For the "Stealing the Password File" attack what they're actually getting is a list of users, not the hashed passwords. Hashed passwords are stored in /etc/shadow in all recent (at least early 90s) systems. This is…
This is, as far as I can tell, telling time in decimal. The metric (si) unit of time is the second. To "tell time in metric" one would use si prefixes, as is done in e.g. Vernor Vinges A Deepness in the Sky. One…
> commercially, GENERALLY in return for a fee (generally is emphasized by me) The argument can be made that showing someone ads in return for services is offering things commercially. C.f. free tv channels with…
>>> But this is still a risk, as the link to the app that does the syncing could be blocked to maintain a vulnerability >>If you can mitm the dns or ip you can still do this even with https. >Strictly speaking you'd…
> But this is still a risk, as the link to the app that does the syncing could be blocked to maintain a vulnerability If you can mitm the dns or ip you can still do this even with https. > downgraded to a vulnerable…
That was my original thought as well but since cdn.qbaka.net was just a cname to their real cdn it wouldn't have worked. Unless they gave their private ssl key to the cdn provider, which is really not recommended.
Or possibly stop with the death penalty all together.
For the "Stealing the Password File" attack what they're actually getting is a list of users, not the hashed passwords. Hashed passwords are stored in /etc/shadow in all recent (at least early 90s) systems. This is…
This is, as far as I can tell, telling time in decimal. The metric (si) unit of time is the second. To "tell time in metric" one would use si prefixes, as is done in e.g. Vernor Vinges A Deepness in the Sky. One…
> commercially, GENERALLY in return for a fee (generally is emphasized by me) The argument can be made that showing someone ads in return for services is offering things commercially. C.f. free tv channels with…
>>> But this is still a risk, as the link to the app that does the syncing could be blocked to maintain a vulnerability >>If you can mitm the dns or ip you can still do this even with https. >Strictly speaking you'd…
> But this is still a risk, as the link to the app that does the syncing could be blocked to maintain a vulnerability If you can mitm the dns or ip you can still do this even with https. > downgraded to a vulnerable…
That was my original thought as well but since cdn.qbaka.net was just a cname to their real cdn it wouldn't have worked. Unless they gave their private ssl key to the cdn provider, which is really not recommended.
Or possibly stop with the death penalty all together.