Leaderboard

CSS mix-blend-mode is bad for your browsing history Up until mid-2010, any rogue website could get a good sense of your browsing habits by specifying a distinctive :visited CSS pseudo-class for any links on the page, rendering thousands of interesting URLs off-screen, and then calling the getComputedStyle API to figure out which pages appear in your browser's history. After some deliberation, browser vendors have closed this loophole by disallowing almost all attributes in :visited selectors, spare for the fairly indispensable ability to alter foreground and background colors for such links. The APIs have been also redesigned to prevent the disclosure of this color information via getComputedStyle. This workaround did not fully eliminate the ability to probe your browsing history, but limited it to scenarios where the user can be tricked into unwittingly feeding the style information back to the website one URL at a time. Several fairly convincing attacks have been demonstrated against patched browsers - my own 2013 entry can be found here - but they generally depended on the ability to solicit one click per every URL tested. In other words, the whole thing did not scale particularly well. Or at least, it wasn't supposed to. In 2014, I described a neat trick that exploited normally imperceptible color quantization errors within the browser, amplified by stacking elements hundreds of times, to implement an n-to-2n decoder circuit using just the background-color and opacity properties on overlaid <a href=...> elements to easily probe the browsing history of multiple URLs with a single click. To explain the basic principle, imagine wanting to test two links, and dividing the screen into four regions, like so: Region #1 is lit only when both links are not visited (¬ link_a ∧ ¬ link_b), Region #2 is lit only when link A is not visited but link B is visited (¬ link_a ∧ link_b), Region #3 is lit only when link A is visited but link B is not (link_a ∧ ¬ link_b), Region #4 is lit only when both links are visited (link_a ∧ link_b). While the page couldn't directly query the visibility of the segments, we just had to convince the user to click the visible segment once to get the browsing history for both links, for example under the guise of dismissing a pop-up ad. (Of course, the attack could be scaled to far more than just 2 URLs.) This problem was eventually addressed by browser vendors by simply improving the accuracy of color quantization when overlaying HTML elements; while this did not eliminate the risk, it made the attack far more computationally intensive, requiring the evil page to stack millions of elements to get practical results. Gave over? Well, not entirely. In the footnote of my 2014 article, I mentioned this: "There is an upcoming CSS feature called mix-blend-mode, which permits non-linear mixing with operators such as multiply, lighten, darken, and a couple more. These operators make Boolean algebra much simpler and if they ship in their current shape, they will remove the need for all the fun with quantization errors, successive overlays, and such. That said, mix-blend-mode is not available in any browser today." As you might have guessed, patience is a virtue! As of mid-2016, mix-blend-mode - a feature to allow advanced compositing of bitmaps, very similar to the layer blending modes available in photo-editing tools such as Photoshop and GIMP - is shipping in Chrome and Firefox. And as it happens, in addition to their intended purpose, these non-linear blending operators permit us to implement arbitrary Boolean algebra. For example, to implement AND, all we need to do is use multiply: black (0) x black (0) = black (0) black (0) x white (1) = black (0) white (1) x black (0) = black (0) white (1) x white (1) = white (1) For a practical demo, click here. A single click in that whack-a-mole game will reveal the state of 9 visited links to the JavaScript executing on the page. If this was an actual game and if it continued for a bit longer, probing the state of hundreds or thousands of URLs would not be particularly hard to pull off. Sursa: https://lcamtuf.blogspot.ro/2016/08/css-mix-blend-mode-is-bad-for-keeping.html Sursa: https://lcamtuf.blogspot.ro/2016/08/css-mix-blend-mode-is-bad-for-keeping.html

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/htmlview?sle=true

In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android applications. This video tutorial also covers how to find other vulnerabilities, including website and database vulnerabilities. Finally, you will learn about simple exploits, web exploitation, and ARM exploitation. Once you have completed this computer based training course, you will be fully capable of finding vulnerabilities and developing exploits for them. Working files are included, allowing you to follow along with the author throughout the lessons. https://yadi.sk/d/e4JEUKNfg3oUv sursa: https://forum.reverse4you.org/showthread.php?t=1997

// // Dear maintainer: // // Once you are done trying to 'optimize' this routine, // and have realized what a terrible mistake that was, // please increment the following counter as a warning // to the next guy: // // total_hours_wasted_here = 42 // nu e de pe rst, dar

"Sec-1 Ltd partnered with AppCheck.com to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS." Link: https://www.exploit-db.com/docs/40287.pdf

Nu inteleg nimic din codul asta postat. Pune-l si tu pe bpaste cu indentarea corecta. - ai ; dupa while - as face functia lengthOfCollatzSequence de tipul long long - in main() folosesti arg si argv dar nu le folosesti nicaieri - if(length >=x) -> aici aveai nevoie de acolade (ai doua instructiuni) Problema cu time limit exceeded este din cauza faptului ca programul tau, la un moment dat incearca sa calculeze un nr. mai mare de 2^31 - 1. Incearca asa: #include <stdio.h> #include <stdlib.h> int lengthOfCollatzSequence(int n) { unsigned i = 0; while(n != 1) { if(n % 2 == 0) n = n / 2; else n = 3 * n + 1; i++; } return i; } int main() { int a, b, length = 0, x = 0; scanf("%d %d", &a, &b); for(;a <= b; a++) { int l = lengthOfCollatzSequence(a); if(length < l) { length = l; x = a; } } printf("%d", x); } PS: Nu mai ai nevoie de return 0. E un subiect discutat foarte mult in ultimul timp. Compilatorul stie sa il puna singur cand intalneste } din main (in C99 cel putin). Pentru mai multe detalii: http://stackoverflow.com/a/4138710/6165050