|
they're smart enough to preload the openvpn key at least; i was mostly laughing at openvpn forgetting to renew an ssl cert (i think there's a theoretical attack where a mitm between an http repo will feed you old data so you never see an update is available, but i don't know of any other attacks)
|
# ? Mar 30, 2017 09:04 |
|
|
# ? May 15, 2024 21:20 |
|
well, this is great. getting root on smart tvs with dvb-t broadcasts: dvb contains zero security, since it was supposed to be unidirectional and just used for tv broadcasts. since it's a broadcast, just do some driving, homemade junk overpowers the official broadcasts you won. this is super easy since the antenna is probably 10s of km away, your signal is preferred. equipment costs like $100. use hbbtv to start your tv's browser, and then own it since it's a piece of poo poo. hbbtv is hybrid broadcast tv, it's a standard for using the internet during broadcasts for ~better content~ or whatever: https://www.hbbtv.org/overview/ this all happens in the background cause you can make the browser invisible to enable layering stuff over the video - the user never knows even if you're owning his poo poo while they're watching tv guy says like 90% smart tvs on the market right now are vulnerable full presentation, takes a while to get going since there's an intro about iot in general: https://www.youtube.com/watch?v=bOJ_8QHX6OA also they haven't tested, but there's no reason this won't work over cable or iptv too the s in dvb stands for security
|
# ? Mar 30, 2017 11:59 |
|
That was done some time ago: https://www.cs.columbia.edu/~angelos/Papers/2014/redbutton-usenix-sec14.pdf
|
# ? Mar 30, 2017 12:38 |
|
Truga posted:well, this is great. getting root on smart tvs with dvb-t broadcasts: at least in the US, the mitigating factor is that broadcast (which is ATSC and not DVB-T but w/e) is a rounding error (it's weirdos like me who dig out the rabbit ears to ve fútbol en univision), and that everyone else has a cable company provided dvr between the outside of the house and the tv but lol, that's amazing anyways
|
# ? Mar 30, 2017 12:52 |
|
Cocoa Crispies posted:at least in the US, the mitigating factor is that broadcast (which is ATSC and not DVB-T but w/e) is a rounding error (it's weirdos like me who dig out the rabbit ears to ve fútbol en univision), and that everyone else has a cable company provided dvr between the outside of the house and the tv Eh cord cutting is getting popular esp if you live near a major city, I get about 20 watchable channels (out of 75 I can tune in lol) with a $20 VHF indoor antenna from an hour outside Chicago and just use streaming for everything else
|
# ? Mar 30, 2017 13:04 |
|
A Pinball Wizard posted:Eh cord cutting is getting popular esp if you live near a major city, I get about 20 watchable channels (out of 75 I can tune in lol) with a $20 VHF indoor antenna from an hour outside Chicago and just use streaming for everything else i can see the Sears Tower from my back yard; I can pick up WBBM (CBS) and WTTW (PBS) without even hooking up anything to the F-jack on the back of my TV.
|
# ? Mar 30, 2017 14:02 |
|
minivanmegafun posted:I can pick up WBBM without even hooking up anything to the F-jack text me
|
# ? Mar 30, 2017 14:07 |
|
*groan* i'm having issues with cert issuance for a jira instance running on tomcat & windows server my desired end result is a java key store file containing my crap most tutorials or utilities expect linux or at least iis to add insult to injury, i'm pretty much only able to do a manual validation via dns since letsencrypt can't see my well-known file via http (it 403s) despite it being available and visible i did end up being able to pull down a cert via acmesharp but i wasn't able to package the crt file into a jks (via portecle) because it didn't know how to injest the crs pem i creted earlier how the hell do i do this? i have the previously mentioned stuff on the server and i also have a linux vm
|
# ? Mar 30, 2017 14:16 |
|
reverse proxy the tomcat instance and put the cert in the real web server instead of that java trash.
