Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v14.1 - Hello, is this a delivery order?
«242 »
 
  • Locked thread
Space Skeleton
Sep 28, 2004

 waded into my spam folder to see if I am still getting some from them and the answer is no

I do however have some spam harassing me about past due invoices from people at that company by name but from other addresses now like "Legit Name <randomname@hahest.com>"

* # ? Nov 8, 2017 16:32
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 14, 2024 00:00
  • Quote
Shame Boy
Mar 2, 2010

 the only spam i got today starts with "This grandma is looking hot!"

* # ? Nov 8, 2017 16:37
  • Quote
Wiggly Wayne DDS
Sep 11, 2010



 finally a sane voice in the tls middlebox discussion: https://mailarchive.ietf.org/arch/msg/saag/DabDtIemZ1PIVRVIFbyBPI4YQ2w

* # ? Nov 8, 2017 17:31
  • Quote
Diva Cupcake
Aug 15, 2005

infernal machines posted:

they received it when they were expecting some shared files to come in, message body was
code:
Title: ACTION REQUIRED: Shared Documents

Hello,

<name>, sent you a secured  file via SharePoint Online.

Go To [url="https://twofeetstanding.com/@%23$%25%5e&%25$%23/index.php"]Shared Documents[/url]

If you have any questions,please let me know.


Many Thanks,

Sincerely
the link goes to a landing page that suggest you sign in with one of several types of email account, selecting Office 365 or Aol gets you an exact ripoff of that service's login page.

since the email is coming directly from another compromised account the headers are right and the signature etc. are all what you'd expect to see, so of course the user didn't look at the URL before trying to sign in.

this was sent from the email account of the SVP of the other firm
Exact same format, title and body, came in yesterday (FinTech) only linking to a different URL.

code:
https://grxserviciosgraficos.es/%26%5E*%24(%24*%23%5E%23%5E%25%26*%5E%23%26(*%40%26%5E%40%5E%25%25%26*%5E(%26%23%23*%26%5E%25%40%24%40%26%25*%5E(%26%40%40%40
* # ? Nov 8, 2017 18:22
  • Quote
Jewel
May 2, 2009

 probably missed this posted somewhere else in yos but lol. logitech is bricking a product for everybody because certs cost money

https://community.logitech.com/s/question/0D55A0000745EkC/harmony-link-eos-or-eol

quote:

Hi Stan – and everyone else.

In the past week, we notified Harmony Link customers that the product will no longer function March of 2018. Depending on the warranty status – we offered replacements or a discount towards a new Harmony Hub or any Harmony remote.

I understand some of you have Harmony Links that are working perfectly fine right now. However, there is a technology certificate license that will expire next March. The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub.

I recognize the frustration of this and apologize for any inconveniences this causes.

Thank you for voicing your opinion.

-Will

https://twitter.com/MalwareJake/status/928309887087665157

* # ? Nov 8, 2017 18:23
  • Quote
Truga
May 4, 2014
Lipstick Apathy
can't you just firewall the thing to prevent it bricking itself?

e: also
https://twitter.com/internetofshit/status/928294833202061314

how do people still buy logitech poo poo that aren't mice?

Truga fucked around with this message at 18:41 on Nov 8, 2017

* # ? Nov 8, 2017 18:38
  • Quote
hobbesmaster
Jan 28, 2008

 their keyboards are good too

i do not understand anything about how or why they’re bricking these things. hell why isn’t it a self signed certificate that each device has pinned and stored in a secure element?

* # ? Nov 8, 2017 18:43
  • Quote
flakeloaf
Feb 26, 2003

Still better than android clock

 weak solder joints have killed 2 mice and 2 keyboards, and my mx revolution makes the whole system run about as smooth as george vi in a rap battle so i've been done with logitech for a while

* # ? Nov 8, 2017 18:44
  • Quote
BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Jewel posted:

probably missed this posted somewhere else in yos but lol. logitech is bricking a product for everybody because certs cost money

https://community.logitech.com/s/question/0D55A0000745EkC/harmony-link-eos-or-eol


https://twitter.com/MalwareJake/status/928309887087665157

what the gently caress costs money here? are they issuing a PKI cert to every single device instead of just generating them out of their own CA and adding it to the trust store?

* # ? Nov 8, 2017 18:45
  • Quote
cinci zoo sniper
Mar 15, 2013

flakeloaf posted:

weak solder joints have killed 2 mice and 2 keyboards, and my mx revolution makes the whole system run about as smooth as george vi in a rap battle so i've been done with logitech for a while

what that gently caress is wrong with your mice. i dont want their keyboards these days since i have hyperspecific mechanical preferences, but i still love their mices. i have large, heavy hands, and they are large and built like bricks. i just wish they did remake g9x, knowing the fate of the old one i'd stockpile a couple of those for a decade in advace

* # ? Nov 8, 2017 18:51
  • Quote
haveblue
Aug 15, 2005



Toilet Rascal

BangersInMyKnickers posted:

what the gently caress costs money here? are they issuing a PKI cert to every single device instead of just generating them out of their own CA and adding it to the trust store?

