Title text: The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code.
| This explanation may be incomplete or incorrect: The main joke from the caption, that this is not dramatic revelation, like Cueball seems to think (sarcasm?) is not mentioned yet.|
If you can address this issue, please edit the page! Thanks.
While publishing email addresses on websites, people often add space between parts of the email. For example, [email protected] may be written as john dot doe at example dot org. This is to prevent the page scraping bots from harvesting email addresses, which may in turn be sold as address lists for email marketers.
In this comic, Ponytail tells Cueball that there is a tool which can delete such spaces. Such a tool can fix the space and most likely convert the words "dot" and "at" into their respective symbols. This will overcome the problems faced by such harvesting tools, and make these email addresses more prone to receive spam. Cueball appears shocked to hear this news, but given the caption below this is likely sarcasm by Randall. In fact, it is quite simple to devise a program which detects and converts/removes such spaces; it's naive to believe that one can simply write their address in a slightly more complex way to prevent it from being harvested.
This comic is referencing a leak by WikiLeaks that compromises thousands of hacking exploits (thus the title) and programs from the CIA on the day before this comic was released, March 7 2017. (See for instance this article: WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets). Many of the tools that were in the leak were similar to publicly available tools, or not entirely unexpected, with several coming from sites such as StackOverflow and reddit.
The title text references more interesting-sounding, but useless, parts of the dump:
- Millions of prime factors: Prime factorization can be used to break a RSA cipher by turning a large number into prime factors: this is a very hard problem, which is what makes the cipher secure. A list with many prime factors, however, is easy to generate, however, the chance of one of the numbers on the list being a prime factor for the number used in the RSA cipher is very slim. That said, some key generation systems have been shown to re-use prime factors with catastrophic impacts 1 2 so this could be a reference to a list of known shared primes.
- A 0-day exploit for Tamagotchi: a 0-day exploit is an exploit of which the manufacturer is not (yet) aware. While modern Tamagotchi do have some network functionality, this is likely useless because Tamagotchi are very low-end devices that do not contain microphones or cameras.
- A way to get gcc and bash to execute arbitrary code: gcc is a compiler, so preparing arbitrary code is its main purpose, and bash is a Unix shell, so executing arbitrary code is one of its functions. Then again, this could be a reference to ShellShock, a major vulnerability which allowed the unintentional execution of arbitrary attacker code. Likewise, it could be referring to a compiler injection attack which allows a compiler to inject backdoors via the binary executables in a toolchain and without leaving a trace in the source code being compiled or the compiler itself.
- [Ponytail is writing on her laptop at her desk while Cueball looks over her shoulder.]
- Ponytail: You know how sometimes people put a space in their email address to make it harder to harvest?
- Cueball: Yeah?
- Ponytail: They have a tool that can delete the space!
- Cueball: Oh my god.
- [Caption below the panel:]
- Less-dramatic revelations from the CIA hacking dump
- This is the second comic in a row about how computers can be misused and also the second in a row where Cueball is with Ponytail rather than Megan.
add a comment! ⋅ add a topic (use sparingly)! ⋅ refresh comments!