Page 1 of 1
I really don't miss VB6
Posted: Mon Mar 07, 2016 2:01 pm
by dandymcgee
Was browsing StackOverflow to see if the CLR has a decent generic sorted list implementation, and got a good chuckle from this heavily downvoted (yet inarguably creative) proposal:
http://stackoverflow.com/a/196615/770230
Like I said: I
really don't miss VB6.
Re: I really don't miss VB6
Posted: Fri Mar 11, 2016 3:03 am
by K-Bal
That is hilarious in a horrible way.
Re: I really don't miss VB6
Posted: Fri Mar 11, 2016 3:22 am
by bbguimaraes
This reminds me of that software (can't remember which one) that, instead of generating a random number locally, made a http request to some website. And it was worse, because they didn't check for errors, so one day the website went down (or changed the api, or something) and now all clients had the same seed: the error message. I think that was the most shameful vulnerability I've ever head of. Does anyone remember what I was?
Re: I really don't miss VB6
Posted: Sat Mar 12, 2016 12:17 pm
by dandymcgee
bbguimaraes wrote:This reminds me of that software (can't remember which one) that, instead of generating a random number locally, made a http request to some website. And it was worse, because they didn't check for errors, so one day the website went down (or changed the api, or something) and now all clients had the same seed: the error message. I think that was the most shameful vulnerability I've ever head of. Does anyone remember what I was?
Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Re: I really don't miss VB6
Posted: Mon Mar 14, 2016 5:31 am
by bbguimaraes
dandymcgee wrote:Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Just spent half an hour heavily searching my brain/the internet,
here it is. I recommend reading the entire article. When they say "a comedy of programming errors", they really mean it:
The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.
And that's what protected the bitcoin wallets of users.
Re: I really don't miss VB6
Posted: Mon Mar 14, 2016 6:22 pm
by dandymcgee
bbguimaraes wrote:dandymcgee wrote:Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Just spent half an hour heavily searching my brain/the internet,
here it is. I recommend reading the entire article. When they say "a comedy of programming errors", they really mean it:
The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.
And that's what protected the bitcoin wallets of users.
Why did I know it was going to be random.org before you even posted this..? Rofl.