|
NEED MORE MILK posted:Just use your internal CA and AD to deploy an internal root w/ GPO this might work if it was just us. but this needs to work with the computers in both the customer's organization and in our organization. poo poo's hosed
|
#
?
Feb 15, 2018 17:11
|
|
|
|
| # ? Jun 8, 2024 04:35 |
|
|
spankmeister posted:Windows only very recently took font rendering out of the kernel sooo. therefore ios still having a font rendering bug is good, actually
|
|
#
?
Feb 15, 2018 17:12
|
|
|
one of my banks just sent me an unsolicited e-mail with the subject "your temporary password". i clicked on it thinking that someone was trying to reset my bank password, but nope, it's worse that that:  do i even need to count the ways this is bad? (yes, they included the password in the text of the e-mail)
|
|
#
?
Feb 15, 2018 17:25
|
|
|
Mr.Radar posted:one of my banks just sent me an unsolicited e-mail with the subject "your temporary password". i clicked on it thinking that someone was trying to reset my bank password, but nope, it's worse that that: Get a new bank.
|
|
#
?
Feb 15, 2018 17:26
|
|
|
Why does anyone bother with 2-factor when we've already created the perfect and most secure authentication scheme possible, social security?
|
|
#
?
Feb 15, 2018 17:38
|
|
|
Is this one of those "You can get code exec if you have code exec!" bugs?
|
|
#
?
Feb 15, 2018 17:46
|
|
|
spankmeister posted:Is this one of those "You can get code exec if you have code exec!" bugs? If you mean that banking password email, they just emailed in plain text a password, which is bad. And they explicitly stated the schema for generating these passwords, which is worse. And it's generated from information which is not excessively difficult to get, which is terrible. Now how difficult is it to get the user names?
|
|
#
?
Feb 15, 2018 18:01
|
|
|
No I'm sorry but I was talking about the apple screenshot thing
|
|
#
?
Feb 15, 2018 18:04
|
|
|
spankmeister posted:No I'm sorry but I was talking about the apple screenshot thing Oh. Yeah, for me the big issue is I never considered that the default screenshot tool would be available to a sandboxed program. So I'm like "fuuuuuuck, what else did I not think about?"
|
|
#
?
Feb 15, 2018 18:08
|
|
|
Avenging_Mikon posted:If you mean that banking password email, they just emailed in plain text a password, which is bad. And they explicitly stated the schema for generating these passwords, which is worse. And it's generated from information which is not excessively difficult to get, which is terrible. don't forget that you won't even be able to change your "password" until their new site launches in more than a week. better hope nobody logs in with your username before you do edit: could someone tweet my screenshot to @associatedbank with a scolding message? i'd do it myself but my twitter profile contains my irl name which is obv problematic in this context Mr.Radar fucked around with this message at 18:20 on Feb 15, 2018 |
|
#
?
Feb 15, 2018 18:11
|
|
|
Heads up, there's a problematic OpenType ligature that triggers a heap buffer overrun in CoreText's OpenType layout engine, crashing... well, pretty much any macOS or iOS application that shows text. I found a workaround for macOS but it's a little involved:
|
|
#
?
Feb 15, 2018 18:23
|
|
|
oh, look what happened again at some point amazon is going to have to start forcing credentialed access to s3 storage buckets just to prevent idiots from stepping on their own dicks
|
|
#
?
Feb 15, 2018 18:24
|
|
|
hackbunny posted:Heads up, there's a problematic OpenType ligature that triggers a heap buffer overrun in CoreText's OpenType layout engine, crashing... well, pretty much any macOS or iOS application that shows text. I found a workaround for macOS but it's a little involved: Solution for phones: cry
|
|
#
?
Feb 15, 2018 19:37
|
|
|
ChubbyThePhat posted:Solution for phones: cry Backup often, stay in airplane mode as much as possible, wait patiently for patch ¯\_(ツ)_/¯ Depending on how hard you're hit, you may have to nuke the device to stop the crash-reboot-crash loop. This is where frequent backups come in e: VVV I heard that too hackbunny fucked around with this message at 19:44 on Feb 15, 2018 |
|
#
?
