5 Awesome Online Games You Must Try

The following is a guest post.

   


There are many games online, ranging from good to bad and therefore fun and not fun. But there are games that stand above the rest. Games that have people coming back for years or even decades. Games that are so fun that they're considered classics.

Not that you shouldn't explore yourself on what games to play, but, if that task seems too daunting or you need a place to start, this is it. Chances are you've heard of most if not all of the following games, and there's a good reason for that. They're fun. Many people believe such and therefore it is likely that you will also think so.

Many games are considered classics and if you're ever bored or unsure of what to play, then classics should be a goto. If you don't know what classics to refer to then look no further for the classics that you seek include solitaire, jigsaw puzzles, sudoku, mahjong, and crosswords; while these apply in real life as well, this refers to online for infinite play.

Solitaire

As the above may suggest, the first game you must try is online solitaire. Solitaire is a game of multiple names, two of which being, Patience, or card solitaire. In general, solitaire is a term used for single-player games of concentration and skill involving a set layout of a certain item, which could be tiles, cards, stones, etc. Which is why it can be called card solitaire.

Each game of solitaire acts as a puzzle, every card is laid out in a specific position so as to randomize each solution, which could be in your favor, or not. As said, each card is laid out specifically in a layout, to solve the puzzle you have to sort the cards and conform to the specific rules of the game, whichever it may be. It's a fun puzzle game that is certainly satisfying to beat.

Jigsaw Puzzles

There's a very high chance that if you know any game on this list, it's actual jigsaw puzzles. And if you do know about them then you probably also know that to play jigsaw puzzles you had to buy the different sets and couldn't do other images unless you bought that specific set, well, no more. The era of online fixes that issue.

Thanks to it being online you can do puzzles with any website given image, some even let you choose your own image as well as your difficulty. If achieving a certain goal and also being able to see it right before your eyes is something you desire, then jigsaw is your best bet. Truly a game that will never disappear, and therefore, you should play it.

Sudoku

The game that used to be known as Number Place is as the original name would entail. You are given a grid of 3x3 squares and within those squares, there are 3x3 other squares (boxes). In each square, there is a given amount of numbers within those boxes and the empty boxes are the ones you insert puzzles to complete the square.

You complete the puzzle by having every box within the puzzles filled in with a number. This seems easy at first since you might just be thinking you can repeat numbers, but that's where the rules come in. In each square there can only be a singular number of 1-9, this also applies to rows and columns, no number can repeat vertically, horizontally, or… boxically.

For a game that contains many numbers, you don't actually need to know any math so don't let that frighten you. Sudoku is a game loved by many for many years ever since it was popularized in the late 1980s.

 

Mahjong

A game that was developed in China during the Qing dynasty, Mahjong, is a popular game to this day worldwide. Mahjong is a game of tiles that involves skill, strategy, and just a bit of luck. Commonly the game is played with four people but there are variants for three. The game is set with 144 tiles with Chinese characters and symbols being written on them.

Each player is given 12 tiles, with each turn the players can draw or discard tiles until they have completed a legal hand using the 14th drawn tile to form melds also known as sets as well as a pair, which is known as an eye. The game can also be won with special sets. Which this being online, there should be no shortage of opponents which can include A.I.

Crosswords

A need to play by any sense of the word, crosswords are word puzzles and word search games that take place within a square. The goal of the game is to form words or phrases using the white boxes based on sentences, references, or clues given which pertain to a certain square number. The clues and such are also labeled as being either vertical or horizontal.

The square also contains black or shaded areas that are meant to separate boxes which essentially separate words to make it easier to distinguish the correct answer. The way to complete the puzzle if by filling in each set of boxes with the correct word or phrases. The bonus with this being online is there there will be no shortage of crosswords or topics to choose from.


Must-Play Games

As previously said, there are many games out there both in the real world and online. With online, however, there's no shortage of anything for any of these games which means that you can endlessly play without worrying about paywalls; paywalls being the requirement to buy more sets of puzzles to enjoy said puzzle.

To recap, what you must play include solitaire, the card game, jigsaw puzzles, the puzzle piece game, sudoku, the number placement game, mahjong, the tile game, and finally crosswords which is essentially the word placement game. Each of these games is beloved by many and definitely should be a place to start or go if you're ever wondering what to play.

