|
Rat Poisson posted:the university rolled out a new system for making edits to the catalog and course descriptions. kjs500 was probably too short
|
#
?
Sep 25, 2017 13:17
|
|
|
|
| # ? May 14, 2024 22:10 |
|
|
stealing from apple thread https://twitter.com/patrickwardle/status/912254053849079808
|
|
#
?
Sep 25, 2017 13:37
|
|
|
That's one hell of a fuckup but you do at least need to go through extra confirmations to launch unsigned apps
|
|
#
?
Sep 25, 2017 13:45
|
|
|
yeah, gotta really hammer on that "whatever" button
|
|
#
?
Sep 25, 2017 13:48
|
|
|
cinci zoo sniper posted:stealing from apple thread high sierra launches today, i wonder if they are just going to roll with it
|
|
#
?
Sep 25, 2017 13:58
|
|
|
An in depth paper on getting around code signing https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf Goes pretty in depth into windows code signature verification, if thats your sorta thing
|
|
#
?
Sep 25, 2017 14:09
|
|
|
it's a good thing deloitte doesn't have a reputation for security: https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emailsquote:The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016. quote:Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform.
|
|
#
?
Sep 25, 2017 14:47
|
|
|
quote:This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform. poor Microsoft, no one remembers their cloud platform
|
|
#
?
Sep 25, 2017 14:50
|
|
|
my fave thing about that deloitte story is the related one from 2015 where all partners got like £750,000 bonus that year
|
|
#
?
Sep 25, 2017 14:53
|
|
|
Chris Knight posted:my fave thing about that deloitte story is the related one from 2015 where all partners got like £750,000 bonus that year they did a good job at not breaking down and crying at the terribly troubling news that doesn't affect them at all personally and deserve hazard pay
|
|
#
?
Sep 25, 2017 14:54
|
|
|
fins posted:An in depth paper on getting around code signing seems like this requires admin privs at which point it would be easier to just install your own root into the ca trust store.
|
|
#
?
Sep 25, 2017 16:44
|
|
|
Subjunctive posted:yeah, gotta really hammer on that "whatever" button by default os x will entirely refuse to launch unsigned apps you double-click on, with no override button in the moment. that's why he opened the stealer with the contextual menu, it does offer an override through that path but you have to a) know that and b) not do the obvious habitual path everyone uses
|
|
#
?
Sep 25, 2017 16:57
|
|
|
if the app is signed does that mean apple has audited the source?
|
|
#
?
Sep 25, 2017 17:00
|
|
|
no, it means they went through automated registration and got issued a certificate. apple can killswitch their app if it turns out to be malware. it does not necessarily mean it went through app store approval. neither signing up for gatekeeper nor app store approval imply source review
|
|
#
?
Sep 25, 2017 17:04
|
|
|
so it doesn't really matter if the app is signed or not if it has access to your keychain. Or do signed apps already not have access?
|
|
#
?
Sep 25, 2017 17:05
|
|
|
I think the bug is 99% that there's an exploit that lets an app access your account's entire keychain and not just its own items and 1% that it can be done while unsigned my point is that tricking people into running unsigned os x apps is slightly harder than this person makes it appear
|
|
#
?
Sep 25, 2017 17:08
|
|
|
yeah it seems more like this is how it would have worked prior to app signing and then with app signing it provides a context by which protected data in the keychain can be limited to that signed app even if the app maker doesn't provide the context themselves. without some kind of app identifier like the signature there would be no way for osx to verify the app. So the default behavior would be to allow the app access to the full keychain if allowed by the user which requires the user to login and unlock it. seems reasonable to me.
|
|
#
?
Sep 25, 2017 17:16
|
|
|
minivanmegafun posted:poor Microsoft, no one remembers their cloud platform remember when microsoft paid the nfl a truckload of money to promote the surface and the announcers and players kept calling them "ipad-like tablets" and "knockoff ipads"
|
|
#
?
Sep 25, 2017 17:21
|
|
|
Shaggar posted:so it doesn't really matter if the app is signed or not if it has access to your keychain. Or do signed apps already not have access? iirc it at least [or at least should] asks you before it grants access to the keychain. i know a few apps have caused a popup saying "hey do you want this thing to read keychain [fart boner passwords]?"
|
|
#
?
Sep 25, 2017 17:21
|
|
|
The_Franz posted:remember when microsoft paid the nfl a truckload of money to promote the surface and the announcers and players kept calling them "ipad-like tablets" and "knockoff ipads" press a knee key to continue
|
|
#
?
Sep 25, 2017 17:22
|
|
|
Chris Knight posted:my fave thing about that deloitte story is the related one from 2015 where all partners got like £750,000 bonus that year ate all the Oreos posted:they did a good job at not breaking down and crying at the terribly troubling news that doesn't affect them at all personally and deserve hazard pay idk what you two are on about, the hack was in oct/nov of 2016, not 2015 and only affected the US firm while the partner bonus article was about the UK firm.
|
|
#
?