Feb 15, 2018 19:42
|
|
|
ios beta fixes it
|
|
#
?
Feb 15, 2018 19:42
|
|
|
hackbunny posted:Heads up, there's a problematic OpenType ligature that triggers a heap buffer overrun in CoreText's OpenType layout engine, crashing... well, pretty much any macOS or iOS application that shows text. I found a workaround for macOS but it's a little involved: ehh is turning off SIP such a good idea? i mean if you get a file with the character in it, you can delete the file without opening it once youve recovered from your crash right? so far this doesnt give RCE or anything does it?
|
|
#
?
Feb 15, 2018 19:46
|
|
|
Daman posted:ios beta fixes it yeah, by the timing the exploit was most likely derived from the fix delivered in the beta lends some hope that apple has finally gotten around to properly fuzzing this, surely eminently fuzzable, bit of code
|
|
#
?
Feb 15, 2018 19:46
|
|
|
Krankenstyle posted:ehh is turning off SIP such a good idea?
|
|
#
?
Feb 15, 2018 19:48
|
|
|
Krankenstyle posted:ehh is turning off SIP such a good idea? sip protects against abuse of root/sudo permission, turning it off doesn't turn off all the other layers of defense also as above you are instructed to immediately turn it back on e: "just delete the file after" may not work because the file may be examined by background services at any moment. this is why it can ruin an iphone, the string ends up somewhere that's automatically processed with no chance to avert it
|
|
#
?
Feb 15, 2018 19:52
|
|
|
and you cant delete the file in recovery mode?? i just dont see the point i guess
|
|
#
?
Feb 15, 2018 20:04
|
|
|
Krankenstyle posted:and you cant delete the file in recovery mode?? osx works in weird ways for example to keep the OS from eating this one USB device I needed direct access to I had to install a fake kext that claims to require the device and then do nothing with it (literally a config file in a folder with nothing else in it). the only way to do this without disabling all the security stuff is if you have a kext signing certificate, which costs money and you can only get by submitting a very good reason as to why you need it to apple. as far as i can tell you can't just install your own CA cert either. guess i just get to disable signature checking forever now, thanks guys!
|
|
#
?
Feb 15, 2018 20:13
|
|
|
my favourite is "this kext literally prevents the machine from booting", you want to remove it? gently caress you, disable all your security first.
|
|
#
?
Feb 15, 2018 20:15
|
|
|
Krankenstyle posted:ehh is turning off SIP such a good idea? It's not a good idea and that's why you reenable it in the next to last step
|
|
#
?
Feb 15, 2018 20:45
|
|
|
Shaggar posted:sure, but has windows ever had a font vulnerability that bricked your computer? bsod and restart definitely, but not rendering your device unbootable afaik. Not exactly Windows but not entirely not-Windows, and definitely more bricked than just requiring a reload of firmware. I believe the same issue did exist in related versions of desktop Windows, so if web page delivered fonts had been a thing at the time it could have been exploited in a "drive-by" fashion. An attacker wanting to "brick" systems as a result could replace a system font with one triggering the glitch similar to the Xbox exploit and the system would be rendered about equally useless to the average user as an iPhone requiring a DFU reload.
|
|
#
?
Feb 15, 2018 21:25
|
|
|
a fun work in progress: https://www.nccgroup.trust/uk/about...ide-of-the-lab/
|
|
#
?
Feb 15, 2018 23:49
|
|
|
Wheany posted:this might work if it was just us. but this needs to work with the computers in both the customer's organization and in our organization. public ssl certificate for a private hostname was the right answer
|
|
#
?
Feb 16, 2018 00:03
|
|
|
Wiggly Wayne DDS posted:a fun work in progress: https://www.nccgroup.trust/uk/about...ide-of-the-lab/ oh poo poo this owns i really want to see what the output of this would be on our network as my guess is f 'you're hosed', but I think our security team are ignoring me after I reported our own hr system as a phishing risk so I guess I'll never know
|
|
#
?
