Avast 放出他們的 Decompiler,RetDec

AvastMIT License 放出他們的 Decompiler,叫做 RetDec:「Avast open-sources its machine-code decompiler」,專案在 GitHub 上的 avast-tl/retdec 這邊。

Decompiler,也就是直接把 machine code 試著轉回高階語言的程式碼:

這對於分析工作來說簡化很多,尤其是在資安產業的人... 以往比較常見是轉成 assembly 再用人工分析,現在這樣有機會讓大腦輕鬆一些。

雖然目前有些限制 (像是 32 bits only),不過 open source 出來後,可以預料會有不少人開始加功能進去:

  • Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
  • Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.
Posted in Computer, Murmuring, Security, Software|Tagged , , , , , , , , , , , |Leave a comment

AWS CodeBuild 也可以產生 Badge 給網頁用 (像是掛在 GitHub 的 README 裡)

在「Build Badges Sample with AWS CodeBuild」這邊看到 AWS CodeBuild 支援 Badge 的方法。最常用的 GitHub 是給 AWS CodeBuild 授權後取得:

If you chose GitHub, follow the instructions to connect (or reconnect) with GitHub. On the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want AWS CodeBuild to be able to access. After you choose Authorize application, back in the AWS CodeBuild console, for Repository, choose the name of the repository that contains the source code. Select the Build Badge check box to make your project's build status visible and embeddable.

有四種狀態:

  • PASSING The most recent build on the given branch passed.
  • FAILING The most recent build on the given branch timed out, failed, faulted, or was stopped.
  • IN_PROGRESS The most recent build on the given branch is in progress.
  • UNKNOWN The project has not yet run a build for the given branch or at all. Also, the build badges feature might
    have been disabled.

不過我還是偏愛 3rd party 的組合,不是很愛用 AWS CodeXXX 系列的服務就是了... 唯一一個用的是 AWS CodeCommit 因為有永久的免費額度可以用。

Posted in AWS, Cloud, Computer, Murmuring, Network, Programming, Service|Tagged , , , , , , |Leave a comment

Googlebot 的 Web rendering service 的細節

在「Polymer 2 and Googlebot」這邊文章裡面才看到 Google 官方在今年八月就有公開 Googlebot 所使用的 Web rendering service (WRS) 的細節:「Rendering on Google Search」。可以想像到是基於 Google Chrome 的修改:

Googlebot uses a web rendering service (WRS) that is based on Chrome 41 (M41). Generally, WRS supports the same web platform features and capabilities that the Chrome version it uses — for a full list refer to chromestatus.com, or use the compare function on caniuse.com.

裡面提到一些值得注意的事情,像是不支援 WebSocket,所以對於考慮 Google 搜尋結果的頁面來說,就要注意錯誤處理了...

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Programming, Search Engine, Service, Software, WWW|Tagged , , , , , , , , , , , , |Leave a comment

俄羅斯在英國脫歐的議題上,也利用 Social Network 的廣告影響民意

TechCrunch 上看到的,俄羅斯政府不只在美國選舉時這樣做,同時也在英國脫歐公投的議題上進行操作:「Twitter says Russians spent ~$1k on six Brexit-related ads」。

不過金額比美國選舉時小了很多:

In response to the Commission’s request for information concerning Russian-funded campaign activity conducted during the regulated period for the June 2016 EU Referendum (15 April to 23 June 2016), Twitter reviewed referendum-related advertising on our platform during the relevant time period.

Among the accounts that we have previously identified as likely funded from Russian sources, we have thus far identified one account—@RT_com— which promoted referendum-related content during the regulated period. $1,031.99 was spent on six referendum-related ads during the regulated period.

With regard to future activity by Russian-funded accounts, on 26 October 2017, Twitter announced that it would no longer accept advertisements from RT and Sputnik and will donate the $1.9 million that RT had spent globally on advertising on Twitter to academic research into elections and civil engagement. That decision was based on a retrospective review that we initiated in the aftermath of the 2016 U.S. Presidential Elections and following the U.S. intelligence community’s conclusion that both RT and Sputnik have attempted to interfere with the election on behalf of the Russian government. Accordingly, @RT_com will not be eligible to use Twitter’s promoted products in the future.

