todb-r7

[alias]
  # A pretty and short commit log which notes signed commits
  nicelog = log --pretty=format:'%Cred%h%Creset -%Creset %s %Cgreen(%cr) %C(bold blue)<%aE>%Creset [%G?]'
  # Get the current tracking branch, eg, upstream/master
  tracking = !"git branch -vv | grep \\* | sed 's#.*\\[\\(.*\\)[]].*#\\1#' | cut -f 1 -d :"
  # Get the current tracking branch remote, eg, upstream
  tracking-remote = !"git tracking | cut -f 1 -d /"
  # Fetch and rebase from the current tracking remote, preserving and re-signing local merges.
  fetch-preserve-merges = !"git fetch $(git tracking-remote) && \
    git rebase --preserve-merges && \

todb-r7

125 words or so:

Tod Beardsley is the Director of Research at Rapid7. He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT ops, security, software engineering, and management positions in large organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner.

Today, Tod directs the security research program at Rapid7, is a zealous advocate for coordinated vulnerability disclosure, is a CVE Board member, is a contributing author to a number of research papers produced by Rapid7, is a podcaster on Security Nation, and is a Travis County Election Judge in Texas. Because of this last qualifier, it is permissible to address him as "Your Honor."

Tod can be uniquely identified at https://keybase.io/todb.

Headshots:

todb-r7

Keybase proof

I hereby claim:

• I am todb-r7 on github.
• I am todb (https://keybase.io/todb) on keybase.
• I have a public key whose fingerprint is EE65 1F33 B47F 3016 ACDD 5EED BD63 D0A3 EA19 CAAC

To claim this, I am signing this object:

todb-r7

Public Key Server -- Get `0xbd63d0a3ea19caac`

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: pgp.mit.edu

mQINBFRb3ZcBEADUru6i1+uqptYb03/dECS0yL5i3dKhKjmdpBUFAnzl2ztPltTFyC3oUEna
vFshtz6rxwKeBYiDEBhJI5wC6GtjnPDLLwDDb1zQYidhOBv9U0gHYJT9qhIyVo6k9M925MAa
K7J2XjG7qR9RTIyw74i9trFVGr/m4+W6J5o2C1V/IZmwduZSMBrwpJKBdK74sIZI2RgIKS9z
zZb92ggZykyOXADESG1TgNmZ+evhKT7eCujYSW/gysgODHQwJhBGOdbod5MiLmsb5fjWD1AB

todb-r7

  # Ensure .ruby-version isn't 2.1.4 when switching branches, but change it when you get there.
  co = !"GIT_TOP=$(git rev-parse --show-toplevel); git checkout -- $GIT_TOP/.ruby-version; \
    git checkout $1; echo 2.1.4 > $GIT_TOP/.ruby-version; #"

todb-r7

Checksums for Defcoin wallet binaries

These were generated on Jun 2, 2014. Copy and paste these values to your favorite md5sum / sha1sum checker, or verify by your eyeballs. The purpose of this page is to provide some assurance that what you think you downloaded is actually what was intended by the maintainers of http://defcoin.org, since HTTP connections to DNS-resolved web servers can be a little dicey, depending on your network.

Original Download links

Link	URL

todb-r7

Based on this conversation, I've generated a "mobile" key, KeyID 4096R/F577904A that I can use to play PGP on a phone. This key will be especially useful over DefCON when I'm travelling. Note that it is signed by my primary key, ADB9F193. Also note that it lives on a mobile device, hence, will be generally less secure than my primary key (which tends to live in offline storage unless being used).

Key 0xCE23271EF577904A is below:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFOI4aMBEADLlQ2MHqqV+TupoQ9vX/UNK/S3K6WRagGgKcZJs6pcjDnr3dtz
KM6rmCU54I8ejNmXlrLsK3WiZXOIOY6kOPqWd4djobeJIACq0C+1gTJrAr3CXudM

todb-r7

-rwxr-xr-x root     shell       33568 2013-05-10 05:13 ATFWD-daemon
-rwxr-xr-x root     shell       96380 2013-05-10 05:13 adb
-rwxr-xr-x root     shell       34088 2013-05-10 05:13 akmd8963
-rwxr-xr-x root     shell         191 2013-05-10 05:13 am
-rwxr-xr-x root     shell        9448 2013-05-10 05:13 app6939
-rwxr-xr-x root     shell        9500 2013-05-10 05:13 app_process
-rwxr-xr-x root     shell       61756 2013-05-10 05:13 applypatch
-rwxr-xr-x root     shell      164356 2013-05-10 05:13 applypatch_static
-rwxr-xr-x root     shell       67620 2013-05-10 05:13 ast-mm-vdec-omx-test7k
-rwxr-xr-x root     shell        9508 2013-05-10 05:13 atrace

todb-r7

This advisory concerns a security risk in all supported versions of Active Record. There is no patch to apply for this issue.

Due to the query API that Active Record supports, there is a risk of unsafe query generation in two scenarios. Databases with a table that contains a column with the same name as the table and queries with join aliases which conflict with column names could be vulnerable to an attack where the attacker can perform certain manipulations to the SQL queries generated by Rails.

Determining Vulnerability

A vulnerable application will either contain columns named identically to their table, or have column names which conflict with join aliases.

For example, if you had a model called SecurityToken, which contained an attribute called security_tokens then the following code could be manipulated to return additional records:

todb-r7

Keybase proof

I hereby claim:

• I am todb-r7 on github.
• I am todb (https://keybase.io/todb) on keybase.
• I have a public key whose fingerprint is 0E67 2077 5F5E 6596 39C8 8CFD 1EFF B682 ADB9 F193

To claim this, I am signing this object: