I've had a few similar courses at university, but they've always been limited to NP-completeness, does anyone know how I can expand on this? That is, learn beyond NP-completeness (Books / Online courses etc)?
If you're interested in computational complexity theory, I recommend "Computational Complexity" by Christos Papadimitriou. It's a classic, though it's a bit dated.
Sites like this is great and all, but I wish they included some commonly used regexes. Like a list of 'good' regexs to validate phone numbers, emails and other common stuff.
It would actually be pretty cool to have a site like this except you could add the regex to a list, and then people could upvote the regexe depending on the quality of it.
You can only validate a zip code, a phone number, an address, or an email address using a regex up to a point.
There are too many dispartities from a country to the next for the first three to hope validating anything withhout a bunch of false negatives. Some countries don't have zip codes.
For emails, blindly following the RFCs yields a monster (see [1]), and it won't help you if you run into oddball email addresses that are not RFC-compliant but work regardless due to technical implementations (or vice versa).
Surely it would be possible to create encoding resistant stenography. Will the stenography be affected, sure, but it should be possible to create error-resistant stenography up to a certain point.
Stenography: encode information such that it is below the human detection threshold.
Lossy compression: discard all sub-threshold information.
Thus, in the general case it's fundamentally impossible. You can make a scheme that will survive certain known encoders and bitrates, but you can't make one that will survive all lossy compression.
Synchronizing all your files sounds like space-waste. It would be trivial to determine if dropbox does that, simply by monitoring the number of bytes sent to dropbox (Create a new file of size x, determine if the stream to dropbox transmits at least x amount of bytes) or by replacing the SSL certificate in the program with your own and then set up a fake server (This would be harder) to determine exactly what is being transmitted.
If this is indeed something nefarious, I would much rather assume it would transmit file hashes rather than the files itself. Although I can't possibly imagine this is actually true, the implications would be devastating for dropbox and it should be easy to verify by an independent third party.
I don't know much about HDMI, but couldn't I just run the video/movie in fullscreen and then capture the output from the HDMI and save the raw output to a disk?
Yes, HDCP has been broken for a long time and even if it wasn't, you could still capture the LVDS signal that drives the LCD panel itself.
But the problem is that those are very high-speed signals(1920x1080 24bpp at 60FPS is around 350MB/s+) that require suitable hardware to capture, basically uncompressed video, and recompression would introduce more artifacts than the original. That's why pirates don't usually go this route; the result is only slightly better than pointing a good camera at the screen.
I always assumed most movies were ripped using exploits at various points in the playback software stack? At some point the unencrypted bitstream needs to be available to decode, if you hacked the player or GPU driver code to dump it at that point, it would be possible to re-assemble it into an unencrypted video file, right? You would use a computer without any of the DRM features the article is about of course.
> Couldn't malware attempt to locate potential easter eggs in order to determine if they are in a honeypot?
No. This is a key combination against the UI. If the VM could send key combinations to the UI of the VMC then the software running on the VM could determine if it was in a "honeypot" (VM) with or without this easter-egg (e.g. send CTRL-ALT-INSERT and see if CTRL-ALT-DELETE is triggered within the VM's context, restart the VM, alter connected devices, and so on).
Also, yes, I think Easter Eggs are fine in a VMC. Particularly when they're only UI deep as is this case. The only software I wouldn't put easter eggs into is software which is "life-death critical" (aircraft control systems, industrial equipment, et al). But these kind of systems are sometimes designed to be mathematically proven safe with no possible conflating variables in the execution (so putting in easter eggs would be HUGELY expensive and likely wouldn't happen for that reason).
I think that there are millions of other aspects in a software (in vmware) which are much more important than easter egg or not easter egg. So the impact of an easter egg to this software quality is not significant.