Diposting oleh prediksi Selasa, 22 September 2020 di 22.42 0 komentar  

Swiss Pike Complete

It is with considerable pleasure that I've finished the Swiss pike. I started this project a couple of days before Christmas so am very pleased to have them done by now. They have worked out exactly how I wanted, 6 chunky dynamic units that weren't just blokes standing about with upright pikes


The 6 blocks together.

Still got a way to go with mounted crossbows, more handgunners and foot crossbows still to to do, plus maybe some German ally knights

Up close to the charge
left to right: Schwyz/Basel, Glarus/Solothurn, Uri, Berne, Lucerne/Zurich, Basel-Stadt/Appenzell

Uri Handgunners to the fore


Diposting oleh prediksi Senin, 21 September 2020 di 22.03 0 komentar  

Epic Shadowswords

I finished up the Shadowswords last night. I also went back and painted the headlights on the Baneblades that I missed. Next up are the Leman Russ Exterminators.

Epic Shadowswords

Diposting oleh prediksi Sabtu, 12 September 2020 di 18.04 0 komentar  

Rescue And Recovery

I own a hobby game store but one of my other hobbies, the one that takes all my meager disposable income, is overlanding and off roading. I have been stuck many times in my Jeep. For a while, it seemed like that's what you did, drive until you got stuck. I learned a lot during this time, both about preparation and technique as well as wisdom in avoiding mistakes.

Once I tried to get up a muddy hill and slid back down sideways, nearly over an embankment. I tried several more times and slid into the exact same nook on the hill, a little closer to the edge each time. Eventually I got half way up, avoided the slide, and winched my way over the top. My friend who didn't get stuck was focused on getting me to learn how to navigate the vehicle up the hill. I just wanted to get to the top. My installer thought I was foolish to buy a winch, "I've been off-roading for 20 years and never used my winch." Well, he never went with us. I ended up using the winch several more times that year. There are some fundamentals to off-roading that apply to business.

Be prepared. In my Jeep sliding situation, I had the original, street tires on the vehicle. I had no business being in mud. A wiser me would have looked at that hill and said "Nope! We go around." In business this means having some form of reserve. A cash reserve is the most obvious. Before we had our large construction project, with tremendous debt, I had cash reserves. We would look around and try to solve problems with money, rather than seeing problems and putting them on my white board of shame, a list to be solved another day.

Being prepared also means having a plan. What would you do if you were forced to shut down for a long period of time? Would you continue the business at all? That's the first question. Is it worth it? If so, how? Having checked your resolve ahead of time means you are acting on your plan while others are searching their hearts. This is a discussion I've had with friends and family many times, and the weekend before I was shut down, we revisited this. Is it worth continuing if they shut you down?

Self rescue. Rule zero of survival is nobody is coming. Be self reliant. With rule zero in mind, how are you going to self rescue in a time of crisis? You should certainly call for help, but remember, nobody is coming. Hope they come, expect they won't. My solution was to set up an online store and do no-contact home delivery. The best time to have set up an online store was a year ago, but you do what you can in the time of crisis. In coming days, I will change that to far less profitable, but safer, shipping of all orders. Nobody is coming. I'll believe there is an outside solution when the money hits my bank account.

Call for help. Nobody is coming, but they might. I've got a ham in the Jeep, but I really want a satellite communicator. The price tag and subscription throws me off, but before every big trip, I consider it again. How remote is this trip? Who am I going with?

In the case of the business, I'm refinancing my house to acquire cash out and tapping investors for a "cash call." This alone is probably enough to self-rescue, assuming things go back to normal. They'll never be normal again. When I went to initiate a refinance, the first several days the banks were swamped and stopped publishing rates. The next week, my mortgage broker added me to her schedule. It has been three weeks and she hasn't called me back. I'm half way through a refinance with a second broker. Is it possible this falls through? Absolutely. Should I have relied on the first broker? Nobody is coming.

I'm also applying for an SBA economic injury disaster loan, and was recently approved for one. Next is the PPP payroll protection plan, which really will employ my staff for more hours than I would give them otherwise, probably building a new online store I should have created a year ago.