Posted in Computer, Murmuring, Network, Political, Social|Tagged , , , , , , , , , , , , |Leave a comment

這次 PKCS #1 1.5 的 ROBOT 攻擊,Cisco 沒打算修...

1998 年就發現的 security issue 因為 workaround 也很複雜,所以不是每一家都修對方法,於是 19 年後又被爆破了。這次叫做 ROBOT:「1998 attack that messes with sites’ secret crypto keys is back in a big way」。

可以看到中獎的表:

這次的攻擊在 client 端無法修正,只能在 server 端修正:

Do I need to update my browser?
No. This is an implementation bug in servers, there is nothing clients can do to prevent it.

如果 server 端無法盡快修正的話,想辦法避開 RSA encryption 可以躲開這個問題,而且因為現代瀏覽器都有非 RSA 的替代方案,這樣做應該都還有退路,可以維持連線的可能性:

Disable RSA encryption!
ROBOT only affects TLS cipher modes that use RSA encryption. Most modern TLS connections use an Elliptic Curve Diffie Hellman key exchange and need RSA only for signatures. We believe RSA encryption modes are so risky that the only safe course of action is to disable them. Apart from being risky these modes also lack forward secrecy.

但使用 Cisco ACE 就哭了,因為 Cisco ACE 只支援 RSA encryption,而 Cisco 官方以產品線已經關閉,不再提供維護而沒有提供更新的計畫,所以就進入一個死胡同...

不過 Cisco 自己也還在用 Cisco ACE 就是了,不在意就不會痛的感覺 XD

I have a Cisco ACE device.
Cisco informed us that the ACE product line was discontinued several years ago and that they won't provide an update. Still, we found plenty of vulnerable hosts that use these devices.

These devices don't support any other cipher suites, therefore disabling RSA is not an option. To our knowledge it is not possible to use these devices for TLS connections in a secure way.

However, if you use these products you're in good company: As far as we can tell Cisco is using them to serve the cisco.com domain.

Posted in Computer, Murmuring, Network, Security, Service, WWW|Tagged , , , , , , , , , , , |Leave a comment

TP-Link 的 NTP 流量

在「TP-Link repeater firmware squanders 715 MB/month」這邊看到 TP-Link 因為 NTP 的關係而狂吃流量的情況:(這邊是用逗點表示小數點,所以是 715.4 MB/month)

You should probably avoid TP-Link products if you’re on a tight bandwidth budget. By design, TP-Link firmware sends six DNS requests and one NTP query every 5 seconds, for a total of 715,4 MB per month.

如果拿 24 小時都開機的 Windows 相比的話,會發現這數字天差地別:

To put this number in context: an always-on Windows device will use around 1,6 KB per month on NTP.

作者抓出韌體上面的設定,發現裡面寫死了不少伺服器... 那個 aunz 的選擇讓人頗好奇,另外直接把幾個大學的 NTP server 放進去不知道是什麼樣的想法:

TP-Link has hardcoded the following non-configurable NTP servers and server pools in their firmware:

  • time.nist.gov, time-a.nist.gov, time-b.nist.gov, time-nw.nist.gov
  • au.pool.ntp.org, nz.pool.ntp.org
  • 133.100.9.2, 128.138.140.44, 192.36.144.22

The first sets of servers are operated by the US National Institute of Standards and Technology (NIST). The second is the Australian and New Zealand public NTP project time server pools. The IP addresses are owned by universities in Japan, Colorado; US, and Sweden respectively.

而從行為可以看到沒有遵守這些 NTP service 的規範:

The NTP Pool project asks device manufacturers and vendors to register (and optionally sponsor) their own pools through the service (e.g. tplink.pool.ntp.org), and emphasize that they “must absolutely not use the default pool.ntp.org zone names”. They also request that vendors don’t check more often than every 5 minutes at the most.

而且因為沒有地方可以修改這些設定,唯一的解法是不要買 TP-Link 的產品:

You can avoid buying TP-Link products to avoid this problem.

