Categories
Furry Fandom Online Privacy

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission. Understandably, the photographers and fursuiters whose work was ripped off by this website are upset and would like to exercise their legal recourse (i.e. DMCA takedown emails) of the scam […]

Categories
Cybercrime

Fraudulent Apps on the Google Play Store: COVID-19 Contact Tracing Edition

Cryptographers around the world are still designing privacy-preserving contact tracing systems for combating the spread of COVID-19. Even though some papers have been published (one using zero-knowledge proofs, another based on blockchain (sigh)), the ink is still very wet. The first framework designed by Apple and Google needs work but was surprisingly not god-awful. That […]

Categories
Cryptography

Putting the “Fun” in “Hash Function”

There are several different methods for securely hashing a password server-side for storage and future authentication. The most common one (a.k.a. the one that FIPS allows you to use, if compliance matters for you) is called PBKDF2. It stands for Password-Based Key Derivation Function #2. Why #2? It’s got nothing to do with pencils. There […]

Categories
Cryptography

Hedged Signatures with Libsodium using Dhole

In 2017, cryptography researchers from Kudelski Security demonstrated practical fault attacks against EdDSA (specifically Ed25519; RFC 8032). Their techniques are also applicable to Deterministic ECDSA (RFC 6979), and potentially work against any deterministic signature scheme (n.b. the Fiat-Shamir or Schnorr distinction isn’t meaningful in this context). Although that might seem alarming, fault attacks aren’t especially […]

Categories
Furry Fandom Humor

Furiosity Thrilled the Cat: Questions People Ask About the Furry Fandom

Art by Kyume. Search engines have this feature where if you start to type a question, it will attempt to predict your question based on what other people have asked. This has some hilarious consequences. Sometimes this feature gets gamed by large hordes of shitty people (read: 4chan) typing provocative questions into search engines. Let’s […]

Categories
Humor Software Security

Why Server-Side Input Validation Matters

Update (2020-04-29): Twitter has fixed their oversight. Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text. The original article follows after the separator. I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve […]

Categories
Cryptography

A Furry’s Guide to Digital Signature Algorithms

Let’s talk about digital signature algorithms. Digital signature algorithms are one of the coolest ideas to come out of asymmetric (a.k.a. public-key) cryptography, but they’re so simple and straightforward that most cryptography nerds don’t spend a lot of time thinking about them. Even though you are more likely to run into a digital signature as […]

Categories
Furry Fandom

Never Underestimate the Furry Fandom

My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs. …Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I […]

Categories
Video Games

What Your Favorite Video Game Genre Says About Your Moral Character

My friends play a lot of video games, and I sometimes join them, but more often I just observe. And over the years of observing, I’ve noticed a few things worth sharing. Every video game is somewhat different and the lines can sometimes be a bit blurry, but with a few exceptions, the concept of […]

Categories
Software Security

“Source Code Leak” is Effectively Meaningless to Endpoint Security

There are two news stories today. Unfortunately, some people have difficulty uncoupling the two. The Team Fortress 2 Source Code has been leaked. Hackers discovered a Remote Code Execution exploit. The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient […]