|
Thanks Ants posted:And they've been able to track the jammers by looking at the signature of the interference being generated
|
# ? Aug 3, 2018 15:11 |
|
|
# ? May 25, 2024 14:55 |
|
prisoner of waffles posted:truck driver doesn't like how they get treated when this information is gathered on them and brings a GPS-jammer on their drive Wouldn't it be obvious that the driver was jamming the signal when the company receives no data on their routes? Is the truck driver shortage bad enough that they're not just firing these guys?
|
# ? Aug 3, 2018 17:49 |
|
Inept posted:Wouldn't it be obvious that the driver was jamming the signal when the company receives no data on their routes? Is the truck driver shortage bad enough that they're not just firing these guys?
|
# ? Aug 3, 2018 18:02 |
|
anthonypants posted:Not sure why you'd immediately jump to firing the guy making minimum wage when it's way easier to prove a cheap tracking device doesn't work in every condition also if the cargo still gets there in an acceptable timeframe isn't that good enough for you? *goes back to his cab, takes speed, drives for another 36 hours straight*
|
# ? Aug 3, 2018 18:18 |
|
wyoak posted:I just ran into an issue where some of our partners were pulling the incorrect IPv4 addresses for their payment processor (CES / FirstData). Interesting follow up to this post from last month: https://dyn.com/blog/bgp-dns-hijacks-target-payment-systems/
|
# ? Aug 3, 2018 23:07 |
|
Heads up, two Linux kernel CVEs are about to drop, in the networking stack
|
# ? Aug 3, 2018 23:19 |
|
hackbunny posted:Heads up, two Linux kernel CVEs are about to drop, in the networking stack Rce or dos?
|
# ? Aug 3, 2018 23:21 |
|
PCjr sidecar posted:Rce or dos? No idea, they're embargoed and people are very tight-lipped about it. The rumored codenames for both include the word "smack", for what it's worth
|
# ? Aug 3, 2018 23:26 |
|
hackbunny posted:No idea, they're embargoed and people are very tight-lipped about it. The rumored codenames for both include the word "smack", for what it's worth Oh, they have codenames now?
|
# ? Aug 4, 2018 01:49 |
|
Volguus posted:Oh, they have codenames now? Cant go public without codenames
|
# ? Aug 4, 2018 03:11 |
|
Thanks Ants posted:Does it still not work on IPv6 networks? No idea. We're gonna roll it out though, because our security department is a bunch of creeps :\
|
# ? Aug 4, 2018 03:43 |
|
apseudonym posted:Cant go public without codenames Especially in August.
|
# ? Aug 4, 2018 04:59 |
Endless September.
|
|
# ? Aug 4, 2018 11:04 |
|
D. Ebdrup posted:Endless September. https://twitter.com/hashcat/status/1025786562666213377
|
# ? Aug 4, 2018 21:39 |
|
|
# ? Aug 4, 2018 22:08 |
|
D. Ebdrup posted:Endless September.
|
# ? Aug 4, 2018 22:15 |
|
SegmentSmack and FragmentSmack?
|
# ? Aug 5, 2018 06:53 |
|
What a bunch of losers: https://twitter.com/blackroomsec/status/1026116256343224321
|
# ? Aug 5, 2018 15:55 |
|
Sore losers, at that
|
# ? Aug 5, 2018 16:31 |
|
hackbunny posted:No idea, they're embargoed and people are very tight-lipped about it. The rumored codenames for both include the word "smack", for what it's worth It's just DoS, but only takes a few very easily blocked packets.
|
# ? Aug 5, 2018 19:21 |
hackbunny posted:Heads up, two Linux kernel CVEs are about to drop, in the networking stack What were they?
|
|
# ? Aug 6, 2018 14:54 |
|
goddammit, this poo poo was bad enough when it was a figurative security theatre. is every lovely dos vuln gonna come with months of embargo and codenames now?
|
# ? Aug 6, 2018 15:08 |
Truga posted:goddammit, this poo poo was bad enough when it was a figurative security theatre. is every lovely dos vuln gonna come with months of embargo and codenames now? if you're not trending on twitter what even is the point
|
|
# ? Aug 6, 2018 15:17 |
|
Oh my God
|
# ? Aug 6, 2018 15:28 |
|
rafikki posted:if you're not trending on twitter what even is the point https://twitter.com/GNUr000t/status/1025939641206272000
|
# ? Aug 6, 2018 15:47 |
|
anthonypants posted:Not sure why you'd immediately jump to firing the guy making minimum wage when it's way easier to prove a cheap tracking device doesn't work in every condition Truck drivers make a lot more than minimum wage.
