|
ain't nothing more juche than "be your own bank"
|
# ? Jun 16, 2017 00:04 |
|
|
# ? May 18, 2024 17:17 |
|
leper khan posted:turns out doing this stuff successfully makes you feel pretty cool ya I've cracked some trial stuff for my own use & injected new functionality and stuff it's pretty badass in a hecka nerdy way
|
# ? Jun 16, 2017 00:21 |
|
also didn't read the article, but most ransomware generates an address per infection exchanges normally wouldn't know if it was ransomware related, but with a hardcoded address it's super obvious and easy to block exchange into real money also wtf counterfeit money better than real money sounds like an urban legend. better how???
|
# ? Jun 16, 2017 00:27 |
|
Powaqoatse posted:also wtf counterfeit money better than real money sounds like an urban legend. better how??? From an NPR interview, apparently they do finer engraving than the Bureau of Engraving and Printing. Thankfully we have other anti-counterfeiting tricks than just the fineness of the engraving.
|
# ? Jun 16, 2017 00:44 |
|
ah ok so it's worse than the real money by being engraved wrong
|
# ? Jun 16, 2017 00:48 |
|
today I got PII emailed to me from a random Austin woman (insurance info) and the Army Corps of Engineers (dam permit I guess?)
|
# ? Jun 16, 2017 00:48 |
|
Powaqoatse posted:
aside from the other thing that was said, the bills would also just look too new, despite often being of the previous series (which would always be easier to counterfeit yet still in high circulation especially outside the US) and thus a bit suspicious to be so new still.
|
# ? Jun 16, 2017 00:54 |
Powaqoatse posted:also didn't read the article, but most ransomware generates an address per infection I think that wannacry had a per-victim address generator but it was broken for some reason and defaulted to one of three hard coded addresses.
|
|
# ? Jun 16, 2017 00:54 |
|
Munkeymon posted:today I got PII emailed to me from a random Austin woman (insurance info) and the Army Corps of Engineers (dam permit I guess?) I occasionally get PHI faxed to me.
|
# ? Jun 16, 2017 00:54 |
|
Munkeymon posted:and the Army Corps of Engineers (dam permit I guess?) wait, so is this the answer to a permit request, or the actual request? if it's the latter then approve that dam and see how far it gets. keep us updated
|
# ? Jun 16, 2017 02:30 |
|
Shifty Pony posted:I think that wannacry had a per-victim address generator but it was broken for some reason and defaulted to one of three hard coded addresses. yeah i could've sworn i heard that there was a race condition involved
|
# ? Jun 16, 2017 06:14 |
|
vOv posted:yeah i could've sworn i heard that there was a race condition involved the entire development of this (gleamed via older versions) was what made it so unusual
|
# ? Jun 16, 2017 06:47 |
|
Shaggar posted:I occasionally get PHI faxed to me. When gmail was in beta I got a bunch of very generic gmail addresses. One of them consistently gets accidental email, and for a while there was an Iranian travel agency automatically cc'ing me on every visa application submitted with full copy scans of people's passports and resumes. Most of the resumes were engineers im probably on a list
|
# ? Jun 16, 2017 07:02 |
|
fishmech posted:aside from the other thing that was said, the bills would also just look too new, despite often being of the previous series (which would always be easier to counterfeit yet still in high circulation especially outside the US) and thus a bit suspicious to be so new still. i've just remembered a weird detail from some documentary i watched years ago about how one bunch of counterfeiters would use washing machines and pumice stone to make their notes look used to get around this problem, and the secret service were eventually able to track them because the same machines and stones were used to stonewash counterfeit jeans that were being sold in new york. the 80s-est crime there's ever been. aiui the "too good" problem with the superdollars wasn't that the forgers could print to a better quality than the official notes, just that because the presses were used far, far less the plates didn't get the same level of wear and tear so they looked notably better to an expert than other notes supposedly printed at the same time. there were similar problems with forged pound coins (a massive problem in the uk, as many as 1 in 20 according to some estimates), because when new they were an awful lot shinier than new original ones because they were electroplated lead.
|
# ? Jun 16, 2017 07:09 |
|
facebook to burned mods: oops also lomarf at fb obsessed with using their personal accounts for the job https://twitter.com/josephfcox/status/875626936612999168
|
# ? Jun 16, 2017 13:06 |
|
Has anyone done a proper security review of the Symantec Proximity logon feature for OSX? Because that poo poo is clearly saving the password somewhere and doing a keyboard injection to type it in to the standard logon field and I do not trust Symantec to be doing any of this without royally loving it up.
