egg - Dave's Blog

Search
My timeline on Mastodon

Tweet from Magic Realism Bot

2016 Sep 17, 12:07
A goose lays an egg. Minecraft hatches from it.
PermalinkComments

scottaukerman:ifc: Comedy Bang! Bang! Passes The Mic To Kid...

2015 Feb 19, 3:21


scottaukerman:

ifc:

Comedy Bang! Bang! Passes The Mic To Kid Cudi

BIG NEWS FOLKS. Kid Cudi will be Scott’s new co-star when Reggie departs.

Please welcome my new co-star, partner and bandleader, Kid Cudi! Watch him one the couch this Friday, and then every week starting this summer on IFC.

PermalinkComments

scottaukerman:ifc: Comedy Bang! Bang! Passes The Mic To Kid...

2015 Feb 19, 3:21


scottaukerman:

ifc:

Comedy Bang! Bang! Passes The Mic To Kid Cudi

BIG NEWS FOLKS. Kid Cudi will be Scott’s new co-star when Reggie departs.

Please welcome my new co-star, partner and bandleader, Kid Cudi! Watch him one the couch this Friday, and then every week starting this summer on IFC.

PermalinkComments

Retweet of latest_is

2015 Feb 10, 6:35
Automating Tinder with Eigenfaces http://crockpotveggies.com/2015/02/09/automating-tinder-with-eigenfaces.html …
PermalinkComments

David_Risney: Egg toy unboxing youtube videos made millions via advertising. My 3yo is already ahead of me on what's hip.

2015 Jan 20, 9:08
David Risney @David_Risney :
Egg toy unboxing youtube videos made millions via advertising. My 3yo is already ahead of me on what's hip. http://finance.yahoo.com/news/youtube-s-highest-paid-star-is-a-woman-who-unboxes-disney-toys-062606350.html …
PermalinkComments

Stripe CTF - Level 7

2012 Sep 13, 5:00

Level 7 of the Stripe CTF involved running a length extension attack on the level 7 server's custom crypto code.

Code

@app.route('/logs/')
@require_authentication
def logs(id):
rows = get_logs(id)
return render_template('logs.html', logs=rows)

...

def verify_signature(user_id, sig, raw_params):
# get secret token for user_id
try:
row = g.db.select_one('users', {'id': user_id})
except db.NotFound:
raise BadSignature('no such user_id')
secret = str(row['secret'])

h = hashlib.sha1()
h.update(secret + raw_params)
print 'computed signature', h.hexdigest(), 'for body', repr(raw_params)
if h.hexdigest() != sig:
raise BadSignature('signature does not match')
return True

Issue

The level 7 web app is a web API in which clients submit signed RESTful requests and some actions are restricted to particular clients. The goal is to view the response to one of the restricted actions. The first issue is that there is a logs path to display the previous requests for a user and although the logs path requires the client to be authenticatd, it doesn't restrict the logs you view to be for the user for which you are authenticated. So you can manually change the number in the '/logs/[#]' to '/logs/1' to view the logs for the user ID 1 who can make restricted requests. The level 7 web app can be exploited with replay attacks but you won't find in the logs any of the restricted requests we need to run for our goal. And we can't just modify the requests because they are signed.

However they are signed using their own custom signing code which can be exploited by a length extension attack. All Merkle–Damgård hash algorithms (which includes MD5, and SHA) have the property that if you hash data of the form (secret + data) where data is known and the length but not content of secret is known you can construct the hash for a new message (secret + data + padding + newdata) where newdata is whatever you like and padding is determined using newdata, data, and the length of secret. You can find a sha-padding.py script on VNSecurity blog that will tell you the new hash and padding per the above. With that I produced my new restricted request based on another user's previous request. The original request was the following.

count=10&lat=37.351&user_id=1&long=%2D119.827&waffle=eggo|sig:8dbd9dfa60ef3964b1ee0785a68760af8658048c
The new request with padding and my new content was the following.
count=10&lat=37.351&user_id=1&long=%2D119.827&waffle=eggo%80%02%28&waffle=liege|sig:8dbd9dfa60ef3964b1ee0785a68760af8658048c
My new data in the new request is able to overwrite the waffle parameter because their parser fills in a map without checking if the parameter existed previously.

Notes

Code review red flags included custom crypto looking code. However I am not a crypto expert and it was difficult for me to find the solution to this level.

PermalinkCommentshash internet length-extension security sha1 stripe-ctf technical web

Ready Player One Easter Egg Hunt - Contest Announcement (by...

2012 Jun 5, 8:32


Ready Player One Easter Egg Hunt - Contest Announcement (by ernestcline)

PermalinkCommentsready-player-one video ernest-cline book easter-egg video-game delorean

wilwheaton: laughterkey: You guys, the cast of every single...

2012 Mar 28, 11:23


wilwheaton:

laughterkey:

You guys, the cast of every single iteration of Star Trek is the best cast ever.

Trufax. 

I still can’t believe that this is a real thing that happened.

