ohryan.ca

A Web Developer in Winnipeg

  • Mr. Shodan

    Mr. Shodan

    in , ,

    Mr. Robot season 3 is off to a great start. As per usual, the episode features tonnes of Easter eggs for hacker nerds.

    But I have to admit I was a little surprised to see a shodan.io cameo. Shodan is a search engine for things connected to the web that isn’t a web server.  Web cams, network equipment, industrial controls and other hardware that relies heavily on security through obscurity.

    Here’s a fun video from Defcon 20 demonstrating what fun can be had.

    Bonus: The search Mr. Robot performs org:”Evil Corp” product:”Apache Tomcat”,  returns real results with show relevant data.

    Bonus Part 2:

    The domain in question has an open SNMP (file sharing port).

    No guest account unfortunately. If only I could remember some of the logins from the show.

    The rabbit whole goes deep this season! Hack the planet.

  • Thoughts & Prayers

    in

    Another tragedy….

    https://www.youtube.com/watch?v=0ODeKJdhff0

    For good measure…

    Almost forgot, the game…

     

  • What’s up with Face ID timeouts?

    in

    The Loop posted a great summary of Apple’s Face ID security whitepaper.

    Two points about how the timeout works really baffled me. Face ID is disabled when:

    • The device hasn’t been unlocked for more than 48 hours.
    • The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.

    If the phone hasn’t been unlocked for 48hrs, it’s a good assumption that the phone has been lost or stolen. But why bother disabling Face ID? Is Apple nervous about it’s real-world effectiveness? Nervous that a thief may be able to unlock the phone with their face?

    The second timeout seems more arbitrary. Why 156 hours? If I generally only use my phone once every 4hrs 5mins, then after 6.5days I will have to re-authenticate with my passcode? Why? It seems completely arbitrary.

    Any smarter security minds out there have any thoughts?