|
BattleMaster posted:cooling the DRAM ICs reduces the leakage enough that it will last several seconds without refresh so you can quickly swap the RAM stick into another computer without losing data, so when the second computer begins refreshing the data it will maintain whatever was in it by "another computer" could that also just be a device that's basically a battery and a few DRAM slots?
|
#
?
Sep 2, 2017 00:46
|
|
|
|
| # ? May 15, 2024 20:22 |
|
|
Farmer Crack-rear end posted:by "another computer" could that also just be a device that's basically a battery and a few DRAM slots? I've only studied the theory and physics behind DRAM so I don't know if the RAM modules handle all the refreshing on their own and don't require any input from the PC to do so as long as they are powered, then maybe that would work; it wouldn't be a terribly difficult thing to design either it's possible refreshing is a function of the system's memory controller though edit: though I guess it doesn't make a difference if you have a circuit sending the signals to refresh the RAM  edit 2: now I'm imagining a device that keeps the RAM alive and also has like a USB interface for downloading the RAM's contents intended specifically for making jacking RAM to be easier BattleMaster fucked around with this message at 01:56 on Sep 2, 2017 |
|
#
?
Sep 2, 2017 01:46
|
|
|
https://twitter.com/ParkerMolloy/status/903795622763003904
|
|
#
?
Sep 2, 2017 03:01
|
|
|
xposting because god drat
|
|
#
?
Sep 2, 2017 03:26
|
|
|
Grace Baiting posted:xposting because god drat and nothing of value was lost
|
|
#
?
Sep 2, 2017 04:47
|
|
|
exploded mummy posted:and nothing of value was lost
|
|
#
?
Sep 2, 2017 04:49
|
|
|
a fool and his butts are soon to be parted
|
|
#
?
Sep 2, 2017 05:24
|
|
|
Farmer Crack-rear end posted:by "another computer" could that also just be a device that's basically a battery and a few DRAM slots? No that won't work, ram needs to be actively refreshed i.e. read out then written back. The memory controller takes care of this. The refresh rate needed to keep ram working is measured in milliseconds.
|
|
#
?
Sep 2, 2017 06:09
|
|
|
BattleMaster posted:intended specifically for making jacking RAM to be easier Text me
|
|
#
?
Sep 2, 2017 06:20
|
|
|
spankmeister posted:No that won't work, ram needs to be actively refreshed i.e. read out then written back. The memory controller takes care of this. most ram chips have self-refresh modes where the memory controller goes idle and you only have to supply power. if you could nudge the target computer into standby mode, it's likely possible to stuff in some battery wires and pull the ram out without any chips or cooling
|
|
#
?
Sep 2, 2017 07:47
|
|
|
there's been practical examples pre-ddr4. haven't heard anything lately
|
|
#
?
Sep 2, 2017 09:45
|
|
|
presumably because if you have the physical access to a machine that would allow you to pull that off, then there are much more useful and useful attacks available to you
|
|
#
?
Sep 2, 2017 13:02
|
|
|
so what i'm hearing is "stop burdening local orgs getting computers with added costs of ram purchases", right?
|
|
#
?
Sep 2, 2017 13:36
|
|
|
surebet posted:so what i'm hearing is "stop burdening local orgs getting computers with added costs of ram purchases", right? I'm also hearing "just trash the FDE key"
|
|
#
?
Sep 2, 2017 13:58
|
|
|
unfortunately drive removal is mandated by audit reqs but i think someone just started trashing ram sticks when they saw gov't surplus auctions with them removed i don't mind the cargo cult-y stuff when it's harmless but it's costing time on our end to pull sticks and money on the other to replace them, so i'll talk to people
|
|
#
?
Sep 2, 2017 14:24
|
|
|
surebet posted:unfortunately drive removal is mandated by audit reqs but i think someone just started trashing ram sticks when they saw gov't surplus auctions with them removed program that fills ram with just repeated copies of wicked.jpg
|
|
#
?
Sep 2, 2017 14:33
|
|
|
surebet posted:so what i'm hearing is "stop burdening local orgs getting computers with added costs of ram purchases", right? yes, no reason to remove the ram to avoid data leakage. if some auditor is still concerned, running a round of memtest86 would inherently flush anything left on there anyway in the process of testing the ram.
|
|
#
?
Sep 2, 2017 16:06
|
|
|
Dylan16807 posted:most ram chips have self-refresh modes where the memory controller goes idle and you only have to supply power. even if they didn't it just means that the specialist device would need a chip on it to act like a memory controller. which it would probably want anyway so that you could read the memory without having to risk it by swapping again
|
|
#
?
Sep 2, 2017 16:58
|
|
|
I saw someone do the frozen ram trick on a tv show once and I was like "huh cool they did their research"
|
|
#
?
Sep 2, 2017 22:09
|
|
|
cyber terrorists ruining my wings and cheese  https://twitter.com/intheInfantry/status/904040173801021440
|
|
#
?
Sep 3, 2017 00:47
|
|
|
Jewel posted:cyber terrorists ruining my wings and cheese lol also lol at that twitter account: quote:Airborne thinkfluencer. MRE enthusiast.
|
|
#
?
Sep 3, 2017 01:50
|
|
|
Jewel posted:cyber terrorists ruining my wings and cheese fallout from notpetya loving up logistics companies?
|
|
#
?
