|
A Pinball Wizard posted:seems kind of discriminatory against gay people It's why ending DADT was so difficult. Massive technological investment was required for setting up a proper PIB system.
|
# ? Jun 6, 2017 02:26 |
|
|
# ? Jun 8, 2024 08:30 |
|
Peachfart posted:None of these will work. At the bare minimum, older MFP's leave their serial number almost invisibly on any copy, print, or scan. Newer copiers, and certainly anything the government is using(we are their main supplier), have much more information especially since you are required to use PIV to log into each machine. so why wouldn't OCR work? how would the serial number make it into the OCR'd text?
|
# ? Jun 6, 2017 02:28 |
|
CommunistPancake posted:so why wouldn't OCR work? how would the serial number make it into the OCR'd text? OCR(at least the native OCR in a copier) doesn't remove all other images, it just makes a text layer in the PDF. If you are talking about after printing the document, you run it though another piece of equipment just to extract the text, that would work. Or perhaps extracting the text layer of an OCR'ed document? Edit: This is also moot as our government copiers we sell are versions without native OCR, they use a special Java program on the copier that scans to folder and can OCR if desired(though I have never seen it setup) Peachfart fucked around with this message at 02:34 on Jun 6, 2017 |
# ? Jun 6, 2017 02:32 |
|
you just reproduce the document as a whole and hope it wasn't a plant with specific phrasing as identifiers
|
# ? Jun 6, 2017 02:33 |
|
Peachfart posted:OCR(at least the native OCR in a copier) doesn't remove all other images, it just makes a text layer in the PDF. If you are talking about after printing the document, you run it though another piece of equipment just to extract the text, that would work. Or perhaps extracting the text layer of an OCR'ed document? Never done that, dunno if it is possible. i took the post to be a series of steps. you scan the paper, ocr it using all sorts of wonderful software we have today on personal computers, and don't share the originals.
|
# ? Jun 6, 2017 02:34 |
|
you can also, like, retype it.
|
# ? Jun 6, 2017 02:35 |
|
anthonypants posted:they're kinda hard to see on that image this image but for the yellow boxes
|
# ? Jun 6, 2017 02:38 |
|
CommunistPancake posted:you can also, like, retype it. I'd just go old school spy and take pictures with a camera. It would be far easier. Then again we are ignoring that the places with these documents don't normally allow anything that can take a picture and usually require documents to be signed in/out. So... leaking poo poo isn't easy.
|
# ? Jun 6, 2017 02:38 |
no matter what you do the final step is always "Don't loving leak it to Glenn Greenwald"
|
|
# ? Jun 6, 2017 02:46 |
|
Shifty Pony posted:no matter what you do the final step is always "Don't loving leak it to Glenn Greenwald"
|
# ? Jun 6, 2017 02:56 |
|
CommunistPancake posted:i took the post to be a series of steps. you scan the paper, ocr it using all sorts of wonderful software we have today on personal computers, and don't share the originals. yeah it's this but now i'm seeing all the character-spacing watermarks that'd still show up in the ocr'd text, so you should probably also run a spellcheck and also dehumanize yourself
|
# ? Jun 6, 2017 03:00 |
|
Volmarias posted:For each server, tattoo the password on one butt cheek each of two distinct employees, taking care not to have any two employees have the same two servers between them. keep a department spreadsheet of server names to tattooed employees. Do not inform the employee which server their tattoo is for. In the event of an employee departure where that employee has a password, tattoo the 1-2 passwords onto different employees as previously. Enforce key rotation via frequent layoffs and hirings. department spreadsheets? more like department spreadcheeks
|
# ? Jun 6, 2017 03:02 |
anthonypants posted:yeah but like, who else are you going to leak it to leak it to either the Washington Post or The NY Times while letting them know you will give it to the other in X days. let their drive to best their rival with a scoop help keep the story from being sat on.
|
|
# ? Jun 6, 2017 03:03 |
|
theflyingexecutive posted:department spreadsheets? more like department spreadcheeks no, but seriously, grab your ankles, i need to log in.
|
# ? Jun 6, 2017 03:04 |
|
It also mentions elsewhere that REALITY WINNER emailed The Intercept from her unclass work terminal, so this probably wasn't going to take too long to figure out regardless of the OCR hijinks.
|
# ? Jun 6, 2017 03:23 |
|
Shifty Pony posted:leak it to either the Washington Post or The NY Times while letting them know you will give it to the other in X days. let their drive to best their rival with a scoop help keep the story from being sat on. Also the guardian and another foreign but English language paper while you're at it
|
# ? Jun 6, 2017 03:32 |
|
infernal machines posted:no, but seriously, grab your ankles, i need to log in. My lovely post was worth it for this one.
