> 1000 Guesses/Sec (Plausible attack on a weak remote web service. Yes, cracking a stolen hash is faster, but it's not what the average user should worry about.)
Very high when someone accidentally forwards it in an email, copy / pastes too much into a document etc. The attack vector isn't someone randomly guessing the URL.
> This probably depends on where you are using it. If I understand correctly, it tells an attacker that you have _something_ to hide, but gives no clue as to any metadata, such as the size of what you're hiding or how often it was updated.
Which brings you right back to the problem illustrated in the XKCD comic up top. As soon as you know they have something to hide you whack them until they tell you.
Getting sick of Internet-ending vulnerabilities yet? Of course not! Especially when there's a redacted abstract to pick apart and guess on!
A slice of context: neither Sotirov nor Applebaum would bank their reputations on a publicity stunt; they're both well-respected.
Is it SSL? Then why does the redacted text say "even so-called secure...". Is it a js/DOM issue? Then what's the word "infrastructure" doing there?
I'm feeling mildly Thawte about this. The attack was impractical before, exploits known weaknesses, but is possible now that [redacted], and leaves a criminal in possession of something. Known weaknesses that haven't been probed well feels maybe RNG-y. Maybe you can request a zillion personal Thawte certs and bust a pool of entropy.
> presumably an attacker will just use the local process to observe and develop a method to defeat it.
If they can do that then the whole method fails anyway.
Besides, I think the set of your average revenge porn idiots intersected with those that are capable of defeating the hashing scheme in order to do their dirty deed is going to be exceedingly small.
False equivalence. There is a huge difference between the significant effort required to break these big sites, and then a script-kiddie running a wifi sniffer at a Starbucks.
>>> a browser opened a malicious website in the guest OS is exploited, a browser sandbox escape is made to gain full ring 3 access, an operating system vulnerability is exploited to pave a way to ring 0 from where there are anything you need to attack a hypervisor from the guest OS.
I cracked several games in the end of the 80's but that was nowhere as hard as this seems to be. How do researchers find the time to go so deep in their analysis ? Where do they learn ?
Anyway, the code analysis showed by the author is really good. That's so much clever than old school "replace this check by NOP's" :-) Kudo's
> A random website? Absolutely, 99.999% of the Web is safe. But we're talking about a site which is specifically compromised with malware.
Well, we don't know that, actually. The info given on the PE site say that the attacker gained access to the server and modified the database. Do you have proof that it's serving up malware to visitors?
In any case, it's an odd situation and an odd response from Project Euler. It doesn't seem like a complicated enough site to get hacked in a mysterious undetermined way.
> 1000 Guesses/Sec (Plausible attack on a weak remote web service. Yes, cracking a stolen hash is faster, but it's not what the average user should worry about.)
reply