|
# ? Jun 16, 2017 17:27 |
|
Deep Dish Fuckfest posted:wait, so is this the answer to a permit request, or the actual request? if it's the latter then approve that dam and see how far it gets. keep us updated the former. the original application was included and the dude gave them my email so it was his fault not the Corps
|
# ? Jun 16, 2017 18:51 |
|
bit of a post-mortem from microsoft offensive security research on kernel mitigations vs eternalromance https://blogs.technet.microsoft.com...based-security/
|
# ? Jun 16, 2017 19:33 |
|
Munkeymon posted:today I got PII emailed to me from a random Austin woman (insurance info) and the Army Corps of Engineers (dam permit I guess?) lmk when they send the gently caress and poo poo permits
|
# ? Jun 17, 2017 15:32 |
|
Agile Vector posted:lmk when they send the gently caress and poo poo permits what a country, you need a piece of paper just to take a poo poo
|
# ? Jun 17, 2017 16:06 |
|
goddamnedtwisto posted:what a country, you need a piece of paper just to take a poo poo What else are you gonna wipe with?
|
# ? Jun 17, 2017 16:08 |
|
RFC2324 posted:What else are you gonna wipe with?
|
# ? Jun 17, 2017 16:10 |
|
can i talk about offshore vessel (oil/LNG drilling/pipelay/construction(surface/subsea)) info/op security? over the last 4 years i've been on a wide variety of offshore vessels with different functions operated by different corps and of differing ages yet they all had the same massive opsec/infosec issues:
rant over but to clarify, every single one of those observations I have made on vessels both moored at shipyards for fit-out AND on vessels doing active operations in-field (operations like drilling for gas or installing well-heads/pipe). of course the sec posture is much worse when moored at a shipyard for fit-out but i have still observed every single one of those issues whilst offshore in-field. i have also observed all of these activities in MARSEC Level 1+2 conditions. tl;dr: it's a complete and utter poo poo-show on offshore vessels and ripe for deliberate or inadvertent compromise of critical systems that may involve loss of life. we're talking a cyber piper alfa (my granddad worked offshore north sea for Schlumberger and after piper alfa he quit the industry): https://www.youtube.com/watch?v=BdRcALtA8CE edit: i forgot one thing specific to Mobile Offshore Drilling Units (MODUs):
Pile Of Garbage fucked around with this message at 16:41 on Jun 17, 2017 |
# ? Jun 17, 2017 16:31 |
|
colonial fleet is hosed up
|
# ? Jun 17, 2017 17:46 |
|
cheese-cube posted:can i talk about offshore vessel (oil/LNG drilling/pipelay/construction(surface/subsea)) info/op security? over the last 4 years i've been on a wide variety of offshore vessels with different functions operated by different corps and of differing ages yet they all had the same massive opsec/infosec issues: security costs money how much money is the absence of security costing them?
|
# ? Jun 17, 2017 18:14 |
|
RFC2324 posted:What else are you gonna wipe with?
|
# ? Jun 17, 2017 18:17 |
|
Notorious b.s.d. posted:security costs money depends i guess. i can think of two scenarios: active sabotage to cause equipment damage/loss of life and subtle interference to reduce efficiency of operations. messing with MWD data to make the senior drilling sup make wrong decisions would be trivial. in fact you could even go as far as to trick the sdsv into causing a blow-out... but yeah i see where you're going, sec is a cost centre, etc.
|
# ? Jun 17, 2017 18:25 |
|
cheese-cube posted:depends i guess. i can think of two scenarios: active sabotage to cause equipment damage/loss of life and subtle interference to reduce efficiency of operations. messing with MWD data to make the senior drilling sup make wrong decisions would be trivial. in fact you could even go as far as to trick the sdsv into causing a blow-out... on a commercial vessel like that there's probably a tendency towards greater availability vs. more stringent auth*; if someone can't be trusted to not mess with something they shouldn't, they probably shouldn't be on board, while access controls can be seen as a dangerous hindrance in an emergency
|
# ? Jun 17, 2017 18:33 |
|
cheese-cube posted:depends i guess. i can think of two scenarios: active sabotage to cause equipment damage/loss of life and subtle interference to reduce efficiency of operations. messing with MWD data to make the senior drilling sup make wrong decisions would be trivial. in fact you could even go as far as to trick the sdsv into causing a blow-out... nobody will give a gently caress until one of the ships is attacked and it can't be explained away as a mistake. some of the culture of easy access comes from the maritime emergency managent tradition of ensuring that anyone on the ship can do anything in case everyone else is firefighting or otherwise unavailable, but that doesn't excuse everything you describe above.
