Security on Lantean

GIT over Socks5: Or how to get around Paris's Mall SSL filters

Wed, 11 Jan 2017 14:22:15 +0000


git config --global --get socks.proxy
git config --global --unset socks.proxy
git config --global socks.proxy socks5://127.0.0.1:9050

Removing SSL Private Key Passwords

Fri, 09 Sep 2016 10:16:09 +0000

Yes. Again! For future self reference:

openssl rsa -in encrypted.key -out unencrypted.key

Loading SecCertificateRef from PEM String

Mon, 07 Jul 2014 17:05:49 +0000

In order to load a PEM certificate, you’d probably wanna grab the PEM itself from your backend, right?.

You can do so, by means of this command:

openssl s_client -showcerts -host host.com -port 443

Once you’ve got the certificate, you should get rid of the Begin/End Certificate substrings.

Cocoa Snippet itself is quite easy:

NSData *rawCertificate = [[NSData alloc] initWithBase64Encoding:PlaintextCertificateString];
SecCertificateRef parsedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)rawCertificate);

That’s it. Don’t forget about checking expiration dates. Unfortunately, Apple’s API to do so is private, and i personally refuse to build OpenSSL into my app, just to check that.

Apple Got Hacked!?

Wed, 20 Feb 2013 11:16:39 +0000

In a recent press release, Apple announced that a small group of computers in their network got hacked. You might be wondering… how in the hell this happened?.

The answer is pretty simple. Java Virtual Machine has been found to ve very insecure. Several zero-day exploits have been uncovered, and long short story, if you’ve got Java VM installed in your machine, i suggest you disable it. As soon as possible!.

Howto Uninstall Flash Player from a Mac

Mon, 18 Feb 2013 09:26:28 +0000

If you’re reading this post, you’re probably aware of the dangers of Flash Player. And you’ve read, most probably, about the last couple of viruses / penetrations to Facebook and Google.

Steve Jobs hated Adobe Flash… personally, i say he had a very good reason. If wasn’t, probably, just because Adobe refused (at first) to publish its suite for Mac. He knew that it was troublesome… so… let’s proceed removing that junk from our system!.

Dropbox Two Step Authentication

Sat, 09 Feb 2013 10:44:53 +0000

Have you ever heard about keyloggers?. Just in case you haven’t… keyloggers are a super simple piece of technology. They are software applications that can be installed in almost every PC / Mac, and they simply save every keystroke.

They’re invisible to the user. So… they just know everything you type. Including passwords. Keyloggers generate a logfile, which can be (in some cases) sent via email to the guy who is spying on you… and in other cases, they just generate a textfile somewhere in the system… which will eventually be downloaded, and your whole security exposed.

New iPhone Jailbreak!

Sun, 27 Jan 2013 11:26:43 +0000

Today, a new iPhone Jailbreak solution, has been announced to be already on its way. iOS 6.0 and 6.1 beta 4 have been both jailbroken, and the team is waiting for iOS 6.1 final release to launch the goodies!.

If you have a previous iOS version, and you still wanna jailbreak your device, you should head to this site. They have a nice archive of every JB solution that got released.

Do Macs need Antivirus?. Yeah, they do!

Wed, 23 Jan 2013 23:53:26 +0000

So… you own an iMac.. maybe a Macbook Pro, or maybe you’re one of the lucky owners of a Mac Pro. You’ve been watching ads for the last ten years… you bought it all, and you feel safe just because it’s not a windows… right?.

Well… things are not the way they were a couple years ago. As Apple gained more and more marketshare, virus developers turned their eyes on our belived OSX system. Since Java virtual machine has been found to be buggy… several viruses that affected Mac have been caught in the wild.

Bruteforcing Http Auth on OSX

Tue, 22 Jan 2013 23:46:02 +0000

Suppose you forgot the password of your router. What can you do?…. should you just reset the device?. Nahhhh…. that’s boring. That’s why we’re gonna try to bruteforce http basic authentication.

We’re assuming that you run some incarnation of OSX, and you have Mac Ports installed. Right?. We’ll need to download hydra… a bruteforce tool… so… fire up a terminal, and type the following:

sudo port install hydra

So far so good. Now, we’re gonna need to create our own password list. In order to do so, we’ll rely on crunch. It’s a nice shell tool, that builds on OSX as well. Download it here first. If you get any troubles building it, try typing:

Setting OSX Firmware Password

Fri, 18 Jan 2013 15:14:13 +0000

OSX is a strong and secure system. Until you realize there is a feature called ‘single user login’… which virtually grants you ROOT access, provided that you have physical access to the target machine.

Boot the system.
Press CMD + S.
You should get a bash shell, with ROOT permissions.

That sucks, pretty much. There is just no single password screen. If you have the machine, you can access its files. How do we prevent this????.

Bruteforcing WEP Keys

Sat, 26 May 2012 12:35:41 +0000

Today… we’ll take a look at WEP key-breaking. We’ll use a linux live-cd distribution called backtrack. It’s a linux distribution bundled with a load of hacking / cracking tools. It’s free, and it’s pretty cool.

So… first step… download and burn it!. I’ll assume you know how to boot it and launch a bash terminal. Let’s begin from there. We’re gonna use two command-line tools: airodump-ng and aircrack-ng. So… let’s open a terminal, and type the following commands:

AES Encrypted Chat!

Sat, 21 Apr 2012 13:00:37 +0000

Well, this time i'm not gonna share an HTML trick, library, or whatsoever. A friend of mine sent me a link... and i said... WOW... this is written in javascript alone?.

It's a web-based, encrypted chat. Pretty amazing... there is no java applet anywhere to be seen. So... it's kind of a disposable, encrypted chat. If you wanna... have a secure communications channel, for whatever reason, you can give it a shot.!