|
they bolted it in to the side of sccm and eset makes a good product so there wasn't much reason to roll their own. I've been pushing to dump SEP for MS defender or Eset and it looks like I get both
|
# ? Dec 28, 2017 21:48 |
|
|
# ? May 17, 2024 07:32 |
|
https://fahrplan.top/congress/2017/Fahrplan/events/9070.html was a fun trip into the financial system being completely terrible and unaccountable in edge cases. you too can be denied a bank account due to someone posting about you on stormfront!
|
# ? Dec 29, 2017 06:09 |
|
the lisp weenies are right in that programs are data but they are also right in the converse direction, meaning data is programs "oh, let's expand the scope of our program by 100x for hilariously marginal reasons" - said no sane dev team ever (but plenty nonsane ones) "oh, let's expand the scope of our data collection by 100x for hilariously marginal reasons" - say lots of dev teams, even ostensibly sane ones
|
# ? Dec 29, 2017 12:44 |
|
anatoliy pltkrvkay posted:https://fahrplan.top/congress/2017/Fahrplan/events/9070.html was a fun trip into the financial system being completely terrible and unaccountable in edge cases. you too can be denied a bank account due to someone posting about you on stormfront! https://www.youtube.com/watch?v=iaYxJlchiE8&hd=1
|
# ? Dec 29, 2017 22:13 |
|
reminder that i don't have a monopoly on talking about 34c3, if you watch a talk then talk about its pros/cons and feel free to disagree with me large chunk from day 1 of 34c3, i may have low barred that 50 figure if this is a trend: Forensic Architecture by Eyal Weizman (43:34) - tech issues turn this into an improv presentation where the presenter works off of his website. good talk that goes into visually reconstructing bombings in conflict zones and representing conflicting narratives in kidnappings. q&a is great and full of actually good questions Demystifying Network Cards by Paul Emmerich (31:29) - good fast dense talk focused on optimising networking performance mainly aimed at driver development. only a brief mention of security where the presenter hopes dropping priviledges is perfect, but not the main point of the talk. light q&a eMMC hacking, or: how I fixed long-dead Galaxy S3 phones by oranav (56:07) - good technical talk starting from reversing patches, abusing backdoors to dump firmware then finally patching. no hardware mods necesary. worth a watch. q&a has some nice gems Uncovering British spies’ web of sockpuppet social media personas by Mustafa Al-Bassam (31:31) - alt names: "my first day on irc", "the day i learned what sigint actually does", pretty naive analysis throughout. only thing of value was gchq being lazy with timing tweets (mon-fri 9-5 gmt). other than that just a rehash of leaks and the presenter going "well this would be a good place to research, right??". q&a also useless given the source is of questionable value for opsec advice given the indictment Squeezing a key through a carry bit by Sean Devlin, Filippo Valsorda (50:02) - alt name: "not obviously exploitable", leveraging a rare carry bug (~2^32) to full key recovery. crash course on ecc then p straightforward crypto talk on the bug itself then optimising it to a feasible attack. no real q&a though Unleash your smart-home devices: Vacuum Cleaning Robot Hacking by Dennis Giese and DanielAW (31:15) - audio troubles for 5m. focuses on xiaomi devices. homebrewing presentation that talks around the rooting aspect but does a good job with what they have to work with. q&a is good. alright watch to see what's stored on the device and functionality available to the manufacturer How risky is the software you use? by Tim Carstens and Parker Thompson (58:50) - alt name: "producing a consumer-friendly security advisory notice at-scale". pretty bad talk that's more about imposing archaic guidelines post-release than improving the dev process. For all the talk comparing to EPCs the speaker's against giving risk-based advice on improving score, but prefers an adversarial approach to improving standards. Speaker hopes a bayesian stats approach will lead to devs implementing secure practices, not just getting enough boxes ticked for implementing x irrelevant feature. Even dumber is this approach leads to score dilution where thousands of irrelevant secure programs are loaded on with manufacturer's own dumb program to make the overall product look better. their analytic