|
a few DRUNK BONERS posted:thank god you're here to glance at ciphers for 30 seconds and declare them backdoor free That's not what I said.
|
#
?
Sep 22, 2017 06:58
|
|
|
|
| # ? May 13, 2024 22:27 |
|
|
hackbunny posted:and aes rounds are now cpu instructions. so? So you were asking why there were two new ciphers being proposed. Apparently that was their reasoning.. As far as asking if we actually _need_ to replace AES, that's a valid question.
|
|
#
?
Sep 22, 2017 07:01
|
|
|
Is it dumb for a big-ish company handling sensitive information to have company wifi secured with WEP in tyool 2017? I'm not acomputer toucher at all, but I heard that WEP is basically a joke, in security terms.
|
|
#
?
Sep 22, 2017 08:46
|
|
|
Should take about 15 minutes to break, tops, with minimal googling and a Linux install
|
|
#
?
Sep 22, 2017 08:50
|
|
|
communism bitch posted:Is it dumb for a big-ish company handling sensitive information to have company wifi secured with WEP in tyool 2017? more ccleaner info, looks like talos and avast are trying to have a competition on detailing the c2 server: https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
|
|
#
?
Sep 22, 2017 08:51
|
|
|
I know this is a vague follow-up but if somebody hreaks into the wifi what's the reasonable worst they could do? Cause if it's just boosting free wifi i don't think anybody would care.
|
|
#
?
Sep 22, 2017 08:55
|
|
|
i guess it depends on if they dmz stuff or not
|
|
#
?
Sep 22, 2017 08:59
|
|
|
communism bitch posted:I know this is a vague follow-up but if somebody hreaks into the wifi what's the reasonable worst they could do? Cause if it's just boosting free wifi i don't think anybody would care. Can your company computer, when connected to the wifi, access any internal company services? If so, what authentication do those services use?
|
|
#
?
Sep 22, 2017 09:10
|
|
|
https://krebsonsecurity.com/2017/09/experian-site-can-give-anyone-your-credit-freeze-pin/ im ded
|
|
#
?
Sep 22, 2017 09:20
|
|
|
spankmeister posted:I took a cursory glance at those ciphers and it's not immediately obvious to me where that backdoor could reside. communism bitch posted:Is it dumb for a big-ish company handling sensitive information to have company wifi secured with WEP in tyool 2017? evil_bunnY fucked around with this message at 09:41 on Sep 22, 2017 |
|
#
?
Sep 22, 2017 09:37
|
|
|
aircrack-ng will let you log into wep networks in like 10 seconds these days, it's literally the same as open
|
|
#
?
Sep 22, 2017 10:03
|
|
|
evil_bunnY posted:Yeah no poo poo sherlock You say that but with dual_ec it was pretty clear from the outset where they could have implemented the secret parameters to backdoor the rng. With these algorithms it would suggest some new cryptanalysis method to attack these ciphers.
|
|
#
?
Sep 22, 2017 10:36
|
|
|
Did anyone here implement the malicious hsdir thing for tor hidden service discovery? I'd appreciate any info you might have, does it still work etc?
|
|
#
?
Sep 22, 2017 11:33
|
|
|
Truga posted:aircrack-ng will let you log into wep networks in like 10 seconds these days, it's literally the same as open i miss being able to crack networks with aircrack because it would display a bunch of cool changing numbers as it did it and was very "what hacking should look like according to TV" 
|
|
#
?
Sep 22, 2017 13:10
|
|
|
vOv posted:had to look this one up, glad i did just finished an undergrad bio course not long ago; i'd signed up for it as an easy a because i like to think i'm good at biology, but the TA ended up to be some seriously scholarly postgrad who wanted me to work to my full potential or something so yeah all that poo poo's burned into my skull now and i'm probably half of sci-hub's english search terms in 2017
|
|
#
?
Sep 22, 2017 13:28
|
|
|
Wiggly Wayne DDS posted:it was dumb in 2007 so yes nothing innovative in the design or infrastructure, but it's a good look at how seasoned attackers are handling this at the c2 level practically and not from an optimistic design document. plenty of mistakes there as well that had effective mitigations
|
|
#
?
