|
Didn't see it in the past few pages, but have we discussed this yet? https://www.popsci.com/vpnfile-malware-reboot-router FBI is saying that VPNFilter has 3 stages, and rebooting your router kills the 3rd stage, but considering it doesn't claim to do anything for the 1st and 2nd stage infection....this suggestion doesn't really do anything? The article on VPNFilter specifically states it persists of the router is rebooted (because of course it does) https://en.wikipedia.org/wiki/VPNFilter
|
#
?
Jun 1, 2018 14:55
|
|
|
|
| # ? May 19, 2024 21:10 |
|
|
Space Gopher posted:I'm guessing that there's some level of two-person-rule code review in the merge to master, too. There isn’t. master doesn’t work like that.
|
|
#
?
Jun 1, 2018 15:34
|
|
|
IIRC A factory reset kills the runtime, and after they seized the c2 domain the bootlader can’t grab the runtime and fails silently to normal operation. The problem is of course that none of these POS devices have any kind of security updates process, so they’re effectively just waiting for the next exploit to come along.
|
|
#
?
Jun 1, 2018 15:34
|
|
|
evil_bunnY posted:IIRC A factory reset kills the runtime, and after they seized the c2 domain the bootlader can’t grab the runtime and fails silently to normal operation. The problem is of course that none of these POS devices have any kind of security updates process, so they’re effectively just waiting for the next exploit to come along. From what I'm reading, Stage II is the actual malware and for me would be the largest issue, because its active after every reboot and can receive instruction and actually carry out tasks. According to what I'm reading, Stage III is just optional modules that can be installed. So unless you actually do get a full firmware update, its persistent.
|
|
#
?
Jun 1, 2018 15:43
|
|
|
CommieGIR posted:From what I'm reading, Stage II is the actual malware and for me would be the largest issue, because its active after every reboot and can receive instruction and actually carry out tasks. According to what I'm reading, Stage III is just optional modules that can be installed. Where's it going to receive commands from?
|
|
#
?
Jun 1, 2018 15:45
|
|
|
Jabor posted:Where's it going to receive commands from? If the infection persists, someone will figure out how to send commands to them, abandoned or not. Seems like a hard reset will wipe out stage 1, but also depends upon the default credentials being changed.
|
|
#
?
Jun 1, 2018 15:46
|
|
|
BGP is always is a state of overhaul. There's Resource PKI to associate AS numbers with IP blocks issued run by ARIN and the other regional Internet registries which is useful along with BGP SIDR to prevent ASes announcing blocks they don't own from being believed, but that depends on both the correct source and the intermediate routers using SIDR. And it also doesn't prevent a malicious actor from faking the right ASN and saying they have the best path to that ASN and getting the traffic that way. BGPsec might help with that problem but is at the IETF draft stage. And almost nobody runs either because there aren't many benefits to being the first to implement it and because when there's a BGP issue it's usually pretty easy to spot and point at the bad actor who is usually just someone who typo'ed something. fordan fucked around with this message at 16:07 on Jun 1, 2018 |
|
#
?
Jun 1, 2018 16:04
|
|
|
https://forums.flightsimlabs.com/index.php?/topic/17444-flight-sim-labs-statement-on-cmdhost/ posted:Over the past few hours we have become aware of rumours circulating on social media about the cmdhost file installed by the A320-X and wanted to clear up any confusion or misunderstanding.
|
|
#
?
Jun 1, 2018 17:11
|
|
|
What, is FSLabs past time to just do really, really sketchy things to protect their products? Because that's sketchy as hell. I cannot recall the last thing they did, but I know it pissed off a lot of their customer base. E: Oh yeah, it scraped your Chrome passwords if activated improperly.
|
|
#
?
Jun 1, 2018 17:41
|
|
|
They certainly learnt their lesson of course... https://www.reddit.com/r/flightsim/comments/8nlrn6/another_fsl_scandal_debunked/ quote:Although this thread has been approved, I would like to point out a few things: The whole thread is just full of sock-puppetry.
|
|
#
?
Jun 1, 2018 17:46
|
|
|
C.M. Kruger posted:FSLabs is now threatening to sue reddit because they got caught doing shady poo poo again. 
|
|
#
?
Jun 2, 2018 22:47
|
|
|
That’s directly to Reddit? I bet they have a network share full of empty legal threats to laugh at.
|
|
#
?
Jun 2, 2018 23:12
|
|
|
https://twitter.com/Reuters/status/1003611450240356352
|
|
#
?
Jun 4, 2018 13:18
|
|
|
Facebook refutes all accusations that it was doing what it was accused of. In the same breath, "[Facebook] also said that these cases were "very different" from the use of data by third party developers in the Cambridge row." You see the thing you said we're doing, which we're not btw, is different than the other things we did that now we truly understand we shouldn't have, but IF we were doing what you said it's not the same because *looks at inside of hand* ... *looks at reporter* ... *gulp*"
|
|
#
?
Jun 4, 2018 18:10
|
|
|
This is the NYT article referenced by the Reuters article that was linked to by that tweet if you want to read more about it: https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html
|
|
#
?
