I tried to report two issues to Facebook over the years. Neither was major, but they were both issues in my opinion. That said, they didn’t really hurt anyone that I could tell, so when they denied that they were issues I just let it sit. But now I want to document them so that others can learn from their mistakes if they so choose.
I recently got a Microsoft Band and as such I have been reading about what I can do to hack on it, and make it do what I want it to do. One of the first things I noticed was that the Associated Press Tile says “Associated Press” along the top of every screen which I found quite annoying. So I read a bit about the Web Tiles and found out that they are really just a manifest file and some icons in a zip archive. So I decide to try and fix the AP tile to work the way I wanted to.
This challenge was a rather simple reversing problem. Me and Javantea worked on this.
The hint for this challenge was:
At first this challenge looked like a Web challenge. The first problem that popped out when looking at the website was the use of ?page=about. Anytime I see a website that has a page= query parameter the first thing I want to try is directory traversal. And in this case just like in many other CTFs it turned out to be the correct path to start down. Although in this case it was just the beginning.
The challenge that I found the most enjoyable, and as such wanted to write about from the Boston Key Party was Airport (Crypto 500). This challenge’s hint made it clear that the goal was to do some kind of timing attack. It said:
While working at SI a portion of our time gets to be spent on research projects. I chose to use some of this time to take my capstone project from college (infsek.tk) and open source it as Want2Hack.com. In this process Security Innovation also allowed me to set up an instance of the site to be hosted by them as a training ground for aspiring Security Professionals to practice their skills in a safe environment, and experienced security researchers to demonstrate their latest findings.