|
22 Eargesplitten posted:Can't the government track through TOR pretty easily if they decide it's an act of I think TOR changed their connection methods/algorithms which I believe was the issue? Eventually the gov't figured it out, whatever the vulnerability was, and could track people given a little bit of time of that person being connected. I could be talking out of my rear end though and perhaps TOR did nothing to resolve the problem and everyone jumped to some new platform.
|
#
?
May 18, 2016 00:26
|
|
E-TERRORISM
|
|
| # ? May 10, 2024 16:30 |
|
|
22 Eargesplitten posted:Can't the government track through TOR pretty easily if they decide it's an act of I don't know about easily, though of course only the spooks know for sure. A method they've used in the past is that if you go to a site they control (be it a regular website or illegalsitethefedstotallydidnttakecontrolof.onion), and if you're using an older version of torbrowser, they can use an exploit in that browser to make it connect to somewhere in the clear (instead of via tor), thus revealing your actual IP. So of course it seems to me that the way to protect yourself from that (apart from being sure you have the latest version of everything) would be to have a physically separate tor router. Then the computer running your actual browser could be owned to hell and back and it wouldn't matter, the ONLY connection it has to the outside world is through tor and it has no way of even determining its own actual public IP. (Building a raspberry pi into an anonymizing middlebox is an easy and educational little project. Try it yourself.)  
|
|
#
?
May 18, 2016 00:35
|
|
|
Huh, interesting. Of course, going to a busy starbucks is probably easier. When I was a teenager all that tor and darknet stuff seemed cool, but I never knew enough to get involved with it and I never had the drive to learn because at that point my computer knowledge was limited to putting together my PC. TBH in that dude's situation and knowing how likely it would be to lead to the government deciding he was doing unauthorized pen tests, I'd be pretty tempted just to let it go and make it someone else's problem.
|
|
#
?
May 18, 2016 00:38
|
|
|
22 Eargesplitten posted:TBH in that dude's situation and knowing how likely it would be to lead to the government deciding he was doing unauthorized pen tests, I'd be pretty tempted just to let it go and make it someone else's problem. Same, and I could fight that suit better than most.
|
|
#
?
May 18, 2016 00:40
|
|
|
Powered Descent posted:I don't know about easily, though of course only the spooks know for sure. then there's this http://packetstorm.foofus.com/papers/attack/jackin-tor.txt quote:[*] TOR exit node(s), with a reduced policy.
|
|
#
?
May 18, 2016 00:42
|
|
|
There have been various attacks on Tor users: - The CMU SEI / cancelled Black Hat talk took advantage of RELAY_EARLY cells to perform a traffic confirmation attack. This has been fixed - The watering-hole attack on Freedom Hosting exploited an already-patched vuln in Firefox 17 ESR. Users with an outdated Tor Browser Bundle were served a payload which attempted to phone home outside of Tor - The Operation Torpedo watering-hole attack took advantage of users whose browser settings automatically ran Flash embeds. This is not the default setting in the TBB. The payload was the old Metasploit decloaker - Tor is not designed to be safe against adversaries with a full view of the network. NSA/GCHQ have a sufficiently full view of the network to be able to perform statistical traffic analysis attacks In addition, use of Tor to access the normal internet (i.e. not hidden services) leaves you open to types of attack known to be used on the normal internet, like packet injection. In light of these points, you can help make your use of Tor safer in a few ways. Which are important depends on when and how you're using Tor. - Reduce your susceptibility to vulns by using the hardened build of TBB which is compiled with ASan. Take advantage of exploit mitigation techniques (e.g. grsec) and MAC (e.g. grsec rbac, apparmor) - Firewall yourself off so that non-Tor traffic cannot leak out and ensure these rules cannot easily be disabled. Tails and Qubes can do this automatically - Connect from someone else's network that cannot be linked to you easily
|
|
#
?
May 18, 2016 01:51
|
|
|
Cugel the Clever posted:How serious is this? Generally speaking, is it a reasonable assumption that other AV software is likely to have similar design and implementation flaws? Do other vendors do dumb poo poo like run things at ring0 that shouldn't be running there?
|
|
#
?
May 18, 2016 01:55
|
|
|
Mr Chips posted:Generally speaking, is it a reasonable assumption that other AV software is likely to have similar design and implementation flaws? Mr Chips posted:Do other vendors do dumb poo poo like run things at ring0 that shouldn't be running there? His suggestion regarding AV: https://twitter.com/taviso/status/647409908967604224 https://twitter.com/taviso/status/676799692936581120
|
|
#
?
May 18, 2016 02:07
|
|
|
Looks like LinkedIn database was leaked .. yay security! http://motherboard.vice.com/read/another-day-another-hack-117-million-linkedin-emails-and-password
|
|
#
?
May 18, 2016 14:04
|
|
|
Good, maybe someone will go clear out all my unread notifications.
|
|
#
?
