Thursday, October 16, 2014

How to Disable SSL 3.0 in Firefox

It's quite hard to disable SSL in Firefox, since version 23.
Type about:config in the URL bar and press Enter.
In the search field, enter "security.tls.version.min".
In the column named value, make sure that the integer is 1 in order to have SSL disabled, but TLS enabled.

Tuesday, January 7, 2014

Cicada 3301 - 2014

As of 07:30 GMT January 6th, Cicada 2014 has officially started.

It all started with this tweet:
https://twitter.com/1231507051321/status/420087183957966849

The tweet contains a link to this image:

Running outguess on the image file gives this message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wednesday, November 27, 2013

TrueSec Challenge Autumn 2013

TrueSec have another challenge up that's really fun.
I managed to clear all 12 levels this time as well.

Try it out and let me know how you are doing.

Monday, November 11, 2013

The Adobe Password Leak

Like most everyone I have taken a look at the leaked Adobe passwords. Being based in Sweden, I took an interest in the .se domains. Surprisingly, there are 405 978 accounts with a .se email address. Considering how common for example hotmail.com is in Sweden, the number of Swedish users who had their passwords leaked is probably much higher

I write that passwords have been leaked since that is how it is reported. Really the passwords haven't been leaked, of even a password hash. What has been leaked is most likely 3DES encrypted passwords. But to simplify things I'm calling the encrypted passwords hashes, since that's usually what you are dealing with then analyzing a password leak like this.

The top 10 .se domains are:

Monday, September 2, 2013

TrueSec Summer Challenge 2013

I was just notified by the good people at TrueSec that I have won the TrueSec Summer Challenge 2013! I'm soon to be the proud owner of an HP ElitePad 900. I don't yet own a device that runs Windows 8, so I'm really looking forward to using it. I'm also looking forward to visiting TrueSec to pick it up, since TrueSec is one of the coolest companies I know.

If you would like to try the challenge, it's still available here.

Saturday, October 13, 2012

Full Adders - ALU

I've always been fascinated with the processor, and in particular the arithmetic logic unit. On the picture below you can see a 1 bit full adder using only AND, OR and XOR gates. I've implemented the design using Logic Gate Simulator, which is open source. For those unfamiliar with the different symbols, I have attached a legend at the end of this post.
A and B are the input bits to be added. The C on top is the Carry in. The Carry in is not that useful in this implementation since it's only a 1 bit implementation. The O is result, and the C in the bottom is the Carry out, but in this case it works as an overflow flag.

Saturday, June 9, 2012

Python: 'utf-8' codec can't decode byte

While scripting python yesterday, I got the following error message in PythonWin: "Failed to run script - syntax error - (unicode error) 'utf-8' codec can't decode byte 0xe8 in position 0: unexpected end of dat" And yes, it actually says "unexpected end of dat", and not "unexpected end of data".

After trying to narrow down the code to find the problem, I ended up with:
string = 'è'

I had the hardest time trying to figure out how it comes that unicode couldn't decode the data. I was pretty sure that unicode could handle most characters, specially an é. This is the sort of problem I would have expected to be about the ascii codec.

After quite some messing around I opened the script in Notepad++, and had a look at the Encoding.

It turns out that the script itself is encoded with ANSI. When I changed to Encode in UTF-8, the 'è' changes to 'xE8', which is exactly what the utf-8 codec had trouble decoding in the script.

With the encoding still set to UTF-8 in Notepad++, I removed xE8, and typed in è and saved the script. The script is now running fine.