|
BangersInMyKnickers posted:I doubt AV RCEs are going to be a serious risk for home/personal computers. There's enough fragmentation in the market that you're not going to get consistent payload deployment like going after the OS/browser/plugin trifecta and releasing an exploit through spam or ad channels is going to get it picked up on by the vendors quickly and a hotfix is going to get thrown in to their update channel and distributed to virtually all the endpoints inside a day or two. That's a whole lot of effort developing the payload for an RCE only to immediately bring yourself under heavy scrutiny and have your ingress cut off and your payload wiped in the next definition push. Government and corps should definitely be concerned since it will be worth the attacker's effort and the limiting targeting means you're more likely to go completely unnoticed and keep a permanent presence on their network. Fragmentation makes it less effective but OSes are improving greatly and AV is not, it's only going to get worse. The cost of a chrome exploit is less than an exploit in some lovely AV that injects stuff into chrome. Then again if you're going for maximum machine count you just ignore personal devices all together and make a botnet of lovely iot devices.
|
# ? Jan 27, 2017 22:26 |
|
|
# ? May 22, 2024 17:08 |
|
when you talk about this stuff irl do you spell out "hgrghk" or make guttural sounds every time it comes up
|
# ? Jan 27, 2017 22:57 |
|
as someone not in the biz and just runs defender/mse and doesn't worry about it, it comes down to "well that's how we always done it" with never actually doing any critical thinking on it. even if they did, then you have to overcome the hurdle of "are you calling me wrong!?" because that's the worst and most offensive thing to these people. exploits comes down to whatever is the easiest vector of attack. java, flash, internet explorer, etc. then you try to square the circle of traditional av software not actually protecting against new and exciting exploits; why are you keeping it around? "well because we always have! my personal favorite is _______!" meanwhile, drive by exploits are firing off via advertising networks because grandma doesn't have an ad blocker and grandma is now part of a botnet. there's definitely a surface area to attack for anti virus software, probably similar to plcs being exploited; limited in scope but hyper focused. it comes down to recognizing that av catches the lowest common denominator garbage, so how about use the one that isn't hijacking certificates and working against browser memory address space obfuscation routines.
|
# ? Jan 27, 2017 23:05 |
|
I'm just gonna have her use this Office 365 encrypted portal thing. It would be cool to, in steps, roll out PKI for encryption and then later work on sender verification and yadda yadda but I'll save all that for another day.Powaqoatse posted:send the PII via rfc1097 & go all manchurian candidate I had to look this one up.
|
# ? Jan 27, 2017 23:23 |
|
I guess it depends a lot on what you're protecting. If you're talking about a large business that may be subject to sophisticated and targeted attacks that's one thing, but if you're talking about a small to medium business your biggest worry isn't some obscure AV exploit being used because the attacker analysed your network, it's some idiot executing a 12 month old ransomware attachment and that poo poo will get caught by an up to date antivirus. Big name AV seems to be garbage but I wouldn't personally recommend against using AV on business machines because nobody is getting infected with 0-day poo poo in that environment anyway.
|
# ? Jan 27, 2017 23:25 |
|
ErIog posted:This is implementation dependent SMS* supports 140 bytes. 160 chars is possible, but you have to encode as 7-bit chars to do so.
|
# ? Jan 27, 2017 23:30 |
|
Chalks posted:I guess it depends a lot on what you're protecting. If you're talking about a large business that may be subject to sophisticated and targeted attacks that's one thing, but if you're talking about a small to medium business your biggest worry isn't some obscure AV exploit being used because the attacker analysed your network, it's some idiot executing a 12 month old ransomware attachment and that poo poo will get caught by an up to date antivirus. Big name AV seems to be garbage but I wouldn't personally recommend against using AV on business machines because nobody is getting infected with 0-day poo poo in that environment anyway. OSI bean dip posted:av is dead because it's worthless; install windows 10 and use the av that it comes with or use a mac there is absolutely no reason to use third party av
|
# ? Jan 27, 2017 23:34 |
|
OSI bean dip posted:there is absolutely no reason to use third party av It's not specifically my area but we use Microsoft Intune - does that count as third party? I assume the main benefits are centralised monitoring and control so that you actually get told about users trying to execute viruses on the system, but I can't say I'm an expert in Microsoft AV features.
|
# ? Jan 27, 2017 23:40 |
|
Hed posted:I'm just gonna have her use this Office 365 encrypted portal thing. It would be cool to, in steps, roll out PKI for encryption and then later work on sender verification and yadda yadda but I'll save all that for another day. me too im just joking around sorry that nobody cares about your question
|
# ? Jan 27, 2017 23:45 |
|
Chalks posted:It's not specifically my area but we use Microsoft Intune - does that count as third party? I assume the main benefits are centralised monitoring and control so that you actually get told about users trying to execute viruses on the system, but I can't say I'm an expert in Microsoft AV features. that's just a device manager. it doesn't change anything about what is running on the desktop
|
# ? Jan 27, 2017 23:49 |
|
Hed posted:I'm just gonna have her use this Office 365 encrypted portal thing. It would be cool to, in steps, roll out PKI for encryption and then later work on sender verification and yadda yadda but I'll save all that for another day.
