|
plz rename thread Security Fuckup Megathread v15.0 - better upgrade ur libraries u stupid bitch
|
#
?
Jun 29, 2017 04:17
|
|
|
|
| # ? May 13, 2024 23:10 |
|
|
JewKiller 3000 posted:maybe the search engines, but you're not gonna get full text papers from the journals without paying, are you? Yes, most of the time you'll get full access to full text html or PDFs for free. Everything under the sun? No. There are some publishers (IEEE comes to mind) that keep their poo poo walled off. There are also the occasional journals that embargo their materials for a month or so, but it's been a while since I've run across one of those.
|
|
#
?
Jun 29, 2017 04:18
|
|
|
lol sounds like college libraries should cancel half their journal subscriptions and tell their students to get a public library card and go online. there, i've solved the university funding crisis
|
|
#
?
Jun 29, 2017 04:19
|
|
|
BeOSPOS posted:plz rename thread Security Fuckup Megathread v15.0 - better upgrade ur libraries u stupid bitch #include <libraries.h>
|
|
#
?
Jun 29, 2017 04:20
|
|
|
the best thing about cs academia is you google the name of the paper and the first result is the main author's .edu website with a link to the "preprint" pdf. works EVERY time. ieee and acm suck rear end but NO BO DY cares because of this also conferences matter more than journals, that helps
|
|
#
?
Jun 29, 2017 04:26
|
|
|
sorry everyone no more from me. i've got it all out of my system now and besides the darkest days are behind us which was when second life was going to usher in a golden age of virtual library service and holy gently caress things can only look up after that.
|
|
#
?
Jun 29, 2017 04:28
|
|
|
i remember second life, i'm amazed that poo poo is still around. in the early days it was a true secfuck, the linden dollars were just starting to be traded for real money, yet the code was full of vulnerabilities. you could purchase private virtual properties, which would block everyone not invited from coming into them, but it was possible to clip through the border by sitting down on an object in the property. so you could drop in uninvited on some yiffy furs having e-sex. truly a golden age
|
|
#
?
Jun 29, 2017 04:35
|
|
|
JewKiller 3000 posted:the best thing about cs academia is arxiv
|
|
#
?
Jun 29, 2017 04:37
|
|
|
Subjunctive posted:arxiv
|
|
#
?
Jun 29, 2017 05:15
|
|
|
Lain Iwakura posted:i'm so glad that this is the library thread. i totally misread the title when i clicked on it i guess
|
|
#
?
Jun 29, 2017 05:34
|
|
|
infernal machines posted:a breathless and poorly written piece on the petya variant that hit recently  comes out
|
|
#
?
Jun 29, 2017 05:54
|
|
|
oops https://www.washingtonpost.com/news/the-switch/wp/2017/06/28/fedex-delivery-unit-hit-by-worldwide-cyberattack/
|
|
#
?
Jun 29, 2017 06:55
|
|
|
does ExPetr actually rely on ETERNALBLUE or did the Russians just throw that in there to blame the NSA?
|
|
#
?
Jun 29, 2017 07:15
|
|
|
pseudorandom name posted:does ExPetr actually rely on ETERNALBLUE or did the Russians just throw that in there to blame the NSA?
|
|
#
?
Jun 29, 2017 07:17
|
|
|
pseudorandom name posted:does ExPetr actually rely on ETERNALBLUE or did the Russians just throw that in there to blame the NSA?
|
|
#
?
Jun 29, 2017 07:28
|
|
|
infernal machines posted:a breathless and poorly written piece on the petya variant that hit recently Malware Tech refutes this: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html The fact remains that the installation ID is generated randomly though. https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/ I've looked at some samples today and the code does seem to support the theory, too early to tell though.
|
|
#
?
