|
Lockpick village would be hard to replicate online. That place is so fun.
|
#
?
Aug 4, 2017 17:54
|
|
|
|
| # ? May 22, 2024 10:29 |
|
|
EVIL Gibson posted:The flipping charge list is accusing him of helping develop the malware to be better and getting paid for it with the people that were using it for profit. Reread the second sentence of mine that you quoted. I completely agree that as far as this guy in particular it looks like they have some legitimate charges, but the post I was replying to was speaking in absolutes as if there aren't all sorts of ways for purely legitimate security researchers to end up considered criminals if they embarrass the wrong person/company.
|
|
#
?
Aug 4, 2017 18:44
|
|
|
wolrah posted:Reread the second sentence of mine that you quoted. I completely agree that as far as this guy in particular it looks like they have some legitimate charges, but the post I was replying to was speaking in absolutes as if there aren't all sorts of ways for purely legitimate security researchers to end up considered criminals if they embarrass the wrong person/company. And I am agreeing with you and have seen people tell stories how close they were for being curious and looking into something a company would considered criminal (like looking at your engine stats through Bluetooth and how people found out about Volvo's emission cheatery). I was saying the moment you are purposely working to make something that will negatively affect others in any way you are no longer a researcher and actually an attacker now.
|
|
#
?
Aug 4, 2017 18:52
|
|
|
I think we all need a good laugh right now: Petition to open source Flash and Shockwave spec quote:Adobe is going to stop distributing and updating Flash player and the Shockwave player. That's ok. (found posted unironically on the Pale Moon forums, as if you needed any more excuses to avoid the Firefox knock-off like the plague)
|
|
#
?
Aug 4, 2017 21:41
|
|
|
Kerning Chameleon posted:
|
|
#
?
Aug 4, 2017 21:47
|
|
|
i mean it probably would be nice if all the newgrounds stuff doesn't just disappear (still waiting on pico 2 btw!)
|
|
#
?
Aug 4, 2017 21:48
|
|
|
maskenfreiheit posted:i mean it probably would be nice if all the newgrounds stuff doesn't just disappear Hot take: It would be nice if all the Newgrounds stuff did disappear. Also, Newgrounds itself.
|
|
#
?
Aug 4, 2017 21:51
|
|
|
anthonypants posted:Brilliant. Look they just provide the ideas.
|
|
#
?
Aug 4, 2017 22:19
|
|
|
I'm an Ideas Guy. And my ideas are terrible.
|
|
#
?
Aug 4, 2017 22:30
|
|
|
Incomplete open source implementations of Flash have been around for a long time. I worked a bit on one in the early 2000s, and there have been many since (Gordon and Shumway the most recent serious ones). Being able to run Flash content in JS and avoid the native code attack surface would have been great (and plausibly faster), but it's a big job even with Adobe's cooperation.
|
|
#
?
Aug 4, 2017 22:36
|
|
|
It definitely would be nice if the source code was provided under a non commercial license of some kind solely for archivists.
|
|
#
?
Aug 4, 2017 22:57
|
|
|
They could likely never do that, they don't have sufficient rights to big pieces of it (like the H.264 stuff).
|
|
#
?
Aug 4, 2017 22:59
|
|
|
Subjunctive posted:They could likely never do that, they don't have sufficient rights to big pieces of it (like the H.264 stuff). We also don't need a Mozilla-esque like setup for Flash.
|
|
#
?
Aug 4, 2017 23:14
|
|
|
Lain Iwakura posted:We also don't need a Mozilla-esque like setup for Flash. They could get someone to take it on, probably. Mozilla already hosts some of one of their script engines.
|
|
#
?
Aug 4, 2017 23:23
|
|
|
Kerning Chameleon posted:I think we all need a good laugh right now: This is unironically good though. Digital cultural archiving is a big thing and it'd be lovely if it all got lost.
|
|
#
?
Aug 4, 2017 23:36
|
|
|
Adobe has published an incomplete spec for years, but the licensing terms on it make it useless.
|
|
#
?
Aug 4, 2017 23:38
|
|
|
vOv posted:This is unironically good though. Digital cultural archiving is a big thing and it'd be lovely if it all got lost. Because virtual machines and archived installers don't exist.
|
|
#
?
Aug 5, 2017 00:15
|
|
|
Just keep a computer that still has Flash in a museum somewhere. Not connected to the Internet, obviously. Give it SWF files through a thumb drive and keep backups.
|
|
#
?
Aug 5, 2017 01:29
|
|
|
vOv posted:This is unironically good though. Digital cultural archiving is a big thing and it'd be lovely if it all got lost. This is one piece of software that i would not feel sorry if it got lost into ether.
|
|
#
?
