|
anthonypants posted:libwww-perl byte compiled perl dependency hell, it's the closest i ever came to literally walking out the door to work on a farm and raise goats
|
# ? Jul 18, 2016 16:21 |
|
|
# ? Jun 6, 2024 16:41 |
|
https://twitter.com/mjg59/status/755062671418929152 https://twitter.com/mjg59/status/755064357671755776 edit: oh yeah, he started a patreon to review lovely iot devices for security holes: https://www.patreon.com/mjg59 Mr.Radar fucked around with this message at 17:26 on Jul 18, 2016 |
# ? Jul 18, 2016 17:06 |
|
Mr.Radar posted:https://twitter.com/mjg59/status/755062671418929152 yessss
|
# ? Jul 18, 2016 17:14 |
|
Mr.Radar posted:https://twitter.com/mjg59/status/755062671418929152 rad. thanks, Linux.
|
# ? Jul 18, 2016 17:17 |
|
Shaggar posted:rad. thanks, Linux. don't worry libupnp runs on wandows too and i'm betting is compiled into lots of cross-platform stuff
|
# ? Jul 18, 2016 17:26 |
|
yes it was sarcasm. its linuxes fault that this will affect windows users.
|
# ? Jul 18, 2016 17:32 |
|
Shaggar posted:yes it was sarcasm. its linuxes fault that this will affect windows users. Thats Our Shaggar! :iamafag:
|
# ? Jul 18, 2016 17:58 |
|
also there are bound to be lots of affected linuxes lurking in places innocent users never expect like toasters or fridges
|
# ? Jul 18, 2016 18:00 |
|
speaking of fridges, a friend of mine is working on an internet of thing, and today he found out the process of getting said thing connected to your psk wpa2 wifi: 1. install app on phone 2. connect phone to desired wifi, hit "connect" button in said app 3. thing is now connected to wifi. the trick for this working is: your phone sends random data to your AP that is the exactly correct length, for the duration 802.11 header to spell out your password to the IoT device, prepended by the magic number that signals the start. you absolutely cannot make this poo poo up
|
# ? Jul 18, 2016 18:28 |
|
Truga posted:speaking of fridges, a friend of mine is working on an internet of thing, and today he found out the process of getting said thing connected to your psk wpa2 wifi: Jesus loving Christ. Where do these loving idiots come from? My FIRST embedded device was WiFi enabled and I just had it puke out a SSID that you had to connect to and then change the credentials from the web interface. Why is that so hard for these morons to do? Whenever I see a product say "to setup, download our App" I don't buy it and write it off as dumpster-fire garbage.
|
# ? Jul 18, 2016 18:34 |
|
iot poo poo is aimed for the end user, you can't tell them to just connect this box and then log into it and holy poo poo what my brain is melting this other device that does the same thing from the competing company has "install app, everything works" at least, that's what I think the thinking behind it is. said friend is still in shock
|
# ? Jul 18, 2016 18:41 |
|
Yes it's all for "user experience". There's this wifi camera made by Amcrest that my coworker bought. It does crazy side-channel poo poo to get onto your wifi network too, possibly the same as mentioned above. Edit: I think this system of connecting to an end-user's home network was created by TI.
|
# ? Jul 18, 2016 18:44 |
|
meatpotato posted:Yes it's all for "user experience". The one I'm familiar with from TI's IoT stuff is SimpleLink, and it certainly doesn't do it this way, although it could be implemented somehow reading raw packets
|
# ? Jul 18, 2016 19:20 |
|
Parallel Paraplegic posted:don't worry libupnp runs on wandows too and i'm betting is compiled into lots of cross-platform stuff doubt it, windows already has a upnp service
|
# ? Jul 18, 2016 19:34 |
|
I think he means like 3rd party junkware like failfox that uses its own busted libs instead of the system
|
# ? Jul 18, 2016 19:43 |
|
hackbunny posted:doubt it, windows already has a upnp service I doubt cross platform programs that use libupnp everywhere else are rewritten specifically for Windows. I mean I'm sure a few switch the deps out at compile time but probably not most.
|
# ? Jul 18, 2016 21:14 |
|
Parallel Paraplegic posted:I doubt cross platform programs that use libupnp everywhere else are rewritten specifically for Windows. I mean I'm sure a few switch the deps out at compile time but probably not most. I know little about upnp (it's, like, xml over multicast http, right?), but it sounds like the vulnerability is in the server side of the protocol. being multicast i.e. datagram of course client endpoints can receive packets from anywhere, what I don't know is, do clients expect and process requests?
