Profile cover photo
Profile photo
Anthony Towns
Anthony's posts

So I'm thinking the "ads by dnsunlocker" thing might actually be due to a MITM exploit using mobile data (through Internode/optus), and presumably getting bad dns responses to something, leading to edited web pages being returned over unsecured http?

Hmm, pixz actually works pretty well -- output size is about half that if gzip -9, while real runtime (with 8 cores running in parallel) is still about the same.

Post has attachment

Post has shared content
There was an XKCD strip last month which compared the relative frequency of days of the month being mentioned in print (as recorded in Google Ngram Viewer). In the alt text, Randall noted that, besides September, the 11th is apparently mentioned substantially less often than any other day, and he was not sure why. Here, David Hagen discovers why.

(Spoiler: It's because Google's OCR is misclassifying "11th" as "nth" in many 20th-century typefaces.)

Okay, wtf. I have a chrome virus -- it seems to be "InterYield", and takes over clicks from random websites to redirect them to unrelated ad sites (it also sometimes pops up a little "Interstitial information" info box at the bottom right of the web page). It appears on both my phone and my (Linux) desktop (which runs Debian's chromium), presumably propogating via Chrome's cloud-settings feature.

The only info I can find on the web for this is "go into Windows and change the registry settings", "run an anti-virus program", and "reset your chrome settings on all your devices", of which only the latter's applicable (at least, I don't think I've even logged onto my google account on a Windows machine...).

My Chrome plugins (on my linux instance) are just two instances of "Chromium PDF Viewer", one marked as internal-pdf-viewer, the other as "chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/" (which seems like it's legit, but...). My Chrome extensions are AdBlock, Bookmark Manager 0.1, Chromium PDF Viewer, CryptoTokenExtension, Google Cast, Incognito Filter, and Quick Bookmarks (which is disabled).

Does anyone have any idea wtf chrome thinks it's doing (or how to find out), or should I just switch to firefox/iceweasel and declare a pox on Google?

I used to think arguing on Usenet and mailing lists had made me pretty au fait with snark, but playing with is teaching me I have much to learn...

Post has shared content
PWN2OWN Mobile: Daniel Komaromy (@kutyacica) and Nico Golde (@iamnion) pwned the baseband radio in a brand new Samsung S6 Edge that I unsealed from the box and updated to latest software at the conference.

The software radios on the table are pretending to be a cellphone base station - we are doing this in an isolated room deep underground where there is no cellphone coverage to interfere with and I am the only other person in the room. As soon as we power up the new phone in the presence of their attack radio, their signal patches the radio runtime software of the baseband processor (the other cpu in your cellphone that users can't access that takes care of the radio to talk to the network) so that after the patch any phone calls I make are routed to them instead of their intended destination.

I tested this after when we went to where we did have cellphone coverage by trying to dial my Japanese cellphone and it rang on Nico's cellphone instead. The modified radio software also forwarded the original number dialled so in the real world an attacker would then use a VoIP proxy to forward the call imperceptibly and listen in on it.

Ironically enough, this year at PWN2OWN we have had some of the most significant research with the smallest prizes ever, in the true spirit of security research - to reward these guys since I don't have a lavish budget I'm going to fly them and their wives, girlfriends and family to CanSecWest next year to come snowboarding/skiing after they give a technical presentation on doing security research on baseband processors and this vulnerability. (Hat tip to the Blackberry security folks who got us in touch with the right folks to get the vulnerability information to Samsung through a VP they know there.) I would like to get these guys some further reward, beyond the bragging rights for winning PWN2OWN and being the first to show a successful baseband attack, for this significant research, especially since last year we were offering $150,000 rewards for an attack like this.

These guys have been doing this work in their spare time in addition to their day jobs and have put in a significant amount of time into doing this to secure the whole industry. So if you folks know a bounty program that would be interested in these and other significant cellphone baseband radio discoveries please contact me.

Post has attachment -- something that's bugged me a little is the way Unix has lots of protection from different users spying on each other, but the way I actually use it on my laptop, there's just one user (and sudo and ssh-agent allows that user to easily get additional access to the system or other systems). So if a program misbehaves, or my web browser has a vulnerability, it's game over.

In that vein, I thought it might be interesting to try doing things a bit differently. So on my new laptop, I'm running chromium via "xpra ssh:aj-web@localhost:100" instead of directly -- so even if there are exploits, it can't do anything onboxious my actual data, or get access to sudo, or ssh anyway using my agent keys. Of course, this will probably be annoying when I want to upload/download stuff, but hopefully that'll be mild.

I think xpra gets the right mix of features to optimise for security -- X lets apps peak at other apps' display, input, and clipboard, but detaching the xpra session should block that if you need to do something more sensitive than normal (banking passwords?), and you can just reattach and pick up where you left off afterwards. Having chromium fire up libreoffice or similar to view untrusted documents all as a sub-privileged user seems like it also works about right.

So far xpra seems pretty great; it's working fine for typing this, eg. It seems to play youtube vidoes okay even, though for some reason sound is entirely disabled. I guess I could try changing the "speaker=off" setting in /etc/xpra/xpra.conf at some point though...

Post has shared content

Post has shared content
Quoth my colleague, Mr. McGreevy, "Your file system's writing chunks that your OS can't cache".
Wait while more posts are being loaded