Jun 4, 2018 18:40
|
|
|
Can we talk boring rear end USB Device Control Policy for a bit? I'm curious as to what y'all are using to encrypt removable USB devices. I'm looking for an easy, cross platform, and preferably free way to device encrypt USB Drives that are handed out to end users for temporary use. My company is by majority Windows but we do have ~100 OSX devices in circulation which makes using Bitlocker an issue. I know there are solutions out on Github for OSX and Bitlocker but lets be honest, there's no way your standard end user is going to take the time to figure that solution out. e: I'm thinking Veracrypt is probably the solution to use, any other ideas? Diametunim fucked around with this message at 19:51 on Jun 4, 2018 |
|
#
?
Jun 4, 2018 19:40
|
|
|
Diametunim posted:Can we talk boring rear end USB Device Control Policy for a bit? I'm curious as to what y'all are using to encrypt removable USB devices. I'm looking for an easy, cross platform, and preferably free way to device encrypt USB Drives that are handed out to end users for temporary use. My company is by majority Windows but we do have ~100 OSX devices in circulation which makes using Bitlocker an issue. I know there are solutions out on Github for OSX and Bitlocker but lets be honest, there's no way your standard end user is going to take the time to figure that solution out. https://www.kingston.com/us/usb/encrypted_security Use one of those. Some of the models support central management, but I've never used it before. Even without the central management, any of those drives will come with the software necessary for the end-user to encrypt and decrypt the drive, and is mult-platform.
|
|
#
?
Jun 4, 2018 19:52
|
|
|
If you're mostly Windows, I'd still look real close at BitLocker since you can manage the behavior through GPO and then use 3rd party software to handle mounting on OSX: https://www.m3datarecovery.com/mac-bitlocker/ Alternatively, you could buy self-encrypting USB hardware and then use device restriction policies through the OSX or AV to require people to use those as their mass storage devices and stop stuff from mounting.
|
|
#
?
Jun 4, 2018 20:02
|
|
|
astral posted:This is the NYT article referenced by the Reuters article that was linked to by that tweet if you want to read more about it: "The [Facebook] officials added that they knew of no cases where the information had been misused." Lol 'they didn't even abuse the privilege we gave them wtf are you whining about'
|
|
#
?
Jun 4, 2018 20:27
|
|
|
Somewhat esoteric question here, but is there a good read on why it's okay to lose the diffusion property of block ciphers by running them in xor stream mode? I suspect it's along the lines of "there are so many ways to fuckup final block padding that it's overall safer" but that's just guessing. fwiw I just use TLS when possible and NACL *_box otherwise.
|
|
#
?
Jun 5, 2018 13:55
|
|
|
Email opening question: Gmail caches all image links in incoming messages. My understanding is that this prevents marketers (COUGHspammersCOUGH) from determining if a user has opened their message. Is there any other way for someone to determine if an e-mail was opened if sent to a Gmail address besides a user interacting with the message (clicking on links)? I was reading some comments by marketers (COUGHspammersCOUGH) that there were other ways to determine that an e-mail was both delivered and opened.
|
|
#
?
Jun 5, 2018 17:11
|
|
|
Harik posted:Somewhat esoteric question here, but is there a good read on why it's okay to lose the diffusion property of block ciphers by running them in xor stream mode? Diffusion is important in several common modes of creating a stream cipher from a block cipher. For example CTR mode would not generate a random stream if the block cipher did not have the diffusion property.
|
|
#
?
Jun 6, 2018 02:17
|
|
|
ozymandOS posted:Diffusion is important in several common modes of creating a stream cipher from a block cipher. For example CTR mode would not generate a random stream if the block cipher did not have the diffusion property. That doesn't answer my question of why it's ok to lose the diffusion of plaintext bits.
|
|
#
?
Jun 6, 2018 03:56
|
|
|
I applied for a position called "Digital Forensics Engineer Intern" recently (I'm still in college) at a government agency. If you guys had to guess, how would you interpret that job title? I figure it could encompass on or more of the following things: 1) Recovering information off of physical media 2) Doing post analysis of security breaches 3) Deconstructing malware. I'm studying computer engineering, and I'm into cyber security, so I'm hoping its heavy on the latter 2. Just wondering what you guys thought and looking for some good materials to review on the subjects.
|
|
#
?
Jun 6, 2018 04:16
|
|
|
Intern is what throws the whole thing for a loop. You're at the mercy of the company and how cool they are. My guess is you'll be reading tons of logs and sending filtered data to the actual forensics engineers.
|
|
#
?
Jun 6, 2018 04:24
|
|
|
Even better, you’ll be hooking evidence drives to a read-only connector, pressing a button to make a bit-level copy, and then sealing it in a custody bag with yours and your supervisor’s signatures. Over and over.
|
|
#
?
Jun 6, 2018 04:29
|
|
|
Proteus Jones posted:Even better, you’ll be hooking evidence drives to a read-only connector, pressing a button to make a bit-level copy, and then sealing it in a custody bag with yours and your supervisor’s signatures. Yes, it's this.
|
|
#
?
