|
cinci zoo sniper posted:then what the hell are you trying to say That the gov generally wasn't using kaspersky, instead it was contractors or employees at home
|
#
?
Oct 11, 2017 21:18
|
|
|
|
| # ? May 14, 2024 18:25 |
|
|
LinYutang posted:Installing Russian software on sensitive computers seems dumb but what do I know I don't work for the CIA's IT division turns out letting contractors take classified information home and put it on their unsecured home computers is a bad idea the bit that gets me is that the contractor was writing new tools to replace the stuff a previous contractor leaked
|
|
#
?
Oct 11, 2017 21:18
|
|
|
Trabisnikof posted:That the gov generally wasn't using kaspersky, instead it was contractors or employees at home
|
|
#
?
Oct 11, 2017 21:18
|
|
|
cinci zoo sniper posted:yeah durov did repeatedly get in big troubles They're saying that it's on contractor computers, which would not be owned by the government, because contractors can buy whatever software they want while government has to preferentially purchase American software.
|
|
#
?
Oct 11, 2017 21:19
|
|
|
Trabisnikof posted:That the gov generally wasn't using kaspersky, instead it was contractors or employees at home ah, i see. that sounds like some bad opsec, the gov employees at home part 
|
|
#
?
Oct 11, 2017 21:19
|
|
|
Phlag posted:More details on Kaspersky are dribbling out. signatures being a blackbox with no formal method of validating per-client has always been an issue, there's nothing stopping this from being a generic upstream method of gathering information from endpoints and kaspersky was burned due to stepping on too many toes
|
|
#
?
Oct 11, 2017 21:20
|
|
|
cinci zoo sniper posted:ah, i see. that sounds like some bad opsec Are you suggesting that the Military-Industrial Complex's quarterly returns driven late-modern capitalism is somehow against the national security interests of the US? 
|
|
#
?
Oct 11, 2017 21:22
|
|
|
Schadenboner posted:Are you suggesting that the Military-Industrial Complex's quarterly returns driven late-modern capitalism is somehow against the national security interests of the US? not that elaborate. maybe you shouldn't take state secrets outside your office
|
|
#
?
Oct 11, 2017 21:23
|
|
|
cinci zoo sniper posted:not that elaborate. maybe you shouldn't take state secrets outside your office One and the same. I goddamn guarantee the employee wasn't getting paid for the hours but his company was billing the gov for them.
|
|
#
?
Oct 11, 2017 21:25
|
|
|
cinci zoo sniper posted:not that elaborate. maybe you shouldn't take state secrets outside your office
|
|
#
?
Oct 11, 2017 21:25
|
|
|
on that note there are at least 5 leakers unaccounted for despite all the arrests, nevermind the material other governments have nabbed but not mentioned publicly
|
|
#
?
Oct 11, 2017 21:28
|
|
|
anthonypants posted:don't worry, they definitely learned their lesson after chelsea manning and edward snowden ... don't forget reality winner
|
|
#
?
Oct 11, 2017 21:28
|
|
|
infernal machines posted:... don't forget reality winner
|
|
#
?
Oct 11, 2017 21:33
|
|
|
Wiggly Wayne DDS posted:presumably in the same way cisco had to know about the remote exploiting of core routers to gather up data and inject malicious content? yuuuuup. sig distribution allows for pretty much unlimited rights to execute arbitrary actions, collect whatever, and push it back up to "~tHe ClOuD~"
|
|
#
?
Oct 11, 2017 21:56
|
|
|
anthonypants posted:gently caress how could i forget reality winner just doesn't sound like a real and memorable name like carl mark force iv
|
|
#
?
Oct 11, 2017 22:12
|
|
|
it sure would be a pain if a similar scenario happened but there wasn't a convenient foreign company to pin the blame on: https://www.wsj.com/amp/articles/north-korea-allegedly-used-antivirus-software-to-steal-defense-secrets-1507736060quote:SEOUL—A breach of South Korea’s military database by suspected North Korean hackers originated in compromised third-party cybersecurity software and was made possible by an unintended connection to the internet, according to people familiar with the attack.
|
|
#
?
Oct 11, 2017 22:16
|
|
|
That's one way to bypass the air gap.
|
|
#
?
Oct 11, 2017 22:32
|
|
|
cinci zoo sniper posted:not that elaborate. maybe you shouldn't take state secrets outside your office but my productivity will suffer if I can't have a specific certain of spider solitaire and irfanview and chome and just let me byodddddd getting grownups to understand what a managed network is should not be this difficult but here we are
|
|
#
?
Oct 12, 2017 00:55
|
|
|
"if i find your personal poo poo in my network I'm declassifying it with a hammer" is a sentence i know people understand because i see them all reach for their phones when we say it, and yet every year I guarantee some schmuck will lose his toy because he just had to have that great photo on his desktop
|
|
#
?
Oct 12, 2017 01:00
|
|
|
https://twitter.com/arstechnica/status/917857493061120000
|
|
#
?
