Cubic

Today we do a deep dive into a portion of the Portable Executable (PE) file format and discover some rather broken behavior in the Microsoft Windows OS that causes some processes to not start up because the Windows loader gets confused about what a RVA is. The PE file format is how all executables (i.e. EXEs) and things containing executable code (e.g. DLLs) are loaded into memory and run. It's a highly structured file format and has many features not found in other executable formats for other OSes and has many nuances and details surrounding it, some of which are intentionally obscured. One of the more complicated concepts for someone coming into the PE file format to understand is the Relative Virtual Address, or RVA for short. Microsoft defines the RVA as: "The address of an item after it is loaded into memory, with the base address of the image file subtracted from it in an image file." Another way of saying it is that a RVA is the offset from the base addre

A couple of years ago, Equifax was breached and huge tracts of data were dumped. The Equifax CEO and other leadership dumped a bunch of stocks days after discovering the hack and a month prior to the announcement for "unrelated reasons" (yeah, right). The apology by the CEO for the data breach rang hollow with everyone and he eventually stepped down with a $90 million USD golden parachute. The breach was partially caused by lax policies regarding keeping the software running on their servers up to date. But no one in the software security industry was shocked that any of this happened - it's the same old story of greed, lax security policies, and not regularly pentesting infrastructure. The news this week is covering the landmark FTC settlement with Equifax and a page on the FTC website has been set up that links to the Administrator website for the claim proceedings: https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement The d

Hello, it is 2019. We've been computing together for over 50 years. And then there's this: Text in the ANSI 16 color palette that, for some strange reason, is a thing that still exists. Okay, I get it. Most of us who use the terminal (aka console, Command Prompt, whatever you prefer to call it) are down to earth, get the job done software developers and system administrators and not graphics design artists. But isn't that just a teesy, tiny bit painful to look at? And isn't this almost 2020? Many of the text bits are quite unreadable - the black text on black background in the above image is especially invisible. And the colors you can see for the most part just yell, "I'm a color! Look at me for an extended period of time and get a free headache!" Sure, each and every user can usually change default colors to something else but these are the default colors. Actually, it is worse than that, excluding the usually but not always configurable

Who here has sunk hours of time into efficiently handling the web browser's window resize event? [Raises hand.] What part of your user base is actively resizing their browser window to see if you efficiently handle the window resize event? [Uh... 0.0000000001%?] Stop doing that. No one cares. (I also thought about titling this post, "How to identify a web developer with just one question" but still including a similar level of snarkasm.)

While I was updating jQuery Fancy File Uploader to support recording video and audio from webcams, microphones, and other media sources, I ran into an interesting web browser security related problem that appears to affect all major web browsers that support the MediaRecorder API . From the Developer Tools console of your favorite web browser, run this one-liner: navigator.mediaDevices.enumerateDevices().then(function(devices) { console.log(devices); }); Then go to another page on the same domain and repeat the process. Try it in a new tab. As of this date, in both Firefox and Chrome (untested in Edge), it looks like the 'deviceId' of each attached hardware audio/video device remains static across a domain during a single browser session. Since a lot of people leave their web browsers open for long periods of time, this information can be used to track a user's activity across a single domain without using cookies or localStorage. The user is also not alerted to