How to Spot Ingenico Self-Checkout Skimmers

The overlay skimming devices pictured here include their own tiny magnetic read heads to snarf card data from the magnetic stripe when customers swipe their cards. Consequently, those tiny readers often interfere with the legitimate magnetic card reader on the underlying device, meaning compromised self-checkout lines may move a bit slower than others.

Source: How to Spot Ingenico Self-Checkout Skimmers — Krebs on Security

How does iptables hashlimit module work?

Hashlimit is an iptables module that allows one to define rules that in effect will limit traffic speed (bytes / time unit) or frequency (connections / time unit) per target or origin ports / IPs. The inner workings of this module and / or how to make it work correctly remains a mystery for many.

Hashlimit is also close friends with the limit module, only much more powerful, capable of expressing rate limiting per source IP (for example) in a single rule.

Source: Stuff I do: How does iptables hashlimit module work?

Logjam: How Diffie-Hellman Fails in Practice

We have published a technical report, Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, which has specifics on these attacks, details on how we broke the most common 512-bit Diffie-Hellman group, and measurements of who is affected. We have also published several proof of concept demos and a Guide to Deploying Diffie-Hellman for TLS.

Source: Logjam: How Diffie-Hellman Fails in Practice

What should I do?

If you run a server…

If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

Graphics from the command line

This article shows how to perform image manipulation using command-line tools. I do this job quite often, since I’ve picked up a some digital cameras and now manage a library of several thousand happy snaps. For Web developers and administrators who frequently have to batch-process large numbers of images, command line tools are an especially attractive option, because the developer can incorporate them into scripts. But even if you only want to perform a manipulation once or twice, a command-line alternative can save time.

The command line tools discussed in this article are part of the excellent ImageMagick suite, which ships with Red Hat Linux and is freely available online (see Resources). ImageMagick can also be accessed via C, C++, Perl, Python, Java, and several other languages, which Linux programmers will appreciate.

via Graphics from the command line.

how to calculate packet loss from a binary TCPDUMP file

You can measure packet retransmits from the client to the server by counting the number of duplicate sequence numbers.

Packet retransmits from the server to the client can be measured by counting duplicate Ack numbers.

Note that a retransmit is triggered by more than just total loss (= timeout); if the remote machine rejects the packet, or the packet is corrupted, the local machine must also retransmit.

via networking – how to calculate packet loss from a binary TCPDUMP file – Server Fault.

I needed a way to measure this on a wifi network where packet loss can be very high and bursty.  This answer seems relatively simple to implement — just store off  ACK sequence numbers into an array of limited size and count how many times every new ACK matches in that array.  By monitoring this count I can determine where and when certain areas are getting bad and perhaps alert or alarm based upon a certain threshold.

How To Create a Pure CSS Dropdown Menu

With the help of some advanced selectors a dropdown menu can be easily created with CSS. Throw in some fancy CSS3 properties and you can create a design that was once only achievable with background images and Javascript. Follow this tutorial to see the step by step process of building your own pure CSS dropdown menu.

via How To Create a Pure CSS Dropdown Menu.

Also here:  Another Simple CSS3 Dropdown Menu

The beginners guide to breaking website security with nothing more than a Pineapple

What you’re looking at in the image above is a little device about the size of a cigarette packet running a piece of firmware known as “Jasager” (which over in Germany means “The Yes Man”) based on OpenWrt (think of it as Linux for embedded devices). Selling for only $100, it packs Wi-Fi capabilities, a USB jack, a couple of RJ45 Ethernet connectors and implements a kernal mode wireless feature known as “Karma”.

via Troy Hunt: The beginners guide to breaking website security with nothing more than a Pineapple.

But why on earth would a victim connect to the Pineapple in the first place?! Well firstly, we’ve become alarmingly accustomed to connecting to random wireless access points whilst we’re out and about. When the average person is at the airport waiting for a flight and sees an SSID named “Free Airport Wi-Fi”, what are they going to do? Assume it’s an attacker’s honeypot and stay away from it or believe that it’s free airport Wi-Fi and dive right in? Exactly.

How to return to the moon in just four years

In a four-launch scenario, the lander would precede the crew to the moon. The first two launches would be a moon injection stage followed by a lunar lander. These two vehicles would rendezvous in Earth’s orbit before the moon injection stage would send the lander ahead to the moon. The next two Falcon launches would carry a second moon injection stage and then the crew in their capsule/service module. After a similar boost in a moon-injection stage, they would meet up with the lander in lunar orbit.

The rest of the mission would be like the Apollo mission — Americans on the moon, once again taking giant leaps for mankind.

via How to return to the moon in just four years | Fox News.