|
https://twitter.com/ericgeller/status/917883751295791107 curious to know more about this re:kaspersky
|
#
?
Oct 11, 2017 00:11
|
|
|
|
| # ? May 15, 2024 02:15 |
|
|
lol you can count on the FSB to completely implode the russian tech sector with their grubby fingers i bet yandex provided the search tech
|
|
#
?
Oct 11, 2017 00:13
|
|
|
TL;DR: The FSB hacked into the Kaspersky product and used the network of 400 million installs as it's own search engine; it could search by user name or by any particular file they were interested in. The antivirus software would then upload the desired "sample" and deliver it to the Russians. That's goddamned brilliant.
|
|
#
?
Oct 11, 2017 00:39
|
|
|
cis autodrag posted:neat, but lol at the man with kinda bad english writing thinking that putting a period inside the quotes at the end of a sentence was incorrect and worth putting in his FAQ. i'd put money on there being a big discussion at app[le about whether to put the trailing punctuation inside the quotes (because it looks better) or outside the quotes (because it's better syntactically)
|
|
#
?
Oct 11, 2017 02:24
|
|
|
https://kev.inburke.com/kevin/circleci-is-hopelessly-insecure/quote:When you navigate to your project in CircleCI's UI, Javascript from eight different analytics companies gets loaded and executed in your browser.
|
|
#
?
Oct 11, 2017 03:03
|
|
|
Secfuck as a service is the hot new trend in tech, friend!
|
|
#
?
Oct 11, 2017 03:06
|
|
|
WAR DOGS OF SOCHI posted:TL;DR: The FSB hacked into the Kaspersky product and used the network of 400 million installs as it's own search engine; it could search by user name or by any particular file they were interested in. The antivirus software would then upload the desired "sample" and deliver it to the Russians. That's goddamned brilliant. Where'd this come from? the NYT article doesn't have it
|
|
#
?
Oct 11, 2017 03:09
|
|
|
Bulgogi Hoagie posted:lol you can count on the FSB to completely implode the russian tech sector with their grubby fingers makes u think about putin's recent personal visit to yandex office
|
|
#
?
Oct 11, 2017 04:27
|
|
|
whenever i hear the name yandex i think it's some anime thing that's all i have to say thanks for reading my post guys
|
|
#
?
Oct 11, 2017 06:58
|
|
|
Lightbulb Out posted:https://twitter.com/ericgeller/status/917883751295791107
|
|
#
?
Oct 11, 2017 08:50
|
|
|
mrmcd posted:Secfuck as a service is the hot new trend in tech, friend! I'm not entirely sure what the surprise is, loads of SaaS things have been doing this, especially the free ones. lots of HR SaaS is doing this too, because for some reason HR doesn't think privacy or protection of sensitive personal data is important 
|
|
#
?
Oct 11, 2017 09:28
|
|
|
Main Paineframe posted:Where'd this come from? the NYT article doesn't have it What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies. ...by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known. Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.
|
|
#
?
Oct 11, 2017 16:00
|
|
|
drat it's been a busy couple of days in the secfuck world anyway, heres another tragic wide-open S3 bin story: http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/ quote:Each server contained a range of different types of credentials, including private signing keys that could be used to impersonate the company, and passwords -- some of which were stored in plaintext. Vickery said he also found Accenture's master keys for its Amazon Web Service's Key Management System (KMS), which if stolen could allow an attacker full control over the company's encrypted data stored on Amazon's servers.
|
|
#
?
Oct 11, 2017 16:22
|
|
|
http://www.zdnet.com/article/secret-f-35-p-8-c-130-data-stolen-in-australian-defence-contractor-hack/quote:In November 2016, the Australian Signals Directorate (ASD) was alerted by a "partner organisation" that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.
|
|
#
?
Oct 11, 2017 16:25
|
|
|
https://arstechnica.com/gadgets/2017/10/pre-release-google-home-mini-goes-rogue-starts-recording-247/ don't know why google is storing the recordings lol, of course i do, for data mining
|
|
#
?
Oct 11, 2017 16:33
|
|
|
geonetix posted:I'm not entirely sure what the surprise is, loads of SaaS things have been doing this, especially the free ones. lots of HR SaaS is doing this too, because for some reason HR doesn't think privacy or protection of sensitive personal data is important It's not even a free vs paid service thing; POs, managers, and executives just want More Analytics. I guarantee you that no one involved has even considered the privacy and security risks.
|
|
#
?
Oct 11, 2017 16:33
|
|
|
COACHS SPORT BAR posted:drat it's been a busy couple of days in the secfuck world gently caress accenture
|
|
#
?
Oct 11, 2017 16:51
|
|
|
moostaffa posted:https://twitter.com/chesh/status/917791425210830848
|
|
#
?
Oct 11, 2017 17:44
|
|
|
evil_bunnY posted:Hahahaha right on time for the EU to skullfuck them the eu that uk is leaving?
|
|
#
?
