|
Dex posted:his application isn't involved in this part of the chain, it's all rsa securid and their client software. i'd suggest reading their docs if you're curious about the how and why of it You are right. I remember one place where I used a personal pin plus token to log into the vpn. Then I moved a place that connected your password (really the hash I think) from your ad creds to the token device. The apparent usefulness this got was that this place was on the ball in removing people from ad so that removing the user meant their token could no longer be used because they no longer existed. Plus the other bonus is that the user password follows the password policy is also applied to the pin. I had a pin for the token for about 24 months and I only changed it when I lost the drat thing. Edit: of course you need to keep the ad and the rsa servers
|
# ? Feb 18, 2016 01:07 |
|
|
# ? May 11, 2024 10:41 |
|
So the Apple thing is basically that on the iPhone 5C they're getting ordered to provide a signed firmware that'll let unlimited passcode attempts (or just reveal the password, or whatever). And this is something which would be technically impossible on later models. Right?
|
# ? Feb 18, 2016 01:44 |
|
sarehu posted:So the Apple thing is basically that on the iPhone 5C they're getting ordered to provide a signed firmware that'll let unlimited passcode attempts (or just reveal the password, or whatever). And this is something which would be technically impossible on later models. Right? https://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/ http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
|
# ? Feb 18, 2016 02:24 |
|
MrMoo posted:There is a pretty awful Cisco appliance that has a SSL portal that works like this. can confirm that it's awful, we have one in place where i work now. i hate it.
|
# ? Feb 18, 2016 09:56 |
|
also, there's a new bug. in glibc. http://www.zdnet.com/article/patch-linux-now-google-red-hat-warn-over-critical-glibc-bug/ quote:Google and Red Hat have linked up to deliver a patch for a serious bug in the GNU C Library, or glibc, which is widely used in Linux applications, distributions and devices.
|
# ? Feb 18, 2016 09:59 |
|
http://www.ibtimes.co.uk/john-mcafee-i-can-hack-san-bernardino-iphone-fbi-apple-backdoor-like-giving-our-enemies-1544651 John McAfee posted:I will, for free, decrypt the information on the San Bernardino iPhone with my team. We will primarily use social engineering and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a backdoor in their product, which will be the beginning of the end of America.
|
# ? Feb 18, 2016 18:14 |
|
TheQat posted:http://www.ibtimes.co.uk/john-mcafee-i-can-hack-san-bernardino-iphone-fbi-apple-backdoor-like-giving-our-enemies-1544651 I don't think that he's worthy talking about here. With that said, I have met him when I was last at DEFCON and he smelt like smokes and bourbon yet not an ounce of regret was on him.
|
# ? Feb 18, 2016 18:32 |
|
TheQat posted:http://www.ibtimes.co.uk/john-mcafee-i-can-hack-san-bernardino-iphone-fbi-apple-backdoor-like-giving-our-enemies-1544651 John McAfee is the answer to "What if Tony Stark was a real person?" and it's glorious. “I would eat my shoe live on national television if we could not break the encryption on the San Bernardino iPhone.” - John McAfee
|
# ? Feb 18, 2016 18:35 |
|
TheQat posted:http://www.ibtimes.co.uk/john-mcafee-i-can-hack-san-bernardino-iphone-fbi-apple-backdoor-like-giving-our-enemies-1544651 He's gonna social engineer the password out of a dead guy? poo poo, McAfee is running his own little Fringe division now, isn't he.
|
# ? Feb 18, 2016 18:35 |
|
deep impact on vhs posted:can confirm that it's awful, we have one in place where i work now. I found a Cisco device where, without any creds on the login page, could run commands on the server, as root, through the password field. I use it for a demonstration (while not mentioning the product or model) of why you sanitization is a thing when dealing with user input. Same box also allowed me to change a password without knowing the previous password by making sure the pass auth response was changed a "false" to "true" (easy to do with Burp Suite) to submit back to the server. In summary, it is like saying I give the guy that checks my previous password garbage and he tells me to gently caress off. I step to the next guy in the process who asks me what the previous guy said about me and I tell him the other guy just loved me. "Everything checks out, your password is changed."