One of these things needs to happen. I need the mortgage refi or the SBA loan and gravy if I get both. Let's turn failure into an embarrassment of riches. Since nobody is coming, sending out a request for help on every frequency might increase my chances somebody comes. If nobody comes, the online store becomes an even hotter priority. Everyone is screwed. It is to everyones interest to be patient and allow self recovery. It's the best option since nobody is coming.

The time to be prepared with a strong resolve and resources in place, was before this happened. The time to begin the self rescue and call for help was last week. The time to accept nobody is coming and figure this out on your own is now.

Diposting oleh prediksi di 16.57 0 komentar  

The Intellivision Amico - Can A "Family Friendly" Console Succeed?

The Intellivision Amico in Metallic Pearl, courtesy of Intellivision Entertainment
Who remembers the Intellivision today?  Some readers with a sense of history will remember the console as the first console to seriously compete with Atari 2600 before the video game crash of 1983-84.  A few may even have had one when they were younger, have one in their collection or played one at some point in their lives.  To the general public, also-ran pre-crash consoles like the Intellivision barely register in its memory.  Intellivision is posed to make a comeback with the Amico console, a console built with the laudable goal of getting families to play video games together.  But it is a very different market that Intellivision is trying to make a splash compared to ten years ago, never mind forty.  Can the Amico become a success when it is scheduled to launch next year?  Let's explore its prospects in this article.

Read more »
You say "obsessed" as if it is a bad thing.

Diposting oleh prediksi Kamis, 03 September 2020 di 23.56 0 komentar  

Support For XXE Attacks In SAML In Our Burp Suite Extension


In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Related word


  1. Hackers Toolbox
  2. Hacking Apps
  3. Pentest Tools List
  4. Hacker Tools Windows
  5. Hack Tools Download
  6. Pentest Tools Find Subdomains
  7. Hack App
  8. Pentest Tools Website Vulnerability
  9. Pentest Tools For Android
  10. Beginner Hacker Tools
  11. Free Pentest Tools For Windows
  12. Pentest Tools Tcp Port Scanner
  13. Hacking Tools For Windows 7
  14. Pentest Tools Website
  15. Hack Tools Github
  16. Pentest Tools For Mac
  17. Pentest Tools Nmap
  18. Pentest Tools Online
  19. Hacking Tools Usb
  20. Hack Tools For Games
  21. Pentest Tools Website Vulnerability
  22. Tools Used For Hacking
  23. Hack Apps
  24. Hacker Tools Free
  25. Hacker Tools Mac
  26. Pentest Tools Open Source
  27. Hacking Tools Windows 10
  28. Underground Hacker Sites
  29. Hacker Tools 2020
  30. Beginner Hacker Tools
  31. Pentest Tools Website Vulnerability
  32. Pentest Tools Android
  33. Hacking Tools For Windows 7
  34. How To Install Pentest Tools In Ubuntu
  35. Hacking Apps
  36. Pentest Tools Kali Linux
  37. Pentest Tools For Windows
  38. How To Make Hacking Tools
  39. Nsa Hacker Tools
  40. Hacking Tools For Mac
  41. Hacker Tools For Windows
  42. Hacking Tools For Games
  43. Underground Hacker Sites
  44. Hak5 Tools
  45. Hacker Tools Free Download
  46. Hacking Tools Software
  47. Pentest Tools Subdomain
  48. Hacker Tools List
  49. Hack Tools Download
  50. Pentest Tools Website Vulnerability
  51. Pentest Tools Find Subdomains
  52. Nsa Hacker Tools
  53. Hacking App
  54. Hacker Search Tools
  55. Hacking Tools Usb
  56. Top Pentest Tools
  57. Physical Pentest Tools
  58. Hacking Tools For Kali Linux
  59. Hacking Tools 2020
  60. Pentest Tools For Mac
  61. Hacker Tools Online
  62. Hacker Tools Online
  63. Pentest Tools For Windows
  64. Hacking Tools For Windows Free Download
  65. Wifi Hacker Tools For Windows
  66. What Are Hacking Tools
  67. Hacker Tools List
  68. Pentest Tools Review
  69. Pentest Tools For Mac
  70. Top Pentest Tools
  71. Hacker Security Tools
  72. Hackers Toolbox
  73. Hacker Tools Windows
  74. Hacking Tools For Windows 7
  75. Hacker Techniques Tools And Incident Handling
  76. Pentest Tools Windows
  77. Pentest Tools Port Scanner
  78. Pentest Tools Kali Linux
  79. Hack Tools 2019
  80. Kik Hack Tools
  81. Pentest Tools Port Scanner
  82. Hacking Tools Mac
  83. Hacking Tools Free Download
  84. Physical Pentest Tools
  85. Kik Hack Tools
  86. Pentest Reporting Tools
  87. Hacking Tools Windows
  88. Blackhat Hacker Tools
  89. Easy Hack Tools
  90. Hack And Tools
  91. Pentest Automation Tools
  92. Pentest Tools Tcp Port Scanner
  93. Hacking Tools For Windows
  94. Pentest Tools Tcp Port Scanner
  95. Hack Tools 2019
  96. Hacker Tools Online
  97. Free Pentest Tools For Windows
  98. Pentest Tools Alternative
  99. Pentest Tools Port Scanner
  100. Hack Tools Online
  101. Pentest Tools Port Scanner
  102. Hack Apps
  103. Hacker Search Tools
  104. Wifi Hacker Tools For Windows
  105. Hacking Tools Download
  106. Pentest Tools Website Vulnerability
  107. Hak5 Tools
  108. Install Pentest Tools Ubuntu
  109. What Are Hacking Tools
  110. Hacking Tools For Beginners
  111. Growth Hacker Tools
  112. How To Hack
  113. Hack Apps
  114. Hacker Tools Mac
  115. Kik Hack Tools
  116. How To Install Pentest Tools In Ubuntu
  117. Tools 4 Hack
  118. Pentest Tools Alternative
  119. Computer Hacker
  120. Hacker Tools For Windows
  121. Hacker Tools Hardware
  122. Hack Tools Online
  123. New Hacker Tools

