• Sj chevron_right

      MCH 2022 hacker camp - personal anecdotes

      pubsub.slavino.sk / sjoerdlangkemper · Friday, 29 July, 2022 - 05:00 edit

    I went to the MCH hacker camp. This post describes my non-technical, personal experiences while on MCH.


    Značky: #Rozne

    • Sj chevron_right

      MCH 2022 hacker camp - technical talks and workshops

      pubsub.slavino.sk / sjoerdlangkemper · Friday, 29 July, 2022 - 05:00 edit

    I followed about 15 talks and workshops on the MCH 2022 hacker camp. This post briefly describes each talk, my opinion on it, and key points.


    Značky: #Rozne

    • Sj chevron_right

      Lucky 13 and other padding oracle attacks on CBC ciphers

      pubsub.slavino.sk / sjoerdlangkemper · Sunday, 20 March, 2022 - 05:00 edit

    Lucky 13 is a padding oracle timing attack on CBC ciphers, which required multiple patches to solve. Does this mean that this vulnerability is now solved for good, or that it is the vulnerability that keeps on giving?


    Značky: #Rozne

    • Sj chevron_right

      Git submodules update to default branch, except when it's changed

      pubsub.slavino.sk / sjoerdlangkemper · Friday, 15 October, 2021 - 05:00 edit

    Git submodules by default update to the remote default branch. However, when you change the default branch, the submodule does not automatically switch to the new default branch.


    Značky: #Rozne

    • wifi_tethering open_in_new

      This post is public

      www.sjoerdlangkemper.nl /2021/10/15/git-submodule-update-remote-retrieves-default-branch-except-when-changed/

    • Sj chevron_right

      How does git diff --ignore-matching-lines work

      pubsub.slavino.sk / sjoerdlangkemper · Friday, 13 August, 2021 - 05:00 edit

    Git diff does not display a hunk of changes, if all of the removed and added lines match any of the regexes specified by --ignore-matching-lines ( -I ).


    Značky: #Rozne

    • Sj chevron_right

      Long passwords don't cause denial of service when using proper hash functions

      pubsub.slavino.sk / sjoerdlangkemper · Friday, 2 July, 2021 - 05:00 edit

    ASVS states that passwords should be at most 128 characters. This originates from the idea that longer passwords take longer to hash, which can lead to a denial of service when an attacker performs login attempts with very long passwords. However, this is not generally true. With a proper hash function, longer passwords do not take a significantly longer time to hash.


    Značky: #Rozne

    • Sj chevron_right

      Remote code execution through unsafe unserialize in PHP

      pubsub.slavino.sk / sjoerdlangkemper · Sunday, 4 April, 2021 - 05:00 edit

    Using gadget chains it is possible to achieve remote code execution in web application that unserialize user input, even without having the complete source code.


    Značky: #Rozne

    • Sj chevron_right

      Adding request headers to image requests using a service worker

      pubsub.slavino.sk / sjoerdlangkemper · Wednesday, 6 January, 2021 - 06:00 edit

    Service workers can modify requests from a web application. This includes requests from <img> tags, but additional steps are needed before a request header can be added.


    Značky: #Rozne

    • Sj chevron_right

      IoT security regulation

      pubsub.slavino.sk / sjoerdlangkemper · Wednesday, 30 September, 2020 - 00:00 edit

    Consumer IoT devices have been riddled with the same vulnerabilities for a long time. Authorities are now considering IoT cybersecurity regulation, which would make it possible to take insecure devices off the market.


    Značky: #Rozne