the harmony link is a headless universal remote-like box that lets a phone app control IR devices, I guess it relies on an internet backend to do this. I don't know what a "technology certificate license" is but that sounds like a euphemism/cs-peon-speak for "we're tired of paying a cloud provider to run this service for legacy devices and we're betting the ensuing PR shitstorm doesn't do any lasting damage"

I have a harmony remote and if they shut off service I think I only lose the ability to reconfigure it (through a terrible web wrapper app), it won't brick the whole thing. still a v. lovely move

* # ? Nov 8, 2017 18:54
  • Quote
Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

haveblue posted:

the harmony link is a headless universal remote-like box that lets a phone app control IR devices, I guess it relies on an internet backend to do this. I don't know what a "technology certificate license" is but that sounds like a euphemism/cs-peon-speak for "we're tired of paying a cloud provider to run this service for legacy devices and we're betting the ensuing PR shitstorm doesn't do any lasting damage"

I have a harmony remote and if they shut off service I think I only lose the ability to reconfigure it (through a terrible web wrapper app), it won't brick the whole thing. still a v. lovely move

maybe they cheaped out on a chip that doesn't support modern certs?

* # ? Nov 8, 2017 19:00
  • Quote
flakeloaf
Feb 26, 2003

Still better than android clock

cinci zoo sniper posted:

what that gently caress is wrong with your mice. i dont want their keyboards these days since i have hyperspecific mechanical preferences, but i still love their mices. i have large, heavy hands, and they are large and built like bricks. i just wish they did remake g9x, knowing the fate of the old one i'd stockpile a couple of those for a decade in advace

the mx518 cables started having intermittent connection problems where they meet the mouse pcb, which was apparently a well-documented issue with them

no clue what's wrong with the revo but i'm guessing it's software

using a rat7 now and it seems to suit needs

* # ? Nov 8, 2017 19:02
  • Quote
hobbesmaster
Jan 28, 2008

Cocoa Crispies posted:

maybe they cheaped out on a chip that doesn't support modern certs?

you can always do it in software

* # ? Nov 8, 2017 19:05
  • Quote
BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Cocoa Crispies posted:

maybe they cheaped out on a chip that doesn't support modern certs?

but again, SHA2 requirements are only for PKI certs. This all should have been done through a private CA

* # ? Nov 8, 2017 19:07
  • Quote
cinci zoo sniper
Mar 15, 2013

flakeloaf posted:

the mx518 cables started having intermittent connection problems where they meet the mouse pcb, which was apparently a well-documented issue with them

no clue what's wrong with the revo but i'm guessing it's software

using a rat7 now and it seems to suit needs

yeah well documented issues seems to be a trope with logitech mice. g9x for example had negative accel that took a long rear end time to be fixed via firmware upgrade

* # ? Nov 8, 2017 19:09
  • Quote
Schadenboner
Aug 15, 2011

by Shine

flakeloaf posted:

the mx518 cables started having intermittent connection problems where they meet the mouse pcb, which was apparently a well-documented issue with them

no clue what's wrong with the revo but i'm guessing it's software

using a rat7 now and it seems to suit needs



Im the RAPID-FIRE.

* # ? Nov 8, 2017 19:10
  • Quote
cinci zoo sniper
Mar 15, 2013

Schadenboner posted:



Im the RAPID-FIRE.

they are decent mice, but the company is kill

* # ? Nov 8, 2017 19:11
  • Quote
Truga
May 4, 2014
Lipstick Apathy

haveblue posted:

I don't know what a "technology certificate license" is

it's probably a license for some extremely lovely idiotic patent like slide to unlock, and those can be expensive.

* # ? Nov 8, 2017 19:13
  • Quote
flakeloaf
Feb 26, 2003

Still better than android clock

Schadenboner posted:



Im the RAPID-FIRE.

oh yeah it looks ridiculous, but it feels right and it just works

* # ? Nov 8, 2017 19:21
  • Quote
infernal machines
Oct 11, 2012

we monitor many frequencies. we listen always. came a voice, out of the babel of tongues, speaking to us. it played us a mighty dub.

flakeloaf posted:

no clue what's wrong with the revo but i'm guessing it's software

very important lesson re: logitech mice, don't ever install the software.

holy poo poo, amount of garbage they pack into that stuff is insane. want to re-map buttons? great well here's a half dozen different services and a complete explorer overhaul to add a bunch of fancy animations to the windows switcher that works less well than what was builtin in to begin with

* # ? Nov 8, 2017 20:01
  • Quote
cinci zoo sniper
Mar 15, 2013

infernal machines posted:

very important lesson re: logitech mice, don't ever install the software.

holy poo poo, amount of garbage they pack into that stuff is insane. want to re-map buttons? great well here's a half dozen different services and a complete explorer overhaul to add a bunch of fancy animations to the windows switcher that works less well than what was builtin in to begin with

what the gently caress are you installing? lgs is a simple app that you open, click things, and close, and it never reminds you of itself