|
# ? Jan 27, 2017 23:54 |
|
anthonypants posted:people are way too stupid to open that attachment oh my god you work in heaven
|
# ? Jan 27, 2017 23:57 |
|
why would you put a link in an attachment microsoft, why would you put anything in a loving attachment, what is wrong with you do you want people to open random attachments from not-people
|
# ? Jan 28, 2017 00:28 |
|
hello this is windows support team please windows r
|
# ? Jan 28, 2017 00:52 |
|
anthonypants posted:how many bits are ascii characters encoded with the GSM 7 bit character set for SMS is not the same as the ASCII 7 bit character set the basic 26 english letters stay in the same places, as does some punctuation, but others move and most of the control codes get fully replaced by symbols of some sort or are shifted about there's also the need to use various combinations with the escape code to represent more needed characters for certain languages or punctuation
|
# ? Jan 28, 2017 01:25 |
|
i'm http://fishmech.net
|
# ? Jan 28, 2017 01:30 |
|
fishmech posted:the GSM 7 bit character set for SMS is not the same as the ASCII 7 bit character set
|
# ? Jan 28, 2017 01:36 |
|
lol i got some sticker label sheets and went to the vendor's website to get their template for word to print on em' and I hit download and it gives me... code:
e: oh good just using unzip on that exe lets me get at its guts without actually having to run it, well at least that's nice of them e2: and of course, there is actually no template at all in this exe, why did i even expect there would be one. there are a bunch of suspicious html and javascript files for some reason though... Shame Boy fucked around with this message at 01:59 on Jan 28, 2017 |
# ? Jan 28, 2017 01:56 |
|
the javascript and html files are accessing and modifying the registry directly somehow is this normal, do things do this bullshit now I haven't looked at installers in years
|
# ? Jan 28, 2017 02:02 |
|
anthonypants posted:i had the hardest time trying to get our customers to use the office 365 secure mail portal, because the link to the encrypted portal is inside of an attachment, and people are way too stupid to open that attachment. so we went with mimecast. mimecast is pretty good thanks! yeah that part worries me because I clicked it once loving around and it was like "download and run to access your document! " and I thought it was kinda awkward. I'll take a look at mimecast!
|
# ? Jan 28, 2017 02:11 |
|
ate all the Oreos posted:the javascript and html files are accessing and modifying the registry directly somehow windows has a javascript dialect that's intended to be used for scripting and has APIs for loving with the registry. obviously it doesn't work from the browser
|
# ? Jan 28, 2017 02:13 |
|
ate all the Oreos posted:the javascript and html files are accessing and modifying the registry directly somehow Uh like a script from the website while viewing the page or a javascript packaged with the installer? Windows does provide an API for java/ECMAscript where you can do system-y type stuff like that. E: beaten, but I only know this because I had to analyze some malware that was dropping javascript into a scheduled task to do persistence.
|
# ? Jan 28, 2017 02:15 |
|
It's not that windows scripting thing, I dug around more and it's a .Net application that basically just opens a window with an embedded WebBrowser control that loads the included HTML pages and lets it access a bunch of system-level objects to play with in javascript land, then it does all the scary installer poo poo directly from within the browser instance because why not. As far as I can tell it's not downloading and executing any other javascript from the internet so it's probably fine but I didn't actually look into it that far
|
# ? Jan 28, 2017 02:54 |
|
vOv posted:windows has a javascript dialect that's intended to be used for scripting and has APIs for loving with the registry. what the hell???? vOv posted:obviously it doesn't work from the browser thank god. also, are you sure there's not a weird edge case?
