btcinfo  

Hic inserere motto

Eliminating malicious TLDs with regex

September 07, 2018 — shinohai

A discussion on Telegram this morning led to this post, I decided to preserve this handy list of regular expressions for filtering out mostly dumb and malicious TLD's. I am personally using an EdgeRouter Lite with dnsmasq for this purpose, so your mileage may vary - feel free to modify and make these better. Suggestions for changes may be sent to my email listed on the contact page, as usual non-encrypted content will be ignored.

^https?://([A-Za-z0-9.-]*\.)?.gq/ 
^https?://([A-Za-z0-9.-]*\.)?.cf/ 
^https?://([A-Za-z0-9.-]*\.)?.men/ 
^https?://([A-Za-z0-9.-]*\.)?.loan/ 
^https?://([A-Za-z0-9.-]*\.)?.ml/
^https?://([A-Za-z0-9.-]*\.)?.top/
^https?://([A-Za-z0-9.-]*\.)?.work/
^https?://([A-Za-z0-9.-]*\.)?.click/
^https?://([A-Za-z0-9.-]*\.)?.tk/
^https?://([A-Za-z0-9.-]*\.)?.country/
^https?://([A-Za-z0-9.-]*\.)?.pw/
^https?://([A-Za-z0-9.-]*\.)?.party/
^https?://([A-Za-z0-9.-]*\.)?.trade/ 
^https?://([A-Za-z0-9.-]*\.)?.review/ 
^https?://([A-Za-z0-9.-]*\.)?.club/ 
^https?://([A-Za-z0-9.-]*\.)?.bid/

YARA compatible regular expressions for detecting base64 encoded variable-case http:// and https:// URI prefixes:

HTTP:// ([\x2b\x2f-\x39A-Za-z][\x2b\x2f-\x39A-Za-z][\x31\x35\x39BFJNRVZdhlptx]
[Io][Vd][FH][R][Qw][O]i\x38v[\x2b\x2f-\x39A-Za-z]|[\x2b\x2f-\x39A-Za-z]
[\x30\x32EGUWkm][h][\x30U][Vd][FH][A]\x36Ly[\x2b\x2f\x38-\x39]|[Sa][FH][R][\x30U]
[Uc][D]ovL[\x2b\x2f-\x39w-z])

HTTPS:// ([\x2b\x2f-\x39A-Za-z][\x2b\x2f-\x39A-Za-z][\x31\x35\x39BFJNRVZdhlptx]
[Io][Vd][FH][R][Qw][Uc][z]ovL[\x2b\x2f-\x39w-z]|[\x2b\x2f-\x39A-Za-z]
[\x30\x32EGUWkm][h][\x30U][Vd][FH][B][Tz][O]i\x38v[\x2b\x2f-\x39A-Za-z]|[Sa][FH][R][\x30U]
[Uc][FH][M]\x36Ly[\x2b\x2f\x38-\x39])

Tags: Insecurity, Webshit

Static address bug discovered in Ledger app

August 03, 2018 — shinohai

The Ledger hardware wallet team announced a serious "bug" in the Ledger Wallet Ethereum Chrome application, telling lusers to avoid using it as it generates a static address for everyone. But "Engineering is working on it" so they recommend using more Webshit, like MyEtherWallet, in the meantime while the company tries to figure out why webpages generate static addresses and bikeshed a solution.

Tags: News, Cryptocurrency, Insecurity, Lulz, Webshit

Conbase Cucks Venezuelan Userbase.

August 03, 2018 — shinohai

Coinbase has reportedly cut off access to cryptocurrency withdrawls to citizens of Venezuela. Visitors to the site from Venezuelan IP's are reporting that the following message is being displayed in their browser:

This latest Conbase Cucking is one of a series of "LOL KYC/AML" mishaps that does not affect users of Actual Bitcoin

Tags: News, Bitcoin, Cryptocurrency, Webshit

Indy developers announce mETH clients capable of sharting.

August 01, 2018 — shinohai

status.im, a "company" that makes useless application for the Ethereum database, has announced the release of Nimbus, a client they claim is capable of sharting. Clients capable of sharting have until now only produced vaporous farts, but developers hope it will offer "scaling solutions" for a network currently choked by numerous apps that offer no substantial benefit to any actual thinking human beings. Armchair "developers" are invited to participate on the company Shithub repository.

Tags: News, Cryptocurrency, Webshit

AUR latest victim of repository rape

July 10, 2018 — shinohai

More poisoned repositories are found, this time on the Arch User Repository. This, combined with the recent lulz on the gentoo shithub further confirm that only the trinque model can prevent repository rape.

Tags: News, UNIX, Webshit, Lulz

Raleigh woman reports Roblox rape

July 04, 2018 — shinohai
A woman from Raleigh, N.C said she was left "traumatised and violated" after watching as her "sweet and innocent daughter's avatar was ... violently gang-raped on a playground by two males" in the alt-minecraft game Roblox. Screenshots of the event shared on social media showed a ms-paintesque girl lying face down in a dark playground, presumably with the electronic seed of her attackers spilling out of her virtual virgin vagina. The players responsible for these lulz were "permanently banned" from the platform, which boasts 64 million monthly players. (archived)

Tags: News, Lulz, Webshit

2017 Ethereum ICO's offered insecurity-as-a-service

June 25, 2018 — shinohai

Security researchers with positive.com, which specializes in auditing ICO's, found an average of 5 vulnerabilities in each of 2017's offerings according to a recent report. 71% contained at least one or more security flaw, and every ICO that offered an app was vulnerable. One third of all web apps contained common weaknesses such as code injection, disclosure of sensitive webserver info, or insecure data transfer. Most of the lulz were due to the copy/paste development culture which is common these days, as well as just building infrastructure on the already laughably insecure Ethereum platform, the pretend blockchain of choice for scammers worldwide.

Tags: News, Cryptocurrency, Webshit, Lulz

Defeating adblock detectors: popularmechanics.com

June 23, 2018 — shinohai

While viewing websites in a graphical web browser, occasionally I find a site that hates when one uses adblock plus and prevents viewing unless it is turned off or the user pays for an "ad-free" pass. popularmechanics.com is one such website, and the nag screen remained despite the fact I was also running NoScript. What do?

As it turns out, the solution was baby simple. PopularMechanics uses a 3rd-party site to detect users running adblock, so all I had to do was add the following to /etc/hosts:

127.0.0.1 hearstapps.com

I was then able to smugly continue my research without sharing the page with hundreds of crappy ads, or being forced to pay for a pass on a website that I visit at most twice a year.

Feliz Sabado, mis amigos.

Tags: Linux, Webshit