|
infernal machines posted:welp. a fairly high value investment firm i work for just got popped by one of those credential harvesting phishing messages, sent seemingly legitimately from another investment firm they work with, who evidently had their office 365 accounts breached some time ago and were unaware of it until now. That sounds like something I've been seeing too. Credential harvesting and spreading further malicious links.
|
#
?
Nov 8, 2017 01:22
|
|
|
|
| # ? May 14, 2024 11:44 |
|
|
I'm 90% sure this Debian security advisory is someone's Markov chain bot taking the piss:quote:slurm-llnl: Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
|
|
#
?
Nov 8, 2017 02:36
|
|
|
Farmer Crack-rear end posted:any additional details you can share? we love to send stories about this kind of stuff happening out as company-wide broadcasts to reinforce our "DON'T TRUST EMAIL" campaign they received it when they were expecting some shared files to come in, message body was code:since the email is coming directly from another compromised account the headers are right and the signature etc. are all what you'd expect to see, so of course the user didn't look at the URL before trying to sign in. this was sent from the email account of the SVP of the other firm infernal machines fucked around with this message at 03:22 on Nov 8, 2017 |
|
#
?
Nov 8, 2017 03:14
|
|
|
Dyscrasia posted:That sounds like something I've been seeing too. Credential harvesting and spreading further malicious links. i've seen a bunch specifically targeting office 365 users, sent to domains using hosted exchange plans. a few get the style of the service notices down too
|
|
#
?
Nov 8, 2017 03:15
|
|
|
Pikavangelist posted:Security Fuckup Megathread - v14.2 - added P0-dropeverything and removed F3-annoyance
|
|
#
?
Nov 8, 2017 04:37
|
|
|
client of ours (we do not do IT) is sending out waves of "THIS IS YOUR OVERDUE INVOICE!" spam, some of it looks like viruses, some of it seems to be demanding money transfers they are a property management company who probably gets paid rents from a few dozen buildings in and around NYC this has been going on for over a month now and each passing week the people there who I talk to sound more worn down because their very expensive security consultants keep fixing it then someone in the office reinfects themselves somehow
|
|
#
?
Nov 8, 2017 04:53
|
|
|
alternate possibility: their very expensive security consultants have not fixed it and just keep cleaning up symptoms, not the actual breach
|
|
#
?
Nov 8, 2017 04:59
|
|
|
FB wants ppl to send them their nudes so they can hash them and bar them from being shared on FB https://www.theguardian.com/technology/2017/nov/07/facebook-revenge-porn-nude-photos (I'm curious how intelligent this hashing scheme is or if someone can just flip a bit)
|
|
#
?
Nov 8, 2017 05:27
|
|
|
maskenfreiheit posted:FB wants ppl to send them their nudes
|
|
#
?
Nov 8, 2017 05:31
|
|
|
someone in the bubble thread had the idea to scrape reddit and 4chan for memes and upload them to get hashed and added to the banlist
|
|
#
?
Nov 8, 2017 05:34
|
|
|
presumably they feed the images into the child pornography recognition algorithm and just store the output in a different result set and no doubt compare it against the child pornography set
|
|
#
?
Nov 8, 2017 05:36
|
|
|
mrmcd posted:I'm 90% sure this Debian security advisory is someone's Markov chain bot taking the piss: quote:Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. *** NAUGHTY PROGRAMMER!!! *** SPANK SPANK SPANK!!! *** Now go fix your code. Tut tut tut!
|
|
#
?
Nov 8, 2017 05:57
|
|
|
and facebook can't let people hash teh photos themselves and just send them the hashes, instead of opening teh "show everyone i know this stuff and also sell it to every advertiser" web page and dragging homegroan onto it becaaaaaaaaaause
|
|
#
?
Nov 8, 2017 06:04
|
|
|
flakeloaf posted:and facebook can't let people hash teh photos themselves and just send them the hashes becaaaaaaaaaause Midjack posted:someone in the bubble thread had the idea to scrape reddit and 4chan for memes and upload them to get hashed and added to the banlist
|
|
#
?
Nov 8, 2017 06:04
|
|
|
i'm not seeing the problem (i am but i put not value on it) (mlmp)
|
|
#
?
Nov 8, 2017 06:05
|
|
|
flakeloaf posted:and facebook can't let people hash teh photos themselves and just send them the hashes, instead of opening teh "show everyone i know this stuff and also sell it to every advertiser" web page and dragging homegroan onto it becaaaaaaaaaause because hashes are useless and they don't want to share the algorithm with the public
|
|
#
?
Nov 8, 2017 06:09
|
|
|
if facebook cared at all about human privacy they'd let you hash locally in some provisional database, then have a human do the visual check on the first uploaded image that matches the hash.. that also seems like slightly less work for them since not every image is going to show up
|
|
#
?
Nov 8, 2017 06:37
|
|
|
mrmcd posted:I'm 90% sure this Debian security advisory is someone's Markov chain bot taking the piss: Don't @ me
|
|
#
?
Nov 8, 2017 07:44
|
|
|
maskenfreiheit posted:(I'm curious how intelligent this hashing scheme is or if someone can just flip a bit) There's special hashing algos for images that take this kind of stuff into account. Also cropping and mirroring etc.
|
|
#
?
Nov 8, 2017 07:47
|
|
|
spankmeister posted:There's special hashing algos for images that take this kind of stuff into account. Also cropping and mirroring etc.
|
|
#
?
Nov 8, 2017 07:55
|
|
|
i'm not sure who the intended audience is, but i'm comfortable saying they probably wouldn't bother with that as opposed to just streamlining it through facebook itself
|
|
#
?
Nov 8, 2017 08:04
|
|
|
maybe add snapchat integration or something
|
|
#
?