Jun 6, 2018 05:26
|
|
|
Alternatively, my digital forensics graduates or cadets get to come out on raids and mess about until they get enough experience to go hands-on. However, we aren't pen-testing engineers or log jockeys, we're "client-facing" which means search warrants and the like.
|
|
#
?
Jun 6, 2018 06:16
|
|
|
You won't be handling actual investigation evidence, but you will be tasked with tracking down who deleted evidence of themselves microwaving fish in the break room
|
|
#
?
Jun 6, 2018 13:31
|
|
|
https://www.educateddriver.org/uber-paid-hackers-to-cover-a-data-breach-affecting-millions/quote:Hackers stole personal data for more than 57 million Uber customers and drivers in 2016. This was one of the biggest data breaches that took place in 2016 and it’s likely you never heard about it until now. That’s because Uber responded by paying the hackers $100,000 to keep the breach quiet and to delete the data. Edit: Nvm, old news. didn't look at the date Sefal fucked around with this message at 09:20 on Jun 7, 2018 |
|
#
?
Jun 7, 2018 09:14
|
|
|
Have something a little fresher: Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritagequote:MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users. Why... yes... of course we... "salted" the passwords hashes protecting your extremely personal and identifying genealogical information, as the kids these days say. Oh, our hashing method? Why, it's, uh... mumblemumblemumble... Also, pay no attention to the fact we suddenly care very strongly about implementing 2FA that we definitely were planning to do before this incident!
|
|
#
?
Jun 7, 2018 10:09
|
|
|
Kerning Chameleon posted:Have something a little fresher: Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage I read this post and thought “I should turn on 2FA on my 23andme account.” Turns out they don’t support it either.
|
|
#
?
Jun 7, 2018 19:19
|
|
|
Boris Galerkin posted:I read this post and thought “I should turn on 2FA on my 23andme account.” The willingness for a company to allow for 2FA is equal to their willingness to pay for a support team.
|
|
#
?
Jun 7, 2018 19:24
|
|
|
I’m really considering deleting my data but the insights they give is really cool, as they’re constantly analyzing more genes.
|
|
#
?
Jun 7, 2018 19:28
|
|
|
I'm not sure I'd want to just hand over my DNA to a company along with the details needed to link it back to me, and also pay them for the privilege.
|
|
#
?
Jun 7, 2018 19:35
|
|
|
yeah, it'll be a cold day in hell before I send my DNA to a company just for it to be stolen because they left MySQL open to the world, and they use it to breed an army of strong, huge-dicked criminals to commit crimes that they eventually pin on me due to forensic DNA analysis.
|
|
#
?
Jun 7, 2018 22:21
|
|
|
lmao I laughed too much at that
|
|
#
?
Jun 7, 2018 22:30
|
|
|
Alternatively, I was raised Jewish and there's no way in hell I'm doing anything to make easier for someone to throw me in an oven.
|
|
#
?
Jun 7, 2018 22:52
|
|
|
Maybe they used the DNA sequence as the salt.Internet Explorer posted:Alternatively, I was raised Jewish and there's no way in hell I'm doing anything to make easier for someone to throw me in an oven. I don't think you can tell from their DNA that someone is Jew because religion is not genetic. That's also why you can't tell someone is a Jew just by looking at them (clothing and other cultural signs aside), unlike what people who want to throw them in ovens would have you believe. I therefore suppose you mean Jew as in the ethnic group rather than the religious one (people with no Jewish heritage can convert to that religion is my point). Ironically enough, Middle East Jews share more DNA with Palestinian Arabs than any other neighboring arabs. So I guess you can tell a Jew from their DNA if they stayed in the Middle East all that time (which makes sense since they tend to stay among themselves - this is just a factual observation, and I've traveled to Israel literally dozens of time and have many friends there). The rest of that paper I found is pretty fascinating actually. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1274378/ quote:The investigation of the genetic relationship among three Jewish communities revealed that Kurdish and Sephardic Jews were indistinguishable from one another, whereas both differed slightly, yet significantly, from Ashkenazi Jews. The differences among Ashkenazim may be a result of low-level gene flow from European populations and/or genetic drift during isolation. Admixture between Kurdish Jews and their former Muslim host population in Kurdistan appeared to be negligible. In comparison with data available from other relevant populations in the region, Jews were found to be more closely related to groups in the north of the Fertile Crescent (Kurds, Turks, and Armenians) than to their Arab neighbors. tldr; if they throw you in an oven because of your DNA, at least take comfort in knowing it was just a wild guess.
|
|
#
?
Jun 7, 2018 23:43
|
|
|
|
| # ? May 19, 2024 21:10 |
|
|
Boris Galerkin posted:I read this post and thought “I should turn on 2FA on my 23andme account.” You were done when you gave a private company your DNA.  https://twitter.com/naikrovek/status/1004818722165592066
|
|
#
?
Jun 8, 2018 00:50
|
|