-
Notifications
You must be signed in to change notification settings - Fork 0
/
index_all.html
79 lines (71 loc) · 9.59 KB
/
index_all.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<head><meta http-equiv="Content-Type" content="text/html" charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><title>Devs ♥ Security</title><meta name="description" content="Code, Cloud, Security, and Everything in Between."><meta name="HandheldFriendly" content="True"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" type="text/css" href="assets/css/screen.css?v=f305095dc5"><link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Rambla:400,400italic,700%7CInconsolata:400"><!-- Extra for DC --><link rel="stylesheet" type="text/css" href="assets/css/dc.css?v=f305095dc5"><!-- A few basic utilities to support JS code in posts that relies on the global JS code loaded at the end --><script type="text/javascript" src="assets/js/libs/ht.utils.js?v=f305095dc5"></script><link rel="canonical" href="http://devs.cloudimmunity.com/"><link rel="next" href="http://devs.cloudimmunity.com/page/2/"><meta name="generator" content="Ghost 0.5"><link rel="alternate" type="application/rss+xml" title="Devs ♥ Security" href="http://devs.cloudimmunity.com/rss/"></head><body class="home-template">
<section id="wrapper"><div id="ajax-container">
<header id="main-header"><nav id="main-nav"><a class="js-ajax-link js-show-index" id="blog-logo" href="http://devs.cloudimmunity.com"><img src="content/images/2014/12/CI_LOGO_no_shadow_smaller-2.png" alt="Blog Logo"></a>
</nav><div class="inner">
<h1 class="page-title"><a class="js-ajax-link js-show-index" id="page-title" href="http://devs.cloudimmunity.com">Devs ♥ Security</a></h1>
</div>
</header><div id="post-index" class="container">
<main class="content post-index-animations" role="main"><article class="post animated-post"><div class="inner">
<header class="post-header"><span class="post-meta"><a href="author/kyle/">Kyle Quest</a> </span>
<div class="clear"></div>
<h2 class="post-title"><a class="js-ajax-link js-show-post" href="designing-a-web-api-how-taxii-1-x-made-every-mistake-in-the-book/">(Draft) Designing a Web API - How TAXII 1.x Made Every Mistake in the Book</a></h2>
</header><section class="post-excerpt"><p></p><p>WIP...</p><a class="js-ajax-link js-show-post" href="designing-a-web-api-how-taxii-1-x-made-every-mistake-in-the-book/">…</a>
</section></div>
</article><article class="post animated-post"><div class="inner">
<header class="post-header"><span class="post-meta"><a href="author/kyle/">Kyle Quest</a> </span>
<div class="clear"></div>
<h2 class="post-title"><a class="js-ajax-link js-show-post" href="when-do-it-yourself-integrity-verification-doesnt-work-lessons-learned-for-new-web-developers/">(Draft) When Do-It-Yourself Integrity Verification Doesn't Work - Lessons Learned for New Web Developers</a></h2>
</header><section class="post-excerpt"><p></p><p>WIP...</p><a class="js-ajax-link js-show-post" href="when-do-it-yourself-integrity-verification-doesnt-work-lessons-learned-for-new-web-developers/">…</a>
</section></div>
</article><article class="post animated-post"><div class="inner">
<header class="post-header"><span class="post-meta"><a href="author/kyle/">Kyle Quest</a> </span>
<div class="clear"></div>
<h2 class="post-title"><a class="js-ajax-link js-show-post" href="friends-dont-let-friends-use-json-web-tokens/">(Draft) Friends Don't Let Friends Use JSON Web Tokens</a></h2>
</header><section class="post-excerpt"><p></p><p>WIP...</p><a class="js-ajax-link js-show-post" href="friends-dont-let-friends-use-json-web-tokens/">…</a>
</section></div>
</article><article class="post tag-golang animated-post"><div class="inner">
<header class="post-header"><span class="post-meta"><a href="author/kyle/">Kyle Quest</a> | <a href="tag/golang/">golang</a> </span>
<div class="clear"></div>
<h2 class="post-title"><a class="js-ajax-link js-show-post" href="gotchas-and-common-mistakes-in-go-golang/">50 Shades of Go: Traps, Gotchas, and Common Mistakes for New Golang Devs</a></h2>
</header><section class="post-excerpt"><p></p><p>Go is a simple and fun language, but, like any other language, it has a few gotchas... Many of those gotchas are not entirely Go's fault. Some of these mistakes are natural traps if you are coming from another language. Others are due to faulty assumptions and missing details.</p>
<p>A lot of these gotchas may seem obvious if you took the time to learn the language reading the official spec, wiki, mailing list discussions, many great posts and presentations by Rob Pike, and the source code. Not everybody starts the same way though and that's OK. If you are new to Go the information here will save you hours debugging your code.</p>
