The tile of this post says it all.
Please visit For Nearly Two Decades the Nuclear Launch Code at all Minuteman Silos in the United States Was 00000000 for more details.
I just cannot be bothered to write more about it, I hope they change it. I hope the Russians didn’t do anything this stupid as well.
And it happens again to WhatsApp, being further embarrassed by researchers showing that they do not know how to implement encryption correctly. Recently Help-Net Security published an article about a Dutch Computer Science and Mathematics student (Thijs Alkemade) at Utrecht University has discovered how WhatsApp encrypts and authenticats its messages.
we know that not only does WhatsApp use the same (RC4) encryption key for the messages in both directions, but also the same HMAC key to authenticate messages.
The main problem being:
“But a MAC by itself is not enough to detect all forms of tampering: an attacker could drop specific messages, swap them or even transmit them back to the sender,”
But also points out that there is a simple solution which is using TLS. So in conclusion
- All WhatsApp users are still not safe
- Your messages can be sniffed out
- Your message can be decrypted
- Your only protection is to stop using WhatsApp
- Wait for WhatsApp to learn how Encryption works so they can implement it correctly
I’ll end this post with a quote from Thijs Alkemade:
“solution that has been reviewed, updated and fixed for more than 15 years, like TLS.”
So I have an account on Bayt.com which claims to be
the leading job site in the Gulf and Middle East, connecting job seekers with employers looking to hire. Every day, thousands of new job vacancies are listed on the award-winning platform from the region’s top employers.
Rightfully so, it has a large database of job listing and some nice and useful statistics that you can browse through. So when I log in they recommend me to go to their “specialties” page where people get to ask questions and give answers. Also people’s questions and answers can be given ratings, kind of similar to how stackoverflow works. So then I see this guy who goes by the name of “Zaid Rabab’a” who seems to answer a lot of people’s questions. Like a wide variety of questions too. I thought it was kind of odd, I always do; I am very cynical.
So I did something quite silly, I selected the text of his answer and pasted it into google. Boom! I found a website with the exact same answer. Weird… it’s like they both came up with exactly the same words, punctuations, slang and terminology for the same answer whose question was asked months maybe years apart. That or he just plain out copied someone else’s answer.
I felt annoyed at first and then I felt sad. I reviewed a list of this guy’s answers to questions and they’re all (90%) copy/pasted or just outright plagiarized from other websites. I compiled a list of the page where he answers and the corresponding website where the answer has been copied from. I could have gotten more but it was just getting too sad for me.
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/1124/?feed=answers
Plagiarized from: http://stackoverflow.com/questions/10558465/memcache-vs-redis
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/1109/?feed=answers
Plagiarized from: http://php.net/manual/en/function.htmlspecialchars.php
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/716/?feed=answers
Plagiarized from: http://www.dotnetfunda.com/interview/exam2575-what-is-the-difference-between-custommasterurl-masterurl.aspx
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/1038/?feed=answers
Plagiarized from: http://javarevisited.blogspot.com/2010/10/why-string-is-immutable-in-java.html
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/1022/?feed=answers
Plagiarized from: http://stackoverflow.com/questions/8964523/how-do-i-protect-my-website-from-sql-injections
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/686/?feed=answers
Plagiarized from: https://en.wikipedia.org/wiki/Connection_string
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/999/?feed=answers
Plagiarized from: http://www.coolinterview.com/interview/44235/
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/998/?feed=answers
Plagiarized from: http://www.w3schools.in/php-tutorial/interview-questions/
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/997/?feed=answers
Plagiarized from: http://dev.fyicenter.com/faq/php/Get-Uploaded-File-Information.html
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/996/?feed=answers
Plagiarized from: http://www.netsqlinterviewquestions.com/Php_Interview_Questions/364_what-is-meant-by-urlencode-and-urldecode.aspx?TopicID=21
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/961/?feed=answers
Plagiarized from: http://programmers.stackexchange.com/questions/186324/which-http-status-codes-are-really-ok
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/937/?feed=answers
Plagiarized from: http://www.c-sharpcorner.com/Interviews/answer/5653/what-is-use-of-app_code-folder-in-Asp-Net-application
Zaid Rabab’a Answer: http://www.bayt.com/en/specialties/question/151/?feed=answers
Plagiarized from: https://httpd.apache.org/docs/2.2/mod/worker.html
I sent bayt.com some feedback on this just to realize the person in question works for bayt.com hahaha (would not be surprised if those links mysteriously disappear too). Seriously, I would not hire or work with such a person who inflates their status in such a way and does not give credit where its due.
It usually is quite amazing when someone upgrades their iPhone to a new OS and suddenly things stop working. By "things" I mean web-applications and by "not working" I mean they literally stop working.
This affected me and my work. Suddenly people who visit one of my web-applications cannot use it properly. They seemed to only be able to send HTTP POSTs but not receive. Weird, then we see the issue completely exploded on stackoverflow which is a good thing because it means it’s not you that fu**ed up this time 🙂 it’s an SEP.
Read the rest of this entry »
There seems to be a vulnerability in TouchWiz, Samsung’s touch interface. It appears that the "tel" type in the "<a>" tag will not prompt you for confirmation if the number being dialed is a system command.
For instance, because we love humor and the misfortune of others, we have this HTML page:
<html> <head></head> <body> <a href='tel:*2767*3855%23'>Click here for customer support</a> </body> </html>
When our dear friend on their Samsung device clicks the link, they will hard-reset their phone with no confirmation. It seems that it will only prompt you if the number is one that will cost you $$$ for making a call.
WARNING – Feeling adventurous and want to try it out on your self? Do it at your own risk, it will erase all data on your phone and revert it to factory settings.
Some crazy iPhone fanboi is offering up the link for all to click on 🙂
***** UPDATE *****
The H-Online reported that there is a new app on the Google Play that will intercept and prevent hard-resets from the above exploit. The app is called NoTelUrl developed by Jörg Voss.