|
Doom Mathematic posted:I seem to recall a pretty good hacking montage in The Social Network. there were a couple typing montages but the only hacking I remember is the ctf game they had to hire interns and even then it was just normal software that you could probably hit milworm for instead of custom stuff
|
#
?
Sep 12, 2017 13:05
|
|
|
|
| # ? May 22, 2024 16:27 |
|
|
Truga posted:i'll believe it. it's just they're still using the thing they did in 92 1992: "We call it the 'data encryption standard' ... It hasn't even been around for 20 years, so it's quite cutting edge." 2017: It's time-tested!
|
|
#
?
Sep 12, 2017 13:08
|
|
|
I think the device in sneakers was a prime factorizer, so asymmetric crypto specifically
|
|
#
?
Sep 12, 2017 14:30
|
|
|
Yeah, that's my recollection.
|
|
#
?
Sep 12, 2017 14:51
|
|
|
https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/ Security researchers have discovered eight vulnerabilities — codenamed collectively as BlueBorne — in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. BlueBorne affects all Bluetooth enabled devices They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Three of these eight security flaws are rated critical and according to researchers at Armis — the IoT security company that discovered BlueBorne — they allow attackers to take over devices and execute malicious code, or to run Man-in-the-Middle attacks and intercept Bluetooth communications. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. Most serious Bluetooth vulnerabilities identified to date "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Armis warns of attacks that combine physical presence with the BlueBorne flaws. For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device. Once he enters the bank, his device infects others and grants attackers a foothold on a previously secured network. Not all devices will receive patches Armis reported the vulnerabilities to major hardware and software vendors, such as Apple, Google, Microsoft, and the Linux community. Some patches are being developed and will be released today and in the coming days and weeks. Nonetheless, some devices will never receive a BlueBorne patch as the devices have reached End-Of-Life and are not being supported. Armis estimates this number at around 40% of all Bluetooth-enabled devices, which is over two billion devices. BlueBorne vulnerabilities are tracked under the following identifiers: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices; CVE-2017-1000251 and CVE-2017-1000250 for Linux; and CVE-2017-8628 on Windows. The iOS flaw does not have identifiers at the moment. Who is affected All Android phones, tablets, and wearables of all versions are affected by the four above mentioned vulnerabilities. Android devices using Bluetooth Low Energy only are not affected. Google patched the flaws in its September Android Security Bulletin. Windows versions since Windows Vista are all affected. Microsoft said Windows phones are not impacted by BlueBorne. Microsoft is expected to release patches later today. All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung's Tizen OS, based on Linux, is also affected. All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.
|
|
#
?
Sep 12, 2017 14:54
|
|
|
well isn't that a gently caress
|
|
#
?
Sep 12, 2017 14:55
|
|
|
Over the past several months, threat actors believed to have ties with North Korea have been targeting crypto-currency exchanges to obtain hard currencies for the Pyongyang regime, FireEye says. The attacks, which FireEye has observed since May 2017, are said to be part of a campaign that started in 2016, when banks and the global financial system were hit. Given the impressive spike in value Bitcoin has seen since the beginning of the year, it’s no surprise that threat actors are interested in the potential crypto-currencies have. Traditionally, North Korean actors have been engaging in activities typically associated with nation-state cyber espionage, but they started shifting focus to conduct cybercrime as of last year. Given the country’s position as a pariah nation that has been cut off from much of the global economy, as well as its tight control of its military and intelligence capabilities, this doesn’t come as a surprise. As such, the recently observed interest in crypto-currencies isn’t surprising either, and FireEye considers the recent attacks to be part of a larger campaign that started last year. Since May 2017, the security researchers have observed North Korean actors targeting at least three South Korean crypto-currency exchanges, supposedly in an attempt to steal funds. The attacks, FireEye says, involved spear-phishing attacks that often targeted the personal email accounts of employees at digital currency exchanges. Tax-themed lures were frequently employed to trick users into installing malware such as PEACHPIT and similar variants, which have been previously linked to North Korean actors. The spear-phishing attacks started in early May and targeted one crypto-currency exchange at a time. By early June, three South Korean exchanges were hit, along with various other, unknown victims, which the security researchers suggest might be crypto-currency service providers in South Korea. “Add to that the ties between North Korean operators and a watering hole compromise of a Bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious crypto-currency miner, and we begin to see a picture of North Korean interest in crypto-currencies, an asset class in which Bitcoin alone has increased over 400% since the beginning of this year,” FireEye notes.
|
|
#
?
