bits 0x54 - Week 35~?, 2024 (WIP)

# Good Reads

ASLRn’t: How memory alignment broke library ASLR
https://zolutal.github.io/aslrnt/

Understanding the Postgres Hackers Mailing List Language by Greg Sabino Mullane
Despite the postgres context, this is a nice reference for non-english speaking devs. https://www.crunchydata.com/blog/understanding-the-postgres-hackers-mailing-list

Pick Your Distributed Poison - via Hazel Weakly https://hazelweakly.me/blog/pick-your-distributed-poison/

It’s hard to write code for computers, but it’s even harder to write code for humans - Erik Bernhardsson
https://erikbern.com/2024/09/27/its-hard-to-write-code-for-humans.html

The perils of transition to 64-bit time_t - Michał Górny
https://blogs.gentoo.org/mgorny/2024/09/28/the-perils-of-transition-to-64-bit-time_t/

# Learns

# Fun

DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor
https://www.youtube.com/watch?v=01oeaBb85Xc

# MISC

Linus Torvalds on the rust-for-linux drama
https://www.youtube.com/watch?v=OM_8UOPFpqE

Cover: “The Serpentine Offering” by Dimmu Borgir - Adrienne Cowan
https://www.youtube.com/watch?v=TCwDlmiudp0

A peek inside pinentry - jmhobbs https://velvetcache.org/2023/03/26/a-peek-inside-pinentry/

# cve-my-fucking-self

I woke up at 3 am realizing that I’ve been talking with someone over the phone, and I was about to read out a SMS PIN number to them. It was China Mobile (a chinese mobile phone provider).

I get promotion calls from China Mobile from time to time, they normally try to sell me into signing up for a more expensive data packet. And I always politely reply “oh too bad, I don’t live in China now so this won’t work for me.”

This time though, I was completely unconscious as they woke me up at 3am; My primitive nerv reflection failed to understand such a sophisticated context and simply (I guess so, because I remember nothing) replied like “ok, yes, sure, why not…” and continued to follow their instruction. When I suddenly really “woke up” I’m totally lost because I’m reading out a PIN number from a confirmation SMS and was terrified.

Then I tried to figure out whether it’s a scam. I checked the caller and SMS and luckily it’s just China Mobile instead of a credit card scam. But obviously I don’t want to sign up with this thing. But I’m reluctant to say “nah, nevermind, I changed my mind now.”….. Because I know they are just another hard-working person and I don’t want to make them feel tricked (though I was totally involuntary in the first place). Luckily the procedure requires a second confirmation SMS and I simply pretended that I didn’t receive it (which I did) and they think it’s a technical issue and I explained that I’m abroad and the said promotion won’t work for me (obviously I didn’t say this when I unconsciously got the call) and I finally ended the call without behaving like a jerk.

Here is the profound question in my personal security: I know cyber security, I use cryptography, I identify phishing and scams, I have deep knowledge in computer systems …. And fuck me, I’m just reading out a fucking security PIN to someone on the phone without even knowing it??? Had I not gained conciousness quick enough I will simply give my money to scammers.

How can I prevent my mental state being taken advantage of? When I’m half asleep? When I’m drunk? When I’m sick?

I beside passwords, I need a sanity checker on critical systems (no idea how to implement it to SMS confirmations though). Like, besides password, I should be forced to answer some questions like math or logic quiz…

BTW: WTF their sale teams are working on Sunday???? For fucks sake you capitalists.

# on autoconf

https://lists.gnu.org/archive/html/autoconf/2008-03/msg00140.html

[+] click to leave a comment [+]
the comment system on this blog works via email. The button
below will generate a mailto: link based on this page's url 
and invoke your email client - please edit the comment there!

[optional] even better, encrypt the email with my public key

- don't modify the subject field
- specify a nickname, otherwise your comment will be shown as   
  anonymous
- your email address will not be disclosed
- you agree that the comment is to be made public.
- to take down a comment, send the request via email.

        
>> SEND COMMENT <<
[BITS] - the weekly archive -
bits 0x54 - Week 35~?, 2024 (WIP)
bits 0x53 - Week 28~35, 2024
bits 0x52 - Week 17~27, 2024 [VOID]
bits 0x51 - Calender Week 17, 2024
bits 0x50 - Calender Week 16, 2024
bits 0x49 - Calender Week 15, 2024
bits 0x48 - Calender Week 14, 2024
bits 0x47 - Calender Week 13, 2024
bits 0x46 - Calender Week 12, 2024
bits 0x45 - Calender Week 11, 2024
bits 0x44 - Calender Week 10, 2024
bits 0x43 - Calender Week 09, 2024 [VOID]
bits 0x42 - Calender Week 08, 2024 [VA]
bits 0x41 - Calender Week 07, 2024 [VOID]
bits 0x40 - Calender Week 06, 2024 [VOID]
bits 0x39 - Calender Week 05, 2024
bits 0x38 - Calender Week 04, 2024
bits 0x37 - Calender Week 03, 2024
bits 0x36 - Calender Week 02, 2024 [VA]
bits 0x35 - Calender Week 01, 2024
bits 0x34 - Calender Week 52, 2023
bits 0x33 - Calender Week 51, 2023
bits 0x32 - Calender Week 50, 2023 [VOID]
bits 0x31 - Calender Week 49, 2023
bits 0x30 - Calender Week 48, 2023
bits 0x2f - Calender Week 47, 2023
bits 0x2e - Calender Week 46, 2023
bits 0x2d - Calender Week 45, 2023
bits 0x2c - Calender Week 44, 2023
bits 0x2b - Calender Week 43, 2023
bits 0x2a - Calender Week 42, 2023