|
Diva Cupcake posted:Don't use Tor, don't use Signal. this quote is from a section talking about rooting android phones, jesus
|
# ? Mar 7, 2017 16:09 |
|
|
# ? May 17, 2024 04:02 |
|
Meat Beat Agent posted:cloacaman don't sign your posts
|
# ? Mar 7, 2017 16:10 |
|
in real cia news, they're apparently the original creators of polarssl, now known as mbedssl and used in pretty much everything. e: also, siemens phones: these are super popular in european govt orgs. e2: lmfao quote:Files can be transferred to the phone via TFTP (don't forget to chmod a+x the file once it is transferred to the phone). i'm the (yes, execute) Truga fucked around with this message at 16:21 on Mar 7, 2017 |
# ? Mar 7, 2017 16:17 |
|
lmao this cia dump just reassures what everyone was already thinking. mods pls rename me to MaddeningWhispers https://wikileaks.org/ciav7p1/cms/page_11628893.html b0red fucked around with this message at 16:24 on Mar 7, 2017 |
# ? Mar 7, 2017 16:21 |
|
Loving Africa Chaps posted:It's probably because the NSA won't give the FBI any more exploits if they get burned all the time. At the moment they are prosecuting more cases they are having to drop with this exploit so it seems to be a sensible move if they feel it means more paedophiles end up in jail overall Judging by the Android section this is pretty old stuff
|
# ? Mar 7, 2017 16:24 |
|
apseudonym posted:Judging by the Android section this is pretty old stuff how old? i imagine that there is a lot of android 2.x use out there
|
# ? Mar 7, 2017 16:26 |
|
OSI bean dip posted:how old? i imagine that there is a lot of android 2.x use out there https://developer.android.com/about/dashboards/index.html not really. Given that they don't even mention anything newer than KK in any way maybe 2-3 years at best, all the devices they reference are also at least that old.
|
# ? Mar 7, 2017 16:36 |
|
https://wikileaks.org/ciav7p1/cms/page_17760284.html They will be distraught that this leaked https://wikileaks.org/ciav7p1/cms/page_14588483.html Also realised that some user's names that are redacted could be recovered from the copyright strings on this page: https://wikileaks.org/ciav7p1/cms/page_15728683.html
|
# ? Mar 7, 2017 16:37 |
|
fins posted:https://wikileaks.org/ciav7p1/cms/page_17760284.html
|
# ? Mar 7, 2017 16:40 |
|
fins posted:https://wikileaks.org/ciav7p1/cms/page_17760284.html lol that the CIA is the only organisation in the world that actually bothered to try and jailbreak the airport extreme
|
# ? Mar 7, 2017 16:40 |
|
i'm not clicking any of these links
|
# ? Mar 7, 2017 16:45 |
|
apseudonym posted:https://developer.android.com/about/dashboards/index.html not really. To play devil's advocate, this is only the numbers for devices that still contact the play store (iirc). All the garbage Chinese spin-offs that don't come with Google preloaded, or where the user isn't signed into a Google account (I ran into someone with a G1 a couple years back who never signed into a Google account on the device, and didn't realize that there was an app ecosystem) won't be counted in these numbers. It's a good graph for deciding what minimum API to support for your Dildo Auctioning app but less useful if you're a TLA.
|
# ? Mar 7, 2017 16:47 |
|
Volmarias posted:To play devil's advocate, this is only the numbers for devices that still contact the play store (iirc). All the garbage Chinese spin-offs that don't come with Google preloaded, or where the user isn't signed into a Google account (I ran into someone with a G1 a couple years back who never signed into a Google account on the device, and didn't realize that there was an app ecosystem) won't be counted in these numbers. If you're a TLA it depends on your targets, you're still going to be needing to attack flagships.
|
# ? Mar 7, 2017 17:00 |
|
bicycle posted:I;m guessing they used a different NIT for that one particular pedophile otherwise they're going to be dropping a LOT of cases. nah they just get all the people who can't afford a lawyer/say something dumb to the cops, and let the few rich pedos off the hook
|
# ? Mar 7, 2017 17:02 |
|
Is it OK for me to now till my own crypto? This is important
|
# ? Mar 7, 2017 17:16 |
|
Volmarias posted:Dildo Auctioning app Mods??????
|
# ? Mar 7, 2017 17:17 |
|
quote:YOSPOS > Security Fuckup Megathread - v13.3 - the s in iot stands for security
|
# ? Mar 7, 2017 17:19 |
|
Migishu posted:Is it OK for me to now till my own crypto? This is important so-called security "experts": don't roll your own crypto! ddon't roll your own crypto! duhhh.. download crypto from the internet like a goddamn skiddie, probably written by the cia me: i use my highly advanced cs knowledge and sophisticated understanding of the latest advances in mathematical research to "roll" my own nigh-unbreakable cryptographic algorithms that no attacker even knows about hth
|
# ? Mar 7, 2017 17:44 |
holy loving poo poo I'm just gonna move my entire loving life offline, gently caress this noise
|
|
# ? Mar 7, 2017 17:50 |
|
big scary monsters posted:so-called security "experts": don't roll your own crypto! ddon't roll your own crypto! duhhh.. download crypto from the internet like a goddamn skiddie, probably written by the cia did u know that AES, the industry standard internet security technology, was made BY THE NSA????
