The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages — e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online. Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts.
|
|
# ? Sep 15, 2017 16:10 |
|
|
# ? May 22, 2024 11:31 |
|
cinci zoo sniper posted:The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. nevermind it's been actively researched for a while now: http://incolumitas.com/2016/06/08/typosquatting-package-managers/
|
# ? Sep 15, 2017 16:23 |
i mostly surprised with slovak national security office of all things, and pypi specifically
|
|
# ? Sep 15, 2017 16:26 |
|
hackbunny posted:communicating with other people is something people do you gigantic boob communication == authenticity and integrity communication <> encryption encryption is something that a terrorist wants in their communications and it's a travesty that there is no way to opt out of encryption on today's WWW
|
# ? Sep 15, 2017 17:38 |
Max Facetime posted:communication == authenticity and integrity no trolling
|
|
# ? Sep 15, 2017 17:39 |
|
Max Facetime posted:communication == authenticity and integrity lol
|
# ? Sep 15, 2017 17:41 |
|
this is a really lovely gimmick
|
# ? Sep 15, 2017 17:55 |
|
You were getting the punters riled up pretty well but you jumped the shark with that one bud.
|
# ? Sep 15, 2017 17:58 |
|
Phone posted:you're a paranoid moron if you think that those devices aren't always recording and sending data back home i mean yeah you are since this is simple enough to check for by watching network traffic so its known to not be the case home assistants have enough privacy and security concerns without having to invent poo poo, doing so just undermines your arguments
|
# ? Sep 15, 2017 18:14 |
|
Max Facetime posted:communication == authenticity and integrity
|
# ? Sep 15, 2017 18:14 |
|
Max Facetime posted:communication == authenticity and integrity notax alt spotted (or vice versa they're both really low effort)
|
# ? Sep 15, 2017 19:22 |
|
Did anyone post this part of the blueborne secfuck yet?
|
# ? Sep 15, 2017 19:25 |
|
http://www.fontgrill.com/fonts/free/font13/font13.php
|
# ? Sep 15, 2017 20:57 |
|
everyone at work is really excited about the new iphone's facial recognition unlock so i guess that answers the question of "who the hell wants this dumb poo poo" when i pointed out that you'd be better off using a pin because it can't be tricked and you can't be compelled to give it up by the feds all i got was "well if you don't do anything bad you'd never be in a situation where that's a problem now would you "
|
# ? Sep 15, 2017 21:58 |
|
countdown till CCC manages to break it...
|
# ? Sep 15, 2017 22:00 |
|
ate all the Oreos posted:everyone at work is really excited about the new iphone's facial recognition unlock so i guess that answers the question of "who the hell wants this dumb poo poo" whenever somebody says this i ask them for their phone so that i can read their emails and texts because, what, it's not like they have anything to hide, right?
|
# ? Sep 15, 2017 22:01 |
|
duTrieux. posted:whenever somebody says this i ask them for their phone so that i can read their emails and texts because, what, it's not like they have anything to hide, right? i used to do something similar to this except once someone actually just went fine and gave me some personal deets and the first thing i found out was that their dad was in prison for embezzlement and their life was falling apart and i felt like a total dickhead after that
|
# ? Sep 15, 2017 22:10 |
|
mrmcd posted:Did anyone post this part of the blueborne secfuck yet? I'm not surprised.
|
# ? Sep 15, 2017 22:47 |
|
ate all the Oreos posted:everyone at work is really excited about the new iphone's facial recognition unlock so i guess that answers the question of "who the hell wants this dumb poo poo" ios 11 has some feature where if you hit power 5 times it locks fingerprint and facial recognition stuff until the pin is entered. for whatever that's worth
|
# ? Sep 15, 2017 22:57 |
|
i'm just baffled by the whole decision as it's designed to like work when you're quite a few feet away by design. and probably can't handle something like "the user looks angry so we know we shouldn't unlock" it's almost like it's designed so a hostile actor has plenty of ability to get you to unlock the phone unwillingly
|
# ? Sep 15, 2017 23:00 |
|
fishmech posted:i'm just baffled by the whole decision as it's designed to like work when you're quite a few feet away by design. and probably can't handle something like "the user looks angry so we know we shouldn't unlock" i'd think that would be explicitly the point b/c they'd rather not have a fight with the feds about not being able to backdoor all their phones again
|
# ? Sep 15, 2017 23:05 |
|
the way they've described faceid makes it seem like it's slightly better than touchid, but we'll all find out in a few months. plus the phone costs one thousand loving us dollars, if biometrics wasn't enough of an incentive to not get it
|
# ? Sep 15, 2017 23:13 |
|
fishmech posted:i'm just baffled by the whole decision as it's designed to like work when you're quite a few feet away by design. and probably can't handle something like "the user looks angry so we know we shouldn't unlock" supposedly it doesn't work if your eyes are closed
|
# ? Sep 15, 2017 23:21 |
|
vOv posted:supposedly it doesn't work if your eyes are closed What if your eye lids have been removed?
