|
Jabor posted:actual 4g coverage, or is someone there running a stingray? my vpn tunnels all data including 4g so suck it FBI
|
# ? Jul 30, 2017 04:44 |
|
|
# ? May 14, 2024 06:36 |
|
fishmech posted:nearly 10 year old defcon joke ok that explains a lot more
|
# ? Jul 30, 2017 04:54 |
|
ShadowHawk posted:Hey everyone, turns out I'm the main culprit of my very own CVE! please stop touching computers
|
# ? Jul 30, 2017 04:57 |
|
FAT32 SHAMER posted:ok that explains a lot more I think it was the post Graham did before he banned himself
|
# ? Jul 30, 2017 05:27 |
|
ShadowHawk posted:Hey everyone, turns out I'm the main culprit of my very own CVE!
|
# ? Jul 30, 2017 05:53 |
|
I'm not really sure what's going on with that CVE other than it does bad stuff, but what's especially stupid about it?
|
# ? Jul 30, 2017 06:16 |
|
FAT32 SHAMER posted:I'm not really sure what's going on with that CVE other than it does bad stuff, but what's especially stupid about it? dude interpolates a filename into a command string that is then passed to vbscript.exe, which is stupid enough to execute arbitrary code passed on the command line this was a.) stupid b.) totally unnecessary c.) did i mention really, really stupid?
|
# ? Jul 30, 2017 06:21 |
|
Notorious b.s.d. posted:dude interpolates a filename into a command string that is then passed to vbscript.exe, which is stupid enough to execute arbitrary code passed on the command line oh nice that's bad
|
# ? Jul 30, 2017 06:27 |
|
Rufus Ping posted:Well i'm bored in vegas, got no plans till an early dinner meetup tonight and already got my defcon badge so i will answer questions till my mifi is nearly out of batteries I recognize this reference
|
# ? Jul 30, 2017 06:35 |
|
FAT32 SHAMER posted:I'm not really sure what's going on with that CVE other than it does bad stuff, but what's especially stupid about it?
|
# ? Jul 30, 2017 07:16 |
|
Notorious b.s.d. posted:dude interpolates a filename into a command string that is then passed to vbscript.exe, which is stupid enough to execute arbitrary code passed on the command line anyway "script interpreter runs code passed to it" isn't really stupid but rather something script interpreters are supposed to do. the stupid part is handing raw user data to something that expects to be given executable code Bonfire Lit fucked around with this message at 08:55 on Jul 30, 2017 |
# ? Jul 30, 2017 08:52 |
|
shadowhawk could you explain why the gently caress does a thumbnailer need to access the product version of an installer package, in the first place?
|
# ? Jul 30, 2017 09:42 |
|
Notorious b.s.d. posted:dude interpolates a filename into a command string that is then passed to vbscript.exe, which is stupid enough to execute arbitrary code passed on the command line vbscript.exe is entirely innocent here, it is, say it with me ~~~a bash script where arbitrary user data is syntactically escaped into a string by haaaaand~~~
|
# ? Jul 30, 2017 10:32 |
|
hackbunny posted:shadowhawk could you explain why the gently caress does a thumbnailer need to access the product version of an installer package, in the first place? code:
|
# ? Jul 30, 2017 10:34 |
|
a bash script that uses wine to run windows script host to run a vbscript script to run a sql query on an msi file to embed a very minor metadata label in a thumbnail icon Cybernetic Vermin posted:vbscript.exe is entirely innocent here, it is, say it with me ~~~a bash script where arbitrary user data is syntactically escaped into a string by haaaaand~~~ windows script host shares part of the blame though, as code:
blame wine too but especially wsh for being a fragile pos that requires external and easily corrupted metadata for something as simple as retrieving the command line arguments
|
# ? Jul 30, 2017 10:46 |
|
hackbunny posted:a bash script
|
# ? Jul 30, 2017 10:55 |
|
Notorious b.s.d. posted:a.) why would you do this, you colossal idiot The thumbnailer's point was to show the windows embedded executable icons for executable files rather than a generic featureless square icon. The author added some other magic to make it do fancy things with MSI files too, which is where this vulnerability came from. If I remember right the original reason the program used wine's built in handler instead of the (now proven safer) external msiinfo package was because it was already a dependency of Wine and you pretty much only installed this package because it came alongside Wine. That said the attack surface of this vulnerability is only slightly larger than Wine itself -- "download wine and malicious file on filesystem and then browse to its folder" vs "download malicious file on filesystem, browse to folder, and then open with wine".
|
# ? Jul 30, 2017 11:57 |
|
And yeah it's my fuckup but I was so used to thinking of the threat model of Wine being the actual malicious app itself and if a user launches such an app it's already over. Now it turns out you can have an elaborate really long filename with script embedded into the name, and sometimes files can appear without user intent, so that makes it relatively worse. The packages got updated within a day or two of the publication of the CVE though, so that's good.
