|
are you a bad enough dude to sudo a command posted in the secfuck thread?
|
#
?
Jun 20, 2019 04:24
|
|
|
|
| # ? Jun 9, 2024 16:51 |
|
|
i went ahead and typed in the ls -lZ manually for the files that actually exist just in case there's some trick that would come over via a copy and paste, here you go:code:
|
|
#
?
Jun 20, 2019 04:27
|
|
|
thanks!
|
|
#
?
Jun 20, 2019 04:28
|
|
|
Hed posted:If you're gonna go that route, use Algo. I use ExpressVPN for your original purpose because I'm lazy and agreed, just trying to avoid snooping / open wifis Dunno if the AWS stuff ends up cheaper, but I've used Algo on Azure, and Streisand on Digital Ocean. Digitial Ocean is just $5 per month, so I see it as a much better option than commercial VPNs if you just want to prevent end-to-end snooping; if you're trying to be anonymous it's obviously a horrible idea. When I first tried Algo about two years ago, for whatever reason, it didn't work on Digital Ocean. I'd connect, but after a short period of time like 10-30 minutes (I don't remember) I'd lose internet access. I'd still be connected to the server, but could no longer access internet. However, on Azure it worked fine, so I assume it was a DO issue that might be fixed. Right now, I'm using Streisand because I couldn't get Algo to work on my phone, though there are some people who criticize it as being less secure because it has so many services, or something like that.
|
|
#
?
Jun 20, 2019 06:23
|
|
|
Shame Boy posted:i'm running centos, that counts right
|
|
#
?
Jun 20, 2019 07:17
|
|
|
https://twitter.com/mjg59/status/1141786872387010561?s=21
|
|
#
?
Jun 20, 2019 21:16
|
|
|
This is nothing short of absolutely glorious levels of secfuck. It's almost so much glare that it blinds!
|
|
#
?
Jun 20, 2019 21:55
|
|
|
there should be a new form of code golf that is just mercilessly publishing zero days
|
|
#
?
Jun 20, 2019 22:34
|
|
|
pseudorandom name posted:there should be a new form of code golf that is just mercilessly publishing zero days It's known as Tavising
|
|
#
?
Jun 20, 2019 22:40
|
|
|
Tavis waits 90 days
|
|
#
?
Jun 20, 2019 22:40
|
|
|
Tavis0
|
|
#
?
Jun 20, 2019 22:51
|
|
|
Captain Foo posted:Tavis0
|
|
#
?
Jun 20, 2019 22:54
|
|
|
firefox owns macs
|
|
#
?
Jun 20, 2019 23:12
|
|
|
there’s no way that’s still my Array.pop JIT path, right?
|
|
#
?
Jun 20, 2019 23:52
|
|
|
welp https://twitter.com/citynews/status/1141774801226358785
|
|
#
?
Jun 20, 2019 23:53
|
|
|
Subjunctive posted:there’s no way that’s still my Array.pop JIT path, right? that's a helluva legacy
|
|
#
?
Jun 20, 2019 23:54
|
|
|
hpwned
|
|
#
?
Jun 20, 2019 23:55
|
|
|
https://www.rcesecurity.com/2019/06/about-a-sucuri-rce-and-how-not-to-handle-bug-bounty-reports/ posted:Sucuri is a self-proclaimed “most recommended website security service among web professionals” offering protection, monitoring and malware removal services. They ran a Bug Bounty program on HackerOne and also blogged about how important security reports are. While their program was still active, I’ve been hacking on them quite a lot which eventually ranked me #1 on their program.
|
|
#
?
Jun 21, 2019 08:58
|
|
|
I wonder when I will get a call from them offering credit checks for a year. also I completely forgot about Sucuri but seem to recall them being clowns years ago
|
|
#
?
Jun 21, 2019 11:00
|
|
|
spankmeister posted:It's known as Tavising for it to be a legitimate sportlike activity, more than one person needs to be able to do it
|
|
#
?
Jun 21, 2019 12:35
|
|
|
Lain Iwakura posted:I wonder when I will get a call from them offering credit checks for a year. the end of the article does say they're offering free credit monitoring for a year so, yeah it's definitely coming lmao
|
|
#
?