Sep 12, 2017 14:56
|
|
|
(sh)iot https://twitter.com/BogdanCostea/status/906390432539705344
|
|
#
?
Sep 12, 2017 15:07
|
|
|
that's not how you fish 
|
|
#
?
Sep 12, 2017 15:11
|
|
|
Brings new meaning to Phishing
|
|
#
?
Sep 12, 2017 15:31
|
|
|
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.htmlquote:Now through ~March 15, 2018 - Site Operators using Symantec-issued TLS server certificates issued before June 1, 2016 should replace these certificates. These certificates can be replaced by any currently trusted CA.
|
|
#
?
Sep 12, 2017 16:08
|
|
|
I was reading about it today, though it dates back to July - here's a writeup with good points made: https://theconversation.com/the-internet-of-things-is-sending-us-back-to-the-middle-ages-81435
|
|
#
?
Sep 12, 2017 16:49
|
|
|
nice cloudflare breakdown on their perception of https interception: https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
|
|
#
?
Sep 12, 2017 19:17
|
|
|
i love this cyberpunk future and you'd better love it too, because it sure as gently caress isn't going to get less cyberpunk
|
|
#
?
Sep 12, 2017 20:32
|
|
|
redleader posted:i love this cyberpunk future At some point it's gonna go Mad Max but ya
|
|
#
?
Sep 12, 2017 20:38
|
|
|
cinci zoo sniper posted:https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/ 
|
|
#
?
Sep 13, 2017 00:07
|
|
|
cinci zoo sniper posted:They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux... I've got some bad news for these hackers.
|
|
#
?
Sep 13, 2017 00:15
|
|
|
someone finally found a way to productively use that stack!
|
|
#
?
Sep 13, 2017 00:17
|
|
|
we never should have let computer talk to other computer
|
|
#
?
Sep 13, 2017 00:23
|
|
|
http://gwn.fightnetwork.com/ lets start a wrestling ott streaming service that has a broken paywall, nonfunctional region sensing, and sends passwords in plain text
|
|
#
?
Sep 13, 2017 00:52
|
|
|
exploded mummy posted:http://gwn.fightnetwork.com/ no don't
|
|
#
?
Sep 13, 2017 00:57
|
|
|
Optimus_Rhyme posted:no don't are you sure, the page source has stuff like code:so we wouldn't even have to pay for hosting
|
|
#
?
Sep 13, 2017 01:52
|
|
|
remember the samsung face recognition bullshit from a few days ago?quote:Touch ID is also gone, replaced by something called Face ID. This facial recognition feature uses an array of sensors on the front of the device to map your face and unlock the phone, as soon as you look at it. Good job, apple.
|
|
#
?
Sep 13, 2017 11:14
|
|
|
Truga posted:remember the samsung face recognition bullshit from a few days ago? their face id at least seems to be based on 3d geometry
|
|
#
?
Sep 13, 2017 11:30
|
|
|
work sec gently caress: discovered yesterday that one of the app support guys who works with CA IM (terrible terrible IAM software) had setup a powershell script as part of an on-boarding workflow and inside the script was the plain-text password for a quite privileged service account. i discovered this when he sent me a copy of the script and it literally had this line in it:code:turns out explicitly setting creds in the script wasn't actually required so we tore it right out. apparently the guy did it because "that's how you have to do it when invoking other CA tools from a workflow" which i can half believe because CA IM is so so soooo loving bad
|
|
#
?
