thekos's comments

thekos · on Jan 19, 2017

LastPass does actually know URLs. After logging into LastPass.com, you can navigate to https://lastpass.com/getaccts.php (only accessible post authentication with a valid session cookie.)

This will return an XML document with your vault data. Most of it is encrypted, however an URL parameter is encoded as hex, in plaintext. I am able to look at all URL. They could be storing the blog fully encrypted in a server datastore, but at some point, the LastPass servers are handing the client non-encrypted URLs.

thekos · on Feb 2, 2016

Taviso has been on a rampage.

derFunk · on Feb 2, 2016

Yeah I forgot to mention Sophos. I'm glad we have him.

knd775 · on Feb 2, 2016

Don't forget FireEye

thekos · on March 6, 2015

Yep. Here's the code from nginx: https://github.com/nginx/nginx/blob/master/src/http/ngx_http...

pests · on March 7, 2015

Thanks! I knew I read about that years and years ago but wasn't sure if it was still true.

thekos · on Sept 8, 2014

You can go back further by modifying the startTime parameter in the download link.

https://maps.google.com/locationhistory/b/0/kml?startTime=14...

jacquesm · on Sept 8, 2014

Oh my, a hacker. Better be careful.

http://theblot.com/man-jailed-because-feds-dont-understand-c...

thekos · on May 29, 2014

This works also, and doesn't require a hosted file: https://xss-game.appspot.com/level6/frame#data:text/plain,al...

thekos · on Dec 20, 2013

SSH tunneling, of course!

But seriously, the github wiki says that it uses SSL also.

thekos · on Nov 25, 2013

Here's the direct streams:

http://livestream-f.akamaihd.net/142499_129958_13c898be_1_20...

Or lower quality: http://livestream-f.akamaihd.net/142499_129958_13c898be_1_55... http://livestream-f.akamaihd.net/142499_129958_13c898be_1_15...

thekos · on Oct 6, 2013

They are claiming, over their twitter account, that the email was faked:

https://twitter.com/purevpn/status/386700121053736963

workhere-io · on Oct 6, 2013

Guys, email tht u received is a fake. v r NOT closing down nor hav ANY legal issue of ANY sort.

Wow. I seriously would not pay any money to a company that communicates like that.

gbraad · on Oct 6, 2013

So, compromised instead... Seems I am not the only one thinking this.

https://mobile.twitter.com/TeamAndIRC/status/386703066285633...

Especially if only account owners have been mailed (which I am not, BTW). And what is up with the unprofessional response on twitter: V r ?

tmikaeld · on Oct 6, 2013

Oh man, come on!

I know Twitters can be hard to read but that is just unprofessional.

It looks like a kid wrote it.

thekos · on Sept 24, 2013

Update URL can be found here: http://www.huluwa.org/download/platfrom/android/update.json

thekos · on May 13, 2013

From the #linode IRC channel, caker (CEO) states it was a segfault in bind.

13:53:14 caker@ : They operate completely independently, other than loading from the same zones. This looks to be a segfault in bind itself

JosephRedfern · on May 13, 2013

Isn't having two independent name-servers supposed to prevent this kind of thing?

thekos · on May 13, 2013

Appears that it cascaded across all of their nameservers. Seems like it could be an attack (remote or local DoS condition bug, since all users can create their own zones), or maybe just a random bug - hopefully they'll update us.

JosephRedfern · on May 13, 2013

Weird!