<p><a href="index.html#total_beginner">Total Beginner</a>:</p>
<ul><li><a href="index.html#opening_braces">Opening Brace Can't Be Placed on a Separate Line</a></li>
<li><a href="index.html#unused_vars">Unused Variables</a></li>
<li><a href="index.html#unused_imports">Unused Imports</a></li>
<li><a href="index.html#short_vars">Short Variable Declarations Can Be Used Only Inside Functions</a></li>
<li><a href="index.html#vars_redeclare">Redeclaring Variables Using Short Variable Declarations</a></li>
<li><a href="index.html#vars_shadow">Accidental Variable Shadowing</a></li>
<li><a href="index.html#nil_init">Can't Use "nil" to Initialize a Variable Without an Explicit Type</a></li>
<li><a href="index.html#nil_slices_maps">Using "nil" Slices and Maps</a></li>
<li><a href="index.html#map_cap">Map Capacity</a></li>
<li><a href="index.html#nil_strings">Strings Can't Be "nil"</a></li>
<li><a href="index.html#array_func_args">Array Function Arguments</a></li>
<li><a href="index.html#unexpected_slice_arr_vals">Unexpected Values in Slice and Array "range" Clauses</a></li>
<li><a href="index.html#one_dim_slice_arr">Slices and Arrays Are One-Dimensional</a></li>
<li><a href="index.html#map_key_ne">Accessing Non-Existing Map Keys</a></li>
<li><a href="index.html#imm_strings">Strings Are Immutable</a></li>
<li><a href="index.html#string_byte_slice_conv">Conversions Between Strings and Byte Slices</a></li>
<li><a href="index.html#string_idx">Strings and Index Operator</a></li></ul><a class="js-ajax-link js-show-post" href="gotchas-and-common-mistakes-in-go-golang/">…</a>
</section></div>
</article><article class="post tag-passwords tag-security tag-arc tag-lisp animated-post"><div class="inner">
<header class="post-header"><span class="post-meta"><a href="author/kyle/">Kyle Quest</a> | <a href="tag/passwords/">passwords</a>, <a href="tag/security/">security</a>, <a href="tag/arc/">Arc</a>, <a href="tag/lisp/">Lisp</a> </span>
<div class="clear"></div>
<h2 class="post-title"><a class="js-ajax-link js-show-post" href="hacking-old-hacker-news-fun-with-weak-passwords-and-arc/">Hacking (Old) Hacker News: Fun with Weak Passwords and Arc</a></h2>
</header><section class="post-excerpt"><p></p><p>When I was conducting my cloud password security research, I also looked at <a href="https://news.ycombinator.com/">Hacker News</a>. It's not a cloud application, but it does have pretty common password security qualities. It's also interesting because it's written in Arc (a Lisp dialect) and the code is available (for the old version from 2009).<br><br>
When you create a Hacker News account you can create passwords which are 4 characters long without any restrictions on the password complexity. This mean that you can have a password that looks like 0000 or 1111. Sure, not everybody will use passwords like that, but there's a good chance that quite a few users will have pretty simple passwords. Even technical people are still people; people choose the easiest possible passwords (when they can), making it easy to conduct online password attacks.<br><br>
What's interesting is that when you change your password, you are required to have at least 8 characters (still without any complexity requirements). The Arc source code shows that the length requirement used to be 4 characters. Time to look at the code to see what else might be there...</p>
<p>Here's the login code from app.arc:</p>
<pre><code>(def good-login (user pw ip)
(let record (list (seconds)</code></pre><a class="js-ajax-link js-show-post" href="hacking-old-hacker-news-fun-with-weak-passwords-and-arc/">…</a>
</section></div>
</article><nav class="pagination" role="pagination"><div class="inner">
<a class="older-posts" href="page/2/"><span>Older Posts</span> <i class="fa fa-angle-right"></i></a>
<div class="clear"></div>
</div>
</nav></main></div>
</div>
</section><footer id="site-footer"><div class="inner">
<span class="blog-description">Code, Cloud, Security, and Everything in Between.</span>
<section class="poweredby">Create secure cloud apps with <a href="https://www.cloudimmunity.com/">Cloud Immunity</a>.</section></div>
</footer><script src="public/jquery.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/libs/jquery.fitvids.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/libs/jquery.history.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/libs/highlight.pack.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/libs/nprogress.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/index.js?v=f305095dc5"></script><!-- Extra for DC --><script type="text/javascript" src="assets/js/libs/d3.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/libs/crossfilter.js?v=f305095dc5"></script><script type="text/javascript" src="assets/js/libs/dc.js?v=f305095dc5"></script></body>