pipeline could do with angr rather than remaking the wheel for the nth time (it's almost as if it's the same problem field...). i could keep yelling but this is a lot of stats nerds trying to show the grant money was spent well. bad sales pitch disguised as a talk. q&a is good as the speaker accidentally tears down their own talk, then misunderstands threat models BBSs and early Internet access in the 1990ies by LaForge (61:41) - a good nostalgia talk, extremely brave speaker for giving a live demo to look at random unvetted bbs images. worth watching. q&a is mostly worthless though Science is broken by hanno (30:45) - alright talk, doesn't add much if you're familiar with different scientific field study practices though. mostly poking at generic iteration flaws and publication bias. q&a is good Tightening the Net in Iran by Mahsa Alimardani (47:47) - a very strange start to a talk. takes a bit to get going but a good overview of how iran are going about limiting internet access in the country. speaker is defensive of telegram (takes the common stance of "it's popular so let's fix it rather than saying use signal/tor"), bit of an odd choice for a privacy standpoint. good watch though, if oddly ignorant of telegram's issues. q&a is alright but mistakes a single person as a perfect source of info for a country 1-day exploit development for Cisco IOS by Artem Kondratenko (45:36) - good talk on rebuilding a snmp buffer overflow vuln into a reliable rce. spends a lot of time on refinding rop chains though. if you want to know more about exploiting cisco generically i'd read through this. Inside Intel Management Engine by Maxim Goryachy (51:46) - an unfortunately rough talk as the speaker isn't that confident. great on the technical aspects though so worth watching. q&a try to salvage the talk iOS kernel exploitation archaeology by argp (54:56) - focuses on reverse engineering a kernel exploit from a late 2013 jailbreak to figure out the exploit techniques. alright talk but it meanders a lot and ultimately turns into how the speaker reimplemented the exploit than how it was originally designed. Lets break modern binary code obfuscation by Tim Blazytko and Moritz Contag (60:02) - two parts: first treads a lot of ground on common commercial obfuscation methods before focusing on vm approaches and common hardening techniques. second dives into probabilistically modeling functions to work around the obfuscation arms race. demo with toolset, p good talk with no real downtime. q&a is alright e: added video lengths Wiggly Wayne DDS fucked around with this message at 11:58 on Dec 30, 2017 |
# ? Dec 30, 2017 01:45 |
|
quoting this to watch later, thanks!
|
# ? Dec 30, 2017 04:02 |
|
thanks for doing these again
|
# ? Dec 30, 2017 04:09 |
|
A selection of cool things so far: https://fahrplan.top/congress/2017/Fahrplan/events/9278.html - Ecstasy 10x yellow Twitter 120mg Mdma MDMA is legal if you buy it in small quantities for an art project! Also some physical glitch art and script injection into fun places https://fahrplan.top/congress/2017/Fahrplan/events/9070.html - Financial surveillance Thomson Reuters pays people to do mindless data entry jobs where they review questionable sources (apparently Stormfront is a valid source of information!), compile dossiers from them, and sell them to banks at considerable markup to prevent money laundering and terrorist acts by middle-aged peaceful protestors in pink sweatshirts https://fahrplan.top/congress/2017/Fahrplan/events/9288.html - Deconstructing a Socialist Lawnmower Introducing iMower. Made in Leipzig. Designed by Apple in the German Democratic Republic.
|
# ? Dec 30, 2017 04:23 |
|
yesterday i watched (stealin' wiggly's format): dprk consumer technology by Will Scot and Gabe Ewards - the latest in the series of looking at the dprk's fairly robust computer science and personal electronics sectors; high level talk about what's available and what it looks like (it's android). super breezy and definitely worth a watch if only to have another view into the dprk that isn't through the lens of the american propaganda arm. bgp and the rule of custom by Caleb James Delisle - if you don't know what bgp is or how the internet's hierarchy is structured, it's not bad? totally worth skipping; the highlight was in the q&a session where some swede pulled a "well actually" and the moderator was like "do you have a question?"