|
# ? Aug 6, 2018 15:48 |
|
Jose Valasquez posted:Truck drivers make a lot more than minimum wage. Better fire them then, good point!
|
# ? Aug 6, 2018 16:42 |
|
Potato Salad posted:Oh my God I'm not sure how practical this is for attacking a specific, suitably complex PSK. The example uses a lowercase alpha mask for 7 characters which makes it fairly trivial to brute a PSK made with those constraints, as it was for this POC. It's still an impressive discovery, and just adds urgency to WPA3 being ratified. Also, any company using PSK for wireless and not EAP-TLS deserves everything that happens to it. For personal home WLANs, just keep it complex 32 character alpha/num/special and let your neighbor's lower hanging fruit get plucked.
|
# ? Aug 6, 2018 17:05 |
|
hackbunny posted:Heads up, two Linux kernel CVEs are about to drop, in the networking stack The first one, CVE-2018-5390, is out. It's just a DoS and I assume CVE-2018-5391 will be, too
|
# ? Aug 6, 2018 20:52 |
|
Proteus Jones posted:I'm not sure how practical this is for attacking a specific, suitably complex PSK. The example uses a lowercase alpha mask for 7 characters which makes it fairly trivial to brute a PSK made with those constraints, as it was for this POC. It's still an impressive discovery, and just adds urgency to WPA3 being ratified. i thought WPA3 was ratified in June. It's just not coming to devices until January, or whenever Qualcomm builds new chips to support it
|
# ? Aug 6, 2018 20:58 |
|
Judge Schnoopy posted:i thought WPA3 was ratified in June.
|
# ? Aug 6, 2018 21:15 |
|
hackbunny posted:The first one, CVE-2018-5390, is out. It's just a DoS and I assume CVE-2018-5391 will be, too FreeBSD is affected too, reported by the same researcher
|
# ? Aug 6, 2018 22:38 |
|
Judge Schnoopy posted:i thought WPA3 was ratified in June. Whoops, got things mixed up. WiFi alliance announced WPA3 at the end of June (probably late 2018 to see it). I was thinking of 802.1ax which is supposed to be ratified and added to the 802.11-2016 standard (or a new 802.11-2019 created to supersede) Proteus Jones fucked around with this message at 23:46 on Aug 6, 2018 |
# ? Aug 6, 2018 23:38 |
|
Adult fanficcers beware: https://twitter.com/kinoshitajona/status/1026642415224942592 More seriously (?), has anyone been following the Bitfi saga? They keep denying that they've been hacked, and are now threatening security researchers. https://twitter.com/matthew_d_green/status/1026432597856006145
|
# ? Aug 7, 2018 04:24 |
|
https://twitter.com/kennwhite/status/1025401519481470982 is the best thing in infosec this year i will fite u
|
# ? Aug 7, 2018 11:42 |
|
evil_bunnY posted:https://twitter.com/kennwhite/status/1025401519481470982 Getting root to the device is not the same thing as getting access to the coins stored on it. The "hackers" shifted the goalposts pretty hard.
|
# ? Aug 7, 2018 18:18 |
|
AlternateAccount posted:Getting root to the device is not the same thing as getting access to the coins stored on it. The "hackers" shifted the goalposts pretty hard. anthonypants fucked around with this message at 18:31 on Aug 7, 2018 |
# ? Aug 7, 2018 18:29 |
|
anthonypants posted:You don't think it's possible for a rooted device, which can execute enough code to play a video, cannot execute code to transfer buttcoins to an attacker's address? Didn't McAfee shift the goalposts later to claim that his "unhackable" claim didn't include hacking by security professionals? No passphrase/hash or actual data is stored on the device. Even if a rooted one can actually connect to the bitfi dashboard, without the passphrase that cannot be extracted from the device, it's functionally useless. They've basically abandoned storing anything sensitive on the device, instead everything's either in your brain or in the blockchain itself. That's how I read it anyway.
|
# ? Aug 7, 2018 18:42 |
|
AlternateAccount posted:No passphrase/hash or actual data is stored on the device. Even if a rooted one can actually connect to the bitfi dashboard, without the passphrase that cannot be extracted from the device, it's functionally useless. They've basically abandoned storing anything sensitive on the device, instead everything's either in your brain or in the blockchain itself. That's how I read it anyway. what do you think you could do with a rooted device the next time the user enters their passphrase to access their butts
|
# ? Aug 7, 2018 18:47 |
|
|
# ? May 25, 2024 14:55 |
|
wait, so this is basically single factor auth? does the bifti device itself hold no purpose? lol
|
# ? Aug 7, 2018 18:52 |