|
# ? Mar 7, 2017 17:51 |
|
apseudonym posted:https://developer.android.com/about/dashboards/index.html not really. this page only seems to have device updates up through July 2015, so you might not be far off.
|
# ? Mar 7, 2017 17:59 |
|
Pryor on Fire posted:holy loving poo poo Finally posting quality will improve.
|
# ? Mar 7, 2017 17:59 |
|
Shinku ABOOKEN posted:i'm not clicking any of these links
|
# ? Mar 7, 2017 18:00 |
|
Truga posted:in real cia news, they're apparently the original creators of polarssl, now known as mbedssl and used in pretty much everything. I glanced around for this and didn't see it, please tell me there's more in support of it than people misunderstanding "Building PolarSSL on Solaris x86 and SPARC"..?
|
# ? Mar 7, 2017 18:02 |
|
sorry, i was told that in irc, but then I went searching and found nothing and forgot to post in here about it. cia did not build polarssl, as far as i can tell.
|
# ? Mar 7, 2017 18:04 |
|
apseudonym posted:Judging by the Android section this is pretty old stuff https://twitter.com/matthew_d_green/status/839161256061857792
|
# ? Mar 7, 2017 18:11 |
|
yeah there's a page breaking down active iOS exploits and the latest version mentioned is iOS 9.2 (Dec 2015), and the main page blog post mentions that it came from 2016. I'm guessing a decent amount of this is actionable... this exploit is at least fixed, though: quote:WinterSky leaks the kernel address of the ipc_port struct of a user provided mach port.
|
# ? Mar 7, 2017 18:33 |
|
apseudonym posted:If you're a TLA it depends on your targets, you're still going to be needing to attack flagships. Sure, but the point was that the graph isn't necessarily representative of the actual demographics of Android in the world.
|
# ? Mar 7, 2017 18:48 |
|
time to slap stickers over the camera and mic of every piece of equipment you own
|
# ? Mar 7, 2017 19:03 |
|
it's an interesting look but there's not a lot of actionable data on specific exploits (outside of iOS), they've redacted all the parts with useful information per usual
|
# ? Mar 7, 2017 19:10 |
|
Wiggly Wayne DDS posted:it's an interesting look but there's not a lot of actionable data on specific exploits (outside of iOS), they've redacted all the parts with useful information per usual Yeah but the toolkit is circulating and now we're in the dumbest possible race to see if someone with a conscious forwards it to the appropriate parties before someone makes good use of it
|
# ? Mar 7, 2017 19:11 |
|
verifone was breached https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/ from the comments: Mark Jeanmougin posted:Please take down or modify the picture of the email that went to all VeriFone Employees. No sense in helping out spammers and phishers by showing them what their internal mails look like.
|
# ? Mar 7, 2017 19:27 |
|
Truga posted:sorry, i was told that in irc, but then I went searching and found nothing and forgot to post in here about it. cia did not build polarssl, as far as i can tell. Some guy working at Fox-IT in the Netherlands wrote PolarSSL as a fork from XySSL, not the cia lol.
|
# ? Mar 7, 2017 19:29 |
|
Our current product only does SSLv3. There are no plans to update it because I am making a new product. Also grandstream phones don't support HTTPS.
|
# ? Mar 7, 2017 19:31 |
|
Volmarias posted:Sure, but the point was that the graph isn't necessarily representative of the actual demographics of Android in the world. Given the number of devices that go into it it's still pretty representative overall outside of China.
|
# ? Mar 7, 2017 19:37 |
|
so this came up in the sh/sc help threadDowns Duck posted:I read the OP previously, I will read it again. Sorry if stuff here have been answered already, it's just that as time moves on, programs become obsolete and new, better ones emerge. Hopefully I won't be scolded too much for posting this, please just ignore it if you don't have any info I could use. Googling a lot of this stuff redirects me to a ton of sites with varying degrees of information, and I am a cynical person, so I want some recommendations from you guys instead. i think i made a mistake in trying to reply to this... mess
|
# ? Mar 7, 2017 19:45 |
|
That guy is the didn't read lol gif personified
|
# ? Mar 7, 2017 20:04 |
|
OSI bean dip posted:so this came up in the sh/sc help thread tell him to blockchain technology
|
# ? Mar 7, 2017 20:04 |
|
OSI bean dip posted:so this came up in the sh/sc help thread 50/50 odds of enthusiast / budding child pornographer.
|
# ? Mar 7, 2017 20:05 |
|
|
# ? May 17, 2024 04:02 |
|
Volmarias posted:To play devil's advocate, this is only the numbers for devices that still contact the play store (iirc). All the garbage Chinese spin-offs that don't come with Google preloaded, or where the user isn't signed into a Google account (I ran into someone with a G1 a couple years back who never signed into a Google account on the device, and didn't realize that there was an app ecosystem) won't be counted in these numbers. I tried about a year ago to do android sans google, and it's a loving mess. Even if you install apps from alternate stores (f-droid, etc), drat near everything expects the play framework to be present and will just crash when the api calls fail. Android without google these days basically means android without apps, I doubt there are really that many people in that segment
|
# ? Mar 7, 2017 20:06 |