|
# ? Dec 30, 2017 04:33 |
|
Wiggly Wayne DDS posted:reminder that i don't have a monopoly on talking about 34c3, if you watch a talk then talk about its pros/cons and feel free to disagree with me anatoliy pltkrvkay posted:A selection of cool things so far: Phone posted:yesterday i watched (stealin' wiggly's format):
|
# ? Dec 30, 2017 05:15 |
|
impending security fuckup: i setup HPKP on my webserver ages ago for a laugh and i now want to get rid of it. is the best way to change max-age to zero, give it about a week and then remove the Public-Key-Pins header altogether? also thanks for all the 34c3 recommendations ya'll
|
# ? Dec 30, 2017 06:42 |
|
so did ccc fix their rape problem yet, or
|
# ? Dec 30, 2017 07:07 |
|
if only it were the ccc's problem to fix
|
# ? Dec 30, 2017 07:33 |
|
Lutha Mahtin posted:so did ccc fix their rape problem yet, or Are they still hosting/supporting Appelbaum? I don't know why that guy still gets the amount of support he gets
|
# ? Dec 30, 2017 08:35 |
|
apseudonym posted:Are they still hosting/supporting Appelbaum? maybe he has dirt. I could see him going “why am I excluded when...” [insert list of rapists here]
|
# ? Dec 30, 2017 08:36 |
|
maskenfreiheit posted:maybe he has dirt. I could see him going “why am I excluded when...” More like ccc, like your gbs posting, doesn't understand any type of sexual assault beyond "pinned them down"
|
# ? Dec 30, 2017 09:39 |
|
anthonypants posted:if only it were the ccc's problem to fix wait, the same CCC who built mount hood's lodge? (I keed, I keed)
|
# ? Dec 30, 2017 09:40 |
|
who would post in gbs lol
|
# ? Dec 30, 2017 09:46 |
|
i think appelbaum is still banned from ccc and many other projects current issue stems from a physical assault last year and ccc's lack of reaction to it. the alleged attacker is not banned and even has a talk and ccc have just shrugged it off or refused to comment
|
# ? Dec 30, 2017 09:59 |
|
cheese-cube posted:who would post in gbs lol Masken’s the prime poster in the r/relationships mock thread.
|
# ? Dec 30, 2017 13:01 |
|
gross
|
# ? Dec 30, 2017 13:23 |
|
Avenging_Mikon posted:Masken’s the prime poster in the r/relationships mock thread. >_>
|
# ? Dec 30, 2017 15:37 |
|
cis autodrag posted:More like ccc, like your gbs posting, doesn't understand any type of sexual assault beyond "pinned them down" please don’t follow me around and twist things that are supportive into some sort of rape apology the only post i can think of i've made in GBS that would make you salty is when i told you not to question victims: maskenfreiheit posted:Was it this thread or another where I saw you question someone who pointed out Zoe Quinn has been accused of abusing trans folks? I mean, I also posted this: maskenfreiheit posted:i'm not sure i understand how requesting consent and being granted it is rape? But only an idiot or someone with an agenda would twist that into rape apology. As someone who's personally had my own negative JA experience (His behavior was widely known when we crossed paths, but I wasn't a cool enough kid to be warned.), you set off a poo poo load of red flags when you make a big show of how social-justicey you are as a way to bully people you don't like. maskenfreiheit fucked around with this message at 15:57 on Dec 30, 2017 |
# ? Dec 30, 2017 15:38 |
|
I know, let’s bring more of that poo poo here to protest that poo poo being brought here loving brilliant
|
# ? Dec 30, 2017 16:06 |
|
as all good security exploits do these days, the Nintendo Switch jailbreak boiled down to “we got the encryption keys by fuzzing the power rails for the chip” https://www.youtube.com/watch?v=AAbtGz8dHKc
|
# ? Dec 30, 2017 17:46 |
|
https://www.youtube.com/watch?v=Q32oL0HN8zk
|
# ? Dec 30, 2017 17:55 |
|
Lol of course masken is a Zoe Quinn obsessed gamer gater. (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Dec 30, 2017 18:10 |
|
good god can we not do this garbage here
|
# ? Dec 30, 2017 18:11 |
|
holy loving poo poo what the gently caressspit on my clit posted:good god can we not do this garbage here
|
# ? Dec 30, 2017 18:14 |
|
mrmcd posted:Lol of course masken is a Zoe Quinn obsessed gamer gater.