|
# ? Mar 3, 2016 01:42 |
|
EVIR Gibson posted:I found a Cisco device where, without any creds on the login page, could run commands on the server, as root, through the password field. Which device?
|
# ? Mar 3, 2016 04:07 |
|
A year ago, I did a Proof of Concept for insider threat detection in a hospital group. By creating a user behaviour index, I was able to identify a few misuse events, that pointed to a potential auth issue. After playing around a bit, I found the following: billing system patient management for ICU, Pre/post natal, Surgical and Ward Dispensary Practitioner management I was able to add myself as a medical practitioner, prescribe medication, assign patients to my roster, order a transfer and ultimately kidnap children from their hospitals by co-opting their ambulance service. None of the above had any form of authentication in place. All of the above are hosted in a lovely server farm in a consumer isp. As of yesterday, nothing had been done to resolve this clusterfuck. What is everyone's opinion on the matter? Full public disclosure?
|
# ? Mar 4, 2016 12:48 |
|
ming-the-mazdaless posted:A year ago, I did a Proof of Concept for insider threat detection in a hospital group. Have you followed responsible disclosure and who did you disclose to originally? Edit: actually just listen to OSI Bean Dip vvv Pile Of Garbage fucked around with this message at 16:59 on Mar 4, 2016 |
# ? Mar 4, 2016 15:08 |
|
ming-the-mazdaless posted:A year ago, I did a Proof of Concept for insider threat detection in a hospital group. Talk to a lawyer; health care is one of those things that could get you sued to all hell. Are you American? Did you do this as an individual or are you working for a firm that was hired to do the PoC? Do you have any NDAs with them? As much as health care organizations need reform, full public disclosure may work very much against your favour.
|
# ? Mar 4, 2016 16:23 |
|
ming-the-mazdaless posted:A year ago, I did a Proof of Concept for insider threat detection in a hospital group. Have you informed the hospital? If they've had a year to sort their poo poo out and still failed to do anything then i'd talk to a lawyer and disclose it. As a doctor i'd be super interested in seeing that though. Hospital IT is insanely bad. At my hospital no one can connect to the staff wifi so all the consultants connect their laptops to the open guest wifi to send emails about patients to one another.
|
# ? Mar 4, 2016 16:56 |
|
do you think that patient safety will be increased more by you politely asking the hospital to spend resources, or by forcing them to fix these very real problems?
|
# ? Mar 4, 2016 22:24 |
|
Loving Africa Chaps posted:
Seconded, also I would like to know if I have ever worked for this place.
|
# ? Mar 4, 2016 22:53 |
|
OSI bean dip posted:Talk to a lawyer; health care is one of those things that could get you sued to all hell. Are you American? Did you do this as an individual or are you working for a firm that was hired to do the PoC? Do you have any NDAs with them? Thanks for the advice. Lawyers have been approached. ming-the-mazdaless fucked around with this message at 16:55 on Mar 7, 2016 |
# ? Mar 7, 2016 12:35 |
|
Sharktopus posted:do you think that patient safety will be increased more by you politely asking the hospital to spend resources, or by forcing them to fix these very real problems? ming-the-mazdaless fucked around with this message at 16:55 on Mar 7, 2016 |
# ? Mar 7, 2016 12:47 |
|
So here's a random tool I always use when scoping out a target; Bing. Stop laughing. But really, Bing has a feature no other search engine out there has including Google. It gives the user the ability to search for domains by IP. Why is this useful? It gives possible ways to get into the target domain via another vulnerable domain. So the sequence of events that have to happen is 1) The target site is fully patched 2) The target site is on a shared-host with a site (it could be a firewall rule giving the sites the same IP remember), let's call it the side-target, that is not fully patched (Wordpress, Drupal are super good targets) 3) The side-target installation has a path traversal issue or the ability to run remote commands via the site 4) If there is no virtualization or weak very sandboxing. 5) Compromising the side-target can allow for access to the host all the sites are served on including your target Bing lets you get a bit of Shodan functionality for free. Type the following to Bing search for where SA is hosted at. code:
|
# ? Mar 20, 2016 20:35 |
|
That's cloudflare you idiot
|
# ? Mar 21, 2016 00:02 |
|
EVIR Gibson posted:So here's a random tool I always use when scoping out a target; Bing. Rufus Ping posted:That's cloudflare you idiot whether a poorly executed joke or not this is the best post combo ever
|
# ? Mar 21, 2016 01:51 |
|
Rufus Ping posted:That's cloudflare you idiot It's an example you idiot. Meaning, IT WOULDN'T WORK IN THIS CASE But it's not like anyone sets up other domains such a private github account on the same ip, or maybe a monitoring web app, or everything to add to the stupidity of IoT. If you do not understand this, sorry!