|
# ? Jul 18, 2016 22:02 |
|
Truga posted:https://httpoxy.org/ Lol this is one and a half years old
|
# ? Jul 18, 2016 22:40 |
|
spankmeister posted:Lol this is one and a half years old
|
# ? Jul 18, 2016 22:52 |
|
|
# ? Jul 18, 2016 22:56 |
|
LOL!
|
# ? Jul 18, 2016 22:56 |
|
half secfuck, half need an opinion we have a remote office that's outside of any domain or network auth, for all intents and purposes it's it infrastructure is completely seperate we need to print a report over there every morning, so some genius decided to whack the ids & firewall enough times on the head that i let pretty much anything come in on port 9100 straight through the dmz and into an accounting box we put an end to that poo poo the minute we heard about it now, the original need is still there, we need to remote print a thing am i wrong in thinking that a fax is needs suiting here?
|
# ? Jul 18, 2016 23:57 |
|
surebet posted:half secfuck, half need an opinion is sftp an option? edit maybe not to inside the dmz
|
# ? Jul 19, 2016 00:07 |
|
i'm seriously not finding anything as simple and stupid proof as a fax, especially since all it involves is wrenching a voip line to one of the computer on my end
|
# ? Jul 19, 2016 00:14 |
|
surebet posted:half secfuck, half need an opinion set up a vpn tunnel and print thru the tunnel
|
# ? Jul 19, 2016 00:17 |
|
Shaggar posted:set up a vpn tunnel and print thru the tunnel
|
# ? Jul 19, 2016 00:35 |
|
or email the report as a pdf which is probably more useful to them anyway. they can still print it out if they need to
|
# ? Jul 19, 2016 00:38 |
|
in most contexts pdf over email would be best, but this needs to print on the production floor, everything is still pen to paper over there it was routed through accounting because the printer is there
|
# ? Jul 19, 2016 00:41 |
|
surebet posted:everything is still pen to paper over there are you sending documents back in time or something? have you tried a teletype?
|
# ? Jul 19, 2016 00:45 |
|
Shaggar posted:or email the report as a pdf which is probably more useful to them anyway. they can still print it out if they need to Hate to say it but this is probably the real solution. If it has to be raw data to a server, VPN.
|
# ? Jul 19, 2016 00:46 |
|
YeOldeButchere posted:are you sending documents back in time or something? faxes are very well and alive in tyool 2016 they've been the bane of my existence, i figure it's time i inflict them on other people
|
# ? Jul 19, 2016 00:54 |
|
we still fax a lot of doctors offices cause they cant deal w/ secure transport mechanisms
|
# ? Jul 19, 2016 00:58 |
|
gently caress fax fux
|
# ? Jul 19, 2016 01:25 |
|
Shaggar posted:we still fax a lot of doctors offices cause they cant deal w/ secure transport mechanisms the funny part is faxes aren't secure either unless you get encrypting fax machines, which your standard commodity devices are not. Oh well!
|
# ? Jul 19, 2016 03:17 |
|
yeah they're grandfathered in under hipaa. some larger hospital groups have "banned" their use tho
|
# ? Jul 19, 2016 03:18 |
|
can you not scp the file to a server on the other domain and then set up a cron job to scan for new files and print them automatically?
|
# ? Jul 19, 2016 03:42 |
|
Ur Getting Fatter posted:can you not scp the file to a server on the other domain and then set up a cron job to scan for new files and print them automatically? there are two standards for fax-over-ip, t.37 and t.38 you basically just described encrypted t.37 (nobody uses either standand)
|
# ? Jul 19, 2016 05:05 |
|
whoa cool how am i the first person to post the dumbest juniper cve veverquote:When a peer device presents a self-signed certificate as its end entity certificate with its issuer name matching one of the valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate is treated as valid. This may allow an attacker to generate a specially crafted self-signed certificate and bypass certificate validation. https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1280
|
# ? Jul 19, 2016 05:06 |
|
Notorious b.s.d. posted:whoa cool how am i the first person to post the dumbest juniper cve vever Rooney McNibnug posted:https://twitter.com/kennwhite/status/753935420149395456 same thing, yea?
|
# ? Jul 19, 2016 05:14 |
|
|
# ? Jun 6, 2024 16:41 |
|
Notorious b.s.d. posted:whoa cool how am i the first person to post the dumbest juniper cve vever dont quit your b.s.day job
|
# ? Jul 19, 2016 06:09 |