audibleblink

Compromised Web Developer Extension Steals Cloudflare Tokens

Upon receiving news that the popular Chrome Extension, Web Developer, had been compromised, I became curious about exactly how malicious the highjacking was. Most sites are reporting that it injects ads. It's more nefarious than that. Since the extension calls out to an attacker-controlled URL, the payload hosted at that URL could be changed to anything at any time.

At the time of inspection, the code checks to see if the victim is on the Cloudflare domain. If it is, it starts an XHR request to fetch the users' API token and ships it, along with the victim's email, to a remote server.

audibleblink

cat <<EOF > /etc/apt/preferences.d/pinning
Package: *
Pin: release o=Debian,a=testing
Pin-Priority: 900

Package: *
Pin: release o=Debian,a=stable
Pin-Priority: 400

Package: *

audibleblink

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>io.ngrok.start</string>
    <key>KeepAlive</key>
    <true/>
    <key>ProgramArguments</key>
    <array>

audibleblink

#!/usr/bin/env ruby

# without the glyphs, if you prefer
def list entry=Dir.pwd
  Dir.entries(entry)[2..-1].each do |item|
    puts File.basename(item)
    list("#{entry}/#{item}") if File.directory?("#{entry}/#{item}")
  end
end

audibleblink

[1]: https://www.udemy.com/swift-learn-apples-new-programming-language-by-examples/
[2]: https://www.udacity.com/course/ud585
[3]: http://www.lynda.com/Swift-tutorials/Swift-Programming-Language-First-Look/182175-2.html
[4]: https://www.bloc.io/swiftris-build-your-first-ios-game-with-swift
[5]: http://www.bignerdranch.com/we-teach/how-to-prepare/ios-device-provisioning.html
[6]: https://parse.com
[7]: http://www.weheartswift.com/swift-programming-scratch-100-exercises/
[8]: https://www.weheartswift.com/object-oriented-programming-swift/
[9]: http://www.learnswift.io/blog/2014/6/12/size-classes-with-xcode-6-and-swift
[10]: http://www.raywenderlich.com/83129/beginning-auto-layout-tutorial-swift-part-1

audibleblink

# hopefully the descriptive names eliminate the need for comment

def search(collection, the_item_for_which_i_am_searching, the_lower_bounds=0, the_upper_bounds=collection.length)

  the_middle_index = (the_lower_bounds + the_upper_bounds) / 2
  the_middle_item  = collection[the_middle_index]

  return the_middle_index if the_middle_item == the_item_for_which_i_am_searching
  return -1 if the_upper_bounds <= the_lower_bounds

audibleblink

// Tested on Yosemite with Xcode6
// This only works if `swift` from 
// your shell starts the Swift REPL

{
  "cmd": ["swift", "$file"],
  "selector": "source.swift"
}

audibleblink

class Sudoku

  def initialize(board_string)
    @board = board_string.split("")
  end

  def solve!
    return self if solved?
    board.each_with_index do |cell, cell_index|
      # next unless cell == '0'

audibleblink

var newNew = function(constructor, args) {
    var instance = Object.create(constructor.prototype)
    // instance.__proto__ = constructor.prototype  // Same as line above
    instance.constructor = constructor  //  So that you can see who created this.
    constructor.apply(instance, args)  //  Same as #call except args is an arrray with apply
    return instance
}

audibleblink

var GameGenie = {

    suckItNikola: function(){
        setInterval(function(){this.win()}.bind(this), 20)
    },

    win: function(){
        this.turboClicker()
        this.goldenCookieClicker()
        this.autoBuyer()