|
# ? Dec 30, 2017 18:18 |
|
Infosec and gamer communities make me grateful the only conferences I have to attend professionally are populated by the kind of people with serious opinions about systemd and gpl variants.
|
# ? Dec 30, 2017 18:20 |
|
spit on my clit posted:good god can we not do this garbage here
|
# ? Dec 30, 2017 18:28 |
|
mrmcd posted:Lol of course masken is a Zoe Quinn obsessed gamer gater. what? no, she's the one who was being harassed at the beginning of that mess. someone mentioned in gbs she'd apparently said some transphobic stuff and cis was pretty dismissive. white feminists saying mean stuff about trans folks is a really common thing, and i'm really not going to tolerate someone bullying and harassing me as a "gamergater" for going "hm well maybe we shouldn't silence a trans person?" https://twitter.com/dril/status/134787490526658561
|
# ? Dec 30, 2017 18:30 |
|
shut UUUUUUUUUP
|
# ? Dec 30, 2017 18:32 |
|
spit on my clit posted:shut UUUUUUUUUP fine, but it's HILARIOUS that calling out cis for silencing victims, pointing out I'm ONE OF JAS loving VICTIMS and providing multiple citations to prove that's why he's flaming me = LOL MASK IS A GAMERGATER bleep bloop let's just go back to discussing puters https://twitter.com/briankrebs/status/946796246165008386
|
# ? Dec 30, 2017 18:37 |
|
i;m the idea it's manslaughter if you call the police and they shoot someone, but not manslaughter if you are the police who shoot someone
|
# ? Dec 30, 2017 18:38 |
|
just leave it at this, don't keep talking. i dont want to hear it in this thread, this is not the thread for it
|
# ? Dec 30, 2017 18:50 |
|
maskenfreiheit posted:i;m the idea it's manslaughter if you call the police and they shoot someone, but not manslaughter if you are the police who shoot someone
|
# ? Dec 30, 2017 19:32 |
|
In a security fuckup far below the scope usually covered in this entertaining and engaging thread, the apartment building I have burrowed into the basement of is using those lil wifi nannycam deals as a "security system" and all of them are viewable to anyone on the building wifi. I stream one of the outdoor cams to a tv in my corner of the basement so it feels like I have a window. Also their routers all still use default logins so I prioritized my poo poo. I'm a coolguy hacker now right? Like Mr. Robot?
|
# ? Dec 30, 2017 20:04 |
|
|
# ? May 17, 2024 07:32 |
|
420 SWAGLORD posted:In a security fuckup far below the scope usually covered in this entertaining and engaging thread, the apartment building I have burrowed into the basement of is using those lil wifi nannycam deals as a "security system" and all of them are viewable to anyone on the building wifi. I stream one of the outdoor cams to a tv in my corner of the basement so it feels like I have a window. Also their routers all still use default logins so I prioritized my poo poo. I'm a coolguy hacker now right? Like Mr. Robot? somewhat related, a hotel i stayed at in southeast asia had a camera at the front desk that was wired to channel 1 on tv so you could approve people coming to visit when the desk called up. it was fun to leave it on friday and saturday nights to see how many and what kinds of prostitutes were ordered in by guests.
|
# ? Dec 30, 2017 20:11 |