|
the new thing is to locate devices that don’t have cell modems or are “off”
|
# ? Jun 8, 2019 21:48 |
|
|
# ? Jun 2, 2024 02:26 |
|
Vomik posted:so I'm hanging out in bar with my raspberry pi zero W surrounded by hotspots and yet zero connection
|
# ? Jun 9, 2019 00:19 |
|
cbp data breach https://twitter.com/snlyngaas/status/1138190170912673794 https://twitter.com/pinboard/status/1138195461188145152
|
# ? Jun 10, 2019 23:31 |
|
loving irl
|
# ? Jun 10, 2019 23:58 |
|
Chris Knight posted:cbp data breach Nice!
|
# ? Jun 11, 2019 05:55 |
|
from an nmap scan of some box at work I was trying to figure out the ports of:code:
|
# ? Jun 11, 2019 15:50 |
|
“to protect the privacy of all involved we will not be naming the vendor responsible, tennessee based perceptics llc, at this time.”
|
# ? Jun 11, 2019 15:51 |
|
Shame Boy posted:from an nmap scan of some box at work I was trying to figure out the ports of: the absolute best 1998 has to offer
|
# ? Jun 11, 2019 15:59 |
|
BangersInMyKnickers posted:the absolute best 1998 has to offer it's an active directory server running 2008 R2 SP1 lmao
|
# ? Jun 11, 2019 16:02 |
|
to be clear it's not ours, we use that active directory thing so we don't have to deal with this bullshit
|
# ? Jun 11, 2019 16:06 |
|
Shame Boy posted:it's an active directory server running 2008 R2 SP1 lmao lol you have to go out of your way to pull that poo poo
|
# ? Jun 11, 2019 16:21 |
|
is that some ancient-rear end pci dss mode or did someone actually do a GPO to limit it like that on purpose?
|
# ? Jun 11, 2019 16:25 |
|
BangersInMyKnickers posted:lol you have to go out of your way to pull that poo poo infernal machines posted:is that some ancient-rear end pci dss mode or did someone actually do a GPO to limit it like that on purpose? i have no idea, we get shipped hardware by clients and i have to make stuff work with it. some of the other things they shipped us are ancient yellowed-beige boxes (though it's running win 7 somehow) so i'm guessing somewhere lurking on their network is some ancient-rear end poo poo that needed this enabled at one point
|
# ? Jun 11, 2019 16:30 |
|
I don't think there is any point in pci dss's existence when that would have been acceptable, maybe for 1995 up to 96-98 to give sslv3 a little bit of adoption time but it was basically poo poo from the word go e: yeah pci dss was formed in 2006, no chance in hell this was ever valid for that.
|
# ? Jun 11, 2019 16:31 |
|
oh look tavis at it again https://twitter.com/taviso/status/1138469651799728128?s=21
|
# ? Jun 11, 2019 19:35 |
|
i don't know how that guy isn't waking up with a horse's head in his bed every day
|
# ? Jun 11, 2019 19:37 |
|
taviso is an ai. no bed.
|
# ? Jun 11, 2019 19:43 |
|
Tavis too busy putting horse heads in everybody else’s beds. in other news, Rowhammer can be used to read memory and extract secrets
|
# ? Jun 11, 2019 20:01 |
|
and ecc won't save you https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/
|
# ? Jun 11, 2019 20:07 |
|
ONLY TRUST YOUR PUNCHCARDS ECC WILL NEVER HELP YOU
|
# ? Jun 11, 2019 20:24 |
|
Lutha Mahtin posted:ONLY TRUST YOUR PUNCHCARDS
|
# ? Jun 11, 2019 20:34 |
|
Soricidus posted:taviso is an ai. no bed. tavis obviously sleeps in the shower
|
# ? Jun 11, 2019 20:50 |
|
Lutha Mahtin posted:ONLY TRUST YOUR PUNCHCARDS
|
# ? Jun 11, 2019 20:50 |
|
infernal machines posted:and ecc won't save you lol ecc makes it 2x worse by leaking a side-channel
|
# ? Jun 11, 2019 20:52 |
|
Lutha Mahtin posted:ONLY TRUST YOUR PUNCHCARDS
|
# ? Jun 11, 2019 20:53 |
|
buy hardware from good vendors that ensure TRR is enabled on their memory instead of whitebox specials I guessquote:The statement also advises using DRAM that's resistant to Rowhammer attacks. That generally includes using DDR4 chips that offer ECC or a feature known as targeted row refresh. This advice is helpful, but it's not the last word for two reasons. First, RAMBleed can bypass ECC protections. Second targeted row refresh isn't an automatic defense against Rowhammer.