Jun 29, 2017 11:54
|
|
|
spankmeister posted:Malware Tech refutes this: even if the installation ID wasn't just a random number and was actually generated in a way that would allow decryption, the whole decryption payment method stinks. you have a well written customized piece of malware deployed in a sophisticated manner which combines multiple exploits and multiple payloads, and it relies on a single bitcoin address, the manual transcription of a huge installation ID which doesn't even avoid ambiguous characters, and email? there's a reason the ransomware industry standard procedure for payment is the creation of a per-machine bitcoin address with TOR being used to confirm payment and supply the decryption code automatically on payment. whoever designed this thing didn't care about being paid. their goals were pretty clearly primarily to get credentials, to cause damage and disruption in Ukraine, or both.
|
|
#
?
Jun 29, 2017 13:07
|
|
|
the elephant in the room is that petya is ransomware already with a working payment chain, there was no need for these changes to exist
|
|
#
?
Jun 29, 2017 13:16
|
|
|
I agree with both of you. To me it's abundantly clear what the purpose of this malware is.
|
|
#
?
Jun 29, 2017 13:20
|
|
|
spankmeister posted:I agree with both of you. To me it's abundantly clear what the purpose of this malware is. pls share, ive been only halfassedly reading about petya
|
|
#
?
Jun 29, 2017 13:47
|
|
|
Another live fire exercise on Ukranian infrastructure, with a side of collateral damage, made to be plausibly connected to previous ransomware attacks?
|
|
#
?
Jun 29, 2017 13:51
|
|
|
this is a pretty good rundown of it with links to the posts of the various security researchers who found the issues: https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4
|
|
#
?
Jun 29, 2017 13:54
|
|
|
infernal machines posted:Another live fire exercise on Ukranian infrastructure, with a side of collateral damage, made to be plausibly connected to previous ransomware attacks? that i kinda assumed it's russians just ukraining it away, i more thought some specific computer level macro objectives petya had that spankmeister may have implied
|
|
#
?
Jun 29, 2017 14:13
|
|
|
cinci zoo sniper posted:that i kinda assumed it's russians just ukraining it away, i more thought some specific computer level macro objectives petya had that spankmeister may have implied The initial infection vector is from a Ukranian company that makes tax return software. This company was hacked and made to push a malicious update to its users. A lot of businesses and government in Ukraine and businesses that deal with Ukraine use this software because it's one of the few that's allowed for use by the government. So that makes it clear that Ukraine was the target. Now the malware itself looks like a variant of Petya, which is an existing ransomware family. This is a false flag, smoke and mirrors. Why? Because there is no way of getting your files decrypted. This is because it generates a unique "Installation ID" which you're supposed to send along with your bitcoin wallet address that you made the payment from to an email address. They use a single hardcoded bitcoin wallet for every infection. This method requires manual verification and is completely ludicrous for a malware that has such aggressive spreading methods. Modern ransomware uses a more sophisticated backend that generates a unique bitcoin wallet for each infection which allows payments to be automatically verified over a tor backend. Stupid verification method aside, the installation ID is completely random. There is _no_ way to link this ID to a specific infection. The malware authors cannot determine which key it belongs to. So there is no chance of this ever working as a "legitimate" ransomware. And like Wiggly Wayne DDS said, Petya was a perfectly functional ransomware, there was no reason to make the changes that they did.
|
|
#
?
Jun 29, 2017 15:24
|
|
|
spankmeister posted:And like Wiggly Wayne DDS said, Petya was a perfectly functional ransomware, there was no reason to make the changes that they did. so wait was there a new legit ransomware attack this week or is petya older and just the non-ransomware targeted at ukraine is new?
|
|
#
?
Jun 29, 2017 15:56
|
|
|
spankmeister posted:The initial infection vector is from a Ukranian company that makes tax return software. This company was hacked and made to push a malicious update to its users. A lot of businesses and government in Ukraine and businesses that deal with Ukraine use this software because it's one of the few that's allowed for use by the government.  this is very interesting, and confusing
|
|
#
?
