david

In the previous blog post , I have covered the different passwords you have to protect, the attackers and attack methods. Now let's look at how we want to solve the issue. Password requirements So far we have learned we have to use long, complex, true random passwords. In theory, this is easy. Now, this is my password advice for 2014: Password character classes Use upper-lower-digit-special characters in general cases. If you don't understand what I just write, choose from this: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-=[];'\,./<>?:"|{}_+!@#$%^&* ()`~ If you are a CISO, and say: use 3 out of 4 character class, everyone will use Password12 or Welcome12 as their password (after the 12th enforced password change). Password length This is basically the only thing which changes whether the password is in the very high/high/medium/low level. Check the previous blog post for the details about very high/high/medium/low...

Update: Feb 19. 2015 We have been adding pcaps to the collection so remember to check out  the folder (  Pcap collection ) for the recent pcaps. I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in the name of each file. Please visit their blogs and sites to see more information about the pcaps, see their recent posts, and send them thanks.  The public pcaps have no passwords on them. Update:Dec 13. 2014  Despite rare updates of this post, we have been adding pcaps to the collection so remember to check out  the folder (  Pcap collection (New link) ) for the recent pcaps! Update:Dec 31. 2013 - added new pcaps I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, gen...

This story is about a bug generated by g++ and clang compilers (at least) The condition_variables is a feature on the standard library of c++ (libstdc++), when its compiled statically a weird asm code is generated. Any example on the link below will crash if its compiled statically:   https://en.cppreference.com/w/cpp/thread/condition_variable In this case the condition_variable.wait() crashed, but this happens with other methods, a simple way to trigger it: If this program is compiled dynamically the crash doesn't occur: Looking the dissasembly there is a surprise created by the compiler: Compilers:     g++  9.2.1+20200130-2     clang++ v9 Both compilers are generating the "call 0x00" If we check this call in a dynamic compiled: The implementation of condition_variable in github: https://github.com/gcc-mirror/gcc/blob/b7c9bd36eaacac42631b882dc67a6f0db94de21c/libstdc%2B%2B-v3/include/std/condition_variable ...