SSLv2 redux: patching Go crypto/tls to work with IE6

tl;dr: Go crypto/tls servers can't understand a sad SSLv2-flavored compatibility trick IE6 and JDK 5/6 do, I updated a patch, don't use it. While doing large scale TLS measurement with a Go crypto/tls server for CloudFlare, I started seeing this error score pretty high in my… »

"Automated Testing with go-fuzz" @ GothamGo

In October I presented at GothamGo in NYC about what fuzzing is and how it can help you find bugs early in day to day development if you integrate it in your workflow. I specifically focused on Dmitry Vyukov's go-fuzz and provided an example of how I used it to… »

Creative foot-shooting with Go RWMutex

Hi, I'm Filippo and today I fucked up. I introduced (and caught in staging) a deadlock in RRDNS which didn't show up in tests. Unreleased RLock won't blow up until you call Lock. Read about it on the CloudFlare blog. Creative foot-shooting with Go RWMutex | CloudFlare Blog (archive)… »

Building Python modules with Go 1.5

tl;dr: with Go 1.5 you can build .so objects and import them as Python modules, running Go code (instead of C) directly from Python. Here's the code. The Go 1.5 release brings a number of nifty changes. The one we will be playing with today is the… »

DNS parser, meet Go fuzzer

I ran go-fuzz against and found some interesting crashers. I documented the whole process on the CloudFlare blog. There's a bonus: fuzzing is not only for crashes! DNS parser, meet Go fuzzer | CloudFlare Blog (archive)… »

A deep look at CVE-2015-5477

CVE-2015-5477 is a scary DoS in BIND9 capable of triggering a crash with a single packet. I interleaved the vulnerable code with my investigation of the bug on the CloudFlare blog. A deep look at CVE-2015-5477 | CloudFlare Blog (archive)… »


Here's a fun PoC I built thanks to Ben's dataset. I don't want to ruin the surprise, so just try this command. (It's harmless.) ssh For the security crowd: don't worry, I don't have any OpenSSH 0day and even if I did I wouldn't burn them on… »

Quick and dirty annotations for Go stack traces

When, like RRDNS, you have tens of thousands of goroutines stack traces become meaningless quickly. You know that a listener goroutine is stuck, but what's special about it? My trick is passing a recognizable integer to the goroutine when starting it. Read more details on the CloudFlare blog. Quick and… »

Technical notes: convert a partition image to a bootable disk image

I decided I will blog short technical guides when I do something undocumented. These are probably of zero interest to the blog followers and are just meant for Google. If they annoy, tell me and I'll get a wiki or something. I am moving a machine off Linode (old style… »

Setting Go variables at compile time

The tl;dr is that the Go linker -X option is awesome. Read about it on the CloudFlare blog. Setting Go variables from the outside | CloudFlare Blog (archive)… »

Go has a debugger—and it's awesome!

godebug is a clever Go debugger that rewrites the source of your program on the fly to enable breakpoints and stepping. Read about it on the CloudFlare blog. Go has a debugger—and it's awesome! | CloudFlare Blog (archive)… »

How Plex is doing HTTPS for all its users

This week Plex, a self-hosted media server, announced that they now offer TLS to secure all connections, including those to the user's servers. This is actually pretty interesting. Background A quick overview of the Plex architecture to understand why this is different from the average HTTPS deployment. The server is… »

Logjam explained

Logjam is a downgrade attack against the TLS protocol itself which exploits EXPORT ciphersuites. I wrote a long explanation of how the attack works and its background (what Diffie-Hellman is and how exactly it's used in the TLS handshake) on the CloudFlare blog. Logjam: the latest TLS vulnerability explained | CloudFlare… »

The unofficial Chrome SHA1 deprecation FAQ

Chrome is visually penalizing long-lived SHA1 HTTPS certificates. The information about it is a bit scattered around so I'm writing this to provide a complete and hopefully correct overview. Just give me the tl;dr If your certificate is expiring after Dec 2015 and: it's signed with SHA1, or one… »

The sad state of SMTP encryption

This is a quick recap of why I'm sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it. SMTP SMTP is the protocol that mail servers talk between them to deliver mail. Standardized in 1982 it used to be, unsurprisingly, 100%… »

Komodia/Superfish SSL Validation is broken

If you are on the ball already and just want the new vulnerability, scroll to the "client side SSL verification" section. tl;dr The Komodia/Superfish proxy can be made to allow self-signed certificates without warnings. Recap Some Lenovo laptops shipped with Superfish preinstalled - an ad injecting software. How… »

Make your own Superfish infected VM

Hello, a quick post to allow everyone to play along at home with this Superfish thing. (In case this isn't clear: this post is for security professionals only) Disclaimer: sleep deprived and exhausted. Been working on Badfish for 16 hours now, expect inconsistencies. If you don't know what this is… »

So I lost my NAS password

I got my WD My Book World Edition II NAS out of the closet. The reason it went in the closet is that I locked myself out of SSH access, and in the meantime I forgot most of its passwords. Still, I need a NAS, so let's get it back… »

scrypt all the things!

If you take away only one thing from this post let it be this: If you have a human password, scrypt it. The reason passwords suck is because humans are terrible at generating and storing entropy. (That and password reuse, but that's another story.) And the reason that's a problem… »

PSA: enable automatic updates. Please.

I want you to do a quick inventory of all the boxes, VPS, servers etc. you have root on. Ok, now tell me, when is the last time you updated the one you almost forgot about? Is it vulnerable to ShellShock? Is it vulnerable to Heartbleed? Go patch it now,… »