|
LeftistMuslimObama posted:if i put my cell phone in my carry-on but leave the battery and charger in my checked luggage do you think that's enough for them to just say gently caress it? i'm genuinely concerned about returning from my trip because as a trans woman i get enough poo poo just from normal tsa for setting off their dumb body scanner. i don't even want to know what the dedicated hillbillies in cbp would do to me. just let them look through your poo poo unless you have something to hide, citizen
|
#
?
Feb 13, 2017 05:54
|
|
|
|
| # ? May 17, 2024 20:29 |
|
|
OSI bean dip posted:Shut up Meat Beat Agent posted:car go bep bep quote this if you agree click here to talk about your political bullshit still. I want to see secfucks. thank you.
|
|
#
?
Feb 13, 2017 05:57
|
|
|
Meat Beat Agent posted:car go bep bep quote this if you agree
|
|
#
?
Feb 13, 2017 05:59
|
|
|
Meat Beat Agent posted:car go bep bep quote this if you agree bep bep indeed.
|
|
#
?
Feb 13, 2017 06:07
|
|
|
ate all the Oreos posted:just let them look through your poo poo unless you have something to hide, citizen better yet ask a lawyer or legal defense organization and not some random forum Midjack posted:boy howdy i sure am enjoying watching this chicken get hosed I just wanted to add schindler's list but instead of schindler it's a regular guy: "herr schindler these don't look qualified workers to me!" "welp the gig's up, ship them off to the ovens" *spends rest of war in mansion catching up to favorite radio dramas* "laut lachen that schlemiel what a character" hackbunny fucked around with this message at 06:10 on Feb 13, 2017 |
|
#
?
Feb 13, 2017 06:08
|
|
|
I'll close this thread if this D&D stuff continues.
|
|
#
?
Feb 13, 2017 06:22
|
|
|
LMO imo it's perfectly reasonable that a trans person would close their social media profiles. I'm sure you can think of more than a few events in recent memory that could have made you realistically do it. maybe you'll actually do it for real 
|
|
#
?
Feb 13, 2017 06:28
|
|
|
OSI bean dip posted:I'll close this thread if this D&D stuff continues. protecting your info against customs agents seems perfectly in line with this thread imo
|
|
#
?
Feb 13, 2017 06:59
|
|
|
the only qualified statement we can make about it is that we aren't qualified to make statements about it, though
|
|
#
?
Feb 13, 2017 07:04
|
|
|
Meat Beat Agent posted:car go bep bep quote this if you agree
|
|
#
?
Feb 13, 2017 07:05
|
|
|
hackbunny posted:the only qualified statement we can make about it is that we aren't qualified to make statements about it, though Jesus, shut the gently caress up. You're gonna get the thread closed. Go to D&D and masturbate about laws and civil resistance there.
|
|
#
?
Feb 13, 2017 07:15
|
|
|
Meat Beat Agent posted:car go bep bep quote this if you agree Sorry I'm in a lovely argumentative mood
|
|
#
?
Feb 13, 2017 07:30
|
|
|
bep bep secfuck car question: other than that jeep thing from a couple years back, have there been any reports of internet connected vehicles being hacked? teslas are basically just a bunch of networked ubuntu vms, and i'd be curious to know if gm onstar systems are meaningfully firewalled from the ecu in any way
|
|
#
?
Feb 13, 2017 07:36
|
|
|
flosofl posted:Jesus, shut the gently caress up. You're gonna get the thread closed. Oh no
|
|
#
?
Feb 13, 2017 07:49
|
|
|
infernal machines posted:teslas are basically just a bunch of networked ubuntu vms, and i'd be curious to know if gm onstar systems are meaningfully firewalled from the ecu in any way i was a kid when onstar came out. i didn't know anything about bep bep security then, but i remember seeing the tv ads and being really creeped out that some office drone can see where your car is and unlock the doors and everything why yes, i am typing this post from my smartphone
|
|
#
?
Feb 13, 2017 08:24
|
|
|
work secfuck: we've just discovered that one of our EPCs is "sharing" data with us from an SMB share that's exposed to the internet. it appears they've at least configured fw policies to only allow connections from our main static NAT IP but loving lmao
|
|
#
?
Feb 13, 2017 08:48
|
|
|
HOLY gently caress found a batch file in there which maps a drive for installing crystal reports and the batch file has a username + password right there in plain text. lol this is hilarious edit: lol found another batch file with sqlcmd lines in it, both have username + password in the clear. it looks like they have an MS SQL DB instance on this same IP laffo Pile Of Garbage fucked around with this message at 09:00 on Feb 13, 2017 |
|
#
?