|
# ? Jun 11, 2019 20:53 |
|
i have a feeling a lot of rowhammer stuff is held because no one knows htf to fix it like we know it works in javascript and there are still barely any hardware or software mitigations so where are the drive by browser exploits
|
# ? Jun 11, 2019 21:06 |
|
proposal: ecc ram with a small explosive charge that triggers after a set number of correctable errors the counter persists after restarts ofc
|
# ? Jun 11, 2019 21:08 |
|
suffix posted:i have a feeling a lot of rowhammer stuff is held because no one knows htf to fix it browsers mitigated by reducing the resolution on you can achieve with time sampling in javascript to the point that it wasn't possible to execute the attack. You need to be running outside the browser sandbox these days so you can go hog-wild with memory access. Or exploit the lovely JRE that a bunch of people still have installed
|
# ? Jun 11, 2019 21:15 |
|
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md lmao
|
# ? Jun 11, 2019 21:17 |
|
Truga posted:https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md Gonna get some good privesc with this.
|
# ? Jun 11, 2019 21:21 |
|
Truga posted:https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
|
# ? Jun 11, 2019 21:35 |
|
Truga posted:https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md in band communication is a hell of a thing. also, now rewriting many .vimrc, I don't even use the bloody thing any more.
|
# ? Jun 11, 2019 21:39 |
|
Well if your processors are busted , and your ram is busted - the only winning move is not to play and outsource your poo poo with a big insurance policy
|
# ? Jun 11, 2019 22:01 |
|
BangersInMyKnickers posted:browsers mitigated by reducing the resolution on you can achieve with time sampling in javascript to the point that it wasn't possible to execute the attack. You need to be running outside the browser sandbox these days so you can go hog-wild with memory access. Or exploit the lovely JRE that a bunch of people still have installed isn't oracle doing a thing where you can't use the newer versions of the jre for anything on pain of death, oh and btw every previous release ever has critical exploits
|
# ? Jun 11, 2019 22:38 |
|
infernal machines posted:isn't oracle doing a thing where you can't use the newer versions of the jre for anything on pain of death, oh and btw every previous release ever has critical exploits It's the Oracle JRE on servers, for end users they dgaf. But they did kill off Java Webstart in latest version, so a net good was done by them imo.
|
# ? Jun 11, 2019 22:48 |
|
yeah however as long as you've made it past jre/jdk 8 the differences between oracle and openjdk are basically nil
|
# ? Jun 11, 2019 22:48 |
|
infernal machines posted:isn't oracle doing a thing where you can't use the newer versions of the jre for anything on pain of death, oh and btw every previous release ever has critical exploits as long as you don't click Larry's EULA you're fine. grab an openJDK and you're good (mods plz namechange to LARRYS EULA CLICKER)
|
# ? Jun 11, 2019 23:15 |
|
Lutha Mahtin posted:as long as you don't click Larry's EULA you're fine. grab an openJDK and you're good LARRYS EULAGY
|
# ? Jun 11, 2019 23:48 |
|
|
# ? Jun 2, 2024 02:26 |
|
infernal machines posted:isn't oracle doing a thing where you can't use the newer versions of the jre for anything on pain of death, oh and btw every previous release ever has critical exploits they are up to java 12 but only java 8 will work in a browser (IE 11 is the only java capable browser now) they still patch java 8 but it is behind an oracle login now since oracle is incompetent and evil to this day you need ie11, java8 and ActiveX to install vpn software to get at their remote training environment
|
# ? Jun 12, 2019 15:00 |