April 2018 – v3ritas.TECH

Nintendo Switch Homebrew

2018 April 252018 May 1 v3ritasLeave a comment

I’ve been keeping an eye on this scene for a while now, eagerly awaiting the release of Fusée Gelée from Kate Temkin since she revealed the capabilities of the flaw. I’m a huge fan of releases like these that let you have more control over the system that you purchased, whether it be rooting an Android device, jailbreaking an Apple one, or getting Custom Firmware running on a Nintendo 2/3DS. I like those processes because it opens the platform to more customization, & not because of the ability to pirate games. Unfortunately, that part almost always follows when these techniques get released, which ends up giving users who want more open platforms a bad name.

Ethics aside, I am excited to get started on this myself.
– Kate Temkin: Hardware Hacker: FAQ: Fusée Gelée
– GitHub: reswitched / fusee-launcher
– fail0verflow: ShofEL2, a Tegra X1 and Nintendo Switch exploit
– GitHub: fail0verflow / shofel2
– GitHub: fail0verflow / switch-arm-trusted-firmware
– GitHub: fail0verflow / switch-coreboot
– GitHub: fail0verflow / switch-u-boot
– GitHub: fail0verflow / switch-linux

EDIT: 20180501: Well I worked on this over the weekend, & was at least able to get the Fusée Gelée display:

Used a paperclip to bridge ports 1 & 10.

Twitter Austria & Storing Plaintext Passwords?

2018 April 92018 April 9 v3ritasLeave a comment

Just found this great Twitter thread: @c_pellegrino: Does T-Mobile Austria in fact store customers’ passwords in clear text @tmobileat? @PWTooStrong @Telekom_hilft

Does T-Mobile Austria in fact store customers’ passwords in clear text @tmobileat? @PWTooStrong @Telekom_hilft https://t.co/ydFdVRWgE4

— Claudia Pellegrino (@c_pellegrino) April 4, 2018

Something good that came out of this (just for me I guess), was finding out about this web site: Plain Text Offenders.

Caution Around Answering “Security Questions” Accurately

2018 April 92018 April 9 v3ritasLeave a comment

A post by Brian Krebs on his site, https://krebsonsecurity.com prompted me to write up a post as well.
He accurately recommends not answering those Social Networking questionnaires that ask for things like “What was your first car?” or “What was your favorite teacher’s name?”, with accurate (or even ANY) details. I’m sure for many people, it’s already too late, so there is definitely another alternative: Go back to any site where you did answer these common questions, & change the answers to something else, i.e.: the answer to a different question, or just garbage text. See below for an example:

What is the name of your favorite band?
New York Yankees
-OR-
Up)43!z*mP9*KXe!dChC*XLP4(mKAX)z (A random password, generated from DuckDuckGo: password 32 strong)

While the second answer may be a bit of overkill, if you are using a password manager, it’s not that hard to just make note of the Security Question answer if needed in the future.

I think I may have already posted about Password Manager options, but possibly time to take another look at what’s out there, & write up some of the ones that stand out to me. I started with Dashlane, but have since moved to KeePass (Specifically KeePassXC) due to the number of recent breaches of various companies. Using KeePass puts me in control of where I store my password databases.

Source: Krebs on Security: Don’t Give Away Historic Details About Yourself