|
# ? Mar 21, 2016 03:21 |
|
you clearly know what shodan is, so why not just use it?
|
# ? Mar 21, 2016 03:30 |
|
EVIR Gibson posted:private github account on the same ip I do not understand this.
|
# ? Mar 21, 2016 03:53 |
|
Dex posted:you clearly know what shodan is, so why not just use it? It is also inexpensive to get access to extra features.
|
# ? Mar 21, 2016 04:49 |
|
Subjunctive posted:I do not understand this. I think he's suggesting someone might have an exposed e.g. GitLab installation running on their production servers and if it were vulnerable in some way then an attacker could pivot once inside
|
# ? Mar 21, 2016 04:55 |
|
Rufus Ping posted:I think he's suggesting someone might have an exposed e.g. GitLab installation running on their production servers and if it were vulnerable in some way then an attacker could pivot once inside Yeah, I didn't understand how you'd get a private github account on different hosts, but if by "GitHub" he meant "GitLab" and by "account" he meant "installation", I can see it.
|
# ? Mar 22, 2016 02:08 |
|
Howdy All, Firstly, I'm pretty stoked to have joined this community. Seems like a very interesting and knowledgable group of people! Now, to the topic at hand. INFOSEC This interests me greatly, and whilst I am by no means someone who is "interesting", I still feel it is wise to engage in "Security-In-Depth". From bi-locked doors, passworded / encrypted computers / encrypted communications, I feel that this is the way of the future. One of the posts in here earlier linked me through to "John McAfee", and his FTC website. I would love to know if anyone has used these products (Demonsaw - Info Sharing, D-Vasive - Phone monitoring for unauthorised traffic, etc) http://www.futuretensecentral.com/products Cheers in Advance Ax (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Mar 28, 2016 14:27 |
|
No.
|
# ? Mar 28, 2016 14:32 |
|
|
# ? Mar 28, 2016 14:57 |
|
Spambots sure are getting complex these days.
|
# ? Mar 28, 2016 22:15 |
|
Lol, no spam here dude, just interested. Did a bit more research after I posted yesterday, seems like there are mixed reviews :S Might just stick to end-end encryption for now
|
# ? Mar 29, 2016 00:29 |
|
i encrypt my end, and you encrypt your end, back and forth forever ))<>((
|
# ? Mar 29, 2016 00:35 |
|
Dex posted:i encrypt my end, and you encrypt your end, back and forth forever I've been thinking about the "back and forth". When can we meet? I would like to share my private key with you.
|
# ? Mar 29, 2016 03:06 |
|
I was gonna seriouspost about the OSCP but this page is
|
# ? Mar 29, 2016 06:07 |
|
I have nerver ever posted ITT or anywhere in SH/SC I think because I'm a mere user but I think I found somthing you guys might like! From the Panama Papers thread in D&D:
|
# ? Apr 5, 2016 19:59 |
|
I have a small webserver running on a Raspberry Pi in my house that does some home automation. I have it set up with Apache2 normal authentication and a weird port number, which I know is Not Good Enough. What is the easiest and cheapest way to get SSL working without any of those scary web browser messages about unknown certificates? I don't think I can just put these files on a web host and expect the home automation to keep working. I have a domain name from AlpsNames that is cname'd to a dynamic dns provider, if that is helpful information.
|
# ? Apr 6, 2016 17:16 |
|
https://letsencrypt.org/
|
# ? Apr 6, 2016 17:19 |
|
|
# ? May 11, 2024 10:41 |
|
Seconding this. If you're running a website in 2016 without SSL, you're a buffoon.
|
# ? Apr 6, 2016 17:39 |