|
# ? Jun 6, 2017 04:18 |
|
Thought this was kind interesting today: pASSWORD tYPOS and How to Correct Them Securely
|
# ? Jun 6, 2017 05:08 |
|
Read up on paper towns and you'll see that tracing copies is a relatively old tactic.
|
# ? Jun 6, 2017 05:49 |
|
reality winner? is this a loving lost season 6 arg?
|
# ? Jun 6, 2017 05:54 |
|
Phone posted:reality winner? is this a loving lost season 6 arg?
|
# ? Jun 6, 2017 06:10 |
|
Phone posted:reality winner? is this a loving lost season 6 arg? i legit thought it was a codename the first time i read the pdf even beats out Carl Mark Force IV
|
# ? Jun 6, 2017 06:18 |
|
|
# ? Jun 6, 2017 06:20 |
|
https://www.youtube.com/watch?v=l1ClbkTeCyw
|
# ? Jun 6, 2017 07:25 |
|
A Man With A Plan posted:It also mentions elsewhere that REALITY WINNER emailed The Intercept from her unclass work terminal, so this probably wasn't going to take too long to figure out regardless of the OCR hijinks. the reporter told them it had an augusta, ga postmark and sent images of the papercopy to the nsa, where they pulled the watermarks for the print date, and then checked everything printed that day and nailed her the emails were a question about a podcast and a subscription cofirmation to the podcast
|
# ? Jun 6, 2017 12:56 |
|
https://www.youtube.com/watch?v=GB4YgKmKVZc saw a version of this on tv that also said it "prevents wannacry style attacks"
|
# ? Jun 7, 2017 03:27 |
|
https://twitter.com/andreasklinger/status/872244649611505664 why won't they leave britney alone :'(
|
# ? Jun 7, 2017 05:37 |
|
anthonypants posted:also i posted this in the grey sec thread and people think it belongs here so here it is again
|
# ? Jun 7, 2017 06:46 |
|
anthonypants posted:i posted this on a gist and on medium since i wasn't sure which platform i liked better. i think i got the creator of rconfig to create a medium account so he could write a comment, telling me that my post was a "god awful long boring rant" and "not credible" since i should've contributed to the project instead. i guess i should've made it clearer that i explicitly chose not to do that considering what a dumpster fire it is. hahahahaha... classic
|
# ? Jun 7, 2017 06:55 |
|
cool https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/quote:Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group.
|
# ? Jun 7, 2017 16:19 |
|
anthonypants posted:https://twitter.com/andreasklinger/status/872244649611505664 this owns
|
# ? Jun 7, 2017 17:12 |
|
these fuckers https://nextnine.com are claiming that they use 1024-bit FIPS compliant symmetric crypto for what is effectively an always-on backdoor tunnel with no real security controls or isolation model that's deployed on what I assume is a terrifying number of SCADA environments. This is apparently the "next evolution" in the industrial control security model which was "Just leave it publicly accessible, no firewall"
|
# ? Jun 7, 2017 17:40 |
|
https://twitter.com/taviso/status/872497344519970817
|
# ? Jun 7, 2017 17:56 |
|
rip defender/mse/whatever it's called now e:
|
# ? Jun 7, 2017 17:56 |
|
BangersInMyKnickers posted:these fuckers i should bait them into contacting me professionally
|
# ? Jun 7, 2017 17:56 |
|
Lain Iwakura posted:i should bait them into contacting me professionally no don't worry we have Security Numbers over One Thousand! That's much higher than the 256 securities our competitors talk about!
|
# ? Jun 7, 2017 18:00 |
BangersInMyKnickers posted:no don't worry we have Security Numbers over One Thousand! That's much higher than the 256 securities our competitors talk about! bug bounty? you mean admitting publicly than we are weaker than our competitors?!
|
|
# ? Jun 7, 2017 18:00 |
|
what if you could run sql commands directly against crt.sh, to do custom queries or w/e well, https://groups.google.com/forum/#!msg/crtsh/sUmV0mBz8bQ/K-6Vymd_AAAJ
|
# ? Jun 7, 2017 18:01 |
|
anthonypants posted:what if you could run sql commands directly against crt.sh, to do custom queries or w/e uh
|
# ? Jun 7, 2017 18:02 |
|
|
# ? Jun 8, 2024 08:30 |
|
as i tweeted, how is that not going to end up in tears?
|
# ? Jun 7, 2017 18:05 |