What happens if malicious code is uploaded to npm under these names? Is it possible that some of PayPal’s internal projects will start defaulting to the new public packages instead of the private ones?
Usine hydro-électrique, génératrice diesel, système d’aération, métro, silo, haut fourneau, système de production de bio-gaz ou d’eau potable… Tout y passe. Autant, les VNC d’avant, ça ne pouvait pas trop faire de dégat sinon la compromission de la machine en question, autant là on parle de systèmes qui peuvent conduire à des morts…
Paged Out! is a new experimental (one article == one page) free magazine about programming (especially programming tricks!), hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other similar topics.
Include a crazy prime Python quine ! (page 35) O.O
This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.
$ python3 -m zipfile -e overlap.zip .
Traceback (most recent call last):
__main__.BadZipFile: File name in directory 'B' and header b'A' differ.
How does a tiny repo cause git to run out of memory? The secret is that git de-duplicates “blobs” (which are used to store files) to make repositories smaller and allow using the same blob when a file remains unchanged between commits. Git also allows de-duplication of “tree” objects (which define the directory structure in a repository). git-bomb tries to make a billion files, however it only has 10 references to the file blob and only has 10 tree objects in all.
Pour vous donner un exemple de la vulnérabilité des outils comme la messagerie Outlook, en 2016, l’Annudef’ (l’annuaire du ministère de la Défense) a été téléchargé deux fois et on ne sait toujours pas par qui.
"Here you have a trivially simple method of injecting legit-looking messages into text conversations with anyone, providing you know how your target stores the spoofee sender in their contacts. In the UK, that’s largely the difference between starting with 07, and +447.
The utterly exquisite reality is that, if your target then replies, that reply goes to the real sender, who is overwhelmingly likely to reply something like “what the hell are you on about?”, this being the first they’ve heard of this shady business. Does that look like backtracking or denial? I ain’t no Member of Parliament, but it sure sounds like it to me."