all repos — site @ 91b442f90bd2c4b7f5672e41a8ec6f4123c0089e

source for my site, found at icyphox.sh 

Remove sketchy text

Signed-off-by: Anirudh <icyph0x@pm.me>
Anirudh icyph0x@pm.me
Tue, 06 Aug 2019 01:21:24 +0530
commit

91b442f90bd2c4b7f5672e41a8ec6f4123c0089e

parent

f55fc2f7d72477266abfbfefa9c2fc2003c8cc8b

2 files changed, 5 insertions(+), 5 deletions(-)

jump to
M build/blog/fb50/index.htmlbuild/blog/fb50/index.html 
@@ -69,7 +69,7 @@
 <p><img src="/static/img/bt_ws_value.png" alt="wireshark write req" /></p>
 
 <p>We attempted replaying these requests using <code>gattool</code> and <code>gattacker</code>,
-but that didn&#8217;t pan out, since the value being written was encrypted.<sup class="footnote-ref&#8221; id="fnref-1"><a href="#fn-1">1</a></sup></p>
+but that didn&#8217;t pan out, since the value being written was encrypted.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup></p>
 
 <h3 id="via-the-android-app">Via the Android app</h3>
 

@@ -181,7 +181,7 @@ (the attacker) needs to authorize that. </p>
 
 <p>To add to that, roughly 15,000 user accounts&#8217; info are exposed via IDOR.
 Ilja, a cool dude I met on Telegram, noticed locks named &#8220;carlock&#8221;, 
-&#8220;garage&#8221;, &#8220;MainDoor&#8221;, etc.<sup class="footnote-ref&#8221; id="fnref-2"><a href="#fn-2">2</a></sup> This is terrifying.</p>
+&#8220;garage&#8221;, &#8220;MainDoor&#8221;, etc.<sup class="footnote-ref" id="fnref-2"><a href="#fn-2">2</a></sup> This is terrifying.</p>
 
 <p><em>shudders</em></p>
 

@@ -208,7 +208,7 @@ with keys. With the IoT plague spreading, it brings in a large attack surface
 to things that were otherwise &#8220;unhackable&#8221; (try hacking a &#8220;dumb&#8221; toaster).</p>
 
 <p>The IoT security scene is rife with bugs from over 10 years ago, like
-executable stack segments<sup class="footnote-ref&#8221; id="fnref-3"><a href="#fn-3">3</a></sup>, hardcoded keys, and poor development 
+executable stack segments<sup class="footnote-ref" id="fnref-3"><a href="#fn-3">3</a></sup>, hardcoded keys, and poor development 
 practices in general.</p>
 
 <p>Our existing threat models and scenarios have to be updated to factor 

@@ -233,7 +233,7 @@ <p><a href="https://www.pentestpartners.com/security-blog/pwning-the-nokelock-api/">This</a> article discusses a similar smart lock, but they broke the encryption.&#160;<a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">&#8617;</a></p>
 </li>
 
 <li id="fn-2">
-<p>Thanks to Ilja Shaposhnikov (@drakylar) for bruteforcing the IDs and sharing the data dump.&#160;<a href="#fnref-2" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">&#8617;</a></p>
+<p>Thanks to Ilja Shaposhnikov (@drakylar).&#160;<a href="#fnref-2" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">&#8617;</a></p>
 </li>
 
 <li id="fn-3">
M pages/blog/fb50.mdpages/blog/fb50.md 
@@ -192,7 +192,7 @@ * S. Raghav Pillai ([@_vologue](https://twitter.com/_vologue))
 * Shubham Chougule ([@shubhamtc](https://twitter.com/shubhamtc))
 
 [^1]: [This](https://www.pentestpartners.com/security-blog/pwning-the-nokelock-api/) article discusses a similar smart lock, but they broke the encryption.
-[^2]: Thanks to Ilja Shaposhnikov (@drakylar) for bruteforcing the IDs and sharing the data dump.
+[^2]: Thanks to Ilja Shaposhnikov (@drakylar).
 [^3]: [PDF](https://gsec.hitb.org/materials/sg2015/whitepapers/Lyon%20Yang%20-%20Advanced%20SOHO%20Router%20Exploitation.pdf)