ate all the Oreos posted:im updating the firmware on a point of sale system right now. the new firmware came in the form of a zip archive on some rando dropbox, and i upload it by running an anomalous bat file that, so far, has just printed an endless stream of periods to the console window sounds like its working, op
|
|
# ? Feb 13, 2017 16:40 |
|
|
# ? May 17, 2024 01:57 |
|
ate all the Oreos posted:im updating the firmware on a point of sale system right now. the new firmware came in the form of a zip archive on some rando dropbox, and i upload it by running an anomalous bat file that, so far, has just printed an endless stream of periods to the console window the dot product of an attack vector
|
# ? Feb 13, 2017 16:42 |
|
This is fine. https://twitter.com/PabloTorre/status/831160445536964608
|
# ? Feb 13, 2017 16:46 |
|
lol i unplugged the loving thing and the dots didn't stop
|
# ? Feb 13, 2017 16:46 |
|
idk people know who the guy who holds the football is and have for a while, he's generally easy to spot or is the scary part that they found his facebook and he's being an idiot on his facebook? e: oh if you go up one tweet from the one that got embedded it's much more lol
|
# ? Feb 13, 2017 16:48 |
|
flakeloaf posted:the dot product of an attack vector
|
# ? Feb 13, 2017 16:49 |
|
ate all the Oreos posted:e: oh if you go up one tweet from the one that got embedded it's much more lol I feel like rando Mar-A-Lago members posting national security operations to social media in real-time might need to be addressed.
|
# ? Feb 13, 2017 16:52 |
|
lol i figured out how to get it to actually upload: you have to completely erase everything in its local storage, the entire OS, and then it enters download mode this device accepts goddamn credit cards
|
# ? Feb 13, 2017 16:59 |
|
oh hey it's checking signatures that's nice the signatures were included with the zip it uploaded so it's completely worthless but it's a nice try, good job e: the signatures failed lol e2: failed signatures did nothing, it kept right on going Shame Boy fucked around with this message at 17:06 on Feb 13, 2017 |
# ? Feb 13, 2017 17:01 |
|
what vendor? I mess with POS stuff sometimes
|
# ? Feb 13, 2017 17:08 |
|
wyoak posted:what vendor? I mess with POS stuff sometimes i don't really want to post the vendor publicly in case there's an NDA I don't know about that comes back to bite me in the rear end but suffice it to say it's VERy Interesting FOr someoNE like me
|
# ? Feb 13, 2017 17:14 |
|
VeriFone is fuckin everywhere that's terrifying.
|
# ? Feb 13, 2017 17:21 |
|
ok a bit more investigating and talking with them and the signing key is actually baked into the hardware and the reason those sigs failed is because they signed it with the wrong release key, and actual important functionality doesn't work without the sigs matching up, so it's actually not too bad
|
# ? Feb 13, 2017 17:52 |
|
that's actually quite reassuring
|
# ? Feb 13, 2017 17:53 |
im coming to your help, stuck post of subjunctive
|
|
# ? Feb 13, 2017 17:59 |
|
ate all the Oreos posted:ok a bit more investigating and talking with them and the signing key is actually baked into the hardware and the reason those sigs failed is because they signed it with the wrong release key, and actual important functionality doesn't work without the sigs matching up, so it's actually not too bad
|
# ? Feb 13, 2017 18:00 |
|
anthonypants posted:can you verify the file using the signatures included in the zip though i poked one with openssl and openssl didn't know what to do with it so who knows
|
# ? Feb 13, 2017 18:16 |
|
maybe it was just a hash of the file lol
|
# ? Feb 13, 2017 18:25 |
|
flakeloaf posted:the dot product of an attack vector
|
# ? Feb 13, 2017 19:02 |
|
ate all the Oreos posted:im updating the firmware on a point of sale system right now. the new firmware came in the form of a zip archive on some rando dropbox, and i upload it by running an anomalous bat file that, so far, has just printed an endless stream of periods to the console window
|
# ? Feb 13, 2017 19:30 |
|
we have ICS vendors who distribute zip files via box.com which contain unsigned firmware updates
|
# ? Feb 13, 2017 19:31 |
|
ate all the Oreos posted:oh hey it's checking signatures that's nice
|
# ? Feb 13, 2017 19:33 |
|
ate all the Oreos posted:lol i unplugged the loving thing and the dots didn't stop my router has a progress bar that's just updated via setTimeout
|
# ? Feb 13, 2017 19:38 |
|
i get that this isn't the place for it, but is there a thread we can use to talk about the ongoing comically terrifying opsec fuckups of the american administration? cause boy howdy there's a humdinger today.