Sep 25, 2017 17:59
|
|
|
ate all the Oreos posted:iirc it at least [or at least should] asks you before it grants access to the keychain. i know a few apps have caused a popup saying "hey do you want this thing to read keychain [fart boner passwords]?" that was my (limited) experience w/ the keychain and it seemed entirely appropriate. I think the confusion here is the contrast w/ signed apps where osx can identify the app and automatically provide it access limited to its own keychain without user involvement. I would guess if a signed app wants access to the rest of your keychain you'd get a credential pop.
|
|
#
?
Sep 25, 2017 18:00
|
|
|
lol I just watched the vid and theres no cred pop
|
|
#
?
Sep 25, 2017 18:05
|
|
|
Maximum Leader posted:idk what you two are on about, the hack was in oct/nov of 2016, not 2015 and only affected the US firm while the partner bonus article was about the UK firm. i misinterpreted "related story" to mean "different hack" when it just meant "it's funny that there was a related story about bonuses in this story about a hack" 
|
|
#
?
Sep 25, 2017 18:08
|
|
|
flakeloaf posted:press a knee key to continue
|
|
#
?
Sep 25, 2017 18:24
|
|
|
Wiggly Wayne DDS posted:it's a good thing deloitte doesn't have a reputation for security: https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
|
|
#
?
Sep 25, 2017 18:44
|
|
|
Security Fuckup Megathread - no surprise, it's way worse
|
|
#
?
Sep 25, 2017 19:09
|
|
|
Cocoa Crispies posted:Security Fuckup Megathread - no surprise, it's way worse
|
|
#
?
Sep 25, 2017 19:39
|
|
|
Cocoa Crispies posted:Security Fuckup Megathread - no surprise, it's way worse
|
|
#
?
Sep 25, 2017 19:46
|
|
|
loving holy poo poo if they really got full dumps of deloitte servers.
|
|
#
?
Sep 25, 2017 19:54
|
|
|
i know i say this all the loving time, but it's nice to see you still have your wozzet
|
|
#
?
Sep 25, 2017 19:55
|
|
|
Mr. Nice! posted:i know i say this all the loving time, but it's nice to see you still have your wozzet lmao his website is 429'd
|
|
#
?
Sep 25, 2017 19:57
|
|
|
Poop touching question: Someone just sent me a "virus". It's a dropper that connects to a FTP server and fetches a second stage. It includes the credentials for said FTP that have read/write access. Limit of poop touching so far: Verified the credentials work. Should I mirror the server for more research? Should I delete the second stage package to prevent anyone from accidentally running it, or just leave it as-is and report it to the hosting provider? I'm not sure which is more ethical, if anything is at all. I clearly am authorized to access the server, since they kindly sent me an email with the username and password! It's written in Visual Basic, full debug symbols, and the project info includes the username of the person who built it "Marlowe"  It's hosted at fastcpanelserver.com
|
|
#
?
Sep 25, 2017 20:06
|
|
|
Harik posted:Poop touching question: reverse engineer all you want, don't make any outbound connections, disclose to hosting provider and whoever else may be affected by this. verifying if credentials work is already unethical/criminal, strictly speaking, probably even if you are able to do that without gaining access
|
|
#
?
Sep 25, 2017 20:14
|
|
|
cinci zoo sniper posted:reverse engineer all you want, don't make any outbound connections, disclose to hosting provider and whoever else may be affected by this. verifying if credentials work is already unethical/criminal, strictly speaking, probably even if you are able to do that without gaining access I got that via running it and watching what it did, when I saw an ftp user and password I just laughed. It's nice running RE on something written so naievely. As tempting as it is, I'll avoid the poop. Gonna see if I can find this 'Marlowe' via anything the dropper itself did. Oh, most AV catches this one (virustotal) but not windows defender or clam, yet. How do I poke them? Defender is a big omit.
|
|
#
?
Sep 25, 2017 20:21
|
|
|
testing the credentials is dodgy as it could just be a compromised account that the malware author doesn't really own. should probably avoid doing that anyway as you're just going to set off alarm bells on the attacker's end
|
|
#
?
Sep 25, 2017 20:23
|
|
|
i think after weeks of repetition and persistence i've finally gotten through to my boss that disabling fips mode on our windows servers is correct and good
|
|
#
?
Sep 25, 2017 20:23
|
|
|
fips mode is the best
|
|
#
?
Sep 25, 2017 20:27
|
|
|
jre posted:fips mode is the greatest c'mon
|
|
#
?
Sep 25, 2017 20:35
|
|
|
|
| # ? May 14, 2024 22:10 |
|
|
Cocoa Crispies posted:c'mon gently caress 
|
|
#
?
Sep 25, 2017 20:39
|
|