|
# ? Mar 30, 2017 14:31 |
|
spankmeister posted:reverse proxy the tomcat instance and put the cert in the real web server instead of that java trash. this. gently caress keytool and gently caress tomcat's http server though since you're on widows you'll probably still need the http server for a reverse proxy as I don't think IIS speaks AJP. e: if you were running tomcat as a production web server on Linux exposed to the internet you'd still do this because otherwise you'd be running tomcat as root to grab port 443
|
# ? Mar 30, 2017 14:36 |
|
surebet posted:*groan* i'm having issues with cert issuance for a jira instance running on tomcat & windows server the "official" way Java added support for this stupid poo poo is to use openssl to convert everything to a p12, then use keytool to convert the p12 to a keystore
|
# ? Mar 30, 2017 14:37 |
|
i actually did this on Tuesday and was all "lol they still haven't fixed keystores in the 5 years since i last cared about keystores nice"
|
# ? Mar 30, 2017 14:38 |
|
surebet posted:*groan* i'm having issues with cert issuance for a jira instance running on tomcat & windows server use keytool to import the cert/key and chain into a java keystore and then configure tomcat for this. just about every SSL vendor has instructions on how to do this. Alternatively install the cert in IIS and use IIS as a reverse proxy for Jira. e: how to do ssl in tomcat: https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Shaggar fucked around with this message at 14:59 on Mar 30, 2017 |
# ? Mar 30, 2017 14:55 |
|
minivanmegafun posted:this. gently caress keytool and gently caress tomcat's http server there is a jk connector for IIS but reverse proxying has been more common for a while now.
|
# ? Mar 30, 2017 14:56 |
|
Truga posted:well, this is great. getting root on smart tvs with dvb-t broadcasts: huh, looks like no current or planned implementation of ATSC supports this non-AV digital data stuff beyond captioning and broadcast guide type stuff. i wonder how many ATSC market TVs have DVB support implemented anyway, and can have a DVB signal forced onto a normal ATSC channel to do the exploit
|
# ? Mar 30, 2017 15:07 |
|
Cocoa Crispies posted:what's on the other end, and do you trust them? they have cute bear illustrations all over their website and app, so they can't be that bad or maybe they're russians?
|
# ? Mar 30, 2017 15:24 |
|
surebet posted:*groan* i'm having issues with cert issuance for a jira instance running on tomcat & windows server greetings, i'm the jira admin for my dept - echoing the others, gently caress the jdk keystore and throw apache or nginx in front of it instead
|
# ? Mar 30, 2017 15:30 |
https://blog.malwarebytes.com/cybercrime/2017/03/websites-compromised-decimal-ip-campaign/ 302 redirect attack with ip literals
|
|
# ? Mar 30, 2017 15:30 |
|
fishmech posted:i wonder how many ATSC market TVs have DVB support implemented anyway, and can have a DVB signal forced onto a normal ATSC channel to do the exploit what does your heart tell you
|
# ? Mar 30, 2017 16:05 |
|
Lutha Mahtin posted:what does your heart tell you that very few bother to have DVB support because of licensing fees/complexity, and the relative distance between ATSC and DVB using countries?
|
# ? Mar 30, 2017 16:14 |
|
my intuition was that tvs were designed with lowest-bidder support for all major broadcast standards in order to sell the same tv worldwide. it's not something i read up on though, i just based it on helping family members set up their tvs and seeing mention of DVB things in manuals and on-screen UI stuff
|
# ? Mar 30, 2017 16:25 |
|
if it saves a few bucks per tv sold in north America they're gonna do it. if its software that's ez pz. if its hardware idk how much more expensive it would be to not slot the dvb processor on the same board.
|
# ? Mar 30, 2017 16:29 |
|
like I wouldn't put it past Samsung to leave DVB support in the software after pulling the processor off the board.
|
# ? Mar 30, 2017 16:30 |
|
fishmech posted:huh, looks like no current or planned implementation of ATSC supports this non-AV digital data stuff beyond captioning and broadcast guide type stuff. an exploit in a caption parser would be pretty cool.
