|
cinci zoo sniper posted:The developers of open source video transcoder app Handbrake have issued a security warning to Mac users after a mirror download server hosting the software was hacked. same thing happened to transmission, a popular bittorrent client for macs, a few years ago
|
# ? May 7, 2017 21:42 |
|
|
# ? May 18, 2024 23:15 |
|
Midjack posted:same thing happened to transmission, a popular bittorrent client for macs, a few years ago Also happened to Xcode https://en.wikipedia.org/wiki/XcodeGhost
|
# ? May 7, 2017 21:47 |
|
Midjack posted:same thing happened to transmission, a popular bittorrent client for macs, a few years ago iirc both handbrake and transmission were started by the same dev (hence the car puns); I don't know if they're still maintained by the same teams.
|
# ? May 7, 2017 22:23 |
|
Midjack posted:same thing happened to transmission, a popular bittorrent client for macs, a few years ago was only a year ago.
|
# ? May 8, 2017 01:46 |
|
Chris Knight posted:was only a year ago. how time flies
|
# ? May 8, 2017 02:12 |
|
Trabisnikof posted:Also happened to Xcode https://en.wikipedia.org/wiki/XcodeGhost
|
# ? May 8, 2017 03:18 |
|
when was the last time an actual honest-to-god virus existed anywhere in the wild?
|
# ? May 8, 2017 03:39 |
|
raminasi posted:when was the last time an actual honest-to-god virus existed anywhere in the wild? Are you looking for something matching some arbitrarily narrow definition you've got in your head or did you miss the virus being talked about literally a post before yours?
|
# ? May 8, 2017 04:15 |
|
symantec are trying to avoid having the smackdown laid on them by going over everyones head and crying directly to google execs https://twitter.com/konklone/status/861392893747101696 hope this simply results in an even more punitive outcome for trying to subvert the official process
|
# ? May 8, 2017 04:16 |
|
Rufus Ping posted:symantec are trying to avoid having the smackdown laid on them by going over everyones head and crying directly to google execs To be fair, there's a non-zero chance that it works, which is better than their current situation of "turbofucked".
|
# ? May 8, 2017 04:21 |
|
Volmarias posted:To be fair, there's a non-zero chance that it works, which is better than their current situation of "turbofucked".
|
# ? May 8, 2017 05:24 |
|
pr0zac posted:Are you looking for something matching some arbitrarily narrow definition you've got in your head or did you miss the virus being talked about literally a post before yours? a virus is a program that animates an ambulance driving on the bottom of your screen in text mode.
|
# ? May 8, 2017 06:33 |
|
type cookie you idiot
|
# ? May 8, 2017 06:36 |
|
anthonypants posted:here is how it works: you try to log in to steam, the steam app on your phone gets a push notification (which you can choose to display on your lock screen or not) and that notification has a code that you type into the steam application on your desktop or on the webpage. here is how I remember it working when I had to get a new phone because the old one stopped displaying anything: try to log into steam on the new phone. steam says it needs the 2fa response from the app. hmm welp that's not happening because see above. there's no way to register a new phone in the client or site because the only infrastructure that matters to valve is the the part that accepts credit cards. disable 2fa because gently caress your broken garbage valve I only tolerate you because you've got a nice little monopoly going and I'm not going to bother with even shittier competitors that might be kinda wrong because it was a year+ ago but I know I posted about it in a previous secfuck thread or maybe the fuckup thread in CoC
|
# ? May 8, 2017 06:40 |
|
so you didn't make a backup of your recovery code and the 2fa system didn't have an easy way to make it useless?
|
# ? May 8, 2017 06:47 |
|
He disabled the 2fa without his phone. Sounds like it already was useless.
|
# ? May 8, 2017 09:40 |
|
IDK if Steam even has backup keys - it's been a while since I set it up I did still have a machine logged in the whole time which is how I disabled it IIRC. still probably not a great implementation
|
# ? May 8, 2017 12:57 |
|
Munkeymon posted:IDK if Steam even has backup keys - it's been a while since I set it up Yeah, I assume a lot of Steam accounts are getting stolen via keylogging, and if they can run a keylogger on your main PC, they can probably also script some poo poo to disable 2FA after you've logged in.
