|
spankmeister posted:Some guy working at Fox-IT in the Netherlands wrote PolarSSL as a fork from XySSL, not the cia lol. there's currently a conspiracy theory going on that that guy just lent his name to cia for it to be more legit or something along those lines which is of course bullshit, sorry about the fake news guys that siemens phone exploit still owns tho.
|
#
?
Mar 7, 2017 20:11
|
|
|
|
| # ? Jun 8, 2024 10:23 |
|
|
OSI bean dip posted:so this came up in the sh/sc help thread
|
|
#
?
Mar 7, 2017 20:13
|
|
|
anthonypants posted:i absolutely did not read that post, thank you for your service someone described it to me as eye-teflon. i pretty much skipped over half of the post to reply
|
|
#
?
Mar 7, 2017 20:20
|
|
|
OSI bean dip posted:someone described it to me as eye-teflon. i pretty much skipped over half of the post to reply i agree with that assessment
|
|
#
?
Mar 7, 2017 20:21
|
|
|
spankmeister posted:Some guy working at Fox-IT in the Netherlands wrote PolarSSL as a fork from XySSL, not the cia lol. that's how i'd disguise a CIA-employed programmer if i were the CIA
|
|
#
?
Mar 7, 2017 20:22
|
|
|
COACHS SPORT BAR posted:I tried about a year ago to do android sans google, and it's a loving mess. Even if you install apps from alternate stores (f-droid, etc), drat near everything expects the play framework to be present and will just crash when the api calls fail. Android without google these days basically means android without apps, I doubt there are really that many people in that segment there's an alarming number of embedded devices doing this though
|
|
#
?
Mar 7, 2017 20:30
|
|
|
hobbesmaster posted:there's an alarming number of embedded devices doing this though oh yeah, I guess there are. welp
|
|
#
?
Mar 7, 2017 20:36
|
|
|
ratbert90 posted:Our current product only does SSLv3. There are no plans to update it because I am making a new product. Slap a reverse IIS proxy in front of that bad boy I guess
|
|
#
?
Mar 7, 2017 21:22
|
|
|
OSI bean dip posted:so this came up in the sh/sc help thread At least he's staying true to his forums name.
|
|
#
?
Mar 7, 2017 22:09
|
|
|
OSI bean dip posted:so this came up in the sh/sc help thread
|
|
#
?
Mar 7, 2017 22:49
|
|
|
Truga posted:there's currently a conspiracy theory going on that that guy just lent his name to cia for it to be more legit or something along those lines Fox-IT was founded by an ex intelligence guy so 
|
|
#
?
Mar 7, 2017 22:53
|
|
|
cinci zoo sniper posted:sincerely lmao if you read this in full, even i tried but did not succeed
|
|
#
?
Mar 7, 2017 23:29
|
|
|
if someone wants to read more of extremely stupid security things, there is a gigantic thread on /r/bitcoin where people are abashed that cia has windows backdoors
|
|
#
?
Mar 8, 2017 00:12
|
|
|
I hope the CIA steals everyone bitcoins
|
|
#
?
Mar 8, 2017 00:14
|
|
|
cinci zoo sniper posted:if someone wants to read more of extremely stupid security things, there is a gigantic thread on /r/bitcoin where people are abashed that cia has windows backdoors there's a section in there where people are arguing that linux is safe because any attempts to backdoor it would be immediately spotted because ~open source~
|
|
#
?
Mar 8, 2017 00:17
|
|
|
BangersInMyKnickers posted:I hope the CIA steals everyone bitcoins https://www.reddit.com/r/Bitcoin/comments/5y0e33/breaking_cia_turned_every_microsoft_windows_pc_in/dem8wbt
|
|
#
?
Mar 8, 2017 00:18
|
|
|
cinci zoo sniper posted:https://www.reddit.com/r/Bitcoin/comments/5y0e33/breaking_cia_turned_every_microsoft_windows_pc_in/dem8wbt lol
|
|
#
?
Mar 8, 2017 00:29
|
|
|
Volmarias posted:To play devil's advocate, this is only the numbers for devices that still contact the play store (iirc). All the garbage Chinese spin-offs that don't come with Google preloaded, or where the user isn't signed into a Google account (I ran into someone with a G1 a couple years back who never signed into a Google account on the device, and didn't realize that there was an app ecosystem) won't be counted in these numbers. Those are still not likely to be on 1.x or 2.x Android, or these days even 4.x Android. Because the cheapo companies just buy whatever chipsets are cheapest at the time to shove into devices and over time that means a lack of availability of drivers/other support to use them with older versions of the OS. So Shanghai Cheap Phone Inc moves along to 5.x or whatever fairly cquickly, and their 2.x phones that were already on the market have all broken already.
|
|
#
?
Mar 8, 2017 01:00
|
|
|
https://twitter.com/whispersystems/status/839255069090435072
|
|
#
?
Mar 8, 2017 01:00
|
|
|
Diva Cupcake posted:Don't use Tor, don't use Signal. don't spread FUD in the secfuck thread jfc
|
|
#
?
Mar 8, 2017 01:02
|
|
|
So, having not actually read the source material, and not wanting to read the possibly hyperbolic wikileaks writeup, is there anything in the recent CIA leak which is particularly unexpected? It seems like "no" since normally I'd be reading all about it here with  smilies etc if there was.
|
|
#
?
Mar 8, 2017 01:03
|
|
|
most of the people on twitter seem to be like "this isn't anything we didn't already know/suspect"
|
|
#
?