Sep 22, 2017 14:05
|
|
|
quote:CCleaner advanced persistent threat (APT) yay i called it
|
|
#
?
Sep 22, 2017 14:09
|
|
|
also am i misremembering or did "advanced persistent threat" used to mean "a state-level actor with tons of resources and the ability to attack around the clock in a lot of fancy ways" rather than "a thing that uses two or more steps"
|
|
#
?
Sep 22, 2017 14:10
|
|
|
ate all the Oreos posted:also am i misremembering or did "advanced persistent threat" used to mean "a state-level actor with tons of resources and the ability to attack around the clock in a lot of fancy ways" rather than "a thing that uses two or more steps"
|
|
#
?
Sep 22, 2017 14:23
|
|
|
Wiggly Wayne DDS posted:generally advanced persistent threat is used by marketing to mean "attacker we don't understand with a lot of patience, time, resources and organisation", it does have some use in distinguishing active groups that run long-term campaigns but that's not really valuable to the public domain yeah i realize it's always been a worthless marketing term, but i distinctly remember it used to refer to like, the actor themselves rather than the attack
|
|
#
?
Sep 22, 2017 14:26
|
|
|
I don't remember this being posted, but it's so good and you guys should watch it. This guy is insanely good at what he does. https://www.youtube.com/watch?v=KrksBdWcZgQ Edit* Enjoy this really cool thing he made as well: https://github.com/xoreaxeaxeax/sandsifter FlapYoJacks fucked around with this message at 14:39 on Sep 22, 2017 |
|
#
?
Sep 22, 2017 14:35
|
|
|
Apt use to mean low and slow attacker. The logica breach is a good example of someone who was advanced (knew more about the infrastructure than the people running it) and persistent (he was kicked out multiple times and kept coming back and getting in and took his time). Then marketing people found out about the term and now it means "an attack" because the term is so watered down. Also it helped give CSOs an out cause you can't stop someone who's advanced AND persistent! If anyone is interested the derby streams are up: http://www.irongeek.com/i.php?page=derbyconstreams
|
|
#
?
Sep 22, 2017 14:42
|
|
|
apt is like a "we didnt know" on cso speech bingo card now
|
|
#
?
Sep 22, 2017 14:45
|
|
|
infernal machines posted:SVR Tracking leaks thousands of account credentials for vehicle tracking service, via everyone's favourite, unprotected amazon s3 bucket Is MacKeeper now an actual company? I could've swore 5 years ago they were bloatware crap that always side installed itself with things from sourceforge.
|
|
#
?
Sep 22, 2017 15:03
|
|
|
b0red posted:Is MacKeeper now an actual company? I could've swore 5 years ago they were bloatware crap that always side installed itself with things from sourceforge. afaik they're a bloatware company that employs a bunch of security professionals to give their crap a veneer of respectability. their security professionals are actually pretty good.
|
|
#
?
Sep 22, 2017 15:04
|
|
|
Optimus_Rhyme posted:Apt use to mean low and slow attacker. The logica breach is a good example of someone who was advanced (knew more about the infrastructure than the people running it) and persistent (he was kicked out multiple times and kept coming back and getting in and took his time). let's be completely clear "APT" used to mean china or russia
|
|
#
?
Sep 22, 2017 15:29
|
|
|
Cocoa Crispies posted:let's be completely clear It implied state actor (cia, mossad, >emotion < bear, whatever we call the Chinese team) but only because they can train people and they have the time and patience.
|
|
#
?
Sep 22, 2017 15:34
|
|
|
Jabor posted:afaik they're a bloatware company that employs a bunch of security professionals to give their crap a veneer of respectability. makes sense. actually a pretty solid plan to get your companies name out of the mud. or ya know, make a decent product.
|
|
#
?
