pmeerw's blog
pmeerw's blog
Feb 2024
C++ code compiles with release build, fails with debug build (/D_DEBUG); MSVC obviously
Expectation: define _DEBUG (or switching between release and debug build) doesn’t change whether code is accepted; apparently Mircosoft has a different view...
// source code, x.cpp
#include <cstdio>
#include <string>
static constexpr std::string s = “asdf”;
int main() {
printf(“%s\n”, s.c_str());
}
Compile with debug:
cl /std:c++20 /D_DEBUG x.cpp Microsoft ® C/C++ Optimizing Compiler Version 19.39.33520 for x64 Copyright © Microsoft Corporation. All rights reserved. x.cpp x.cpp(4): error C2131: expression did not evaluate to a constant x.cpp(4): note: (sub-)object points to memory which was heap allocated during constant evaluationCompile as release:
cl /std:c++20 x.cpp Microsoft ® C/C++ Optimizing Compiler Version 19.39.33520 for x64 Copyright © Microsoft Corporation. All rights reserved. x.cpp Microsoft ® Incremental Linker Version 14.39.33520.0 Copyright © Microsoft Corporation. All rights reserved. /out:x.exe x.obj
Bonus: when the initializer string “asdf” is longer, e.g. “aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasdf” also the release build fails (which is OK)
There's actually a very good and detailed technical explanation.
posted at: 10:00 | path: /programming | permanent link
Does your organization ask to look for phishing cues as part of security awareness training?
Find misspelled domain names in the From: line, etc?
(that can easily be faked)
It's pathetic to blame users for the phishing misery, which by and large stems from the IT industry's failure to deploy secure software and safe communication solutions.
Here's a more reliable and (easy) check of the email's "header lines" to see if the sender's email address matches the sending email server (SMTP server, specified in RFC 5321).
Look for the first Received: from line. Here's an abridged example (pmeerw@gmail.com is messaging pmeerw@pmeerw.net):
X-Original-To: pmeerw@pmeerw.net
Delivered-To: pmeerw@pmeerw.net
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (not verified))
by ns.pmeerw.net (Postfix) with ESMTPS id F1252E02CD
for ; Tue, 5 Mar 2024 16:32:48 +0100 (CET)
Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-6e2b466d213so1283153a34.0
for ; Tue, 05 Mar 2024 07:32:48 -0800 (PST)
MIME-Version: 1.0
From: Peter Meerwald-Stadler
Date: Tue, 5 Mar 2024 16:32:36 +0100
Message-ID:
Subject: bla
To: Peter Meerwald-Stadler
blub
So the SMTP server contacting pmeerw.net's SMTP is mail-ot1-x32e.google.com. Hence it's plausible that it's Gmail that is delivering an email (from a Gmail address).
The "Received: from" line is put there by the receiving SMTP server, a trusted machine.
On the other hand, the sender may put arbitrary things in the From: and To: lines, these values do not affect the delivery of the email and hence cannot be trusted.
Need to wait for some plausible spam/phishing email to have a more interesting example... 
Update (March 6, 2024): Didn't take long, here's an example using ovhcloud.com:
Received: from vps2361714.servdiscount-customer.com (vm4945647.1nvme.had.wf [45.88.77.100])
by ns.pmeerw.net (Postfix) with ESMTP id C6A5FE0177
From: =?UTF-8?B?T1ZIY2xvdWQ=?=
To: pmeerw@pmeerw.net
Subject: =?UTF-8?B?Vm90cmUgbm9tIGRlIGRvbWFpbmU=?= "pmeerw.net" =?UTF-8?B?ZXN0IHRlbXBvcmFpcmVtZW50IHN1c3BlbmR1?=
Message-ID: <20240306031559.DA8051C773833DB1@news.ovhcloud.com>
I doubt ovhcloud sends their emails using vps2361714.servdiscount-customer.com (vm4945647.1nvme.had.wf [45.88.77.100]) and if they do I don't want to receive their sh*t anyway...
Email clients make it notoriously difficult to see this information (in Outlook it is hidded under ... / View / View Message details).
posted at: 22:00 | path: /rant | permanent link