May 18, 2016 14:55
|
|
|
Subjunctive posted:Good, maybe someone will go clear out all my unread notifications. Congratulate Joe Blow on his unemployment!
|
|
#
?
May 18, 2016 15:10
|
|
|
mAlfunkti0n posted:Looks like LinkedIn database was leaked .. yay security!
|
|
#
?
May 18, 2016 18:23
|
|
|
Wiggly Wayne DDS posted:They're claiming it's an additional cache from the 2012 breach Good point, somehow I missed that this morning. Guess that was before coffee.
|
|
#
?
May 18, 2016 20:17
|
|
|
Guy found a bank mobile app had a method that didn't check if the user actually had access to an account. This is the kind of stuff you would find in a Very Vulnerable Web App by OWASP where you think, "Who would actually program the application like this?". https://boris.in/blog/2016/the-bank-job/ The guy did a few very bad things that if he did in the states, he would be in federal prison. Things like using accounts not owned by him for tests (he did mention he used family accounts but that is not him) or threatening for some kind of bug bounty. Powered Descent posted:I don't know about easily, though of course only the spooks know for sure. Heard stories that investigations with a mission to track down and nail users trying to look up insidious sites like kiddie porn hosts that there were a good portion of users who would burn all creds as soon as they think anything is going funny. Things like the pages changing a bit, weird private messages they received, or even if they are being routed weirdly. Hard to pin down. But this does not stop from random Joe Smoe treating Tor like the internet and sees no cause for alarm in putting their real full names, addresses, or phones into a page if the site requests it. That is the type of user that keeps getting nailed because it's the lowest branch but with the difference a lot of people hang around that level. EVIL Gibson fucked around with this message at 21:56 on May 18, 2016 |
|
#
?
May 18, 2016 21:24
|
|
|
What is the thread's input on consumer-level firewall software solutions? Is firewall software on the whole more credible than anti-virus software? I've seen GlassWire recommended, but could use a second opinion. Unrelated: how about Zemana Anti-Logger? Edit: While I'm at it, I might as well inquire why the gently caress a Cisco Meraki MX64W would email my password to me in plain text upon creating a user on it? Cugel the Clever fucked around with this message at 23:00 on May 18, 2016 |
|
#
?
May 18, 2016 22:58
|
|
|
Cugel the Clever posted:Edit: While I'm at it, I might as well inquire why the gently caress a Cisco Meraki MX64W would email my password to me in plain text upon creating a user on it? A one-time use password, a one-time use token, a one-time use link - it's all the same thing. How else are they going to get the initial login credentials to users?
|
|
#
?
May 19, 2016 00:16
|
|
|
Cugel the Clever posted:What is the thread's input on consumer-level firewall software solutions? Is firewall software on the whole more credible than anti-virus software? I've seen GlassWire recommended, but could use a second opinion. Your OS already has a perfectly functional firewall (Unless you've turned it off and in that case turn it back on you dummy). That Zemana Anti-Logger software looks like snake-oil and is probably as equally ineffective as any other "internet security" software (And based off a quick Google search, just as vulnerable).
|
|
#
?
May 19, 2016 00:24
|
|
|
Sheep posted:A one-time use password, a one-time use token, a one-time use link - it's all the same thing. How else are they going to get the initial login credentials to users? cheese-cube posted:Your OS already has a perfectly functional firewall (Unless you've turned it off and in that case turn it back on you dummy).
|
|
#
?
May 19, 2016 01:22
|
|
|
Cugel the Clever posted:No--I entered my password on account creation and then it emailed it back to the address I provided. Isn't that particularly awful security policy? Yes.
|
|
#
?
May 19, 2016 01:58
|
|
|
Hey this is good news: http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
|
|
#
?
May 19, 2016 16:23
|
|
|
Mustache Ride posted:Hey this is good news: http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/ It is. There are not going to be many victims however who haven't either a) restored from backup b) paid ransom or c) accepted the loss of their files, AND kept their encrypted files around.
|
|
#
?
May 19, 2016 16:28
|
|
|
Cugel the Clever posted:Sounds good. Definitely haven't turned off my OS firewall--just curious about additional services that might augment things. Of course, each additional service is potentially an additional attack vector... The effectiveness of additional services entirely depends on where you're using the product. On your home network where your PC is behind NAT and you trust the internal network it's essentially useless.
|
|
#
?
May 19, 2016 16:32
|
|
|
Hi. I am looking to start using a vpn or a seedbox, for the reason I'd use a seedbox (that is, hosting my own personal files of course). Could someone tell me a recommended vpn/seedbox company? I feel like googling for it will give me a bad answer...
|
|
#
?
May 23, 2016 04:15
|
|
|
redreader posted:Hi. I am looking to start using a vpn or a seedbox, for the reason I'd use a seedbox (that is, hosting my own personal files of course). Could someone tell me a recommended vpn/seedbox company? I feel like googling for it will give me a bad answer... I don't (well, now, didn't) even know what a seedbox is, but I thought this was an interesting concern so I googled "best seedbox" and google said: WhatBox: 1TB space, 10 Gbit/s network, 10 British Pounds per month Feral Hosting: 60 GB space, 150 Mbps connection, $10 US per month Curious how bad of an answer that actually is.
|
|
#
?