Diposting oleh prediksi Minggu, 30 Agustus 2020 di 23.05 0 komentar  

Nipe - A Script To Make TOR Network Your Default Gateway



Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously.

Nipe is a Script to make Tor Network your Default Gateway.

This Perl Script enables you to directly route all your traffic from your computer to the Tor Network through which you can surf the Internet Anonymously without having to worry about being tracked or traced back.

Download and install:
    git clone https://github.com/GouveaHeitor/nipe
    cd nipe
    cpan install Switch JSON LWP::UserAgent

Commands:
    COMMAND          FUNCTION
    install          Install dependencies
    start            Start routing
    stop             Stop routing
    restart          Restart the Nipe process
    status           See status

    Examples:

    perl nipe.pl install
    perl nipe.pl start
    perl nipe.pl stop
    perl nipe.pl restart
    perl nipe.pl status

Bugs

Related links

  1. Hacker Tools Apk Download
  2. Underground Hacker Sites
  3. Hack Tools Online
  4. Hacking Tools Windows 10
  5. How To Make Hacking Tools
  6. Hackers Toolbox
  7. Nsa Hacker Tools
  8. Hacker Tools Linux
  9. Hacking Tools For Mac
  10. Hacker Tools Hardware
  11. Growth Hacker Tools
  12. Hack Tools For Pc
  13. Hacker Tools Apk Download
  14. Hack Tool Apk
  15. Pentest Tools For Android
  16. Hack Tools For Mac
  17. Hacker Tools 2020
  18. Pentest Tools Linux
  19. Pentest Tools Subdomain
  20. Hacker Tools For Ios
  21. Hacking Tools 2019
  22. Install Pentest Tools Ubuntu
  23. Hack Tools Online
  24. Free Pentest Tools For Windows
  25. Hacking Tools Windows 10
  26. Hacker
  27. Pentest Tools For Ubuntu
  28. Physical Pentest Tools
  29. Hacking Tools For Pc
  30. Nsa Hack Tools Download
  31. Hack Tools For Windows
  32. Bluetooth Hacking Tools Kali
  33. Hacking Apps
  34. Hack Tools Mac
  35. Hacker Tools Linux
  36. Hacker Tools For Ios
  37. World No 1 Hacker Software
  38. Pentest Automation Tools
  39. What Are Hacking Tools
  40. Hacking Tools And Software
  41. World No 1 Hacker Software
  42. Hack App
  43. Pentest Tools Windows
  44. Hacking Apps
  45. Tools For Hacker
  46. Hack Tools
  47. Hacking Tools Online
  48. Hacker Techniques Tools And Incident Handling
  49. Hackrf Tools
  50. Hacking Tools For Windows Free Download
  51. Underground Hacker Sites
  52. Hack And Tools
  53. Hackers Toolbox
  54. Hack App
  55. Pentest Tools Port Scanner
  56. Hacker Tools 2019
  57. Pentest Tools Website
  58. Hacking Tools Windows
  59. Hacking Tools Kit
  60. Pentest Tools Port Scanner
  61. Pentest Tools Github
  62. Hacking Tools For Kali Linux
  63. Hack Tools Pc
  64. Hack Website Online Tool
  65. Nsa Hack Tools
  66. Pentest Tools Review
  67. Hack Tools Online
  68. Hacker Tools Software
  69. Hacker Tools For Pc
  70. Hacking Tools Pc
  71. Hack Tools