Mar 8, 2017 01:04
|
|
|
Volmarias posted:So, having not actually read the source material, and not wanting to read the possibly hyperbolic wikileaks writeup, is there anything in the recent CIA leak which is particularly unexpected? It seems like "no" since normally I'd be reading all about it here with No
|
|
#
?
Mar 8, 2017 01:06
|
|
|
Volmarias posted:So, having not actually read the source material, and not wanting to read the possibly hyperbolic wikileaks writeup, is there anything in the recent CIA leak which is particularly unexpected? It seems like "no" since normally I'd be reading all about it here with yes https://wikileaks.org/ciav7p1/cms/page_17760284.html
|
|
#
?
Mar 8, 2017 01:10
|
|
|
i didn't see ˙ ͜ʟ˙ in there shameful e: that was supposed to be 
|
|
#
?
Mar 8, 2017 01:13
|
|
|
Volmarias posted:So, having not actually read the source material, and not wanting to read the possibly hyperbolic wikileaks writeup, is there anything in the recent CIA leak which is particularly unexpected? It seems like "no" since normally I'd be reading all about it here with it's mostly just confirmation that the CIA actually did have all the things we sort of jokingly assumed they did.
|
|
#
?
Mar 8, 2017 01:13
|
|
|
This is a better answer than mine
|
|
#
?
Mar 8, 2017 01:13
|
|
|
Plorkyeran posted:it's mostly just confirmation that the CIA actually did have all the things we sort of jokingly assumed they did. Yes, and supposedly this is from three years ago.
|
|
#
?
Mar 8, 2017 01:15
|
|
|
there's iOS 9 exploits in the dump so it can't all be that old
|
|
#
?
Mar 8, 2017 01:16
|
|
|
Plorkyeran posted:there's iOS 9 exploits in the dump so it can't all be that old The dates don't seem consistent at all, the Android section is definitely mostly written before L shipped (it mentions some upcoming stuff in L in future tense)
|
|
#
?
Mar 8, 2017 01:20
|
|
|
Well that was definitely unexpected 
|
|
#
?
Mar 8, 2017 01:22
|
|
|
we ran through the dump when it was released in the irc channel, there isn't anything that interesting and sec twitter is slowly catching up things i've not seen them mention yet: in part of the public-malware analysis/technique re-use wiki they talk about shamoon: https://wikileaks.org/ciav7p1/cms/page_3375106.html quote:The Shamoon malware made use of a legitimate, signed driver from a commercial company called Eldos. Eldos sells a software product called RawDisk. RawDisk is a signed driver that allows raw writes to the active partition (which is normally prohibited by newer versions of Windows such as Vista/7). quote:Another flaw that was not leveraged involved RawDisk bypassing license checks if the calling program's name was "RawDiskSample.exe". worth mentioning is tool obfuscation w/ support for string replacement (examples include other languages). for all the talks about attribution atm this is being overlooked: https://wikileaks.org/ciav7p1/cms/page_14588467.html one of the branches teaching how to handle the tools properly via ctfs: https://wikileaks.org/ciav7p1/cms/page_16385438.html some more cisco implant guides: https://wikileaks.org/ciav7p1/cms/page_28049430.html there's a few people not redacted correctly, nothing special there though there's only real one top-secret doc of note: https://wikileaks.org/ciav7p1/cms/page_15728967.html and it's because there had to make a redacted analysis from scratch: https://wikileaks.org/ciav7p1/cms/page_16384369.html their hackingteam post-mortem is minimal and p crappy. equationgroup is mostly talking about nsa not following their own guidelines - lots of tool re-use and shared custom crypto libraries with negative constants (which people were explaining at the time as just a compiler optimisation that shouldn't be read into) one opsec guide is empty (probably fully redacted because we can't have anything actually interesting), they left one around though for traveling to germany: https://wikileaks.org/ciav7p1/cms/page_26607630.html on mysteriously redacted sections: https://wikileaks.org/ciav7p1/cms/space_9076737.html quote:Code Signing Research with Kaspersky quote:EDG and COG development on Kaspersky beyond that it's pretty boring compared to other catalogues, maybe they'll unredact something interesting or give technical samples for some relevance
|
|
#
?
Mar 8, 2017 01:28
|
|
|
Thanks!
|
|
#
?
Mar 8, 2017 01:34
|
|
|
hehe funny smileys. wait quote:(\/) (°,,°) (\/) WOOPwoopwowopwoopwoopwoop! japan loves futurama???!?!?!
|
|
#
?
Mar 8, 2017 01:46
|
|
|
cinci zoo sniper posted:https://www.reddit.com/r/Bitcoin/comments/5y0e33/breaking_cia_turned_every_microsoft_windows_pc_in/dem8wbt I keep mine in my back pocket
|
|
#
?
Mar 8, 2017 01:48
|
|
|
Lutha Mahtin posted:hehe funny smileys. wait
|
|
#
?
Mar 8, 2017 01:58
|
|
|
anthonypants posted:that's the juggalo noise dude it is clearly zoidberg
|
|
#
?
Mar 8, 2017 03:13
|
|
|
Lutha Mahtin posted:dude it is clearly zoidberg curly howard
|
|
#
?
Mar 8, 2017 04:07
|
|
|
fritz posted:curly not to be confused with 'curry-howard' unless you really want to
|
|
#
?
Mar 8, 2017 04:08
|
|
|
|
| # ? Jun 8, 2024 10:23 |
|
|
https://twitter.com/watermanreports/status/839131826912432128
|
|
#
?
Mar 8, 2017 05:05
|
|
