Are ASICs Resistant to Maleware Attacks?

One of the arguments made in favor of relying on ASIC mining hardware to secure the Bitcoin blockchain is that commodity hardware is more prone to a 51% attack as an attacker could easily infect millions of computers through malware attack and use the computer’s resources to execute a 51% attack on the network.

It’s very hard to.. hack into someone’s SHA256d ASICs

Are ASICs really resistant to malware attacks? If so, why?

dnd 3.5e – Can an Invisible Blade Full Attack with all Sneak Attacks?

As far as I can see, rogues have no limit to their number of sneak attacks. Using the bluff skill to feint can make an opponent flat-footed, but since bluff only affects your next melee attack, and it takes a standard action, a rogue can only use this method to deal sneak attack damage once per round (once every other round if they don’t have a way to attack outside their turn)

Invisible Blade from CW, however, makes feinting a free action. Does this mean that, for example, a rogue 15/IB 5 can make a full attack, feinting once before each attack, to deal sneak attack damage four or more times?

pathfinder 2e – Fantasy Grounds – Adding different attacks with one weapon

In the Fantasy grounds software: I am playing a ranger in PF2e and I am trying to understand how to apply my Hunter’s Edge: Flurry ability to weapons I own. I’ve imported a weapon into my inventory and it shows up in my action’s tab no problem. However since I’m looking to use this edge ability it doesn’t necessarily apply to all foes that I am fighting equally.
So how do I apply two weapon-actions with different bonuses under my actions tab? and most importantly how do I link BOTH to the associated weapon without doing something silly like adding a “fake” weapon in my inventory?

You can see in the image that figured out how to add a second action, but it is not actively linked to the appropriate weapon.
enter image description here

Alternately, is there just some toggle I can switch on and off to apply modifiers on the fly?

attacks – Question on stack overflow

I am preparing for an exam in Computer Security and doing a past-exam without soluions, so I wanted to check if my reasoning holds on a question about stack overflow. Below is the C code in question. The goal is to make the function do_something() execute, no matter if pwd is “abcd” or “1234”.

My thought is to overflow the variable usertype inside the init() function. Firstly, am I correct in that the stack during the execution of this function would look like:

                   |----------------|
                   |Return Address  |
                   |----------------|
                   |Frame Pointer   |
                   |----------------|
                   |usertype        |
                   |----------------|

and if so, if an attacker inputs a usertype that floods into Frame Pointer and overwrites the Return Address with the address of do_something(), we achieve what is asked for in the question?

Thank you in advance!

enter image description here

pathfinder 1e – Effective sneak attacks with spells

Update: Turns out there was an FAQ in 2013 which states that spells like scorching ray only get sneak attack applied ONCE (or to one ray) instead of each ray getting the sneak attack. Due to this the build becomes basically worthless for what the goal was.End Update.

I am trying to build a caster who also does sneak attack damage with their spells. This is for a gestalt game but would like help on accomplishing it if it was normal.

The problems that I have encountered are:

  • There are very few spells which have multiple ray attack rolls and deal lethal damage such as Scorching Ray and Contagious Flame. I am trying to avoid spell/feat creation.
  • To deal sneak attack you have a limited setting in which it can be used
  • before they act in combat
  • flanking (but ranged touch attacks dont benefit from flanking)
  • sniping (which implies greater invisibility basically every combat)
  • arcane trickster prestige class
  • Sneak attack rules on spells a little vague, best examples come from arcane trickster.
  • AoE spells normally cant benefit (arcane trickster can allow this)
  • Single ray spells benefit once as expected
  • no attack roll but multiple rays like magic missile only get one sneak attack applied even if each hits a different target
  • Unclear how spells like Scorching Ray have it applied. Either each ray gets it or only one ray.
  • DoT spells like acid arrow, is it applied only on the first hit or is it dealt each round?

So while its entirely possible to do sneak attack damage with spells, the rather small selection of multiple ray attacks and the restrictive conditions required to benefit from sneak attack makes it very challenging to use reliably.

My plan was to take wizard or Arcanist on one side and rogue (or something) on the other. The arcane trickster while interesting, doesnt really help.

tls – How is HTTPS protected against MITM attacks by other countries?

The Certificate Transparency standard requires that when a certificate is issued, it should also be submitted to one or more Certificate Logs. These are simple network services that maintain cryptographically assured, publicly auditable, append-only records of certificates. Once a certificate has been added to a Certificate Log, an independent monitor can check the log to ensure that no fraudulent certificate has been issued. These days browsers require all certificates to have a Signed Certificate Timestamp (SCT) either in a TLS extension or through OSCP stapling, which is used to establish that the certificate has been added to a Certificate Log. Most browsers require the certificate to be present in more than one log (chrome requires atleast two). If the SCT is missing, the certificate is rejected. This ensures that whenever any root/intermediate CA starts issuing fraudulent certificates, the monitors will notice and raise a red flag. Then either the CA revokes the certificates, or browsers stop trusting that particular CA.

In the past, HTTP Public Key Pinning was used. This involved the browser saving the public key(s) of a site the first time it was visited, and if the keys suddenly changed, the browser would refuse to connect. Dynamic pinning, which allows any site to be pinned at the first visit, has now been deprecated. However, static pinning, in which browsers ship with hardcoded public keys for popular domains like google.com and facebook.com, is still used. This can also be used to detect MITMs with fraudulently issued certificates, if the MITM targets any of these popular domains.

attacks – SQL injection using brute force?

I am studying about cyber defense lately for fun and found about a proposed method that as I understand it performs automated SQL injection using brute force by training a model. At some point it says that if it receives input:
“SELECT * FRO” it will find that the next letter is “M” and then if it receives HTTP Status 200 is good and if HTTP Status 500 is bad and will train the algorithm accordingly.

Since the query “SELECT * FROM” is not complete how it will receive HTTP Status 200?
and also how this attack in general can be mitigated?

You can find the source here:
https://cesena.github.io/2018/02/27/weaponizing-machine-learning/#Other-resources

As an approach appears very interesting and would like to read an explanation from specialists.