|
# ? Jul 30, 2017 13:40 |
|
bugs like this is one of the reasons why the default browser behavior of just downloading files is so bad
|
# ? Jul 30, 2017 15:03 |
|
spankmeister posted:bugs like this is one of the reasons why the default browser behavior of just downloading files is so bad don't worry, the automatic antivirus scan will stop anything bad!
|
# ? Jul 30, 2017 20:28 |
|
Today at DEFCON: SMBloris The first three bytes of a SMB connection are the NBSS header, the last 17 bits of which is a length field. 217 = 128 KB, so you can send a 3 bytes down a TCP connection to a Windows server and the kernel will allocate 128 KB of non-paged physical memory and wait 30 seconds before timing out. That's per TCP source port, for both IPv4 and IPv6, so 16 GB of non-paged physical memory per source machine. Memory is allocated in kernel mode with interrupts disabled, so when physical memory is exhausted, the Windows machine just hangs.
|
# ? Jul 30, 2017 20:48 |
|
yeah the best part is when they told microsoft who said it's not a security issue and wontfix
|
# ? Jul 30, 2017 20:49 |
|
Microsoft: denied service is a feature!
|
# ? Jul 30, 2017 20:58 |
|
e: misread, nevermind
|
# ? Jul 30, 2017 23:57 |
|
Solution: Install more memory
|
# ? Jul 31, 2017 04:44 |
|
Notorious b.s.d. posted:a.) why would you do this, you colossal idiot a posser who can't laugh at he own fuckups, a shameful posser
|
# ? Jul 31, 2017 04:55 |
|
Rufus Ping posted:Well i'm bored in vegas, got no plans till an early dinner meetup tonight and already got my defcon badge so i will answer questions till my mifi is nearly out of batteries go gently caress yourself with a shovel
|
# ? Jul 31, 2017 05:39 |
|
def con was good but Vegas is bad
|
# ? Jul 31, 2017 06:18 |
|
Cocoa Crispies posted:def con was good but Vegas is bad going to Vegas in two days gonna peep dat atomic museum
|
# ? Jul 31, 2017 06:30 |
|
my favorite part of visiting vegas a while ago was the ticket clickers that swarm on you and try to give you ads for prostitutes, i hope they still have those
|
# ? Jul 31, 2017 06:31 |
|
ate all the Oreos posted:my favorite part of visiting vegas a while ago was the ticket clickers that swarm on you and try to give you ads for prostitutes, i hope they still have those i wouldn't say they swarm but they still seem to exist Cocoa Crispies posted:def con was good but Vegas is bad eh living here's not so bad when it's not summer
|
# ? Jul 31, 2017 06:38 |
|
Ciaphas posted:i wouldn't say they swarm but they still seem to exist they only swarmed if you took a ticket, all the other ones would see you and swarm you my dad is an idiot and just wanted to take all the free things because he likes taking free worthless things so I saw this happen multiple times
|
# ? Jul 31, 2017 06:41 |
|
Subjunctive posted:stop. actually never mind, I agree there's no point trying to bait fishmech when he's right like usual as fishmech correctly points out, for all their hundreds of years of history corporations have only ever existed literally, as legal fairytales adults read to each other to make themselves feel better I guess you saw that one coming a mile away
|
# ? Jul 31, 2017 06:52 |
|
Max Facetime posted:actually never mind, I agree there's no point trying to bait fishmech when he's right like usual that's not what stopping looks like friend
|
# ? Jul 31, 2017 07:33 |
|
ate all the Oreos posted:my favorite part of visiting vegas a while ago was the ticket clickers that swarm on you and try to give you ads for prostitutes, i hope they still have those i have to ask what a "ticket clicker" is because it sort of sounds like victorian slang for a prostitute as it is
|
# ? Jul 31, 2017 07:55 |
|
well this certainly is a response to a security issue: https://beingwinsysadmin.blogspot.co.uk/2017/07/bug-windows-10-default-user-profile-is.html
|
# ? Jul 31, 2017 08:03 |
|
Total VPN ban in China by 2018? https://techcrunch.com/2017/07/10/china-vpn-ban/
|
# ? Jul 31, 2017 08:31 |
|
Also Russia just passed a similar law.
|
# ? Jul 31, 2017 08:50 |
spankmeister posted:Also Russia just passed a similar law. yeah, also affecting sim card purchases, use of anonymisers. they are trying to curb people getting around the state firewall
|
|
# ? Jul 31, 2017 08:53 |
|
|
# ? May 14, 2024 06:36 |
|
the only surprise is why didnt this happen earlier
|
# ? Jul 31, 2017 08:58 |