|
qat
|
#
?
Dec 9, 2017 09:37
|
|
|
|
| # ? May 29, 2024 17:20 |
|
|
DIIGI!I!!
|
|
#
?
Dec 9, 2017 09:38
|
|
|
gershon & kingsley - peanuts.mp3
|
|
#
?
Dec 9, 2017 10:22
|
|
|
my battle.net authenticator went off from a chinese request, i rejected it ofc and changed my b.net password but it made me wonder something maybe this is a dumb question but idk about security, anyway barring physical access, could an attacker have taken control of my account or gathered information to do so later through my actions? (denying their request, logging in (and accepting mine), and changing my password, in that order and within five minutes of seeing the notice)
|
|
#
?
Dec 9, 2017 10:29
|
|
|
make sure your secret question is something that cannot be guessed or reasonable circumvented ("I entered garbage as the answer"), that's the only way forward for an attacker likely though your password was just leaked and someone is trying to hit it on all things, try haveibeenpwned
|
|
#
?
Dec 9, 2017 10:35
|
|
|
geonetix posted:make sure your secret question is something that cannot be guessed or reasonable circumvented ("I entered garbage as the answer"), that's the only way forward for an attacker haw, that revealed the cause straight off: wildstar loving me from the grave (i was lazy with it and reused my b.net password there 'cos they were both under separate 2FA anyway) thanks for that, didn't know about haveibeenpwned
|
|
#
?
Dec 9, 2017 10:40
|
|
|
's what i get for playing loving mmos (and being lazy)
|
|
#
?
Dec 9, 2017 10:40
|
|
|
Speaking of MMO's: Here's a podcast in two parts about hacking online games. It's pretty good. They interview "Manfred" a guy who's apparently a big deal in the mmo hacking scene. You may remember the ultima online house deletion debacle, well this guy did it and he explains how. He also explains how he made a living for years by cloning items and gold in MMO's and selling them on eBay. https://darknetdiaries.com/episode/7 https://darknetdiaries.com/episode/8
|
|
#
?
Dec 9, 2017 10:45
|
|
|
Ciaphas posted:haw, that revealed the cause straight off: wildstar loving me from the grave (i was lazy with it and reused my b.net password there 'cos they were both under separate 2FA anyway) np buddy. just be aware that blizzards password forgotten procedure is still completely nuts, so be careful also mmos and security are fun, wasn't a goon in an anti-cheat role with eve online at some point?
|
|
#
?
Dec 9, 2017 10:49
|
|
|
thank goodness for lastpass memorizing most good passwords for me nowadays (i know i know i should use keepass, blame work)
|
|
#
?
Dec 9, 2017 10:51
|
|
|
good news https://twitter.com/taviso/status/938509218805514240
|
|
#
?
Dec 9, 2017 19:20
|
|
|
do you have a clearer grasp of the context than i do, the chain starts with looking in the a steam folder, is there more to suggest that this is a steam issue being chased down or are there other details?
|
|
#
?
Dec 9, 2017 19:29
|
|
|
Cybernetic Vermin posted:do you have a clearer grasp of the context than i do, the chain starts with looking in the a steam folder, is there more to suggest that this is a steam issue being chased down or are there other details? Steam? I thought Battlenet was a Blizzard thing.
|
|
#
?
Dec 9, 2017 19:33
|
|
|
it starts with steam then someone points at battle.net it's all low handing fruit everyone's known forever and no one's bothered to fix
|
|
#
?
Dec 9, 2017 19:35
|
|
|
Proteus Jones posted:Steam? oh, didn't even read the link, clicked localbattle.net and firefox errored out of loading and i didn't dig deeper into it
|
|
#
?
Dec 9, 2017 19:36
|
|
|
I still don't quite get it, it's hinting at RCE in battlenet but.. what is localbattle.net? Like, that's not a registered domain and I cant find anything in the battle.net client that hosts some kind of web interface access like some programs do. And googling that url only returns that taviso tweet.
|
|
#
?
Dec 9, 2017 19:50
|
|
|
Taviso works in mysterious ways
|
|
#
?
Dec 9, 2017 19:54
|
|
|
while i do appreciate his sense of drama i don't appreciate the sense of the world crumbling around me that it induces
|
|
#
?
Dec 9, 2017 19:56
|
|
|
the steam thing is him complaining that valve is still using the app directory for config and games and poo poo because nobody used %appdata% in 2003 and therefore they don't do it in 2017
|
|
#
?
Dec 9, 2017 20:04
|
|
|
Jewel posted:I still don't quite get it, it's hinting at RCE in battlenet but.. what is localbattle.net? Like, that's not a registered domain and I cant find anything in the battle.net client that hosts some kind of web interface access like some programs do. And googling that url only returns that taviso tweet. the certificate is almost certainly so they can do secure traffic relating to drm anthonypants fucked around with this message at 20:27 on Dec 9, 2017 |
|
#
?
Dec 9, 2017 20:24
|
|
|
spankmeister posted:Speaking of MMO's: Here's a podcast in two parts about hacking online games. It's pretty good. They interview "Manfred" a guy who's apparently a big deal in the mmo hacking scene. You may remember the ultima online house deletion debacle, well this guy did it and he explains how. He also explains how he made a living for years by cloning items and gold in MMO's and selling them on eBay. I was gonna reply to a link to his awesome DEFCON talk but NOOOOOPE youtube took it down https://www.youtube.com/watch?v=PfbMZJsb1cQ&hd=1
|
|
#
?