Jun 29, 2017 16:09
|
|
|
Well this morning certainly has been interesting. I work at a large global company that makes lawn equipment and engines. Our manufacturing line computers were infected with ransomware last year and had to be shut down until hundreds of thousands of dollars were payed out. I work in the equipment testing lab. The lab manager (who btw owns) and I are the people that maintain and develop software that handles all the test requests and test data, among other things. I go into his office this morning and we notice that a folder in the network drive where all of our test data is stored had a bunch of [document in the folder filename].locky files. We immediately wrote a ticket, which immediately got escalated to the head of global network security. I then noticed that all the locky files were 0 bytes and I right clicked on the properties to see the owner. Every file was owned by the same guy and we work fairly closely with him so we messaged him right away. He tries being all coy saying he had no idea what we're talking about *wink*. Turns out they're all just empty and it was just a "prank". Our IT sends out almost daily memos reminding people what to look for in a phishing attempt after we had production shut down last year. They were making GBS threads themselves this morning and wanted to speak with him right away. We told him this and his defense was "well I was just trying to check up on you guys, IT sends out phishing tests to employees all the time too!!" tldr: A genius at work this morning decided to put a bunch of blank [filename].locky files on a network drive where all of our test data is stored as a "prank".
|
|
#
?
Jun 29, 2017 16:57
|
|
|
ThePeavstenator posted:Well this morning certainly has been interesting. looks like he found a vuln in his employment status
|
|
#
?
Jun 29, 2017 16:58
|
|
|
cinci zoo sniper posted:looks like he found a vuln in his employment status I guess it should also be noted that he's not a computer toucher, he's an electrical technician, so I don't think he knew the level of reaction this was going to get.
|
|
#
?
Jun 29, 2017 17:05
|
|
|
ThePeavstenator posted:I guess it should also be noted that he's not a computer toucher, he's an electrical technician, so I don't think he knew the level of reaction this was going to get. uhhhh
|
|
#
?
Jun 29, 2017 17:07
|
|
|
oh my god it was just a little prank about the company facing the possibility of another multi-million dollar loss -- why can't you guys take a joke???!!! rip, electrical dude
|
|
#
?
Jun 29, 2017 17:08
|
|
|
cinci zoo sniper posted:uhhhh hey man I never said he was smart
|
|
#
?
Jun 29, 2017 17:08
|
|
|
ThePeavstenator posted:hey man I never said he was smart
|
|
#
?
Jun 29, 2017 17:09
|
|
|
ThePeavstenator posted:Well this morning certainly has been interesting. Robert Hanssen also claimed to be merely testing his employers' information security
|
|
#
?
Jun 29, 2017 17:10
|
|
|
i bet that dude will WannaCry after he gets fired lol
|
|
#
?
Jun 29, 2017 17:11
|
|
|
Meat Beat Agent posted:i bet that dude will WannaCry after he gets fired lol 
|
|
#
?
Jun 29, 2017 17:12
|
|
|
cinci zoo sniper posted:not blaming you or anything, just didnt expect that it wasnt even a computer toucher. this is getting into windows xp screenshot wallpaper tier of pranks, only in the worst place at the worst time The system is primarily used by non computer touchers. Product engineers write up test requests, and techs run the tests and record data and results in the system. It's primarily data for NPD but we also do production testing as well so that data is on the system too. ThePeavstenator fucked around with this message at 17:18 on Jun 29, 2017 |
|
#
?
Jun 29, 2017 17:14
|
|
|
I love learning poo poo like this Thank you secfuck thread
|
|
#
?
Jun 29, 2017 17:19
|
|
|
Meat Beat Agent posted:i bet that dude will WannaCry after he gets fired lol
|
|
#
?
Jun 29, 2017 17:47
|
|
|
|
| # ? May 13, 2024 23:10 |
|
|
Meat Beat Agent posted:i bet that dude will WannaCry after he gets fired lol 
|
|
#
?
Jun 29, 2017 18:13
|
|