Feb 13, 2017 08:54
|
|
|
i've worked with a company that supplies pos solutions to grocery chains. their standard builds for both POS and admin terminals disable UAC and store the system admin password in the registry. all the first run batch scripts they use to prep the image also ship on the PCs and are not removed, passwords for the system and the POS apps are hardcoded and appear to be the same for each client. once they sent me the IPs and VPN keys for an unrelated client while trying to figure out how to configure a secure VPN tunnel. a tunnel to an otherwise open network in a retail store, with apparently no firewall rules to block connections on their end to other clients. they claim PCI compliance
|
|
#
?
Feb 13, 2017 09:15
|
|
|
pure complicit incompetence
|
|
#
?
Feb 13, 2017 09:46
|
|
|
flosofl posted:Jesus, shut the gently caress up. You're gonna get the thread closed. Go to D&D and masturbate about laws and civil resistance there. enrique, my salts! not a closed thread nooo 😱
|
|
#
?
Feb 13, 2017 10:00
|
|
|
reee im also pissy manedge of a child, no mods no masters reeee now, how about we talk about vulns in computers, rather than sapience
|
|
#
?
Feb 13, 2017 10:05
|
|
|
another iot botnet, a smaller one - http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-sneak-peek_xg_en.pdf
|
|
#
?
Feb 13, 2017 10:06
|
|
|
flosofl posted:Jesus, shut the gently caress up. You're gonna get the thread closed. Go to D&D and masturbate about laws and civil resistance there. Oh no! off topic posts, in yospos ? aaaaaaaah !
|
|
#
?
Feb 13, 2017 10:17
|
|
|
ahmeni solve the puzzle to rerail the thread tia
|
|
#
?
Feb 13, 2017 10:28
|
|
|
Meat Beat Agent posted:car go bep bep quote this if you agree
|
|
#
?
Feb 13, 2017 12:42
|
|
|
v13.3: seafood related dns
|
|
#
?
Feb 13, 2017 13:34
|
|
|
LeftistMuslimObama posted:if i put my cell phone in my carry-on but leave the battery and charger in my checked luggage do you think that's enough for them to just say gently caress it? i'm genuinely concerned about returning from my trip because as a trans woman i get enough poo poo just from normal tsa for setting off their dumb body scanner. i don't even want to know what the dedicated hillbillies in cbp would do to me. you can be turned away at the US border if you have any device you cannot boot in front of them when they demand so. SFDC (my employer) currently has measures that go "don't comply, call us, we'll give you a lawyer" but that still sounds like a lovely ordeal. -- To make sure this is on topic, I've been reading a few books lately, such as the greyhat one and the No Starch hacking book. So far they all seem to turn off all kinds of stack protection in there. Is it because this poo poo is too hard for noobs and they want a simple thing or because stack protection/randomization is really useful in practice?
|
|
#
?
Feb 13, 2017 13:48
|
|
|
stack protection, aslr etc. force you to start from advanced* techniques like heap spraying, rop, etc. if you disable them you can approach binary exploitation from the basics, like return address overwrite. it's good for teaching
|
|
#
?
Feb 13, 2017 13:55
|
|
|
in general i'd expect good pedagogy for teaching hacking to start with "here's how we used to break stuff back in the day", because the fundamentals of getting control flow out-of-the-expected-path-somehow are still pretty much the same. then once you've mastered the basics it moves on to "here's what people came up with to make these things harder, and here are the more advanced techniques we use to defeat that and gain control anyway" so first you introduce stack protection, and then start talking about finding rop gadgets. then you start talking about aslr, and then about the common ways it gets hosed up (lookin' at you av-injecting-a-dll-at-a-known-location-in-every-process) or how you can get a process to leak address layout information in order to get an exploit through it. stuff like that.
|
|
#
?
Feb 13, 2017 14:03
|
|
|
cheese-cube posted:work secfuck: we've just discovered that one of our EPCs is "sharing" data with us from an SMB share that's exposed to the internet. it appears they've at least configured fw policies to only allow connections from our main static NAT IP but loving lmao is IP spoofing a thing? I've never looked into it. (yes I know there's a million reasons why having poo poo exposed directly to the internet even with IP restrictions is a bad idea, I'm just curious if it's an actual avenue of attack)
|
|
#
?
Feb 13, 2017 14:15
|
|
|
bgp hijacking is a pretty well-known attack, and it's pretty hard to detect unless you have a high-level view and are explicitly looking out for it. it's a bit out of reach of most rando hackers though, since you need to be in at least a somewhat privileged position on the internet to do it. but if, say, you're the turkish government and you want to censor certain dns queries, you might set up a server you control and have it claim to be 8.8.8.8. or if you're the nsa and you want to spy on domestic communications with less worry about that niggling "leave domestic spying to the cia" part of your mandate, you might set up a server in iceland that claims to be the best connection between two different locations in new york.
|
|
#
?