* # ? Nov 8, 2017 20:03
  • Quote
infernal machines
Oct 11, 2012

we monitor many frequencies. we listen always. came a voice, out of the babel of tongues, speaking to us. it played us a mighty dub.
the older versions of setpoint had exactly what i described, at least up to windows 7.


idk, i've never tried to install them after that because, holy poo poo, what a trashfire

* # ? Nov 8, 2017 20:07
  • Quote
anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum
i thought i had a harmony link that i got earlier this year, but it turns out i have a harmony hub

the link was a $100 product that allowed you to use your iphone or ipad as a remote control. that's it. it's good that it's been discontinued.

anthonypants fucked around with this message at 20:38 on Nov 8, 2017

* # ? Nov 8, 2017 20:35
  • Quote
Wiggly Wayne DDS
Sep 11, 2010

cinci zoo sniper posted:

what the gently caress are you installing? lgs is a simple app that you open, click things, and close, and it never reminds you of itself
* # ? Nov 8, 2017 20:59
  • Quote
Chris Knight
Jun 5, 2002

me @ ur posts


Fun Shoe
Hahahahahahahaha How The gently caress Is Logitech Drivers Real Hahahaha Nigga Just Use The HID Defaults Like Nigga Cancel The Install Haha

* # ? Nov 8, 2017 21:05
  • Quote
haveblue
Aug 15, 2005



Toilet Rascal
How Can Drivers Be Real If Our Mice Aren't Real

* # ? Nov 8, 2017 21:07
  • Quote
infernal machines
Oct 11, 2012

we monitor many frequencies. we listen always. came a voice, out of the babel of tongues, speaking to us. it played us a mighty dub.

Chris Knight posted:

Hahahahahahahaha How The gently caress Is Logitech Drivers Real Hahahaha Nigga Just Use The HID Defaults Like Nigga Cancel The Install Haha
* # ? Nov 8, 2017 21:11
  • Quote
mod saas
May 4, 2004

Grimey Drawer

Chris Knight posted:

Hahahahahahahaha How The gently caress Is Logitech Drivers Real Hahahaha Nigga Just Use The HID Defaults Like Nigga Cancel The Install Haha



haveblue posted:

How Can Drivers Be Real If Our Mice Aren't Real
* # ? Nov 8, 2017 21:13
  • Quote
cinci zoo sniper
Mar 15, 2013

infernal machines posted:

the older versions of setpoint had exactly what i described, at least up to windows 7.


idk, i've never tried to install them after that because, holy poo poo, what a trashfire

im not sure i ever have installed setpoint, but all my logitech mices were ~gaming~

* # ? Nov 8, 2017 21:26
  • Quote
cinci zoo sniper
Mar 15, 2013
there was one thing i setup for dad's performance mx, but it was similar to lgs iirc

* # ? Nov 8, 2017 21:27
  • Quote
infernal machines
Oct 11, 2012

we monitor many frequencies. we listen always. came a voice, out of the babel of tongues, speaking to us. it played us a mighty dub.

cinci zoo sniper posted:

im not sure i ever have installed setpoint, but all my logitech mices were ~gaming~

setpoint was the only way to remap buttons and adjust dpi, etc. for a long time.

* # ? Nov 8, 2017 21:34
  • Quote
Wiggly Wayne DDS
Sep 11, 2010



 https://twitter.com/h0t_max/status/928269320064450560

* # ? Nov 8, 2017 23:33
  • Quote
spankmeister
Jun 15, 2008






 :rip:

* # ? Nov 8, 2017 23:37
  • Quote
BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

 State actors are going to have a field day with that one

* # ? Nov 8, 2017 23:40
  • Quote
hobbesmaster
Jan 28, 2008

BangersInMyKnickers posted:

State actors have had a field day with that one
* # ? Nov 8, 2017 23:40
  • Quote
Jabor
Jul 16, 2010

#1 Loser at SpaceChem

BangersInMyKnickers posted:

State actors are going to have a field day with that one

Well, the ones that didn't have an exploit already will.

e: I guess the ones that already have one will be more willing to go ham with it, since it's now less valuable to keep secret.

* # ? Nov 8, 2017 23:44
  • Quote
Soylent Pudding
Jun 22, 2007

We've got people!


 What's the exploit they're talking about there?

* # ? Nov 8, 2017 23:49
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

Wiggly Wayne DDS posted:

https://twitter.com/h0t_max/status/928269320064450560

lmao :rip:

* # ? Nov 8, 2017 23:49
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 14, 2024 00:00
  • Quote
BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Soylent Pudding posted:

What's the exploit they're talking about there?

minix kernel running directly on the CPU that has effective access to everything, once you compromise it the whole chip is hosed and the system compromised. There is indicators that a flag exists to completely disable it per government spec but it hasn't been reversed yet.

* # ? Nov 8, 2017 23:51
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v14.1 - Hello, is this a delivery order?
«242 »