The API as an Attack Vector

--Originally published at Barros Creations LLC

The high-level goal of an API hack might be to get access to credit card numbers, user passwords, emails and phone numbers. A single attack is often just a step on the way. To get to those credit card numbers, we have to learn about a system’s underpinnings and its weaknesses. We have to pry around to find out how it works and what ists vulnerabilities are.



The 3 Laws Of Ethical Hacking

--Originally published at Barros Creations LLC

1- “A hacker may not injure a human being or through an action, allow a human being to harm from hacking.”

2- “A hacker may not injure a human being or through an action, allow a human being to harm from hacking.”

3- “A hacker must protect it’s own privacy and the privacy of others as long as such protection does not conflict with the first or second law.” 



Total Surveillance is the Enemy Innovation

--Originally published at Barros Creations LLC

“I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve create life in our own image.”


Stephen Hawking

In an almost-present future, we’ll have zero privacy. From what we know to what we say, where we are at all time will be known to some there entity that is not us. This will cast a shadow over our lives, our minds, our emotions. Casting the normal human state of mind into an abyss of uncertainty.

Personal freedoms, civil rights, new ways of doing, thinking, speaking, dressing or undressing, science and philosophy, religion, fashion or cooking or smoking. Anything really new breaks existing canons, the rules, laws, habits, and understandings of the established order.

Total surveillance protects everything starting with status quo.

During our existence mankind has been very preoccupied in the dealings each and every one of us. In order to coexist, our privacy began to crumble has time went by. Every single person became someone important and had something to share to the world. Behold all the disruptive liberties and the inventions that upended public and private incumbents. Now imagine how many would have been killed in the womb under a total state and private surveillance blanket.

“Anything that sticks out gets pounded.”

When asked why Google doesn’t encrypt the user data that it stores, Vintone Cerf, the revered internet pioneer turned Google’s PR person, sorry, VP and chief evangelist, serenely admits that doing so would conflict with Google’s business model and disrupt user features.

“At public events, Vint Cerf, a Google employee who was an early architect of the internet, has said that encrypting information while it is stored would prevent Google from showing the

Continue reading "Total Surveillance is the Enemy Innovation"

Attacking The GPU

--Originally published at Barros Creations LLC

GPU-accelerated computing has become a modern solution to many developers as it has diverse functions in scientific computing, database systems, and cloud environments. With various performance needs and it’s powerful cycles can accelerate CPU processes. All this may be very promising, but at the end everything in computing has a downside.

Graphics processing units (GPUs) are important components of modern computing devices for not only graphics rendering, but also efficient parallel computations. However, their security problems are ignored despite their importance and popularity.

Possible Attack Vectors

Unpacking and Run-Time Polymorphism

Direct Memory Attacks

Framebuffer and Screen Capture

Password Cracking and File Decryption

Botnet Services