Oct 12, 2017 01:21
|
|
|
flakeloaf posted:but my productivity will suffer if I can't have a specific certain of spider solitaire and irfanview and chome and just let me byodddddd that and managers caving to the sperglords demanding to work from home because they code best in their my little pony wallpapered room listening to hatsune miku jams. there's a place for that, but it's usually nowhere near classified material
|
|
#
?
Oct 12, 2017 02:55
|
|
|
cool maybe they'll finally figure out what is actually causing those pop ups to randomly occur on devices to begin with.
|
|
#
?
Oct 12, 2017 03:52
|
|
|
e: on second though nm
infernal machines fucked around with this message at 04:36 on Oct 12, 2017 |
|
#
?
Oct 12, 2017 04:31
|
|
|
.
infernal machines fucked around with this message at 04:36 on Oct 12, 2017 |
|
#
?
Oct 12, 2017 04:33
|
|
|
infernal machines posted:e: on second though nm feel like I'm missing out on a great post here
|
|
#
?
Oct 12, 2017 04:42
|
|
|
you can't trust client endpoints. so no, nothing to add
|
|
#
?
Oct 12, 2017 04:51
|
|
|
Jimmy Carter posted:cool maybe they'll finally figure out what is actually causing those pop ups to randomly occur on devices to begin with. I don't even remember the last time I was asked for my Apple ID password on my phone. even then I'd have to go unlock 1Password to copy/paste it in to the dialog. certainly Apple needs to work on this
|
|
#
?
Oct 12, 2017 13:13
|
|
|
Chris Knight posted:I don't even remember the last time I was asked for my Apple ID password on my phone. congrats on never installing updates I guess
|
|
#
?
Oct 12, 2017 14:54
|
|
|
here's a thought about the Kaspersky poo poo: the example being discussed is a single hop where the antivirus was on the machine with the target files. is it not also nearly a certainty that Russian intelligence used this as a starting point for much deeper infiltration? I was thinking that if you had the means and dedication of a state actor the antivirus network would be very useful as part of an operation to break into a secured system. Even if the secured system didn't have the antivirus it is likely that one of the software or hardware providers for the secured system would and you could use it to easily get source code for that software or firmware to find 0-days. or even worse you could potentially use the root access of the antivirus to place an exploit or even an air-gap jumping data collector like Stuxnet in a relatively difficult to notice manner. jfc what a nightmare.
|
|
#
?
Oct 12, 2017 15:02
|
|
|
it turns out having remotely updateable/accessible software with ring-0 access is a security nightmare whoda thunk it?
|
|
#
?
Oct 12, 2017 15:07
|
|
|
Shifty Pony posted:here's a thought about the Kaspersky poo poo: the example being discussed is a single hop where the antivirus was on the machine with the target files. is it not also nearly a certainty that Russian intelligence used this as a starting point for much deeper infiltration? unrelated, but how would airgap exfil happen here?
|
|
#
?
Oct 12, 2017 15:07
|
|
|
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/ please, i can't laugh anymore, my sides
|
|
#
?
Oct 12, 2017 15:12
|
|
|
Well, poo poo; I was going to post that.quote:In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday the site was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.
|
|
#
?
Oct 12, 2017 15:48
|
|
|
akadajet posted:congrats on never installing updates I guess Just asks me for my PIN.
|
|
#
?
Oct 12, 2017 17:17
|
|
|
Just-In-Timeberlake posted:https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/ holy moly
|
|
#
?
Oct 12, 2017 17:34
|
|
|
Avenging_Mikon posted:Just asks me for my PIN. Not when you do major updates. From like ios 10 -> 11
|
|
#
?
Oct 12, 2017 17:39
|
|
|
inverse security fuckup at my friend's work: they apparently were being ddosed by some eastern european script kiddie, rendering their product website shoddily accessible. dude so wanted to get ransom that he blindly chatted away with the ceo of the company for 2 days straight while it and sec departments were pulling 48 hour straight of ot with almost the literal sleeping in the office to fix the bad parts of infrastructure, get some ddos protection going, and collect any possible information about the guy for law enforcement. once they were done, ceo was like "sorry mate, we changed our mind" 
|
|
#
?
Oct 12, 2017 17:43
|
|
|
major updates ask for your icloud password as part of a special ui flow, that's not what's being spoofed here and it would be much harder for third party apps to fake I can't remember the last time I've seen that l/p popup dialog, it should only appear if you try to do something involving icloud but you aren't signed in in system prefs
|
|
#
?
Oct 12, 2017 17:43
|
|
|
who were the people i accused of being overly paranoid about home assistants constantly recording and sending audio to google/amazon so i can apologize? https://www.theverge.com/2017/10/10/16456050/google-home-mini-always-recording-bug
|
|
#
?
Oct 12, 2017 18:25
|
|
|
|
| # ? May 14, 2024 18:25 |
|
|
cinci zoo sniper posted:unrelated, but how would airgap exfil happen here? versions of the software on air gapped systems would hide data packets on the hand carried USB drives used to carry data/updates to or from the air gapped systems. then when that drive was attached to a system which was internet connected and also infected the data is gotten out using more traditional means. this is not some theoretical PoC either, it has been seen in the wild 
|
|
#
?
Oct 12, 2017 18:33
|
|