Feb 13, 2017 14:32
|
|
|
Meat Beat Agent posted:car go bep bep quote this if you agree bgp bgp
|
|
#
?
Feb 13, 2017 14:35
|
|
|
Jabor posted:in general i'd expect good pedagogy for teaching hacking to start with "here's how we used to break stuff back in the day", because the fundamentals of getting control flow out-of-the-expected-path-somehow are still pretty much the same. then once you've mastered the basics it moves on to "here's what people came up with to make these things harder, and here are the more advanced techniques we use to defeat that and gain control anyway" do operating systems provide all the advanced protections "for free" to older programs too, or do you need to use newer libraries/recompile the programs to take advantage of them. i'm just wondering if it's actually "back in the day" or can you still pop vulnerable software with the easy tricks if they haven't been changed in the last 15 years
|
|
#
?
Feb 13, 2017 15:22
|
|
|
you almost always need to recompile the program/libraries to make use of them, yeah. for example, you can't move stuff around in memory (for aslr) if the program is just going to read from 0x020000 and expect to find some particular data there - you can only really do aslr if the compiled program supports being moved to somewhere else in memory. same with stuff like making the stack non-executable - you can't exactly enable it if the program (as part of its normal function) copies bits of code to the stack and then executes it. basically, patch your poo poo
|
|
#
?
Feb 13, 2017 15:31
|
|
|
Jabor posted:you almost always need to recompile the program/libraries to make use of them, yeah. for example, you can't move stuff around in memory (for aslr) if the program is just going to read from 0x020000 and expect to find some particular data there - you can only really do aslr if the compiled program supports being moved to somewhere else in memory. same with stuff like making the stack non-executable - you can't exactly enable it if the program (as part of its normal function) copies bits of code to the stack and then executes it. 'being moved somewhere else in memory' is position-independent code right? (the -fPIC flag in gcc) at least that seems to be required for a lot of unrelated things so it's possible it's enabled anyway...
|
|
#
?
Feb 13, 2017 15:37
|
|
|
Shinku ABOOKEN posted:i hear a lot of people saying AD is real bad wrt cyber security It gives everyone in the directory read access to almost all objects (though not all attributes of all objects) which can be a HUGE pain in the rear end if you're dealing with title ix compliance and need to protect contact information for individuals. They do a pretty good job these days of locking down and protecting the things that need it from a technical security standpoint through and I don't really have any complaints.
|
|
#
?
Feb 13, 2017 15:45
|
|
|
ate all the Oreos posted:'being moved somewhere else in memory' is position-independent code right? (the -fPIC flag in gcc) at least that seems to be required for a lot of unrelated things so it's possible it's enabled anyway... only libraries are built with -fPIC, executables need to be built with -fPIE. so you can apply ASLR to all shared libraries with no change, but not the main executable. a lot of the mitigations can be partially applied when you mix old and new code, which isn't great but is better than nothing. have a fuckup: quote:Hi,
|
|
#
?
Feb 13, 2017 16:15
|
|
|
infernal machines posted:bep bep secfuck car question: other than that jeep thing from a couple years back, have there been any reports of internet connected vehicles being hacked? I think all the vendors have similar issues with the two networks converging at the head unit. Actual implementation of the vuln is going to vary by OEM but they all have the same potential and the only reasonable way around it I see is to do some kind of data diode on the canbus so the head unit only has read-access to that data and then move all the things that it should have full control over over to the network that onstar/whatever is on (engine start, windows, locks, headlights?). All the other ways I can think of would require breaking the canbus in to more, smaller networks or dropping some kind of monstrosity WAF between the head unit and the rest of the car. CANBUS and most of older industrial control protocols have zero security options built in but the good news is they're typically UDP or some manner of ACKless communication so diodes can be a reasonable solution because you typically do not need that feedback response after issuing a command. And its fairly trivial to generate a spoofed response on the diode for the things that you approve of.
|
|
#
?
Feb 13, 2017 16:29
|
|
|
I found out that the new mobile front end for our prod database is authing against an external kerberos target that the backend db is not aware of or configured to use. But they're "magically" mapping from this other credential source to the credentials stored in the db user table. Which means this loving idiotic application server has at minimum modify rights to the entire db with access to see practically everything on the backend if it is compromised. And nobody bothered to invite the loving SECURITY ADMINISTRATOR to do review on the product and they're already months in with this idiocy.
BangersInMyKnickers fucked around with this message at 16:39 on Feb 13, 2017 |
|
#
?
Feb 13, 2017 16:32
|
|
|
|
| # ? May 17, 2024 20:29 |
|
|
im updating the firmware on a point of sale system right now. the new firmware came in the form of a zip archive on some rando dropbox, and i upload it by running an anomalous bat file that, so far, has just printed an endless stream of periods to the console window
|
|
#
?
Feb 13, 2017 16:36
|
|