May 23, 2016 04:25
|
|
|
redreader posted:Hi. I am looking to start using a vpn or a seedbox, for the reason I'd use a seedbox (that is, hosting my own personal files of course). Could someone tell me a recommended vpn/seedbox company? I feel like googling for it will give me a bad answer... Whatbox.ca has been good to me.
|
|
#
?
May 23, 2016 04:25
|
|
|
redreader posted:Hi. I am looking to start using a vpn or a seedbox, for the reason I'd use a seedbox (that is, hosting my own personal files of course). Could someone tell me a recommended vpn/seedbox company? I feel like googling for it will give me a bad answer... You're probably better off asking in the usenet thread. I know usenet is not torrents but some of us dabble in both over there. Unormal posted:I don't (well, now, didn't) even know what a seedbox is, but I thought this was an interesting concern so I googled "best seedbox" and google said: Seedboxes are private servers that you use to download and seed your linux iso files, of course. OP for what it's worth I've heard a lot about those two that he linked as well.
|
|
#
?
May 23, 2016 15:18
|
|
|
Cugel the Clever posted:No--I entered my password on account creation and then it emailed it back to the address I provided. Isn't that particularly awful security policy? To be specific, it means they are storing your password in the clear ready to become the next rock you.txt. doesn't sound like they are expecting you to change it like a normal one time use pass.
|
|
#
?
May 25, 2016 17:23
|
|
|
Goddamn, I'm sitting in a FireEye MVX presentation, and all I can here is "signature signature signature signature". When will these assholes learn that signatures aren't the answer?
|
|
#
?
May 26, 2016 00:27
|
|
|
Mustache Ride posted:FireEye found your problem
|
|
#
?
Jun 5, 2016 06:14
|
|
|
online friend posted:found your problem FireEye sure didn't
|
|
#
?
Jun 5, 2016 13:27
|
|
|
Subjunctive posted:FireEye sure didn't 
|
|
#
?
Jun 5, 2016 16:31
|
|
|
cheese-cube posted:The effectiveness of additional services entirely depends on where you're using the product. On your home network where your PC is behind NAT and you trust the internal network it's essentially useless. I disagree. An OS firewall that blocks/alerts you when a new process attempts an outbound connection (like LittleSnitch on OSX) is very valuable. I know GlassWire works for this use case, but who knows if you should trust it, give Tavis 20 minutes with it and we might find you introduced new attack surface. So basically just stop using Windows :-P.
|
|
#
?
Jun 5, 2016 18:06
|
|
|
PeppysDilz posted:I disagree. An OS firewall that blocks/alerts you when a new process attempts an outbound connection (like LittleSnitch on OSX) is very valuable. I know GlassWire works for this use case, but who knows if you should trust it, give Tavis 20 minutes with it and we might find you introduced new attack surface. So basically just stop using Windows :-P. The only time I tell people to stop using Windows is when they tell me they're too paranoid to use Bitlocker because "it's closed source".
|
|
#
?
Jun 5, 2016 18:45
|
|
|
OSI bean dip posted:The only time I tell people to stop using Windows is when they tell me they're too paranoid to use Bitlocker because "it's closed source". Of course they would step through the code if it was open .. if only they understood it. So they'll let someone else do it and hope they are trustworthy.
|
|
#
?
Jun 6, 2016 13:41
|
|
|
giving Tavis 20 minutes with a dot net GUI to Windows firewall will produce nothing bc that is all glasswire is. Also it's a joke that anyone pays attention to alerts from that or littlesnitch, malware will be injecting itself into processes that normally do network poo poo anyways. Daman fucked around with this message at 18:58 on Jun 6, 2016 |
|
#
?
Jun 6, 2016 18:56
|
|
|
Daman posted:giving Tavis 20 minutes with a dot net GUI to Windows firewall will produce nothing bc that is all glasswire is. The browser is the obvious target as it's likely to be fully whitelisted, but if Overwatch started trying to connect to my-first-c2-server.totallylegit.net then yeah I'd probably notice Little Snitch's warning.
|
|
#
?
Jun 6, 2016 19:14
|
|
|
I made this during a vendor meeting today. For you
|
|
#
?
Jun 7, 2016 19:52
|
|
|
Surely 'compliance' and 'policy' should be in there somewhere
|
|
#
?
Jun 7, 2016 20:46
|
|
|
I'd also like "persistent" and "transparent". Maybe "patented".
|
|
#
?
Jun 7, 2016 20:47
|
|
|
|
| # ? May 10, 2024 16:30 |
|
|
not apt enough
|
|
#
?
Jun 7, 2016 20:53
|
|