|
# ? Jun 17, 2017 18:34 |
|
cheese-cube posted:
yeah that sounds like dad alright i'm guessing a lot of this is probably also due to a lot of people in the industry (especially the senior guys) having been there since before all that computer stuff was commonplace
|
# ? Jun 17, 2017 18:40 |
|
so you're saying Hackers is real?
|
# ? Jun 17, 2017 18:43 |
|
Midjack posted:nobody will give a gently caress until one of the ships is attacked and it can't be explained away as a mistake. that's not really true because not everyone is trained to do everything. sure maybe 10-20 employees of the vessel operator are trained in everything but i guarantee that the 250-500 other ppl on the vessel aren't trained or qualified to operate anything there. Cocoa Crispies posted:on a commercial vessel like that there's probably a tendency towards greater availability vs. more stringent auth*; if someone can't be trusted to not mess with something they shouldn't, they probably shouldn't be on board, while access controls can be seen as a dangerous hindrance in an emergency the areas which i've accessed, on several vessels both in dock and off-shore, had critical areas demarcated with MARSEC signs as well as no unauthorised entry signs. these are never enforced and if you walk onto the bridge no one gives a gently caress. if you walk onto the bridge and then into the adjacent comms room where there's no CCTV there are still no fucks given. idk this might just be one of those situations where i'm blowing a remote risk out of proportion but there's >200 pax on these vessels at a time so if things go to poo poo then Pile Of Garbage fucked around with this message at 19:08 on Jun 17, 2017 |
# ? Jun 17, 2017 18:45 |
|
cheese-cube posted:that's not really true because not everyone is trained to do everything. sure maybe 10-20 employees of the vessel operator are trained in everything but i guarantee that the 250-500 other ppl on the vessel aren't trained or qualified to operate anything there. like i said, tradition
|
# ? Jun 17, 2017 19:01 |
|
Midjack posted:like i said, tradition not sure what you mean. despite the massive op/infosec failings the vessel operators still enforce a tight hse standard. i dont see how tradition factors in. sure these vessels are old but their hse operating standards are very new.
|
# ? Jun 17, 2017 19:06 |
Notorious b.s.d. posted:security costs money more importantly security costs money up front. before he quit the job a friend could tell the most absurd stores about drilling companies losing stupid amounts of money because they didn't want to spend a relative pittance to properly maintain their equipment, implement common sense interlocks, or even to bother training their employees beyond "the oil is under the surface". you would think that they would learn after the 20th time one of their rigs was down for a day due to the operator blowing the hydraulic system by engaging the pump with the engine on the wrong idle setting but nope!
|
|
# ? Jun 17, 2017 19:27 |
|
hah yeah that poo poo still happens. a MODU i'm managing/monitoring hosed it's first two wells which i'm fairly sure was due to lovely practices (in fact they swapped out the OIM after the second failure lol)
|
# ? Jun 17, 2017 19:50 |
cheese-cube posted:hah yeah that poo poo still happens. a MODU i'm managing/monitoring hosed it's first two wells which i'm fairly sure was due to lovely practices (in fact they swapped out the OIM after the second failure lol) I think a lot of it is that due to the remoteness of the operations and urgency to get things going again there is basically no attempt to properly document why something went wrong. for the little documentation they do lying is very unlikely to be questioned, reduces the odds you get fired, and produces less paperwork so that's what they do.
|
|
# ? Jun 17, 2017 20:24 |
|
https://twitter.com/pinboard/status/876193906521554944quote:
|
# ? Jun 18, 2017 03:28 |
|
a couple weeks ago i got an email from level3. wait, it's from that level3? yep, because some guy is convinced that his ex girlfriend is a hacker who causes him computer problems, and he entered my email address in some level3 support form. the message he sent was copied in the email and i was quite disappointed because he didn't even sound like he was any kind of entertaining conspiracy theorist or anything like that, more that he was just a semi-literate dipshit who managed to find a web form on some level3 site
|
# ? Jun 18, 2017 06:44 |
|
|
# ? May 18, 2024 17:17 |
|
Lutha Mahtin posted:a couple weeks ago i got an email from level3. wait, it's from that level3? yep, because some guy is convinced that his ex girlfriend is a hacker who causes him computer problems, and he entered my email address in some level3 support form. the message he sent was copied in the email and i was quite disappointed because he didn't even sound like he was any kind of entertaining conspiracy theorist or anything like that, more that he was just a semi-literate dipshit who managed to find a web form on some level3 site was his problem "i think my girlfriend is deleting all my emails because people keep telling me they've sent me something and i've never received it"?
|
# ? Jun 18, 2017 13:39 |