  72. Hacker Tools Apk Download
  73. Hacking App
  74. Wifi Hacker Tools For Windows
  75. Hacking Tools Hardware
  76. Hacking Tools For Windows Free Download
  77. Hacker Tools Windows
  78. Pentest Tools Subdomain
  79. Hack Rom Tools
  80. Hacks And Tools
  81. Tools Used For Hacking
  82. Github Hacking Tools
  83. Hacker Tools For Mac
  84. Hack Tool Apk
  85. Pentest Tools For Android
  86. Pentest Automation Tools
  87. Pentest Tools List
  88. Nsa Hack Tools Download
  89. Hack App
  90. Hack Tools For Mac
  91. Hacker Tools Software
  92. Hacker Tools For Pc
  93. Wifi Hacker Tools For Windows
  94. Tools 4 Hack
  95. Pentest Tools Subdomain
  96. What Are Hacking Tools
  97. Hacker Tools Apk Download
  98. Pentest Tools For Ubuntu
  99. Hacking App
  100. Hack Tools For Ubuntu
  101. Hacking Tools Windows 10
  102. Hacker Tools Free
  103. Pentest Tools Apk
  104. World No 1 Hacker Software
  105. Hack Tools Mac
  106. Tools For Hacker
  107. Pentest Tools Port Scanner
  108. Usb Pentest Tools
  109. Hacking Tools For Games
  110. Hacker Tools Free Download
  111. Hack Tools Github
  112. Hack Tools For Mac
  113. Pentest Tools Android
  114. Hacking Tools Name
  115. Pentest Tools Nmap
  116. Hacking Apps
  117. Hacker Techniques Tools And Incident Handling
  118. Hacker Tools For Mac
  119. Hacking Tools 2019
  120. Pentest Tools For Mac
  121. Tools For Hacker
  122. Hacker Tools For Pc
  123. Hacker Tools Apk Download
  124. Free Pentest Tools For Windows
  125. Hacker Tools For Mac
  126. Hacking Tools Hardware
  127. Pentest Tools For Ubuntu
  128. Ethical Hacker Tools
  129. Hack Tools
  130. Pentest Tools Linux
  131. Underground Hacker Sites
  132. Pentest Tools Url Fuzzer
  133. Pentest Box Tools Download
  134. Pentest Tools Download
  135. Hacking App
  136. Best Hacking Tools 2020
  137. Hack Tools For Games
  138. Hak5 Tools
  139. Hack Apps
  140. Pentest Tools Bluekeep
  141. Github Hacking Tools
  142. Hak5 Tools
  143. Pentest Tools Website
  144. Hack Tools Online
  145. Hacking Tools 2020
  146. Growth Hacker Tools
  147. Bluetooth Hacking Tools Kali
  148. Hack Tools Online
  149. How To Install Pentest Tools In Ubuntu
  150. Pentest Tools Windows
  151. Hacking Tools Usb
  152. Pentest Tools Review
  153. Pentest Tools For Ubuntu
  154. Hacks And Tools

Diposting oleh prediksi di 14.37 0 komentar  

Gridcoin - The Bad

In this post we will show why Gridcoin is insecure and probably will never achieve better security. Therefore, we are going to explain two critical implementation vulnerabilities and our experience with the core developer in the process of the responsible disclosure. 
    In our last blog post we described the Gridcoin architecture and the design vulnerability we found and fixed (the good). Now we come to the process of responsibly disclosing our findings and try to fix the two implementation vulnerabilities (the bad).

