Verified the OnBase hardcoded secrets issue today. On Hyland.Applications.Web.EpicAESEmcrypionPtovider.Decrypt (or something like this) they do indeed initialize all IVs with 0s & never update the IV before use. Presumably symmetric on the server side. Ref: https://packetstormsecurity.com/files/159102/hylandonbase-hardcoded.txt
Now... I don't see anywhere where this method is called, a d there are some more concerning hardcoded key material areas, but more research is needed...
Guard retention was good enough to execute some chokes with open to closed guard transitions. Lasso sweep still functioning. Preemptive framing was practiced & almost successful in a live drill... but not quite. I tried though and I think I want to try more.
Everything was a lot slower being out of practice.
Me reading anything about Bitcoin history expecting a simple things like "a privacy advocate changes world" but instead getting stuff like:
Bitcoin's mysterious creator, Satoshi Nakamoto, who are they? Why did they create Bitcoin? We're they alone... Or were they visited by extraterrestrials? Tonight at 8 we investigate on unsolved mysteries.
I'm on a road trip & this is my choice contemplation... Can the principles of diaspora be brought to a P2P ride share competitor? How about just a generic replacement "gig economy?"
Having strangers post photos on your phone is one thing, how do you balance that trust to let them in your home? Web of trust models, cross signing identity data, aggregating local community signatures (friends, maybe friends of friends)?
I like computers:
Code at github.com/catatonicprime
I like activities:
- Brazilian Jiu Jitsu
Posts are whatever I feel like posting at the time.
This is a brand new server run by the main developers of the project as a spin-off of mastodon.social It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!