|
kinda weird that they mentioned "our findings will have less or no value" or whatever, like yeah that's the point of responsible disclosure in the first place, to not disclose until the information is no longer "valuable" not that i think they did wrong or anything, obviously not seeing anything done for that long is unacceptable, it just stood out to me 
|
#
?
May 30, 2017 20:36
|
|
|
|
| # ? Jun 7, 2024 09:26 |
|
|
neato sudo/selinux bug http://www.openwall.com/lists/oss-security/2017/05/30/16
|
|
#
?
May 30, 2017 23:56
|
|
|
jre posted:1. To know the exact model of pacemaker you victim has 1. dump some medical records that you've backdoored with an 0day you've hoarded 2. set up a shell company or just get the VA to do it for you 3. see above 4. this is a skill, it can be taught and learned 5. see above 6. you know that hypothetical questiuon "if you had a button that killed a random person and gave you some amount of money, would you press it?" what if the person was a foreign war criminal on tier with dick cheney and the reward was a nebulous national security thing. you'd have the people in steps 4 and 5 going all  oh and instead of following someone on the street with a laptop, surreptitiously do it on a flight, or in an uber, or overnight in a hotel room watch more bourne movies, gently caress
|
|
#
?
May 31, 2017 00:04
|
|
|
the person who uses the pacemaker exploit is going to buy it for 30 bitcoins off a Croatian forum, while Brian Krebs watches it go down. it's going to work on the most popular 15 pacemakers, BYORPI five years later they'll buy a "pacemaker RF tester" off AliExpress for $35
|
|
#
?
May 31, 2017 00:13
|
|
|
I think at that point you'd just "hack" your target with something that has better range and battery life , like a gun or a bow and arrow. Or drop a bowling ball on them or something. History has proven that any opportunity for exploit will be taken if the circumstances allow for it, with motivation. Not being security minded in the design and development of things nowadays is the fuckup. Going through fan fiction and b movies for plot lines to secure against above and beyond still breaks the cost/risk curve.
|
|
#
?
May 31, 2017 00:34
|
|
|
the real threat is that someone will demo it at defcon and papers will pick it up, causing thousands of people to refuse pacemakers that could save their lives but if you can't tell why someone might be willing to kill someone with undetectable brief pacemaker failure, but not shoot them obviously, I'm not sure how to close that gap
|
|
#
?
May 31, 2017 00:36
|
|
|
RISCy Business posted:https://stablebit.com/CloudDrive sounds like the new pied piper platform tbh
|
|
#
?
May 31, 2017 00:41
|
|
|
Cocoa Crispies posted:1. dump some medical records that you've backdoored with an 0day you've hoarded yeah the point was that this is relatively easy for a nation state level attacker, as you have just supported, good job agreeing with an antagonistic tone
|
|
#
?
May 31, 2017 00:56
|
|
|
if someone with a life sustaining implant drops dead today, is there anyone that does forensics on the devices? like i'm sure if dick cheney farted out right now without an obvious cause of death, maybe? but if joe schmoe pacemaker dude with a couple trustfund kids bites it, is there anything that happens except for a tech that checks to see if the device still powers on? random stats i pulled from fbi.gov says ~50% of murders committed are done by people who knew the victim, and half of those by immediate family. that's your proximity, and surely at least one of those geniuses are able to gently caress around with a btle stack or whatever.
|
|
#
?
May 31, 2017 01:02
|
|
|
Dex posted:neato sudo/selinux bug http://www.openwall.com/lists/oss-security/2017/05/30/16 lol a linux bug involving not properly parsing spaces in filenames
|
|
#
?
May 31, 2017 01:03
|
|
|
Subjunctive posted:the real threat is that someone will demo it at defcon and papers will pick it up, causing thousands of people to refuse pacemakers that could save their lives this is legit the same kid of psyops that stuxnet was supposed to be
|
|
#
?
May 31, 2017 02:48
|
|
|
nobody will kill people by hacking pacemakers because there's far easier ways to do it. just like how nobody would ever kill someone with radioactive pellets fired from an umbrella gun instead of just stabbing them. if i were a dissident with a pacemaker i'd absolutely include hacking in my personal threat model. e: consider the political motives for being able to kill someone at a time of your choosing (say, a political summit) because you owned their pacemaker months ago when they slept at a hotel in moscow Angela Merkle Tree fucked around with this message at 03:21 on May 31, 2017 |
|
#
?
May 31, 2017 03:12
|
|
|
Angela Merkle Tree posted:nobody will kill people by hacking pacemakers because there's far easier ways to do it. just like how nobody would ever kill someone with radioactive pellets fired from an umbrella gun instead of just stabbing them. those were ricin pellets, the radioactive stuff went in tea 
|
|
#
?
May 31, 2017 03:50
|
|
|
in non-pacemaker, idiots using my email news, the insurance company of a senior politician with who i share a name has sent me a renewal contract that includes the following: - full address - sin - cc info - policy number - data on immediate family members - a line level recap of last year's pharma & specialist claims - dob of everyone involved - responses to what i assume were questions discussed regarding travel to specific countries looking forward to receiving another threatening email telling me to delete everything (already done)
|
|
#
?
