🚧 Ongoing Maintenance

We're making some changes to the SSL certificates we use for tumblr.com today (January 20th, 2022). The maintenance should be completed by tomorrow morning around 10AM EST.

We'll be monitoring things on our end, but if you start experiencing any issues while using Tumblr (especially on the web), please let us know. If the Support form is down, feel free to tweet at us: @TumblrSupport.

We'll reblog this post with an update when the maintenance is complete.

PS: We see your posts about the new post footer! We'll have more on that in our regularly scheduled post tomorrow.

They really do

This is amazing. I wouldn’t expect anything less from this team...

Tumblr's 4th Annual Security Capture the Flag

We’ve hosted an internal Security Capture the Flag (CTF) event for four years in a row now, with each year getting better than the last!

The event

Previously, we were only open to Tumblr employees. This year we decided to extend an invite out to the other teams housed under our parent company, Oath.

All participants had a three hour window to hack, a buffet of tacos, beer, and wine to dive into, and a stack of prizes for the top four players (see Prizes below for details)!

Challenges were available Jeopardy-style, broken down by category. We had eight fun categories to select from:

Auth Bypass (authn | authz)

Cross Site Request Forgery (CSRF)

Cross Site Scripting (XSS)

Crypto

Forensics

Reverse Engineering

SQL Injection (SQLi)

XML Injection (+ XXE)

We also sprinkled a few “inside joke” Easter eggs around the system that awarded bonus points to anyone that discovered them! For example, if they attempted to find a hole in the CTF system itself and navigated to /wp-admin, we’d give them a flag on a prank WordPress page; or perhaps testing to find XSS with a <marquee> tag — only the greatest of all XSS tags!

While the Security Team walked around and helped out, we also setup a mini lockpick village just because.

Keep reading

Been too long. Miss y’all...

End of an era. Thanks for everything!

Letter I just sent to my team ♥️

Do you ever drink to escape from reality?

Thae Hacker Quarterly looks at the Atari 2600 and Retro Gamer has that SNES Complete Manual

A Nintendo service department bulletin concerning an exploit that allows the player to get free credits in Donkey Kong and Donkey Kong Junior arcade machines. While most existing cabinets have been retrofitted to address this issue, unmodified machines susceptible to the exploit could still remain. 

Milhouse: Bart, I didn’t want you to see me cry.

Bart: Oh, come on, I’ve seen you cry a million times. You cry when you scrape your knee. You cry when they’re out of chocolate milk. You cry when you’re doing long division and you have a remainder left over.

@jixson12