PermalinkCommentshumor star-trek tv wil-wheaton simon-pegg twitter

Spaced - Full Episodes and Clips streaming online for free - Hulu

2010 Mar 9, 12:09Simon Pegg and Nick Frost (I know them from Shaun of the Dead and Hot Fuzz) were in this british comedy in the late 90s Spaced. A decade later its still pretty funny.
PermalinkCommentsspaced british humor tv hulu simon-pegg

Google ASCII Art Easter Egg

2009 Aug 31, 4:12"If you search Google for ascii art, the Google logo itself will turn into... ASCII art."PermalinkCommentsgoogle ascii art humor logo via:waxy

Mythbuster Adam Savage goes undercover at Comic-Con - TV Squad

2009 Aug 5, 2:18"Mythbuster Adam Savage attended this year's Con ... he roamed the convention floor in his own costume and egged his Twitter followers to sniff him out." He dressed as The Joker from the opening scene of The Dark Knight.
PermalinkCommentscomic-con humor adam-savage myth-busters tv

Consumerist - Disney To Sell Eggs For Some Reason - Disney

2009 Jul 24, 10:14Disney is selling eggs? Like ones you eat?PermalinkCommentsdisney humor egg food

Simon Pegg on why the undead should never be allowed to run | Film | The Guardian

2009 Jul 14, 8:26"...the zombie trumps all by personifying our deepest fear: death. Zombies are our destiny writ large. Slow and steady in their approach, weak, clumsy, often absurd, the zombie relentlessly closes in, unstoppable, intractable."PermalinkCommentshumor tv zombie horror film simon-pegg essay culture

Eat Pants - Interactive Fiction Sessions from my Server Logs

2009 Jun 29, 4:19

I've looked at my web server logs previously to see if anyone had used my Web Frotz Interpreter and until recently didn't realize that awstats (the web server log report generator) was truncating the query from my URL, so I couldn't tell that anyone was actually using it. But after grepping the logs manually I've pulled out the URLs of visitor's text adventure sessions. If you'll recall, my Web Frotz Interpreter stores the game state in the URL so its easy to see user's game states in the web server logs.

I've put some of the links up on the Web Frotz Interpreter page. Some of the interesting ones:

PermalinkCommentsserver-logs technical zork frotz pants interactive-fiction uri if

Beggining Watercolor - Session 1 - Student Work

2008 Oct 29, 9:33Grandma's watercolor class has some of their work online.PermalinkCommentswatercolor family grandma

Language Log: Egg, penis, whatever

2008 Feb 18, 3:05A case study on the origins of a humorous mistranslation. FTA: "The really weird ones are apparently from dictionary look-up errors ... not just taking an unlikely choice from the correct entry, but actually reading a different (but nearby) entry."PermalinkCommentshumor language blog article translate mistranslation languagelog

Wiimote wiissues

2007 Jun 7, 5:29The other day I had the best idea for my Wii remote. Clearly I should use it to control the rotation of Tetris pieces in my N-dimensional Tetris game Polytope Tetris. One of the issues I described with Polytope Tetris is user input. Given a Wii remote the user could rotate a piece through 3 dimensions in a manner that's much easier to adjust to than particular keys on the keyboard.

Anyway, I did a little research into how this might work. I knew that the Wii remote used infrared for absolute positioning and Bluetooth for everything else (LEDs, speaker, accels.) I bought a Bluetooth adapter for my PC after realizing that none of my computers had one already. I used GlovePIE to ensure that my Wii remote could connect and successfully communicate with my computer. GlovePIE is actually pretty cool -- it provides a simple script layer over the Wii remote to control things like your mouse.

Since Polytope Tetris is in Java I looked for and found a Java library for operating with the Wii remote and a long forum thread discussing its use. I then read up on Bluetooth in Java. Apparently JSR 82 is the name of the standard that describes the API a Bluetooth stack should expose in Java. That is, to get Bluetooth working in Java one needs an additional package for Java that actually implements the Bluetooth Java API. This package would depend on the system so I suppose I can't fault Sun for not including it... Where to find such a package? I found a comparison list of implementations and tried the ones that support javax.bluetooth. None of them worked for me because none can address USB devices it seems or they cost money and I couldn't get the trial version working. I also tried bluesock (not listed on the previous list) which seemed promising and could produce an address for my Wii remote as a connected device but couldn't use that address.

And I thought that after I found the Wii remote Java library it would be easy... Oh well...PermalinkCommentsjava bluetooth wii technical remote jsr82 tetris polytopetetris wiimote

How to fry an egg on an XP

2007 May 2, 4:16Person fries an egg using the heat from their computer.PermalinkCommentsarticle humor egg food howto tutorial cooking

Mark Jenkins: Street Installations

2007 Apr 27, 3:46Interesting street art. I like the empty outfit with hoodie up sitting crosslegged.PermalinkCommentsart photos sculpture graffiti humor streetart street mark-jenkins

Cadbury: Our Eggs Aren't Smaller, You Are Bigger - Consumerist

2007 Apr 8, 7:54The secret Cadbury Egg plot revealed on Conan O'Brien's show.PermalinkCommentshumor conan-obrien cadbury egg food b-j-novak
Older Entries Creative Commons License Some rights reserved.