November 3, 2024
November 3, 2024
reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first. https://t.co/UqqSFsT2kh
โ yan (@bcrypt) November 2, 2024
Until October 30, Okta generated "the cache key" by using bcrypt to "hash a combined string of userId + username + password", which allowed full password auth bypass for usernames of 52+ bytes and apparently required only partial knowledge of the password for other long usernames https://t.co/TOrNGIqVAD
โ Solar Designer (@solardiz) November 3, 2024
https://t.co/H680f6K6c8 Hacking the Edges of Knowledge: LLMs, Vulnerabilities, and the Quest for Understanding
โ Dave Aitel (@daveaitel) November 2, 2024
#SpyNews - week 44 (October 26-November 2):
โ Spy Collection (@SpyCollection1) November 3, 2024
A summary of 83 espionage-related stories from week 44 coming from ๐บ๐ธ๐ฆ๐ซ๐ฎ๐ท๐ฎ๐ถ๐จ๐ณ๐ฌ๐ท๐น๐ท๐ท๐บ๐บ๐ฆ๐ฎ๐ฑ๐จ๐พ๐ง๐ฉ๐ฎ๐น๐ฐ๐ต๐ฐ๐ท๐ซ๐ท๐ฉ๐ช๐ต๐ฑ๐ฌ๐ง๐ง๐ช๐ฑ๐ง๐ธ๐พ๐จ๐ญ๐น๐ฏ๐ฏ๐ต๐ป๐ณ๐ฎ๐ณ๐จ๐ฆ๐พ๐ช๐ฑ๐ป๐ญ๐บ๐ต๐ธ๐ณ๐ฑ๐ฆ๐ฟ๐ฆ๐บ๐ฒ๐ฆ๐ช๐ฌ๐ฏ๐ด๐ป๐ช๐ฆ๐ช๐ง๐พ https://t.co/452TDG6nyE#OSINT #HUMINT #SIGINT #spy #espionage
meanwhile on Google pic.twitter.com/raaX72jA8g
โ nixCraft ๐ง (@nixcraft) November 2, 2024
I'm pretty sure the Chinese govt released this explicitly to slow down AI development in the West. They have excellent homegrown models, better than the older Llamas, it's the only actual explanation. pic.twitter.com/PoyXyMb8Pe
โ rohit (@krishnanrohit) November 2, 2024
Vatican, Israel implicated in Italy hacking scandal, leaked files reveal
Well, thatโs an unusual pairing.
This seems sensationalist for the actual stories.
Italian intelligence firm Equalizeโฆis accused of working for Israeli intelligence and the Vatican, police wiretaps leaked to Italian media show.
Thatโs scary!
The job was a cyber operation against Russian targets, including President Vladimir Putin's unidentified "right-hand man," and unearthing the financial trail leading from the bank accounts of wealthy figures to the Russian mercenary group Wagner. The information was then supposed to be passed on to the Vatican.
Oh. That sounds entirely reasonable. Not the sort of thing that was implied earlier, but letโs carry on.
The Israelis offered to hand over intelligence material as well:
โฆoffered the Italian firm information that could help one of Equalizerโs alleged clients, the Italian energy giant Eni, with information on the โillicit trafficking of Iranian gas with Italian companies.โ
Again, that sounds like a very reasonable operation. Help an Italian energy company stop the โillicit trafficking of Iranian gasโ to Italian companies. Someone should probably look into that. The trafficking.
Whatever the case is regarding the company Equalize and their activities, it seems the Israel + Vatican angle is not problematic and just being hyped for clicks.