Aug 5, 2017 01:54
|
|
|
Subjunctive posted:They could get someone to take it on, probably. Mozilla already hosts some of one of their script engines. if mozilla takes on chrome after claiming they don't have enough resources to support thunderbind i'm lobbing piss filled water balloons on their precious deck from the chrome team balcony
|
|
#
?
Aug 5, 2017 02:53
|
|
|
There are resources to support tbird, it's just not a good use of them.
|
|
#
?
Aug 5, 2017 11:50
|
|
|
vOv posted:This is unironically good though. Digital cultural archiving is a big thing and it'd be lovely if it all got lost. Yeah, how will future generations be able to play Dance Dance Karnov without it?
|
|
#
?
Aug 5, 2017 20:47
|
|
|
Subjunctive posted:There are resources to support tbird, it's just not a good use of them. WRONG. LAME. FAKE NEWS Volguus posted:This is one piece of software that i would not feel sorry if it got lost into ether. there's a big difference between open sourcing with an emphasis on playing existing media and active development. i don't think anyone advocates continued development just keeping it working so we can play existing media (and maybe export to a less lovely format)
|
|
#
?
Aug 5, 2017 21:20
|
|
|
maskenfreiheit posted:there's a big difference between open sourcing with an emphasis on playing existing media and active development. i don't think anyone advocates continued development just keeping it working so we can play existing media (and maybe export to a less lovely format) Yeah this. I'd be perfectly happy if nobody ever made anything new in flash. The Fool posted:Because virtual machines and archived installers don't exist. IIRC the Linux version isn't as good so if you do want to go this route then you'd also have to store Windows ISOs and deal with whatever antipiracy they have (and be OK with people having to break the law to experience old Internet culture).
|
|
#
?
Aug 6, 2017 21:15
|
|
|
Yeah, it would be sad if nobody ever got to experience Strong Bad Emails, discovering Easter eggs themselves, ever again. 
|
|
#
?
Aug 6, 2017 21:59
|
|
|
Absurd Alhazred posted:Yeah, it would be sad if nobody ever got to experience Strong Bad Emails, discovering Easter eggs themselves, ever again. HOW CAN FLASH BE BAD IF HOMESTAR IS GOOD. RIDDLE ME THAT LINUX HUFFERS
|
|
#
?
Aug 7, 2017 00:08
|
|
|
maskenfreiheit posted:HOW CAN FLASH BE BAD IF HOMESTAR IS GOOD. RIDDLE ME THAT LINUX HUFFERS Don't let your compy be eaten by Linux, folks!
|
|
#
?
Aug 7, 2017 00:10
|
|
|
maskenfreiheit posted:HOW CAN FLASH BE BAD IF HOMESTAR IS GOOD. RIDDLE ME THAT LINUX HUFFERS https://www.youtube.com/watch?v=L0nuQ5o2DYU&hd=1
|
|
#
?
Aug 7, 2017 00:21
|
|
|
fsack would be a great username
|
|
#
?
Aug 7, 2017 01:02
|
|
|
RFC2324 posted:fsack would be a great username Nope, nope, nope, the Land of Ten Thousand Nopes.
|
|
#
?
Aug 8, 2017 07:59
|
|
|
So this appears to be v bad. 
|
|
#
?
Aug 9, 2017 16:39
|
|
|
Diva Cupcake posted:So this appears to be v bad. What does? e: oh weird, there's an image there but it's 404ing for me for whatever reason, can you rehost on imgur?
|
|
#
?
Aug 9, 2017 17:44
|
|
|
CLAM DOWN posted:What does? https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620 quote:A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
#
?
Aug 9, 2017 17:49
|
|
|
loving  that sounds amazing, I want more details
|
|
#
?
Aug 9, 2017 17:59
|
|
|
Yeah, but how often does a program handle objects in memory?
|
|
#
?
Aug 9, 2017 18:33
|
|
|
Thermopyle posted:Yeah, but how often does a program handle objects in memory? Only a few high end CAD packages I think
|
|
#
?
Aug 9, 2017 18:39
|
|
|
It's a no-priv RCE with a POC already in existence per the NIST calc. Good thing is that wsearch shouldn't be enabled by default on most servers. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?calculator&version=3&vector=(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
|
|
#
?
Aug 9, 2017 18:49
|
|
|
Diva Cupcake posted:It's a post-auth guest-privs-minimum RCE with a POC already in existence per the NIST calc. Good thing is that wsearch shouldn't be enabled by default on most servers. fixed
|
|
#
?
Aug 10, 2017 07:43
|
|
|
Daman posted:fixed ...said 1% of all system administrators.
|
|
#
?
Aug 10, 2017 13:59
|
|
|
|
| # ? May 22, 2024 10:29 |
|
|
so i'm working on my oscp and the general workflow seems to be: get into the windows box scan for one of a myriad of smb vulns
|
|
#
?
Aug 10, 2017 14:56
|
|