May 31, 2017 04:00
|
|
|
surebet posted:in non-pacemaker, idiots using my email news, the insurance company of a senior politician with who i share a name has sent me a renewal contract that includes the following: i too email my full address and sins i have committed to people with similar names to mine
|
|
#
?
May 31, 2017 04:09
|
|
|
RISCy Business posted:i too email my full address and sins i have committed to people with similar names to mine if the pope can have a twitter account why couldn't there be online confessional?
|
|
#
?
May 31, 2017 04:11
|
|
|
I'm just glad I can watch a movie with my wife and not scoff at the scene where the politician with a pacemaker dies from a hacker in some Amsterdam hacker space
|
|
#
?
May 31, 2017 04:38
|
|
|
Zil posted:if the pope can have a twitter account why couldn't there be online confessional? then you get to have a wonderful debate over whether the online communion involves transfiguration of the data packets upon receipt or if you are downloading the actual body and blood of christ
|
|
#
?
May 31, 2017 04:59
|
|
|
Midjack posted:then you get to have a wonderful debate over whether the online communion involves transfiguration of the data packets upon receipt or if you are downloading the actual body and blood of christ it's the former, because you can't send jesus over tcp he was free from SYN 
|
|
#
?
May 31, 2017 05:03
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp 
|
|
#
?
May 31, 2017 05:08
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp boooooooooooooooooooooooooooooooooooo
|
|
#
?
May 31, 2017 05:08
|
|
|
Midjack posted:then you get to have a wonderful debate over whether the online communion involves transfiguration of the data packets upon receipt or if you are downloading the actual body and blood of christ 
|
|
#
?
May 31, 2017 05:50
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp 
|
|
#
?
May 31, 2017 09:52
|
|
|
RISCy Business posted:i too email my full address and sins i have committed to people with similar names to mine my_sins.txt
|
|
#
?
May 31, 2017 10:10
|
|
|
Turns out that Windows XP probably didn't contribute much to the spread of WannaCry:quote:It must be noted however that Windows XP is not safe from infection when the WannaCry binary is executed locally on the host. The ransomware will install successfully and encrypt the host’s files. That being said, since the main infection vector here was the SMB exploit, it seems like XP did not contributed much to the total infection counts. To be clear, the Windows XP systems are vulnerable to ETERNALBLUE, but the exploit as implemented in WannaCry does not seem to reliably deploy DOUBLEPULSAR and achieve proper RCE, instead simply hard crashing our test machines. The worst case scenario, and likely scenario, is that WannaCry caused many unexplained blue-screen-of-death crashes. Saved by the blue screen of death.
|
|
#
?
May 31, 2017 11:04
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp lol
|
|
#
?
May 31, 2017 12:25
|
|
|
https://news.netcraft.com/archives/2017/05/31/stanford-uni-site-infested-with-hacking-tools-and-phish-for-months.html This is neat. Apparently someone hosed up their blog and php installs on a Stanford University subdomain and there were dozens of remote shells and phishing sites hosted through it in the past 5 months.
|
|
#
?
May 31, 2017 14:03
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp Thanks Dad.
|
|
#
?
May 31, 2017 14:29
|
|
|
oops http://gizmodo.com/1795669632
|
|
#
?
May 31, 2017 14:56
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp
|
|
#
?
May 31, 2017 15:00
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp https://www.sadtrombone.com/?autoplay=true
|
|
#
?
May 31, 2017 15:07
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp 
|
|
#
?
May 31, 2017 15:09
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp 
|
|
#
?
May 31, 2017 15:20
|
|
|
Security Fuckup Megathread - v13.70 - “Oh, no. It’s Booz Allen again.”
|
|
#
?
May 31, 2017 15:37
|
|
|
let he who is without SYN broadcast the first stone
|
|
#
?
May 31, 2017 15:51
|
|
|
vOv posted:it's the former, because you can't send jesus over tcp omg
|
|
#
?
May 31, 2017 18:54
|
|
|
COACHS SPORT BAR posted:lol a linux bug involving not properly parsing spaces in filenames its more of a "/proc is a moronically designed festering shithole" bug
|
|
#
?
May 31, 2017 20:36
|
|
|
proc is very bad
|
|
#
?
May 31, 2017 20:39
|
|
|
COACHS SPORT BAR posted:lol a linux bug involving not properly parsing spaces in filenames The amount of linux system stuff that is a badly written shell script which explodes on unexpected white space never fails to depress.
|
|
#
?
May 31, 2017 20:49
|
|
|
|
| # ? Jun 7, 2024 09:26 |
|
|
jre posted:The amount of linux system stuff that is a badly written shell script which explodes on unexpected white space never fails to depress. it isn't a shell script in this case, its a proc file serializing data as plain text with fields delimited by spaces and one of the fields is a file name it is literally impossible to safely parse and this is ignoring the fact that nobody ever bothered to define the format or how it should be parsed in the first place
|
|
#
?
May 31, 2017 20:56
|
|