Feb 16, 2018 00:38
|
|
|
wolrah posted:One of the common "softmod" techniques for the original Xbox was an exploit for a vulnerability in its (Windows 2000 derived) TrueType implementations. Early versions of the exploit could effectively brick the system by causing it to get in to an infinite loop of crashing on boot if the RTC's capacitor ran dry. If you backed up your hard drive lock code you could just restore the original font pretty easily, but if you did not do that you were effectively bricked without a modchip. cool. I remember doing xbox softmods w/ some MechWarrior save exploit or something. it was easy as hell but it had a similar problem where if the clock poo poo the bed you were hosed if you hadn't already unlocked the drive.
|
|
#
?
Feb 16, 2018 01:28
|
|
|
i homebrewed my n3ds and you have to force downgrade it to like 2.something at one point, which is an OS version that came out before the n3ds existed, so there's a big 'if you close the lid during this step it'll brick' warning you also used to be hosed if you didn't have wifi enabled (o3ds has a hardware switch, n3ds doesn't, 2.something doesn't have a wifi toggle and the next step in the process exploits wifi code) but then someone discovered that if you let the battery run out the wifi will be back on when it resets, so that's recoverable vOv fucked around with this message at 01:56 on Feb 16, 2018 |
|
#
?
Feb 16, 2018 01:52
|
|
|
Shaggar posted:cool. I remember doing xbox softmods w/ some MechWarrior save exploit or something. it was easy as hell but it had a similar problem where if the clock poo poo the bed you were hosed if you hadn't already unlocked the drive. yeah iirc you used the corrupt mechassault save to get code execution, then replaced a dashboard font to get persistence
|
|
#
?
Feb 16, 2018 02:03
|
|
|
Homebrew hacks were/are cool as gently caress.
|
|
#
?
Feb 16, 2018 02:36
|
|
|
Wheany posted:this might work if it was just us. but this needs to work with the computers in both the customer's organization and in our organization. im extremely confused. how is this server not accessible to the internet but people both inside and outside of your organization are using it
|
|
#
?
Feb 16, 2018 03:09
|
|
|
Wheany posted:certificate advice needed: we have a web page/app that is accessed by ip address. our customer uses one internal ip address, and we use another ip address through a vpn (we can only access it over vpn). the server is not visible to the internet.
|
|
#
?
Feb 16, 2018 03:11
|
|
|
my talk profile is up (title is wrong but still) https://www.bsidesvancouver.com/cariad-keigher/
|
|
#
?
Feb 16, 2018 03:19
|
|
|
Notorious b.s.d. posted:public ssl certificate for a private hostname was the right answer man, this is gonna suck...
|
|
#
?
Feb 16, 2018 06:53
|
|
|
https://www.bishopfox.com/blog/2018/02/hello-world-introducing-the-bishop-fox-cybersecurity-style-guide/ A style guide for cyberspace, from a cursory skim it actually looks ok.
|
|
#
?
Feb 16, 2018 08:27
|
|
|
Lain Iwakura posted:my talk profile is up (title is wrong but still) lol @ "diversified natural resources company"
|
|
#
?
Feb 16, 2018 08:32
|
|
|
spankmeister posted:https://www.bishopfox.com/blog/2018/02/hello-world-introducing-the-bishop-fox-cybersecurity-style-guide/ it's good quote:AI
|
|
#
?
Feb 16, 2018 08:39
|
|
|
spankmeister posted:lol @ "diversified natural resources company" ellingson mineral corporation
|
|
#
?
Feb 16, 2018 12:38
|
|
|
|
| # ? Jun 8, 2024 04:35 |
|
|
spankmeister posted:https://www.bishopfox.com/blog/2018/02/hello-world-introducing-the-bishop-fox-cybersecurity-style-guide/
|
|
#
?
Feb 16, 2018 15:20
|
|