Sep 13, 2017 12:22
|
|
|
cinci zoo sniper posted:their face id at least seems to be based on 3d geometry I wonder how sensitive it is - I'm sure I saw somewhere a template where you could print out face and assemble the mask to resemble geometry of human face. While looking for above I found this: http://www.urmesurveillance.com/urme-paper-mask/ which is 
|
|
#
?
Sep 13, 2017 12:25
|
|
|
canis minor posted:I wonder how sensitive it is - I'm sure I saw somewhere a template where you could print out face and assemble the mask to resemble geometry of human face. "u r me" jesus
|
|
#
?
Sep 13, 2017 12:29
|
|
|
cinci zoo sniper posted:their face id at least seems to be based on 3d geometry and IR I think + iris I think
|
|
#
?
Sep 13, 2017 13:10
|
|
|
If any of my friends buy this dumb phone it'll be real convenient to pick their phone up off the table and then just point it at them to unlock it Your face is the least private thing about you, why on earth did they think it was a good security mechanism
|
|
#
?
Sep 13, 2017 13:40
|
|
|
Bhodi posted:If any of my friends buy this dumb phone it'll be real convenient to pick their phone up off the table and then just point it at them to unlock it heres their threat assessment: "does it sound cool and futuristic to people who buy phones?"
|
|
#
?
Sep 13, 2017 13:53
|
|
|
So supposedly the ir part prevents you from using a photo, right? Does this mean if you paint ir reflective paint on the irises of a photo it will still work?
|
|
#
?
Sep 13, 2017 14:05
|
|
|
mrmcd posted:So supposedly the ir part prevents you from using a photo, right? Does this mean if you paint ir reflective paint on the irises of a photo it will still work? You'll find out at whatever the next convention is!
|
|
#
?
Sep 13, 2017 14:09
|
|
|
mrmcd posted:So supposedly the ir part prevents you from using a photo, right? Does this mean if you paint ir reflective paint on the irises of a photo it will still work? probably not. you can do blood flow analysis with IR
|
|
#
?
Sep 13, 2017 14:19
|
|
|
This seems like a pretty comprehensive biometric factor the way apple is doing it through they're betting the farm on this not having some kind of trivial exploit that cannot be easily patched with touchid gone
|
|
#
?
Sep 13, 2017 14:21
|
|
|
BangersInMyKnickers posted:This seems like a pretty comprehensive biometric factor the way apple is doing it through they're betting the farm on this not having some kind of trivial exploit that cannot be easily patched with touchid gone I think the biggest indicator is that it's used to authenticate ApplePay. I'm not saying there's zero chance of there being an unforeseen weakness, but I'm willing to bet all the low-hanging fruit exploits, like photographs or masks, have been addressed.
|
|
#
?
Sep 13, 2017 14:29
|
|
|
Subjunctive posted:probably not. you can do blood flow analysis with IR yeah whatever happened to that fangled microsoft webcam technology that was supposed to be able to do this
|
|
#
?
Sep 13, 2017 14:33
|
|
|
flakeloaf posted:yeah whatever happened to that fangled microsoft webcam technology that was supposed to be able to do this Probably what happens to a lot of the nifty stuff MS R&D comes up with. When you leave a controlled lab environment, poo poo gets hard to do.
|
|
#
?
Sep 13, 2017 14:40
|
|
|
even with blood flow analysis there's only so much data you can capture with a camera's ir sensor a foot or two away from the face. it's not high definition and i'd put the number of influencing factors on the verification of a face compared to a fingerprint at several order of magnitudes. there's a ton of leeway that someone will have a proof of concept together pretty quickly. a fingerprint at least has surface contact to grab a lot more measurements with in other equifax news admin:admin is still effective https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
|
|
#
?
Sep 13, 2017 14:41
|
|
|
flakeloaf posted:yeah whatever happened to that fangled microsoft webcam technology that was supposed to be able to do this its probably licensed in face id
|
|
#
?
Sep 13, 2017 14:52
|
|
|
|
| # ? May 22, 2024 16:27 |
|
|
there was a lot of equifax talk but i didnt know a db was admin/admin lol https://twitter.com/briankrebs/status/907932442132172800
|
|
#
?
Sep 13, 2017 14:53
|
|