Dec 9, 2017 20:28
|
|
|
anthonypants posted:it points to localhost. if you have the blizzard app open https://localbattle.net:22885 in a web browser That cert should get revoked so hard. I'm sure Ryan will have fun https://twitter.com/sleevi_/status/939574006759424006
|
|
#
?
Dec 9, 2017 20:35
|
|
|
perhaps someone should put that cert into crt.sh
|
|
#
?
Dec 9, 2017 20:59
|
|
|
Optimus_Rhyme posted:I was gonna reply to a link to his awesome DEFCON talk but NOOOOOPE youtube took it down youtube suck balllllllllllllls and not in the good way 🤬🤬🤬🤬🤬🤬
|
|
#
?
Dec 9, 2017 21:09
|
|
|
Optimus_Rhyme posted:I was gonna reply to a link to his awesome DEFCON talk but NOOOOOPE youtube took it down pretty sure blizzard DMCA'd it or something.
|
|
#
?
Dec 9, 2017 21:26
|
|
|
Optimus_Rhyme posted:I was gonna reply to a link to his awesome DEFCON talk but NOOOOOPE youtube took it down well a quick search found this link. seems to be the presentation. http://www120.zippyshare.com/v/qq5Tatj5/file.html spankmeister posted:pretty sure blizzard DMCA'd it or something. arenanet because of some GW2 exploit? DMCA abuse sucks, this has nothing to do with copyright.
|
|
#
?
Dec 9, 2017 21:47
|
|
|
spankmeister posted:pretty sure blizzard DMCA'd it or something. Dylan16807 posted:arenanet because of some GW2 exploit? DMCA abuse sucks, this has nothing to do with copyright.
|
|
#
?
Dec 10, 2017 01:08
|
|
|
evil_bunnY posted:it’s mega dumb and abused constantly
|
|
#
?
Dec 10, 2017 01:13
|
|
|
https://twitter.com/mjg59/status/939661304997953536 e: https://twitter.com/mjg59/status/939666525736206336 Mr.Radar fucked around with this message at 02:28 on Dec 10, 2017 |
|
#
?
Dec 10, 2017 02:17
|
|
|
guess who made it to ars https://arstechnica.com/information-technology/2017/12/top-selling-handgun-safe-can-be-remotely-opened-in-seconds-no-pin-needed/
|
|
#
?
Dec 10, 2017 06:51
|
|
|
infernal machines posted:guess who made it to ars why does a gun safe have bluetooth
|
|
#
?
Dec 10, 2017 06:55
|
|
|
i dunno, ask Harik
|
|
#
?
Dec 10, 2017 07:04
|
|
|
quote:In an e-mail, Vaultek officials said the attack demonstrated in the video would be hard to execute. 
|
|
#
?
Dec 10, 2017 17:21
|
|
|
https://twitter.com/kinugawamasato/status/939866903513767936 so glad i hopped over to uMatrix.
|
|
#
?
Dec 10, 2017 17:33
|
|
|
I’m sorely disappointed that vaultek safes don’t have giant impractical cog doors
|
|
#
?
Dec 10, 2017 22:30
|
|
|
i think we've talked about this stupid wifi rock before but i just re-discovered it and still think it's ridiculous so here: https://dojo.bullguard.com/ quote:Dojo constantly studies your home network to enhance and protect at all times. Dojo never sleeps and is always adapting, planning and protecting your network. let the pebble freely move about your house, adapting and plotting quote:Dojo actually learns! It gets to know your devices and finds patterns in their total behavior. Using this intelligence, it then sets up a perimeter that protects your home and makes sure that you are in total control. Nothing gets in or out. they also love the phrase "enterprise-grade security" which is always great as far as i can tell from the instructions you connect it to your network and then it logs into your router by itself and disables DHCP and then starts broadcasting its own, so your devices connect to it first and then it forwards everything through the router
|
|
#
?
Dec 11, 2017 05:32
|
|
|
ate all the Oreos posted:they also love the phrase "enterprise-grade security" which is always great you forgot the part of enterprise-grade security where there's only two groups that have access, one of them is read-only with a symbol-for-char substituted password and the elevated credentials are admin:admin.
|
|
#
?
Dec 11, 2017 05:59
|
|
|
enterprise grade security is just a fancy way of saying "a bunch of post its stuck to your monitor"
|
|
#
?
Dec 11, 2017 06:14
|
|
|
Phone posted:enterprise grade security is just a fancy way of saying "a bunch of post its stuck to your monitor" I am pretty sure that is military spec https://www.google.co.nz/amp/s/nakedsecurity.sophos.com/2012/11/21/prince-william-photos-password/amp/
|
|
#
?
Dec 11, 2017 06:28
|
|
|
|
| # ? May 29, 2024 17:20 |
|
|
spit on my clit posted:https://twitter.com/kinugawamasato/status/939866903513767936 I like umatrix but god help you if you want to play an embedded video and aren't an internationally renowned whackamole competitor
|
|
#
?
Dec 11, 2017 13:22
|
|