    Update (15.08.2017):
    After the talk at WOOT'17 serveral other developers of Gridcoin quickly reached out to us and told us that there was a change in responsibility internally in the Gridcoin-Dev team. Thus, we are going to wait for their response and then change this blog post accordingly. So stay tuned :)

    Update (16.08.2017):
    We are currently in touch with the whole dev team of Gridcoin and it seems that they are going to fix the vulnerabilities with the next release.


    TL;DR
    The whole Gridcoin currency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

    What is Gridcoin?

    Gridcoin is an altcoin, which is in active development since 2013. It claims to provide a high sustainability, as it has very low energy requirements in comparison to Bitcoin. It rewards users for contributing computation power to scientific projects, published on the BOINC project platform. Although Gridcoin is not as widespread as Bitcoin, its draft is very appealing as it attempts to  eliminate Bitcoin's core problems. It possesses a market capitalization of $13,530,738 as of August the 4th 2017 and its users contributed approximately 5% of the total scientific BOINC work done before October 2016.

    A detailed description of the Gridcoin architecture and technical terms used in this blog post are explained in our last blog post.

    The Issues

    Currently there are 2 implementation vulnerabilities in the source code, and we can mount the following attacks against Gridcoin:
    1. We can steal the block creation reward from many Gridcoin minters
    2. We can efficiently prevent many Gridcoin minters from claiming their block creation reward (DoS attack)
    So why do we not just open up an issue online explaining the problems?

    Because we already fixed a critical design issue in Gridcoin last year and tried to help them to fix the new issues. Unfortunately, they do not seem to have an interest in securing Gridcoin and thus leave us no other choice than fully disclosing the findings.

    In order to explain the vulnerabilities we will take a look at the current Gridcoin source code (version 3.5.9.8).

    WARNING: Due to the high number of source code lines in the source files, it can take a while until your browser shows the right line.

    Stealing the BOINC block reward

    The developer implemented our countermeasures in order to prevent our attack from the last blog post. Unfortunately, they did not look at their implementation from an attacker's perspective. Otherwise, they would have found out that they conduct not check, if the signature over the last block hash really is done over the last block hash. But we come to that in a minute. First lets take a look at the code flow:

    In the figure the called-by-graph can be seen for the function VerifyCPIDSignature.
    1. CheckBlock → DeserializeBoincBlock [Source]
      • Here we deserialize the BOINC data structure from the first transaction
    2. CheckBlock → IsCPIDValidv2 [Source]
      • Then we call a function to verify the CPID used in the block. Due to the massive changes over the last years, there are 3 possible verify functions. We are interested in the last one (VerifyCPIDSignature), for the reason that it is the current verification function.
    3. IsCPIDValidv2 → VerifyCPIDSignature [Source]
    4. VerifyCPIDSignature → CheckMessageSignature [Source, Source]
    In the last function the real signature verification is conducted [Source]. When we closely take a look at the function parameter, we see the message (std::string sMsg)  and the signature (std::string sSig) variables, which are checked. But where does this values come from?


    If we go backwards in the function call graph we see that in VerifyCPIDSignature the sMsg is the string sConcatMessage, which is a concatenation of the sCPID and the sBlockHash.
    We are interested where the sBlockHash value comes from, due to the fact that this one is the only changing value in the signature generation.
    When we go backwards, we see that the value originate from the deserialization of the BOINC structure (MiningCPID& mc) and is the variable mc.lastblockhash [Source, Source]. But wait a second, is this value ever checked whether it contains the real last block hash?

    No, it is not....

    So they just look if the stored values there end up in a valid signature.