|
# ? May 8, 2017 16:26 |
|
raminasi posted:when was the last time an actual honest-to-god virus existed anywhere in the wild? pr0zac posted:Are you looking for something matching some arbitrarily narrow definition you've got in your head or did you miss the virus being talked about literally a post before yours? went back and reread this and realized it comes off as a lot ruder than i intended, I am actually legit interested how you're defining virus in your head
|
# ? May 8, 2017 17:44 |
|
self-replicating program that inserts itself into other files?
|
# ? May 8, 2017 18:08 |
|
infernal machines posted:self-replicating program that inserts itself into other files? what about that wordpress zero-day from like a week ago e: I mean it was specifically a vuln but it was being used to infect stuff and presumably spread
|
# ? May 8, 2017 18:22 |
|
any exploits in wordpress or javascript are working as expected. when I think virus I think code that gets onto a user's machine without their interaction and replicates to other machines without user interaction.
|
# ? May 8, 2017 18:24 |
|
viruses infect other binaries on the same system and spread that way. worms spread by using vulnerabilities and copying themselves to the newly infected host An rce vuln like with worpress can be used by worms to spread but is not a worm in and of itself
|
# ? May 8, 2017 18:53 |
|
yeah that's a better differentiator. either way, imo, they require no human interaction to spread.
|
# ? May 8, 2017 18:53 |
|
spankmeister posted:viruses infect other binaries on the same system and spread that way. worms spread by using vulnerabilities and copying themselves to the newly infected host I thought "zero day" implied that it was being actively exploited in the wild but I guess it could just mean "someone talked about it before it was patched"
|
# ? May 8, 2017 19:00 |
ate all the Oreos posted:I thought "zero day" implied that it was being actively exploited in the wild but I guess it could just mean "someone talked about it before it was patched"
|
|
# ? May 8, 2017 19:06 |
|
what I thought that was the case for a lot of zero-days, that they first become known because someone sees them being used in the wild
|
# ? May 8, 2017 19:12 |
|
no wonder everyone's so mad at project zero for causing all these vulnerabilities
|
# ? May 8, 2017 19:14 |
|
ate all the Oreos posted:I thought "zero day" implied that it was being actively exploited in the wild but I guess it could just mean "someone talked about it before it was patched" no it just means that there is no patch.
|
# ? May 8, 2017 19:18 |
|
I'm thankful for posters willing to ask questions that i'm afraid to ask ITT
|
# ? May 8, 2017 19:21 |
|
always worth asking questions nice read but 90% bloat: Bypassing OTR Signature Verification to Steal iCloud Keychain Secrets
|
# ? May 8, 2017 19:29 |
|
spankmeister posted:no it just means that there is no patch. I suppose Zero Day Exploit sounds cooler than "currently unpatched".
|
# ? May 8, 2017 23:23 |
|
my internet of things smart home is powered by zero day energy
|
# ? May 8, 2017 23:27 |
|
Wiggly Wayne DDS posted:no wonder everyone's so mad at project zero for causing all these vulnerabilities
|
# ? May 8, 2017 23:29 |
|
Doom Mathematic posted:I suppose Zero Day Exploit sounds cooler than "currently unpatched". Zero Day(s since patch released)
|
# ? May 9, 2017 00:55 |
|
https://twitter.com/internetofshit/status/840244403037970432 can't wait for this to blow up
|
# ? May 9, 2017 01:10 |
|
The S in IoT stands for Semen
|
# ? May 9, 2017 01:28 |
|
Truga posted:https://twitter.com/internetofshit/status/840244403037970432
|
# ? May 9, 2017 01:36 |
|
looks like this is the thing that tavis and natasha at project zero found: https://twitter.com/msftsecresponse/status/861734360193552385 that's a pretty good response time
|
# ? May 9, 2017 01:50 |
|
|
# ? May 18, 2024 23:15 |
|
Number19 posted:looks like this is the thing that tavis and natasha at project zero found:
|
# ? May 9, 2017 02:01 |