tmsr - Search: from:asciilifeform

147600+ entries in 0.05s

asciilifeform: and the continuing mention of openssl

asciilifeform: factoring projects rather than part of how the keys were generated.'

asciilifeform: probably a red herring: an artifact of the process used by these

asciilifeform: 'similar observations for factors are

asciilifeform: infuriating idiocy

asciilifeform: http://seclists.org/oss-sec/2016/q2/229 http://seclists.org/oss-sec/2016/q2/230 << moar lulz re us

asciilifeform: (i don't presently parse out the subness of subkeys)

asciilifeform: i'd have to reorg the db again.

asciilifeform: it can be done, sure.

asciilifeform: considering that we'll be jettisoning the pgp format.

asciilifeform: the abcd thing is an idea. but i wasn't really going for an sks clone

asciilifeform: whereas feeding'em in at the mouth end risks stalling when there are hordes of gawkers

asciilifeform: mircea_popescu: better to chug it in on my end - impervious to www overload

asciilifeform: mircea_popescu: 'gwerns' are a dime a dozen.

asciilifeform: http://btcbase.org/log/2016-05-04#1462828 << neato ☝︎

asciilifeform: at any rate, enough zoo for one day.

asciilifeform: 'server and client side remote code execution through a buffer overflow in all git versions before 2.7.1'

asciilifeform: http://seclists.org/oss-sec/2016/q1/645 << run moar git.

asciilifeform: '

asciilifeform: ''Under certain conditions it allows unprivileged users running under qemu VMs to affect the host Linux kernel in a problematic manner...' ☟︎

asciilifeform: http://seclists.org/oss-sec/2016/q1/450 << we luuuuuuv amd!111111

asciilifeform: and how cruel, how unreasonable, the beating i administered must've seemed to audience.

asciilifeform: i remember very well.

asciilifeform: e.g. trb and dns.

asciilifeform: predicting future, it turns out, is not so hard.

asciilifeform: i am very amused!111 on my stake.

asciilifeform: lel!

asciilifeform: ^ strike yet another crypto lib off the list

asciilifeform: ehh can't resist, another, http://seclists.org/oss-sec/2016/q1/266

asciilifeform: ^ usg retreating from pushing ecc claptrap ?!

asciilifeform: http://seclists.org/oss-sec/2016/q1/178

asciilifeform: last bit of lulz from this dig,

asciilifeform: (perhaps through not giving a fuck re shitlangs)

asciilifeform: http://seclists.org/oss-sec/2016/q1/89 << lulzy, for 'golang' aficionados. somehow i missed this

asciilifeform: ( from http://insecure.org/fyodor/gpgkey.txt )

asciilifeform: speaking of the rsa-less.

asciilifeform: http://phuctor.nosuchlabs.com/gpgkey/72AEE8BABBF4652BC2531BE414B2417B5A38128BAA8C1E6B4BEF9F4D0D026A7B << lel, fyodor of seclist

asciilifeform: it always distinguished between 'not a key' and 'key, but no rsa'

asciilifeform: mircea_popescu: lel, i never changed it

asciilifeform: mircea_popescu: which, the eggog ?

asciilifeform: mircea_popescu ^^^ mega-l0l

asciilifeform: http://seclists.org/oss-sec/2016/q2/97

asciilifeform: re yesterday's thread re dlls and gpg4win:

asciilifeform: oh hey!

asciilifeform: ah

asciilifeform: how else

asciilifeform: well yeah

asciilifeform: will also look into what it'd take to real-time eat sks.

asciilifeform: and pump.

asciilifeform: i'ma saw apart a recent sks dump this weekend.

asciilifeform: aha.

asciilifeform: at the end of a werker run, all keys that were part of the run, are marked nonwaiting.

asciilifeform: mircea_popescu: no key waits for >1h.

asciilifeform: punkman: aha!

asciilifeform: mircea_popescu: there is still 3 or 4 days worth of old sks archive, being pumped in.

asciilifeform: http://seclists.org/oss-sec/2016/q2/34 << lel... 'systemd-journald from systemd v213 started creating world readable journals, allowing local users to read sensitive system log entries.'

asciilifeform: where's the priv

asciilifeform: well apparently not

asciilifeform: and 1 or 2 'doxings'.

asciilifeform: 2/3 of the remainder - homework

asciilifeform: about 1/2 of them trollage

asciilifeform: ^ seems to wurk

asciilifeform: https://www.google.com/#tbs=li:1&q=%22-----BEGIN+PGP+PRIVATE+KEY+BLOCK-----%22+site:pastebin.com

asciilifeform: these oughta be edible.

asciilifeform: incidentally there are perennially privkeys floating on 'pastebin' etc.

asciilifeform: and defo next on featurelist.

asciilifeform: this was part of my plan for the rewrite

asciilifeform: (it working 100%, but right now shuttled manually.)

asciilifeform: mircea_popescu: good idea.

asciilifeform: crab, pincers.

asciilifeform: with these people.

asciilifeform: srsly the modus operandi NEVER changes

asciilifeform: and related rubbish

asciilifeform: quite like, e.g., glibc's dyn load

asciilifeform: to handle https requests...'

asciilifeform: ''ImageMagick allows to process files with external libraries. This feature is called 'delegate'. It is implemented as a system() with command string ('command') from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filtering it is possible to conduct shell command injection. One of the default delegate's command is used

asciilifeform: re imagemagic, this is gold:

asciilifeform: it is of pretty limited use tho, expanding 8ball from 1st mil primes to 10 mil yielded... what.. 2 pops ?

asciilifeform: currently on other box

asciilifeform: mircea_popescu: as a matter of fact i do

asciilifeform: '

asciilifeform: rmagick and paperclip, and nodejs's imagemagick.

asciilifeform: 'There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild. A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP's imagick, Ruby's

asciilifeform: http://seclists.org/oss-sec/2016/q2/200

asciilifeform: in other lulz,

asciilifeform: (and does it actually make sense to phuctor them ~together~ with pgp keyz?)

asciilifeform: i can throw them in as a specialcase.

asciilifeform: technically there is no need to convert them to pgp format

asciilifeform: srsly that would be lulzy

asciilifeform: ask henninger ! l0l

asciilifeform: (port scanner)

asciilifeform: in the wild.

asciilifeform: the nice thing about ssl and ssh pubkeys is that you can harvest them.

asciilifeform: iirc jurov was doing something with those.

asciilifeform: somewhere.

asciilifeform: i have a ~strong~ suspicion that there are q == nextprime(p) keys in there.

asciilifeform: i may have said this before, but,

asciilifeform: but >1/2 of the phucked

asciilifeform: 153 ☟︎

asciilifeform: curl -s http://phuctor.nosuchlabs.com/sadmods | grep -c -i "mirrored"