|
# ? Mar 30, 2017 16:34 |
|
If you want to support all the digital TV standards in current use you've got to support like 3 different video codecs at multiple profiles, multiple different channel widths, and all sorts of crap like that. easily doable if you put a powerful CPU in your TV and did it all in software, but getting a specialized chip just to do the target standard is probably a lot cheaper and easier
|
# ? Mar 30, 2017 16:48 |
|
Lutha Mahtin posted:my intuition was that tvs were designed with lowest-bidder support for all major broadcast standards in order to sell the same tv worldwide. it's not something i read up on though, i just based it on helping family members set up their tvs and seeing mention of DVB things in manuals and on-screen UI stuff i know tv tuner cards work this way at least, or all the ones i've used (including the super cheap ones). i guess they could be implementing that in software though...
|
# ? Mar 30, 2017 17:23 |
|
since SDR became commonplace most of the stuff is done in software
|
# ? Mar 30, 2017 17:25 |
|
i just bought a samsung smart tv and while i have to say the integration for netflix etc. is really good and the picture is excellent, they make you sign up to a shitload of 'privacy t&cs' without making it clear what they're for or in fact that you can decline and just not use that feature so now when i press the 'voice command' button on the remote it goes 'error: you have not agreed to the privacy conditions' lol
|
# ? Mar 30, 2017 18:20 |
|
that's actually pretty cool cause they could have just disabled everything out of spite instead of just the things that require external processing.
|
# ? Mar 30, 2017 18:26 |
|
p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o paper: https://cmaurice.fr/pdf/ndss17_maurice.pdf
|
# ? Mar 30, 2017 18:38 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o lol that's great
|
# ? Mar 30, 2017 18:40 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o holy poo poo
|
# ? Mar 30, 2017 18:56 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o ahahaha
|
# ? Mar 30, 2017 18:57 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o
|
# ? Mar 30, 2017 19:02 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o holy lol
|
# ? Mar 30, 2017 19:05 |
|
that's a pretty great thing, wonder if i can start a kerfuffle with it let's find out
|
# ? Mar 30, 2017 19:11 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o I'm crying
|
# ? Mar 30, 2017 20:02 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o holy lol
|
# ? Mar 30, 2017 22:03 |
|
akadajet posted:I'm crying
|
# ? Mar 30, 2017 22:04 |
|
|
# ? May 15, 2024 21:20 |
|
hifi posted:algo works but it's dropping my connection when it's re-upping. i can see the encryption mismatch and windows isn't requesting DES like the original windows bug was but i assume i'm not supposed to change it. there's a "maximum encryption" knob i can hit but i sort of doubt that's whats wrong. easy enough to work though and i imagine it's idiot proof if you are using a linux client and are already using digitalocean/aws/compute engine/azure final update for now: i filed a bug and it got closed instantly with a "rtfm" response. i tried regenerating the ipsec.conf file and triple checked i picked the windows option and it's still disconnecting after fifteen minutes or so with the same "client and server can't agree on a cipher" error message. i suspect the guy who closed my bug didn't read it at all. the instructions for the windows client are sort of stupid, it tells you to add the certificate and run a powershell script and then configure the vpn, but the powershell script does all that (i checked, if you only do parts of it then it flat out won't connect). not to mention that there's a newline in another powershell command embedded in the readme so if you copy and paste it from github then you end up with -setwhatevercipher butt25612 8 which obviously throws a syntax error. i don't run a github project so idk if it stops sending emails for a closed issue but the alternative is join their slack and i actually clicked on that but i decided to go make lunch instead because gently caress joining some stupid millennial chatroom to one-off bitch about something. if you try it and it disconnects after a half hour then feel free to find my bug and give it a suitable emoji (you can do that on github now)
|
# ? Mar 30, 2017 22:07 |