endlessmonotony posted:Finnish Nordea banking went heavily the same direction and that's about the point I closed down my account.
|
|
# ? Sep 20, 2017 04:05 |
|
|
# ? May 22, 2024 14:27 |
|
They went to an app login from paper one-time pads. Me: "The same device is used for the login password and the actual online banking and it's any given smartphone?" Clerk: "We have a very competent team and we've been assured this is perfectly secure." Me: "I am closing my account this very instant." Related: They rolled that update out shortly after a court ruled that a person was responsible for actions taken on their accounts even if their login info was stolen. Including, and explicitly mentioned, were loans. I just went "nope not trusting these fucks with my money anymore".
|
# ? Sep 20, 2017 06:14 |
endlessmonotony posted:They went to an app login from paper one-time pads. haha drat, that is hosed up
|
|
# ? Sep 20, 2017 06:53 |
|
what the fuuuuck, this owns https://twitter.com/Foone/status/910217984098017281
|
# ? Sep 20, 2017 11:39 |
|
yeah i'm not too fond of their auto-connect to skimmer and send it commands approach though. 1234 and id should be enough, sending p is overkill
|
# ? Sep 20, 2017 11:42 |
|
Jewel posted:what the fuuuuck, this owns Wow
|
# ? Sep 20, 2017 11:43 |
|
endlessmonotony posted:
wtf
|
# ? Sep 20, 2017 12:12 |
|
Wiggly Wayne DDS posted:yeah i'm not too fond of their auto-connect to skimmer and send it commands approach though. 1234 and id should be enough, sending p is overkill i'm cool with the idea of remotely bricking it in theory in practice, the moment i do that will be the moment two-crowbars-craig shows up to check on his toy
|
# ? Sep 20, 2017 12:45 |
|
flakeloaf posted:i'm cool with the idea of remotely bricking it in theory lol if you think most of the people using these skimmers knows anything about how they work or maybe even what bricking is in the first place though. that's why the ID/pass is unchanged
|
# ? Sep 20, 2017 12:52 |
|
https://twitter.com/0x0zone/status/910118042868252672 lol
|
# ? Sep 20, 2017 13:57 |
|
moonshine is...... posted:http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_055_Mirsky_AirgapTemperature.pdf quote:
lol
|
# ? Sep 20, 2017 15:44 |
|
If you're trying to exfiltrate a private key or some other credential then that is enough, though I bet there are much better ways of doing it and this is more theoretical wanking
|
# ? Sep 20, 2017 16:09 |
|
BangersInMyKnickers posted:If you're trying to exfiltrate a private key or some other credential then that is enough, though I bet there are much better ways of doing it and this is more theoretical wanking it's one-way though, you can only send from the A/C to the computer not the other way
|
# ? Sep 20, 2017 16:11 |
|
Plenty of air gapped systems sit in direct proximity of others on standard corporate lans and the supporting infrastructure for things like HVAC end up on the air gapped network because of security concerns. The point is the medium, not the details of their specific PoC
|
# ? Sep 20, 2017 16:23 |
emoji posted:The ad issues thread in QCS is funny because the ads on this site are literal malware and yet people keep reporting the ads to 'help' some malicious ad network and some ad guy sometimes responds (this has been going on for years) instead of blocking the ads like a sane person. my solution has always been to have javascript disabled by default until an allowance is added. only breaks some sites where they try to forward your browser through like four intermediary sites for cred certification or form submission. so i randomly get redirected from sa to the first landing pad for a malicious ad redirect and am left with a white screen and an alert while it cant forward me onward, and drop that link in the thread, because i have no idea what ad it actually came from.
|
|
# ? Sep 20, 2017 16:26 |
|
BangersInMyKnickers posted:Plenty of air gapped systems sit in direct proximity of others on standard corporate lans and the supporting infrastructure for things like HVAC end up on the air gapped network because of security concerns. The point is the medium, not the details of their specific PoC i mean the actual paper goes into detail on other, earlier tests that used computers generating heat to talk bidirectionally so i think this paper is actually pretty much just the details of the specific PoC i get what you're saying though
|
# ? Sep 20, 2017 16:38 |
ate all the Oreos posted:i mean the actual paper goes into detail on other, earlier tests that used computers generating heat to talk bidirectionally so i think this paper is actually pretty much just the details of the specific PoC was there one floating around about modulating data exfiltration into cpu fan ramp up/ramp down sound?