    Thus, we just need to wait for one valid block from a researcher and copy the signature, the last block hash value, the CPID and adjust every other dynamic value, like the RAC. Consequently, we are able to claim the reward of other BOINC users. This simple bug allows us again to steal the reward of every Gridcoin researcher, like there was never a countermeasure.

    Lock out Gridcoin researcher
    The following vulnerability allows an attacker under specific circumstances to register a key pair for a CPID, even if the CPID was previously tied to another key pair. Thus, the attacker locks out a legit researcher and prevent him from claiming BOINC reward in his minted blocks.

    Reminder: A beacon is valid for 5 months, afterwards a new beacon must be sent with the same public key and CPID.

    Therefore, we need to take a look at the functions, which process the beacon information. Every time there is a block, which contains beacon information, it is processed the following way (click image for higher resolution):


    In the figure the called-by-graph can be seen for the function GetBeaconPublicKey.
    We now show the source code path:
    • ProcessBlock → CheckBlock [Source]
    • CheckBlock → LoadAdminMessages [Source]
    • LoadAdminMessages → MemorizeMessages [Source]
    • MemorizeMessages → GetBeaconPublicKey [Source]
    In the last function GetBeaconPublicKey there are different paths to process a beacon depending on the public key, the CPID, and the time since both were associated to each other.
    For the following explanation we assume that we have an existing association (bound) between a CPID A and a public key pubK_A for 4 months.
    1. First public key for a CPID received [Source]
      • The initial situation, when pubK_A was sent and bind to CPID  A (4 months ago)
    2. Existing public key for a CPID was sent [Source]
      • The case that pubK_A was resent for a CPID A, before the 5 months are passed by
    3. Other public key for a CPID was sent [Source]
      • The case, if a different public key pubK_B for the CPID A was sent via beacon.
    4. The existing public key for the CPID is expired
      • After 5 months a refresh for the association between A and pubK_A is required.
    When an incoming beacon is processed, a look up is made, if there already exists a public key for the CPID used in the beacon. If yes, it is compared to the public key used in the beacon (case 2 and 3).
    If no public key exists (case 1) the new public key is bound to the CPID.

    If a public key exists, but it was not refreshed directly 12.960.000 seconds (5 months [Source]) after the last beacon advertisement of the public key and CPID, it is handled as no public key would exist [Source].

    Thus, case 1 and 4 are treated identical, if the public key is expired, allowing an attacker to register his public key for an arbitrary CPID with expired public key. In practice this allows an attacker to lock out a Gridcoin user from the minting process of new blocks and further allows the attacker to claim reward for BOINC work he never did.

    There is a countermeasure, which allows a user to delete his last beacon (identified by the CPID) . Therefore, the user sends 1 GRC to a special address (SAuJGrxn724SVmpYNxb8gsi3tDgnFhTES9) from an GRC address associated to this CPID [Source]. We did not look into this mechanism in more detail, because it only can be used to remove our attack beacon, but does not prevent the attack.

    The responsible disclosure process

    As part of our work as researchers we all have had the pleasure to responsible disclose the findings to developer or companies.

    For the reasons that we wanted to give the developer some time to fix the design vulnerabilities, described in the last blog post, we did not issue a ticket at the Gridcoin Github project. Instead we contacted the developer at September the 14th 2016 via email and got a response one day later (2016/09/15). They proposed a variation of our countermeasure and dropped the signature in the advertising beacon, which would result in further security issues. We sent another email (2016/09/15) explained to them, why it is not wise to change our countermeasures and drop the signature in the advertising beacon.
    Unfortunately, we did not receive a response. We tried it again on October the 31th 2016. They again did not respond, but we saw in the source code that they made some promising changes. Due to some other projects we did not look into the code until May 2017. At this point we found the two implementation vulnerabilities. We contacted the developer twice via email (5th and 16th of May 2017) again, but never received a response. Thus, we decided to wait for the WOOT notification to pass by and then fully disclose the findings. We thus have no other choice then to say that:

    The whole Gridcoin cryptocurrency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

    Further Reading
    A more detailed description of the Gridcoin architecture, the old design issue and the fix will be presented at WOOT'17. Some days after the conference the paper will be available online.

    Read more


    Diposting oleh prediksi di 06.09 0 komentar  

    Langganan: Postingan (Atom)