Recently a (quite wasteful) tax metering system upgrade generated loads of e-waste and a good source of dumpster diving. I scored a set of such tax metering hardware for PCs. I got the disused boards and peripherals, but not the computer itself.
I decided to check how much of the disused system I can repurpose and reuse in my own designs.
I am pretty surprised to find out this is happening when I was debugging my L2TP/IPSec tunnel: someone is trying very hard to guess my root password over SSH. A quick check proved to me that my private cloud is under attack too.
Somehow destiny brought me to StartSSL, a company that provides free SSL certificates. This prompted me to replace all existing CACert certificates and enforcing SSL on all publicly available entry points: blogs, bug tracker and git code repository.
If you have previously added the CACert root certificate to access my website, please remove them now as public entry points no longer requires that, and new entry points will be added with similar StartSSL (or other free services’) certificates.
I have finalized the negotiation with the professor I preferred to cooperate with and she agreed to green-light my proposal as my graduation thesis project, Subtitler Pro, the computer assisted translation software based on an old project of mine called DST which was built for the translation community I still am part of, and my pending patent CN 201410215960.X, with an optional special request that I can make the final product an app that she can use. This special request made my life a little bit more difficult.
Long sentences and crazy brackets ahead. Read with care and maybe a piece of paper to assist parsing and understanding.
Before I say anything on this post, I hereby urge you to change your VyRT password immediately, as well as any services that shares a same password with it, NOW! Read on to see why.
This is going to be the most disturbing part of this series on VyRT hacking. Brace yourself when reading.
After the hacker dumped the database of VyRT, they can start dwelling in their lair of evil and start figuring out your passwords. If you are technologically savvy you may start to think that it would take them forever to figure out those securely hashed passwords one by one. No, think again before proceeding.
Recently news came that the official community website of the band 30 Seconds to Mars was hacked and information leaked. No public information is available yet, but I think I have a theory how this hacking worked, and how you Echelons can minimize damage.
This post is going to be a little bit hard on tech bits, so proceed with care. If you are greeted with some strange concept, Wikipedia will be your friend.
So after all the mucking and messing I finally set up bcache on my desktop, running Ubuntu 14.04. I followed a modified procedure by my friend John and his article here (in Chinese) so I am rounding it up here, starting from a computer without an OS.