rain-1

;; utils


(define (assp p l)
  (if (null? l)
      #f
      (if (p (caar l))
	  (car l)
	  (assp p (cdr l)))))

rain-1

#!/bin/bash

# do this first
# ./configure
#
echo '#include <sys/types.h>' >> config.h

CFLAGS="-DHAVE_CONFIG_H -DSHELL -g -O2 -Wno-parentheses -Wno-format-security -DRCHECK -Dbotch=programming_error -DMALLOC_DEBUG"

##

rain-1

Ransomware attack hits UK NHS, Spain Telefonica, 74 countries affected.

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: Windows 7 is vulnerable. It uses EternalBlue MS17-010 to propagate.

Malware samples

• hxxps://www.hybrid-analysis.com/sample/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa?environmentId=100
• hxxps://transfer.sh/PnDIl/CYBERed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.EXE
• hxxps://transfer.sh/ZhnxR/CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE (main dll)

rain-1

// This program runs another program in a "fishbowl" set to the
// current working directory. The idea is that the subprocess
// should only be able to edit files in that path or anything
// descended from it. It can read outside the fishbowl but if it
// attempts to create or edit files outside of it that syscall
// is blocked (by switching it to getpid which does nothing).
//
// A malicious program can bypass the fishbowl using threads to
// make a syscall and then swap the path after verification.
// This is not a security tool, it is just to protect against

rain-1

#!/bin/sh
set -e
set -x

function clean {
	rm -f src/version.h
	rm -f src/builtin.inc
	rm -f src/*.o
	rm -f jq
}

rain-1

#include <assert.h>
#include <errno.h>
#include <libgen.h>
#include <limits.h>
#include <linux/limits.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>

rain-1

HTTPS vs HTTP, security properties

HTTPS provides some very important security properties that HTTP does not.

It provides confidentiality, integrity and authentication.

• Confidentiality: What you're loading cannot be snooped on by others. Eve is on the same networking as you, and can listen into your traffic - but if it's HTTPS they cannot read it. If it was plain HTTP they could see what you were looking at and copy your session cookies to potentially log in to sites as you.
• Integrity, Authentication: You know that if a document you recieve is valid it is unmodified. Mallory cannot set up a man in the middle attack and edit the documents in transit, if it was HTTP they could do this with arp poisoning/cain and abel - and change all the images on the pages you are looking at to rick astley.

Implementing confidentiality requires a cipher and a system for keys, initialization vectors and such. It's rather involved.

rain-1

Here's a quick dockerfile:

----------------8<-------------[ cut here ]------------------
FROM debian:latest

RUN apt-get update && apt-get install -y nodejs npm
----------------8<-------------[ cut here ]------------------

save that as Dockerfile and do: docker build -t node-builder .
 

rain-1

package main

import (
	"bufio"
	"fmt"
	"os"
	"log"
	"regexp"
)

rain-1

How to make a small tweak to free software

The target audience for this is people who are beginners at software engineering and using linux. A lot of the information here may be obvious or already known to you. The language involved is C but you do not need to know any C to read this tutorial. I used mg to write this blog post. I used vs code to edit the source code.

This post is also available on gopher://tilde.team:70/0/~river/tweak-free-software

If you use a piece of free software and it's 99% perfect but there's just this one thing it does that annoys the hell out of you.. you can in theory just fix it! Here's a look at what doing that is like. Hopefully it inspires you, or you pick up a could tricks on the way!

Step 0: Have a problem