|
# ? Jan 28, 2017 02:58 |
|
ate all the Oreos posted:It's not that windows scripting thing, I dug around more and it's a .Net application that basically just opens a window with an embedded WebBrowser control that loads the included HTML pages and lets it access a bunch of system-level objects to play with in javascript land, then it does all the scary installer poo poo directly from within the browser instance because why not. theres a video that i cant find right now with the adobe flash installer where dude just drags a link onto the progress bar, and it just loads the webpage?!; apparently its just a webview its super hard for me to understand how you can write a native wrapper around your lovely fetch script & then instead of taking the 5 minutes to implement a native progress bar, you make a webview and implement it in idk javascript i guess? like thats being militantly ignorant. it probably took exactly as long to figure out how to implement a webview as it did how to implement a progress bar
|
# ? Jan 28, 2017 03:02 |
|
it's surprising how common that is going back into the days of xp i used the security settings to nearly completely disable internet explorer and it can break a lot of those kinds of programs also a lot of programs use it to display ads so you get to miss all the ads they show in video card driver update installers
|
# ? Jan 28, 2017 03:17 |
|
there are a lot of devs that know html/javascript, and it's pretty much the only thing designers know. if you're a rando lovely PUP distributor you probably don't want to pay the big bux for someone who knows what they're doing so you just get a barebones babby's first C# program, or a pre-existing solution, or something like that and do the rest in JS
|
# ? Jan 28, 2017 03:41 |
|
i guess just, even from my first coding job, when i got a task id just try to look into other ways of doing it. especially ways that could improve my knowledge or skills.. i mean why not? i didnt tell my lovely boss, but it just seems weird that absolutely none of them seems to have told whoever contracted out the installer that theyre being an idiot actually thats the real problem. why is were they using a weird installer instead of just the built-in installer.app? for a while you could just show package contents and the installer .pkg was there so you could skip the lovely UI, but they "fixed" at some point i think installer.app even lets you put a huge graphic all over the interface, so the only reasons to roll you own is: i want more vulnerabilities and/or i want it to be less idiomatic
|
# ? Jan 28, 2017 03:54 |
|
Powaqoatse posted:just, even from my first coding job, when i got a task id just try to look into other ways of doing it. especially ways that could improve my knowledge or skills.. i mean why not? because you presumably like what you do and/or care about doing it well. presumably the people who do not wind up making PUP
|
# ? Jan 28, 2017 04:19 |
|
ate all the Oreos posted:because you presumably like what you do and/or care about doing it well. presumably the people who do not wind up making PUP well yea i just assumed that there'd be dozens of people on it cause it was lovely for years but changed in subtle ways
|
# ? Jan 28, 2017 04:35 |
|
please call things what they are, instead of giving in and using the sanitized name that the makers of that crap want you to use.
|
# ? Jan 28, 2017 05:02 |
|
Jabor posted:please call things what they are, instead of giving in and using the sanitized name that the makers of that crap want you to use. i am indeed calling it what it is
|
# ? Jan 28, 2017 05:07 |
|
Powaqoatse posted:theres a video that i cant find right now with the adobe flash installer where dude just drags a link onto the progress bar, and it just loads the webpage?!; apparently its just a webview i believe it was one of this thread's earlier incarnations that taught me about the HP printers that used to require Apache Tomcat for the control panel edit: quote:Printing System Late-breaking Readme http://whp-aus2.cold.extweb.hp.com/pub/printers/software/lj1150lbreadme-en.txt Pikavangelist fucked around with this message at 05:14 on Jan 28, 2017 |
# ? Jan 28, 2017 05:10 |
|
for the record I call it malware or adware or bloatware or shitware usually but this is funny internet forum and I like the way SMELLS LIKE PUP sounds
|
# ? Jan 28, 2017 05:12 |
|
ate all the Oreos posted:i am indeed calling it what it is
|
# ? Jan 28, 2017 08:51 |
|
ate all the Oreos posted:for the record I call it malware or adware or bloatware or shitware usually but this is funny internet forum and I like the way SMELLS LIKE PUP sounds secondin what the hell is 3rdparty poo poo doing on anybdys computer.
|
# ? Jan 28, 2017 08:52 |
|
ate all the Oreos posted:lol i got some sticker label sheets and went to the vendor's website to get their template for word to print on em' and I hit download and it gives me... i don't know if you know but if it's a common label size, a template exists in word already. mailings tab, then select your avery 42069 template and you're d o n e
|
# ? Jan 28, 2017 09:27 |
|
Wild EEPROM posted:i don't know if you know but if it's a common label size, a template exists in word already. i seem to remember doing that last time i used these labels and the Word template was like, slightly off and ruined a sheet but w/e i probably hosed it up somehow turns out the site just has a direct download of the template that i totally missed because you have to select a radio box that's got grey text next to it and looks disabled
|
# ? Jan 28, 2017 09:40 |
|
you just downloaded a bunch of malware good job
|
# ? Jan 28, 2017 11:04 |
|
|
# ? May 22, 2024 17:08 |
|
ate all the Oreos posted:i seem to remember doing that last time i used these labels and the Word template was like, slightly off and ruined a sheet but w/e i probably hosed it up somehow Printers are a nightmare and labels doubly so because suddenly you start to have expectations down to some handful of milimeters about where stuff is going to be. Anybody who can print on new labels first time without wasting a sheet is a god drat wizard that is probably lying to cover up the fact that they actually wasted 3 sheets. In conclusion, gently caress printing. ErIog fucked around with this message at 12:08 on Jan 28, 2017 |
# ? Jan 28, 2017 11:32 |