Nov 8, 2017 08:05
|
|
|
if you could compute the hashes on your own, then the person who's stolen your nudes could do exactly the same thing and figure out how much they need to tweak the image until it no longer matches.
|
|
#
?
Nov 8, 2017 08:54
|
|
|
it’s all too much effort for something only Facebook really cares about too I guess. let them innovate on censorship
|
|
#
?
Nov 8, 2017 08:54
|
|
|
there are already systems for detecting nudes with a very high detection rate. just buy the ones the chinese use or something.
|
|
#
?
Nov 8, 2017 09:34
|
|
|
maskenfreiheit posted:FB wants ppl to send them their nudes dear valued user, I am the Facebook nudes inspector, to ensure your nudes are safe please send them to me so I can inspect them. Also, please provide an estimate of your income so we can assess the level of protection you require. Please send your nudes to officialnudeinspector@facebork.com thank you. Mark Zuckerberg
|
|
#
?
Nov 8, 2017 10:04
|
|
|
is facebook sending requests for nudes? can we lock fuckerberg up for soliciting nudes from minors?
|
|
#
?
Nov 8, 2017 10:13
|
|
|
Shinku ABOOKEN posted:is facebook sending requests for nudes? can we lock fuckerberg up for soliciting nudes from minors? Robot's can't be sent to jail
|
|
#
?
Nov 8, 2017 10:47
|
|
|
Loving Africa Chaps posted:Robot's can't be sent to jail yet
|
|
#
?
Nov 8, 2017 12:19
|
|
|
spankmeister posted:There's special hashing algos for images that take this kind of stuff into account. Also cropping and mirroring etc. apparently just turning the image to grayscale, scaling the image to some small size, like 16x16 and turning it into a bitstream by storing a 1 if the next pixel is brighter and 0 if the pixel is darker is shockingly effective at detecting dupes
|
|
#
?
Nov 8, 2017 12:43
|
|
|
yep, robust (perceptual) image hashing is pretty nifty. and caused me to come accross the best figure in a patent  sperg.jpg
|
|
#
?
Nov 8, 2017 12:54
|
|
|
pseudorandom name posted:presumably they feed the images into the child pornography recognition algorithm and just store the output in a different result set nah this is Facebook. they'll ban the account of the victim for uploading nudity in violation of the TOS.
|
|
#
?
Nov 8, 2017 13:36
|
|
|
flesh colour detection is also very good at showing me pictures of furniture and the desert
|
|
#
?
Nov 8, 2017 13:44
|
|
|
infernal machines posted:alternate possibility: their very expensive security consultants have not fixed it and just keep cleaning up symptoms, not the actual breach asked this morning because you make a good point and I was told that they know who hosed it up because the guy clicked and gave permissions to some poo poo when he plugged in an infected USB device they were infected via stuff given away at a trade show for property managers and have reinfected themselves at least twice so far of course I'm just talking to office person #4 who orders their stuff from us so they might not really know a property management company sending out fake past due invoices to all their tenants seems like a nightmare scenario to me though
|
|
#
?
Nov 8, 2017 14:49
|
|
|
Shifty Pony posted:they'll ban the account of the victim for uploading nudity in violation of the TOS.
|
|
#
?
Nov 8, 2017 15:09
|
|
|
flakeloaf posted:and facebook can't let people hash teh photos themselves and just send them the hashes, instead of opening teh "show everyone i know this stuff and also sell it to every advertiser" web page and dragging homegroan onto it becaaaaaaaaaause I'm the technically illiterate end user that somehow knows what a hash is and won't gently caress it up. fins posted:spurt.jpg Fixed Space Skeleton posted:asked this morning because you make a good point and I was told that they know who hosed it up because the guy clicked and gave permissions to some poo poo when he plugged in an infected USB device Beautiful
|
|
#
?
Nov 8, 2017 15:20
|
|
|
Volmarias posted:I'm the technically illiterate end user that somehow knows what a hash is and won't gently caress it up. i was going to say "use the one butan app to turn your photo into a number so we can check it" but then i remembered that "snapchat is hard to use" is on this very page evil_bunnY posted:If you're laughing at this remember which timeline we're in, and also what twitter's currently doing. our algo detected an 88% similarity between your nipple and a swastika and we'd ban you for that if being a white supremacist was a problem here, game on
|
|
#
?
Nov 8, 2017 15:24
|
|
|
Wheany posted:apparently just turning the image to grayscale, scaling the image to some small size, like 16x16 and turning it into a bitstream by storing a 1 if the next pixel is brighter and 0 if the pixel is darker is shockingly effective at detecting dupes i independently invented this (and what I think is an even better one, that can be sorted in a database by "closeness") in highschool and was pretty proud of myself and then forgot about it and read years later that's actually what a lot of programs do these days 
|
|
#
?
Nov 8, 2017 15:34
|
|
|
Shifty Pony posted:nah this is Facebook. according to what I've seen this is for facebook messenger not facebook itself also to upload the pictures you send them, using facebook messenger, to the magic porn sorting hat or w/e
|
|
#
?
Nov 8, 2017 15:36
|
|
|
|
| # ? May 14, 2024 11:44 |
|
|
evil_bunnY posted:If you're laughing at this remember which timeline we're in, and also what twitter's currently doing. I was not joking. I fully expect people to get banned by trying to use this "feature". Space Skeleton posted:they were infected via stuff given away at a trade show for property managers and have reinfected themselves at least twice so far drat, that's kind of impressive and can't be a one man show. I'm not seeing any warnings in the real estate press about it either, I wonder how many have been infected and don't know it.
|
|
#
?
Nov 8, 2017 15:45
|
|