|
# ? Sep 15, 2017 23:28 |
|
Avenging_Mikon posted:What if your eye lids have been removed? Or they use those eye-spreader things to unlock your phone before they bombard you with the Faces of Death series.
|
# ? Sep 15, 2017 23:29 |
|
Proteus Jones posted:Or they use those eye-spreader things to unlock your phone before they bombard you with the Faces of Death series. That doesn't seem very realistic, Proteus.
|
# ? Sep 15, 2017 23:34 |
|
hell yes my strong encryption font solution
|
# ? Sep 15, 2017 23:50 |
|
Proteus Jones posted:Or they use those eye-spreader things to unlock your phone before they bombard you with the Faces of Death series. depending on the tolerances, reaching over the top of the head and pulling the eyelids open might work pretty sure the forehead isn't taken into account as a data point, and i'd assume there's a pretty wide margin for eyebrows because of facial expression/makeup/whatever
|
# ? Sep 16, 2017 02:19 |
|
Or at that point they have threaten you for your PIN with violence. Its not designed for you to withstand torture at a black site its just meant to provide some level of security and convenience. If you think you're going to be roaming through a favela and will be held up for your phone with sensitive data then don't bring it with you.
|
# ? Sep 16, 2017 02:41 |
|
all of this is arbitrary for now anyways, we'll see how robust it is when it's out in the wild
|
# ? Sep 16, 2017 02:55 |
|
My Winpho 950XL had some sort of iris camera thing for recognition for Windows hello. What Ill say is it failed to operate often enough that whatever technology that used was far from perfect.
|
# ? Sep 16, 2017 04:44 |
|
Partycat posted:Or at that point they have threaten you for your PIN with violence. Its not designed for you to withstand torture at a black site its just meant to provide some level of security and convenience. honestly my plan for all future international travel is to just take my work phone and leave my personal phone at home. fine, keep my phone, i don't give a poo poo. i'll just get another one for 99c.
|
# ? Sep 16, 2017 07:28 |
|
CCC presentation on hacking face unlock preview:
|
# ? Sep 16, 2017 08:16 |
|
cheese-cube posted:countdown till CCC manages to break it... is it even necessary though? i see so many people that have their phone in front of them on a table in public. just swipe the phone, point it at their face and you're done. if the demos were indicative of the system's performance, it's pretty fast and works over enough of a distance that you could easily be on the other side of a table.
|
# ? Sep 16, 2017 11:27 |
|
Farmer Crack-rear end posted:honestly my plan for all future international travel is to just take my work phone and leave my personal phone at home. failure to provide sensitive data to border control is grounds for refused entry, foreigner
|
# ? Sep 16, 2017 12:17 |
|
Partycat posted:Or at that point they have threaten you for your PIN with violence. Its not designed for you to withstand torture at a black site its just meant to provide some level of security and convenience. as i mentioned before a PIN is compelled speech while "look at your phone" would probably fall under the same rules as fingerprints and be physical evidence or whatever, so at the very least this wouldn't work if we assume the rule of law still exists (which is a pretty big assumption lol)
|
# ? Sep 16, 2017 21:30 |
|
ate all the Oreos posted:as i mentioned before a PIN is compelled speech while "look at your phone" would probably fall under the same rules as fingerprints and be physical evidence or whatever, so at the very least this wouldn't work if we assume the rule of law still exists (which is a pretty big assumption lol) or you know, "look at me" is a valid order and the cop can just hold the phone up at the same time.
|
# ? Sep 16, 2017 21:33 |
|
Not a lawyer, so just pure speculation: If you get arrested and had previously written "the code is 1-2-3-4" on your arm, and the cop saw that and unlocked the phone with all the evidence, I seriously doubt any court is going to consider that a violation of your rights. Facial unlock seems more or less like writing the pin code of your face in magic iPhone-only readable ink. I guess what I'm saying is if you're the kind of person who likes to commit crimes or doesn't trust police, don't use biometric unlock features. I don't mean that in a "well, if you have nothing to hide..." kinda way. Rather it's a choice to get more convenient/faster unlocking, in exchange for only defending against random thefts and snoops, and not advesaries targeting you specifically who may or may not enjoy a bit of the ultraviolence.
|
# ? Sep 16, 2017 22:14 |
|
i bought a new iphone a month back and decided to forego using my fingerprint as an unlock method. fortunately you can still use touch id for apps even if you disable it on the lock screen
|
# ? Sep 16, 2017 22:58 |
|
|
# ? May 22, 2024 11:31 |
|
duTrieux. posted:i bought a new iphone a month back and decided to forego using my fingerprint as an unlock method. fortunately you can still use touch id for apps even if you disable it on the lock screen I really wish Android would do this. There's no way (I've found anyway) for you turn on pixel touch but disable it for unlocking the phone.
|
# ? Sep 16, 2017 23:20 |