Author Archives: hph
O Factor, Where Art Thou?
The DHL Packstation is a great thing. Think of it as a vending machine. But instead of sweets and soda, this one dispenses precious DHL parcels. And instead of quarters and dimes it takes a swipe card and a one-time-password … Continue reading
#Phreaking2016: Authentication Flaw in O2 (Telefónica) ACS
Today, the details on a major authentication flaw in the Auto Configuration Server (ACS) of the German ISP O2 (Telefónica) were released. A tl;dr could be “Tell me your IPv4 address and I may place and accept phone calls on your behalf!”. … Continue reading
New domain, new certificate, new server
Recently, I have purchased the domain heinrichs.io as the IO top-level domain was one of the very few which still had “heinrichs” (my surname) available as a second-level domain. It is meant as the successor of hph.name. Simultaneously, I purchased a … Continue reading
How FTPRush encrypts site passwords
FTPRush (formerly known as “UltraFXP”) is a popular closed-source freeware FTP Client for Windows and comes with some handy features. If the user chooses to store site passwords FTPRush applies some cryptography to the plaintext password before writing it to … Continue reading