|
|
# ? Sep 20, 2017 16:42 |
|
it just keeps getting better https://twitter.com/Equifax/status/910265181976104960 https://twitter.com/thesquashSH/status/910512164938665984
|
# ? Sep 20, 2017 16:44 |
Diva Cupcake posted:it just keeps getting better ahahahahahhahaha
|
|
# ? Sep 20, 2017 16:49 |
|
M_Gargantua posted:was there one floating around about modulating data exfiltration into cpu fan ramp up/ramp down sound? Yep, that was fansmitter from Mordechai Guri et al For a reasonable comprehensive list of their hijinks look here: https://arxiv.org/find/cs/1/au:+Guri_M/0/1/0/all/0/1 fins fucked around with this message at 16:59 on Sep 20, 2017 |
# ? Sep 20, 2017 16:51 |
|
I absolutely can not believe that equifax thing, holy poo poo. its been up for 24 hours too, noooo. what a nightmare also, just saw this tweeted and lol https://gitlab.com/gnachman/iterm2/issues/6050
|
# ? Sep 20, 2017 16:54 |
Jewel posted:I absolutely can not believe that equifax thing, holy poo poo. its been up for 24 hours too, noooo. what a nightmare Security Fuckup Megathread - v14.0b - iTerm should have not done that
|
|
# ? Sep 20, 2017 16:59 |
|
Jewel posted:I absolutely can not believe that equifax thing, holy poo poo. its been up for 24 hours too, noooo. what a nightmare most people in the comments agree that should be removed except quote:DNS lookups was a feature to check whether a URL was valid before highlighting it. If you're going to send someone out of iTerm its reasonable to check that their destination will be there instead of a nice 404. we only wanted to make sure your dns failure doesn't land you a nice 404 e: same guy quote:Browsers do prefetches of urls too. zomg. I'm in the minority about the severity here, but the outrage is unjustified imo. lol gently caress this guy
|
# ? Sep 20, 2017 17:01 |
|
ate all the Oreos posted:most people in the comments agree that should be removed except you didnt show the funniest part of that message, the reaction badges
|
# ? Sep 20, 2017 17:03 |
|
Diva Cupcake posted:it just keeps getting better this why you use subdomains. not to mention they are cheaper too.
|
# ? Sep 20, 2017 17:04 |
|
cinci zoo sniper posted:Security Fuckup Megathread - v14.0b - iTerm should have not done that
|
# ? Sep 20, 2017 17:32 |
|
how is that tweet still live
|
# ? Sep 20, 2017 17:33 |
|
my bank is about to roll out an improved internet banking platform. among the security improvements, I can choose to irrevocably disable my current otp key and rely on one time codes sent by sms instead
|
# ? Sep 20, 2017 17:36 |
|
Perplx posted:how is that tweet still live
|
# ? Sep 20, 2017 17:46 |
|
Jewel posted:I absolutely can not believe that equifax thing, holy poo poo. its been up for 24 hours too, noooo. what a nightmare are they still making other tweets? it would be loving hilarious if "Tim" got fired, then Equifax realized nobody else has the Twitter password, and "Tim" isn't answering his phone for some mysterious reason
|
# ? Sep 20, 2017 17:46 |
|
the best part is that the phishing link was posted in the same thread where the legit link was.
|
# ? Sep 20, 2017 18:06 |
|
and they've been posting it since september 9th: https://twitter.com/MadcapOcelot/status/910533555494760449
|
# ? Sep 20, 2017 18:23 |
|
how do they not just have their customer service support system set up to send canned approved responses when they press a button like every other one on the planet
|
# ? Sep 20, 2017 18:29 |
|
[quote="“ate all the Oreos”" post="“476587095”"] how do they not just have their customer service support system set up to send canned approved responses when they press a button like every other one on the planet [/quote] for the same reason they gave away everyone’s PII?
|
# ? Sep 20, 2017 18:36 |
|
apologies for interrupting the equifax chat but i have a dumb question to ask - am i in any danger if i use a bandwidth monitor like networx to track my usage?
|
# ? Sep 20, 2017 18:40 |
Dodoman posted:apologies for interrupting the equifax chat but i have a dumb question to ask - am i in any danger if i use a bandwidth monitor like networx to track my usage? i mean, why would you? worried they sell your data?
|
|
# ? Sep 20, 2017 18:41 |
|
rip that tweet (finally)
|
# ? Sep 20, 2017 18:42 |
|
hobbesmaster posted:for the same reason they gave away everyone’s PII? i mean "lovely security" seems like the kind of thing you can brush under the rug for not really costing money until something bad happens, not having automated / streamlined customer support strikes me as the kind of thing some middle-manager MBA would have optimized away to save 5% on labor costs years ago
|
# ? Sep 20, 2017 18:43 |
|
Dodoman posted:apologies for interrupting the equifax chat but i have a dumb question to ask - am i in any danger if i use a bandwidth monitor like networx to track my usage? like for a single PC? there's better tools out there that are at the very least open sores and used more than that thing, though idk what OS you're talking about
|
# ? Sep 20, 2017 18:45 |
|
|
# ? May 22, 2024 14:27 |
|
equifax isn’t going to spend anything on customer service if they’re not spending money on security i mean secure, accurate information for banks was supposed to be their entire thing right
|
# ? Sep 20, 2017 18:46 |