bits 0x54 - Week 35~?, 2024 (WIP)
### Good Reads
ASLRn’t: How memory alignment broke library ASLR
Understanding the Postgres Hackers Mailing List Language by Greg Sabino Mullane
Despite the postgres context, this is a nice reference for non-english speaking
Pick Your Distributed Poison - via Hazel Weakly
It’s hard to write code for computers, but it’s even harder to write code for
humans - Erik Bernhardsson
The perils of transition to 64-bit time_t - Michał Górny
### Learns
### Fun
DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor
### MISC
Linus Torvalds on the rust-for-linux drama
Cover: “The Serpentine Offering” by Dimmu Borgir - Adrienne Cowan
A peek inside pinentry - jmhobbs
### cve-my-fucking-self
I woke up at 3 am realizing that I’ve been talking with someone over the phone, and I was about to read out a SMS PIN number to them. It was China Mobile (a chinese mobile phone provider).
I get promotion calls from China Mobile from time to time, they normally try to sell me into signing up for a more expensive data packet. And I always politely reply “oh too bad, I don’t live in China now so this won’t work for me.”
This time though, I was completely unconscious as they woke me up at 3am; My primitive nerv reflection failed to understand such a sophisticated context and simply (I guess so, because I remember nothing) replied like “ok, yes, sure, why not…” and continued to follow their instruction. When I suddenly really “woke up” I’m totally lost because I’m reading out a PIN number from a confirmation SMS and was terrified.
Then I tried to figure out whether it’s a scam. I checked the caller and SMS and luckily it’s just China Mobile instead of a credit card scam. But obviously I don’t want to sign up with this thing. But I’m reluctant to say “nah, nevermind, I changed my mind now.”….. Because I know they are just another hard-working person and I don’t want to make them feel tricked (though I was totally involuntary in the first place). Luckily the procedure requires a second confirmation SMS and I simply pretended that I didn’t receive it (which I did) and they think it’s a technical issue and I explained that I’m abroad and the said promotion won’t work for me (obviously I didn’t say this when I unconsciously got the call) and I finally ended the call without behaving like a jerk.
Here is the profound question in my personal security: I know cyber security, I use cryptography, I identify phishing and scams, I have deep knowledge in computer systems …. And fuck me, I’m just reading out a fucking security PIN to someone on the phone without even knowing it??? Had I not gained conciousness quick enough I will simply give my money to scammers.
How can I prevent my mental state being taken advantage of? When I’m half asleep? When I’m drunk? When I’m sick?
I beside passwords, I need a sanity checker on critical systems (no idea how to implement it to SMS confirmations though). Like, besides password, I should be forced to answer some questions like math or logic quiz…
BTW: WTF their sale teams are working on Sunday???? For fucks sake you capitalists.
### on autoconf