Jun 21, 2019 14:55
|
|
|
Lain Iwakura posted:I wonder when I will get a call from them offering credit checks for a year. We use them to monitor a few cloud-hosted WordPress things
|
|
#
?
Jun 21, 2019 14:59
|
|
|
guess it's more like succuri now lel
|
|
#
?
Jun 21, 2019 15:00
|
|
|
JPL got hacked by someone leaving a Raspberry Pi on the network.
|
|
#
?
Jun 21, 2019 15:36
|
|
|
Lain Iwakura posted:I wonder when I will get a call from them offering credit checks for a year. https://www.desjardins.com/ca/personal-information/index.jsp It's, hilariously enough, going to be with Equifax. I guess they have experience with massive data leaks. At least it's for 5 years?
|
|
#
?
Jun 21, 2019 16:09
|
|
|
Oh jesus. That is, quite a gently caress up. LMAO
|
|
#
?
Jun 21, 2019 16:12
|
|
|
so that CBP hack was waaaay worse than initially reported Hacked documents reveal sensitive details of expanding border surveillance quote:That assessment, however, woefully understates the number of sensitive documents that are now freely available on the Web — so much material, totaling hundreds of gigabytes, that The Washington Post required several days of computer time to capture it all. there’s more too. whoever got in seems to have made off with essentially everything the contractor had. seems bad.
|
|
#
?
Jun 21, 2019 16:57
|
|
|
CommieGIR posted:JPL got hacked by someone leaving a Raspberry Pi on the network. story https://www.forbes.com/sites/daveywinder/2019/06/20/confirmed-nasa-has-been-hacked/
|
|
#
?
Jun 21, 2019 16:57
|
|
|
Blinkz0rz posted:story hopefully this won't result in delays or budget overruns to the james webb telescope
|
|
#
?
Jun 21, 2019 17:06
|
|
|
bummer the oig doesnt say how they exploited the pi https://oig.nasa.gov/docs/IG-19-022.pdf
|
|
#
?
Jun 21, 2019 17:09
|
|
|
spb posted:Oh jesus. That is, quite a gently caress up. LMAO 
|
|
#
?
Jun 21, 2019 17:12
|
|
|
xkdon't
|
|
#
?
Jun 21, 2019 22:19
|
|
|
Squinky v2.0 posted:so that CBP hack was waaaay worse than initially reported Lol this rules
|
|
#
?
Jun 21, 2019 23:16
|
|
|
https://www.tomshardware.com/news/nsa-contributes-low-level-stm-coreboot,39704.html The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware.
|
|
#
?
Jun 22, 2019 12:40
|
|
|
probably legit, like selinux. they come under enough scrutiny these days that they’d have a hard time sneaking any backdoors in without getting caught.
|
|
#
?
Jun 22, 2019 12:43
|
|
|
Presumably NSA could in theory write code to avoid static analysers (coverty, which coreboot uses), syzkaller (which they don't use yet), and sanitizers (like a-san, ub-san, et cetera - possibly in combination with syzkaller; again, something coreboot doesn't use yet)?
|
|
#
?
Jun 22, 2019 13:34
|
|
|
They could also have the public facing team write good, well intentioned code and an internal team analyzing it for issues that can be exploited.
|
|
#
?
Jun 22, 2019 13:36
|
|
|
either way the nsa can no doubt get their primary work done by hacking on a higher level, and may be worried primarily about the black box nature of the preloaded uefi stuff loaded in locations outside nsa control.
|
|
#
?
Jun 22, 2019 14:27
|
|
|
i'm gonna go out on a limb here and guess that when the nsa attempts to introduce backdoors into code, they probably try not to put their name on the commits
|
|
#
?
Jun 22, 2019 15:41
|
|
|
|
| # ? Jun 9, 2024 16:51 |
|
|
They presumably already have a backdoor in the Intel ME code, so I imagine this is just because they want a bios that's actually secure for their internal use.
|
|
#
?
Jun 22, 2019 19:26
|
|
