I hereby claim:
- I am sarciszewski on github.
- I am voodookobra (https://keybase.io/voodookobra) on keybase.
- I have a public key whose fingerprint is EF65 457C EFF5 4788 4B57 AD79 4628 13A8 2BBC 804D
To claim this, I am signing this object:
Scott Arciszewski sarciszewski
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // My original function | |
| function max_length($array) { | |
| $max = 0; | |
| foreach($array as $child) { | |
| if(count($child) > $max) { | |
| $max = count($child); | |
| } | |
| } | |
| return $max; |
sarciszewski
/ gist:9099522
Created
February 19, 2014 19:20
Black and White - The Growing Schism Between Hackers and the Law
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ``` | |
| This was the article I submitted to 2600: The Hacker Quarterly | |
| I hereby release it into the Public Domain | |
| ``` | |
| About two years ago, I was a computer engineering undergraduate at UCF, hoping to eventually go to graduate school and eventually earn a Ph.D. One day, my curiosity got the best of me. I went to infragardtampabay.org and decided, "This website is used by the FBI, another Infragard site just got hacked by LulzSec. I'm no skilled hacker, so if I just looked around it should be harmless enough. I probably won't find anything." How many 2600 readers told themselves that before? | |
| Before trying anything too obvious and noisy (SQLi), I decided to view the page source and see what software they used. This is what I saw on June 21, 2011: | |
| ```html | |
| <!-- DotNetNuke - http://www.dotnetnuke.com --> | |
| <!-- Copyright (c) 2002-2008 --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $file_dir = "/home/scott/public"; // Change this | |
| $destroy = true; // TRUE: unlink; FALSE: chmod -r | |
| /** | |
| * Add this to your nginx server block: | |
| rewrite ^/download/(.*)$ /serve_and_destroy.php?file=$1; | |
| **/ | |
| function get_file_extension($path) { | |
| $split = explode('.', strtolower($path)); |
Passwords suck, and our password managers aren't much better.
- LastPass has good UX, but is non-free
- KeePass is free software, but doesn't integrate with browsers in and of itself
- 1Password is non-free and their browser integration is "thin"
- Keeper is non-free
I believe that the infosec community can do better. Here's a high-level overview of the features I would like to incorprorate into a community-built, free password manager:
- Integrates with Firefox (because Tor Browser Bundle) and Chrome
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Define an exception handler that will attempt to shred everything in $_SERVER['DOCUMENT_ROOT'] | |
| * without unlinking. Allows a whitelist of acceptable uncaught exceptions. | |
| */ | |
| function exception_handler(Exception $e) | |
| { | |
| $type = get_class($e); | |
| switch($type) { | |
| case 'RunTimeError': |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cl() | |
| { | |
| # change directory then view its contents in one step | |
| if [ -z $2 ] | |
| then | |
| cd $1 && ls -lah | |
| else | |
| cd $1 && ls $2 | |
| fi | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _______________ | |
| | CLIENT SERVER | _________ | |
| | ============= | ______ / Service \___, user | |
| | ~# | ------ \_________/ | |
| |_______________| | | \ | |
| user user user | |
| A service has a SSH private key, for which the public key is installed on the client's server. Private keys are provisioned per client. | |
| Local users authenticate somehow to the service which then forwards their SSH session onto the client's server without leaking the private key. |
Developers love to fetch data over the network and love to pipe it directly into a language interpreter (e.g. curl http://get.mojolicio.us | sh, curl https://getcomposer.org/installer | php, etc.) and have put forth a great deal of resistance towards efforts to break these habits.
In order to be able to offer developers some security assurance, I have put together this proposal for a free service that will allow developers to obtain a verifiable copy of a program.
- 0x00-README.md - You are here!
- 0x01-workflow.md - Describes the service workflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Bookfresh": { | |
| "min": 50, | |
| "repo": null | |
| }, | |
| "GlassWire": { | |
| "min": null, | |
| "repo": null | |
| }, | |
| "Greenhouse.io": { |
OlderNewer