|
# ? Feb 13, 2017 20:23 |
|
cinci zoo sniper posted:im coming to your help, stuck post of subjunctive thanks pal!
|
# ? Feb 13, 2017 20:25 |
|
infernal machines posted:i get that this isn't the place for it, but is there a thread we can use to talk about the ongoing comically terrifying opsec fuckups of the american administration? cause boy howdy there's a humdinger today. yeah someone start an opsec thread i don't want to get yelled at again (not me i don't start threads)
|
# ? Feb 13, 2017 20:43 |
|
infernal machines posted:i get that this isn't the place for it, but is there a thread we can use to talk about the ongoing comically terrifying opsec fuckups of the american administration? cause boy howdy there's a humdinger today. i would like a middle ground between this thread and D&D because i really don't want to go to D&D
|
# ? Feb 13, 2017 20:58 |
|
OSI bean dip posted:I'll close this thread if this D&D stuff continues. Alright, so as a constant lurky dude in this thread who actually enjoys some of the political-tech conversations but also understands the justification for asking people "GTFO to D&D" here, I'm gonna go ahead and take this into my own hands and create a thread for tech/political discussion poo poo over there now. OSI can slap people in the face with the link or something whenever somebody mentions "omg trump tweets" in here: https://forums.somethingawful.com/showthread.php?threadid=3809849
|
# ? Feb 13, 2017 21:11 |
|
i also did a thing: https://forums.somethingawful.com/showthread.php?threadid=3809850 race to see who gets gassed first
|
# ? Feb 13, 2017 21:13 |
|
Rooney McNibnug posted:Alright, so as a constant lurky dude in this thread who actually enjoys some of the political-tech conversations but also understands the justification for asking people "GTFO to D&D" here, I'm gonna go ahead and take this into my own hands and create a thread for tech/political discussion poo poo over there now. infernal machines posted:i get that this isn't the place for it, but is there a thread we can use to talk about the ongoing comically terrifying opsec fuckups of the american administration? cause boy howdy there's a humdinger today. Come hither, my dude.
|
# ? Feb 13, 2017 21:13 |
|
infernal machines posted:i also did a thing: https://forums.somethingawful.com/showthread.php?threadid=3809850 i like yours better because it's not in D&D so i can say funy computer things
|
# ? Feb 13, 2017 21:15 |
|
Rooney McNibnug posted:Come hitler, my dude.
|
# ? Feb 13, 2017 21:25 |
|
https://twitter.com/DKMatai/status/831250823757848576 loving rsa in a nutshell
|
# ? Feb 13, 2017 22:28 |
|
algorithms? why didn't i think of that!
|
# ? Feb 13, 2017 22:40 |
|
flakeloaf posted:bgp bgp watch out for IS-IS
|
# ? Feb 13, 2017 22:45 |
|
some bored college student hijacked his own campus' IoT devices and used them for a DDOS against said uni's DNS servers http://www.zdnet.com/article/how-iot-hackers-turned-a-universitys-network-against-itself/ quote:
Default credentials, as always
|
# ? Feb 13, 2017 22:50 |
|
Optimus_Rhyme posted:https://twitter.com/DKMatai/status/831250823757848576 what the poo poo has augmented reality got to do even a little bit with security? I guess a hacker could gently caress with your headset and make you puke?
|
# ? Feb 13, 2017 22:57 |
|
Deep Dish Fuckfest posted:algorithms? why didn't i think of that! "algorithms" is a buzzword for "squeezing blood from a
|
# ? Feb 13, 2017 23:03 |
|
COACHS SPORT BAR posted:some bored college student hijacked his own campus' IoT devices and used them for a DDOS against said uni's DNS servers at least the systems were discreet
|
# ? Feb 13, 2017 23:12 |
|
|
# ? May 17, 2024 01:57 |
|
keyword: #slingo
|
# ? Feb 13, 2017 23:14 |