Sep 22, 2017 15:35
|
|
|
i've just come to the stark, terrifying realization that the contractor our customer hired and that we're working with, that's supposed to be setting up thousands of networked cash register systems, doesn't know what an SSL server certificate is. they wanted to send it to me so i could "install it in the app," and when I told them very politely that that's not how that works, they asked for a writeup on how to install an SSL certificate
|
|
#
?
Sep 22, 2017 15:48
|
|
|
ate all the Oreos posted:i've just come to the stark, terrifying realization that the contractor our customer hired and that we're working with, that's supposed to be setting up thousands of networked cash register systems, doesn't know what an SSL server certificate is. they wanted to send it to me so i could "install it in the app," and when I told them very politely that that's not how that works, they asked for a writeup on how to install an SSL certificate they might be thinking of a client cert which does need to be present on and configured with each client, or a server cert that has to be pre-loaded on each client because it's not verifiable against root certs
|
|
#
?
Sep 22, 2017 16:01
|
|
|
Cocoa Crispies posted:they might be thinking of a client cert which does need to be present on and configured with each client, or a server cert that has to be pre-loaded on each client because it's not verifiable against root certs they don't know what either of those things are, and they only know about this certificate because of my previous "what is an SSL certificate and why do you need one" writeup two weeks ago which i thought was more for them to use to convince the purchasing department but it turns out i guess they just didn't know what they are  e: actually thinking about it in my writeup i explained all this and they said it was "very informative" so i don't know what the hell is going on Shame Boy fucked around with this message at 16:43 on Sep 22, 2017 |
|
#
?
Sep 22, 2017 16:06
|
|
|
having worked with point of sale vendors i can assure you they know sweet gently caress all about security the fact that there aren’t more high profile breaches of retail chains like target is purely because of the laziness of criminals
|
|
#
?
Sep 22, 2017 16:55
|
|
|
the mistake was putting "advanced" in something that meant something, of course marketing people wet themselves at the prospects of using the term everywhere
|
|
#
?
Sep 22, 2017 16:58
|
|
|
infernal machines posted:having worked with point of sale vendors i can assure you they know sweet gently caress all about security in fairness this is the first time they've actually had to set up this kind of server (previously they just followed a list of instructions to set up the PoS software and its separate server, as far as I can tell) so it's a bit understandable that they wouldn't know server-y things. in unfairness these machines handle lots of money maybe you should hire someone who knows this stuff
|
|
#
?
Sep 22, 2017 17:01
|
|
|
Why would anyone who knows stuff want to do that job?
|
|
#
?
Sep 22, 2017 18:31
|
|
|
this was a good talk but that dood looks like cypher from the matrix
|
|
#
?
Sep 22, 2017 18:37
|
|
|
thebigcow posted:Why would anyone who knows stuff want to do that job? the cloud pos companies like shopify know better cloud pos companies killing the mom and pop pos companies with a dozen clients is awesome
|
|
#
?
Sep 22, 2017 18:56
|
|
|
infernal machines posted:having worked with point of sale vendors i can assure you they know sweet gently caress all about security the thing about the target hack is target had the tools in place to detect it, detected it, and then ignored it.
|
|
#
?
Sep 22, 2017 19:01
|
|
|
yoloer420 posted:Did anyone here implement the malicious hsdir thing for tor hidden service discovery? I'd appreciate any info you might have, does it still work etc? read this https://donncha.is/2013/05/trawling-tor-hidden-services/ it still works in the current stable version of tor prop224 fixes the problem and initial support for this is included in 0.3.2.1-alpha, released earlier this week
|
|
#
?
Sep 22, 2017 19:12
|
|
|
|
| # ? May 13, 2024 22:27 |
|
|
ratbert90 posted:I don't remember this being posted, but it's so good and you guys should watch it. so does that 66 jmp instruction pretty much exist as a sandbox escape in all intel 64 bit hardware? if it can fool an emulated vm that easily then i cant see it being caught by sandboxes unless they start flagging any software with that opcode as potentially malicious. or maybe im just overthinking this and you are all going to correct me
|
|
#
?
Sep 22, 2017 20:00
|
|