Oct 11, 2017 17:45
|
|
|
that isn't going to happen for a few more years, so yes. only sad thing is GDPR isn't going to be enforced for another ~220 days.
|
|
#
?
Oct 11, 2017 17:49
|
|
|
COACHS SPORT BAR posted:drat it's been a busy couple of days in the secfuck world man its always upguard finding this stuff
|
|
#
?
Oct 11, 2017 17:49
|
|
|
Truga posted:that isn't going to happen for a few more years, so yes. only sad thing is GDPR isn't going to be enforced for another ~220 days. i was mostly just kidding, i dont think gdpr will care much since it does concern itself with its area of coverage as of incident (much like any other legal thing)
|
|
#
?
Oct 11, 2017 17:50
|
|
|
part 3 is up: https://googleprojectzero.blogspot.co.uk/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html
|
|
#
?
Oct 11, 2017 18:01
|
|
|
cinci zoo sniper posted:the eu that uk is leaving?
|
|
#
?
Oct 11, 2017 18:22
|
|
|
evil_bunnY posted:Not loving yet they haven't. And it's not like May's gonna be in charge of anything much longer cinci zoo sniper posted:i was mostly just kidding, i dont think gdpr will care much since it does concern itself with its area of coverage as of incident (much like any other legal thing)
|
|
#
?
Oct 11, 2017 18:23
|
|
|
Wiggly Wayne DDS posted:its times like these where you need credibility to make claims like these, and the amount of third-hand sources in there isn't helping anything Yeah. Still, if this turns out to be true, it confirms Israel being behind Duqu 2.
|
|
#
?
Oct 11, 2017 18:48
|
|
|
More details on Kaspersky are dribbling out. https://twitter.com/ericgeller/status/918174932139462658
|
|
#
?
Oct 11, 2017 19:08
|
|
|
quote:Germany: "No evidence" Kaspersky software used by Russians for hacks http://mobile.reuters.com/article/amp/idUSL8N1MM4ZV
|
|
#
?
Oct 11, 2017 19:09
|
|
|
re: kaspersky https://twitter.com/WSJ/status/918171990875402240
|
|
#
?
Oct 11, 2017 19:33
|
|
|
well that'd be a problem if internet-computers with classified data on them had software running on them that could freely call home, but uh wait i was going somewhere with this
|
|
#
?
Oct 11, 2017 19:35
|
|
|
flakeloaf posted:well that'd be a problem if internet-computers with classified data on them had software running on them that could freely call home, but uh But my nephew said he was good with computers and could help stop those porn popups that you get from facebook.
|
|
#
?
Oct 11, 2017 20:00
|
|
|
Installing Russian software on sensitive computers seems dumb but what do I know I don't work for the CIA's IT division
|
|
#
?
Oct 11, 2017 20:26
|
|
|
LinYutang posted:Installing Russian software on sensitive computers seems dumb but what do I know I don't work for the CIA's IT division
|
|
#
?
Oct 11, 2017 20:37
|
|
|
but their kgb educated founder pinky promised they didn't do bad things with the Russian government??? I don't think they'd still be around if they didn't tbh. iirc the vk.com founder had to flee russia because he didn't want to cooperate
|
|
#
?
Oct 11, 2017 20:37
|
|
|
Maximum Leader posted:but their kgb educated founder pinky promised they didn't do bad things with the Russian government??? I don't think they'd still be around if they didn't tbh. iirc the vk.com founder had to flee russia because he didn't want to cooperate there are certainly a number of layer sin place to allow plausible deniability by top brass
|
|
#
?
Oct 11, 2017 20:51
|
|
|
Maximum Leader posted:but their kgb educated founder pinky promised they didn't do bad things with the Russian government??? I don't think they'd still be around if they didn't tbh. iirc the vk.com founder had to flee russia because he didn't want to cooperate yeah durov did repeatedly get in big troubles anthonypants posted:as other people have mentioned any machine with kaspersky on it is almost guaranteed to belong to a contractor due to domestic preference laws requiring that the government buy products that originate in the us, which was a policy long before someone wrote a memo mandating the removal of kaspersky products from government computers how is kaspersky considered a domestic software in the states
|
|
#
?
Oct 11, 2017 21:06
|
|
|
cinci zoo sniper posted:how is kaspersky considered a domestic software in the states isn't
|
|
#
?
Oct 11, 2017 21:07
|
|
|
I thought they split their corporate and have a huge US headquarters presence
|
|
#
?
Oct 11, 2017 21:15
|
|
|
cinci zoo sniper posted:yeah durov did repeatedly get in big troubles Contractors aren't bound by the sourcing requirements the feds are.
|
|
#
?
Oct 11, 2017 21:16
|
|
|
|
| # ? May 15, 2024 02:15 |
|
|
anthonypants posted:it then what the hell are you trying to say
|
|
#
?
Oct 11, 2017 21:17
|
|