My Stack Simulator, (Wed, Jul 8th)

The stack is a memory region where a program stores temporary data -&#;x26;#;xc2;&#;x26;#;xa0;like local variables and return addresses. Think of the stack as a pile of plates in your kitchen: you can only add a new plate to the top, and you can only take one away from the top too. Programs use this same “last in, first out” principle to keep track of what they&#;x26;#;39;re doing. Every time a function is called, the program pushes a new plate onto the stack containing things like local variables and the address to return to once the function finishes. When the function is done, that plate is popped off the top, and execution resumes exactly where it left off. This simple mechanism is what allows programs to call functions&#;x26;#;xc2;&#;x26;#;xa0;within functions, and always find their way back -&#;x26;#;xc2;&#;x26;#;xa0;but it&#;x26;#;39;s also precisely why a stack that grows too large, or gets overwritten with unexpected data, becomes a favorite target for attackers looking to hijack a program&#;x26;#;39;s execution flow.

Continue reading My Stack Simulator, (Wed, Jul 8th)

Posted in Uncategorized

More Odd DNS Records: NIMLOC, (Tue, Jul 7th)

Yesterday, I talked about NAPTR records and how they are related to RCS. But there is another “odd” record that shows up in my DNS logs. This one isn&#;x26;#;39;t new, but I don&#;x26;#;39;t think I ever covered it: NIMLOC. At least that is what Zeek calls it. But let&#;x26;#;39;s see what it is all about.

Continue reading More Odd DNS Records: NIMLOC, (Tue, Jul 7th)

Posted in Uncategorized

RCS and DNS: The NAPTR Record, (Mon, Jul 6th)

Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was “bolted on” to existing voice-focused phone standards. The SMS standard was based on old-fashioned pagers and allowed for limited clear-text communications. RCS is built from the ground up around modern IP-based network infrastructure and behaves more like IP chat services (think iMessage, WhatsApp…). RCS defines the message format, while protocols like SIP are used to establish connections and transport messages.

Continue reading RCS and DNS: The NAPTR Record, (Mon, Jul 6th)

Posted in Uncategorized

Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)

This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It’s pretty popular, so a juicy target for criminals. In February, I already mentioned a campaign against them[2].

Continue reading Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)

Posted in Uncategorized