently I am also studying through two different books dedicated to Python development. I will get bored of reading one and have to switch over to the secondary book from time to time. I must admit that they are a wealth of knowledge and definitely are helping to advance my technique and art of code.

			
  • Mastering Object-Oriented Python, by Steven F. Lott
    • 
			
  • Test Driven Development with Python, by Harry Percival
    •

    What to expect

    You may be wondering what you can expect to get by reading this blog or you may not be...Here is a list of some things I expect to post:

    • Code Snippets and Tidbits from reddits and other locations.
    • Daily ramblings by me like this post here!
    • Interesting code and APIs I may find myself tinkering with.
    • Shameless attempts to market my ideas

    "The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather a lack of will."Vince Lombardi

    User: n0tr00t

    -ian
    /ēən,ən/
    ENTJ
    A devoted father of two.
    Been writing code since 2001. Finishing a BS/CompSci degree now. Focusing on Programming and Security.

    Locales:

    1. GitHub
    2. Twitter

    Links and Shenanigans

    1. /R/CSCareerQuestions
    2. /R/Bitcoin
    3. /R/DailyProgrammer
    4. /R/LearnProgramming
    5. /R/NetSec
    6. /R/Programming
    7. /R/Python
    8. ArsTechnica
    9. Cloud Pro
    10. Coding Horror
    11. Daily WTF
    12. FireEye Blog
    13. Krebs Security
    14. Planet Python
    15. Puppet - Gary Larizza
    16. Puppet - More Than Seven
    17. PyDanny
    18. StackOverlow