You can’t turn this behavior off in TP-Link’s web administration interface nor in their management app for mobile. You can’t change the NTP server addresses it targets either.

Posted in Computer, Hardware, Murmuring, Network, Service, Software|Tagged , , , , , , |Leave a comment

Twitter 的 280 字帶來的差異

在「140 Vs. 280: Users Engage With Longer Tweets Data Shows」這邊分析了在 Twitter 上 0~140 與 141~280 字的 tweet 所帶來的互動差異:

可以看到較長的 tweet 會有比較多的 retweet 與 like,不過更細一步的分析就沒有了... 文章內也有提到資料的分析是怎麼來的:

The data parameters: 30,000 publisher tweets that included links between November 29 – December 6.
The results: The click-through rate was roughly equal for both tweet length types but overall engagement nearly doubled for longer tweets. On tweets containing 141-280 characters, the average retweet was a staggering 26.52% – compared the 13.71% for tweets with 0-140 characters. For likes, tweets containing 141-280 characters had an average of a whopping 50.28%, compared to 0-140’s 26.96%.

Posted in Computer, Murmuring, Network, Service, Social, WWW|Tagged , , , , , , , , , |Leave a comment

AWS 的 Ningxia Region (寧夏) 開張

AWS 在寧夏的 Region 開張了:「Now Open – AWS China (Ningxia) Region」。一樣是走託管方式:

The AWS China (Ningxia) Region, operated by Ningxia Western Cloud Data Technology Co. Ltd. (NWCD), is generally available now and provides customers another option to run applications and store data on AWS in China.

代碼是 cn-northwest-1 (北京是 cn-north-1),都是使用 amazonaws.com.cn 網域。與北京區一樣都需要另外申請 AWS China 的帳號才能使用:

Customers already using the AWS China (Beijing) Region, operated by Sinnet, can select the AWS China (Ningxia) Region directly from the AWS Management Console, while new customers can request an account at www.amazonaws.cn to begin using both AWS China Regions.

不過在 AWS Regions and Endpoints 表上,寧夏區 (cn-northwest-1) 跟全球是放在一起的,但北京區 (cn-north-1) 是拆開的:

可能之後會再整理吧...

Posted in AWS, Cloud, Computer, Murmuring, Network|Tagged , , , , , |Leave a comment

Amazon Aurora 的 MySQL-Compatible Edition 開始提供相容於 MySQL 5.7 的服務

Amazon AuroraMySQL-Compatible Edition 開始支援相容 MySQL 5.7 的服務:「Announcing Preview of Amazon Aurora with MySQL 5.7 Compatibility」。

Amazon Aurora with MySQL 5.7 compatibility offers enhancements such as JSON support, spatial indexes, generated columns and performance improvement of 5x over MySQL 5.7, and up to 10x for spatial datasets.

雖然目前還在 Preview (需要申請才能用),而且開放區域有限,但總算是有消息了:

The preview is currently available in US East (N. Virginia), US East (Ohio), US West (Oregon), and Canada (Montreal).

會一定要 5.7 的,主要的需求應該是在 spatial index 上吧... JSON 反倒還好。

Posted in AWS, Cloud, Computer, Database, Murmuring, MySQL, Network, Service, Software|Tagged , , , , , , , , , , , , |Leave a comment

Amazon CloudWatch 支援縮放與拖拉調整時間區間

Amazon CloudWatch 的操作上支援 Zoom 與 Pan 了:「Amazon CloudWatch now supports two new chart visualization options in metrics and dashboards」。

Zoom 是改變時間的粒度:

You can use the CloudWatch console to graph metric data generated by AWS services and your applications. Now, you can zoom into a shorter time period such as one minute or five minutes while viewing the metric graph at a longer interval.

Pan 則是維持一樣的粒度,但改變開始與結束的時間:

Once zoomed, you can also pan the metric graph across your selected interval, but at a zoomed detail level.

變得更容易操作,而不用滑鼠移過去修改...

Posted in AWS, Cloud, Computer, Murmuring, Network, Service, WWW|Tagged , , , , , , , , , , , , , , , , , |Leave a comment