Sep 3, 2017 03:10
|
|
|
some idiot got stoned, placed the wrong order and then decided to blame cyberterrorists
|
|
#
?
Sep 3, 2017 09:36
|
|
|
SeaborneClink posted:https://www.nomotion.net/blog/sharknatto/ lol goddamn this did not get enough love, holy poo poo also the goddamn firewall letting you through as long as you know the MAC address: quote:5.Firewall bypass no authentication
|
|
#
?
Sep 3, 2017 22:43
|
|
|
Farmer Crack-rear end posted:lol goddamn this did not get enough love, holy poo poo This is why I always operate my own devices off of my own router set to dmz and only connect the cable company's devices to their lovely router.
|
|
#
?
Sep 3, 2017 23:17
|
|
|
super poor opsec by @malwaretech https://twitter.com/briankrebs/status/905021707890688002
|
|
#
?
Sep 5, 2017 14:30
|
|
|
https://twitter.com/MelTajon/status/904058526061830144
|
|
#
?
Sep 5, 2017 14:58
|
|
|
Diva Cupcake posted:super poor opsec by @malwaretech  the idea is that like sa quotes just use the username at the time and people can change them later. but there's a backtick at the end there so it's not a direct tie just confirmation he knew about that person. i'm very hesitant on using hackforums posters opinions post-arrest as confirmation for this tie. other than that its the irc server which was known before tied with very low complexity tools that a teenager would write from tutorials imo it's a pretty half-baked analysis that he couldn't be bothered finishing
|
|
#
?
Sep 5, 2017 15:03
|
|
|
i love that google implemented face unlock back in android 4, went 'oh this is stupid af' but not before it made it into multiple releases, eventually removed it (i think), but of course sarnsung is like "YEAH BUT OPTIONS" and leaves that in even after including iris scanning.
|
|
#
?
Sep 5, 2017 15:05
|
|
|
sleepwalkers posted:i love that google implemented face unlock back in android 4, went 'oh this is stupid af' but not before it made it into multiple releases, eventually removed it (i think), but of course sarnsung is like "YEAH BUT OPTIONS" and leaves that in even after including iris scanning. Phones can do iris scans now? When did this happen?
|
|
#
?
Sep 5, 2017 15:09
|
|
|
sleepwalkers posted:i love that google implemented face unlock back in android 4, went 'oh this is stupid af' but not before it made it into multiple releases, eventually removed it (i think), but of course sarnsung is like "YEAH BUT OPTIONS" and leaves that in even after including iris scanning. It sells phones, that's the only thing that matters to them. Security is an afterthought if it's thought of at all.
|
|
#
?
Sep 5, 2017 15:09
|
|
|
lol so no IR sensing for face unlock, no second camera for 3d detection. sarnsung'd again
|
|
#
?
Sep 5, 2017 15:09
|
|
|
ate all the Oreos posted:Phones can do iris scans now? When did this happen? the s8 has the capability, it has some ir camera or something. im an idiot so i dont really know how that all works but surprise its also extremely easy to fool BangersInMyKnickers posted:lol so no IR sensing for face unlock, no second camera for 3d detection. sarnsung'd again it has an ir camera but sarnsung somehow allows you to opt to use the regular-rear end camera for dumb face unlock instead...
|
|
#
?
Sep 5, 2017 15:21
|
|
|
Lol I did this trick 10 years ago when anroid was just at 1.5 or 2.3 possibly. Nice to know sarbsung made zero progress in the past 10 years
|
|
#
?
Sep 5, 2017 15:44
|
|
|
Volmarias posted:It sells phones, that's the only thing that matters to them. Security is an afterthought if it's thought of at all. This one's always struck me as a matter of what threats you're trying to secure against. If you're trying to stop someone who wants to break in to your phone specifically, yeah any of the one-camera facial recognition systems are pretty much junk. If you're trying to stop some random who found/stole your phone from being able to get in to your poo poo, they're pretty effective.
|
|
#
?
Sep 5, 2017 18:33
|
|
|
that would be true except everyone has a public headshot on Facebook or LinkedIn and you can receive calls and texts while locked
|
|
#
?
Sep 5, 2017 18:38
|
|
|
wolrah posted:If you're trying to stop some random who found/stole your phone from being able to get in to your poo poo, they're pretty effective. but that's why we have pin passcodes
|
|
#
?
Sep 5, 2017 18:38
|
|
|
I'm a bad person because I use the fingerprint sensor to unlock my phone, and that's still more secure than "here's a picture of my head meats"
|
|
#
?
Sep 5, 2017 18:42
|
|
|
wolrah posted:This one's always struck me as a matter of what threats you're trying to secure against. The point of a lockscreen is the first.
|
|
#
?
Sep 5, 2017 18:42
|
|
|
|
| # ? May 15, 2024 20:22 |
|
|
Volmarias posted:I'm a bad person because I use the fingerprint sensor to unlock my phone, and that's still more secure than "here's a picture of my head meats" I use a long (8+) char string I memorized, because I have to uphold my reputation as the most paranoid YOSPOSter. As a bonus, it's a pain to constantly unlock my phone so I tend to dick around with it less
|
|
#
?
Sep 5, 2017 19:07
|
|