|
https://twitter.com/arstechnica/status/1060250790860910593 And I'm sure that Snowden endorsement on their (seized) website was totally legit as well.
|
# ? Nov 8, 2018 06:31 |
|
|
# ? Jun 9, 2024 02:45 |
|
Midjack posted:my balls are my passport. verify me. ah yes the TBAG cipher
|
# ? Nov 8, 2018 08:31 |
|
Raere posted:What's this? Invitational event to develop their standards and create test questions. Wiggly Wayne DDS posted:they have standards? Immanentized fucked around with this message at 12:37 on Nov 8, 2018 |
# ? Nov 8, 2018 12:06 |
|
they have standards?
|
# ? Nov 8, 2018 12:30 |
|
Ur Getting Fatter posted:ah yes the TBAG cipher
|
# ? Nov 8, 2018 16:04 |
|
Dumb little security advice thing, but a lot of malware payloads target Mshta.exe because its essentially IE6 with zero javascript restrictions so they can go fuckwild without running afoul of browser restrictions. Remove the execute permissions from it for the users and administrators group, and maybe add in a R+X permissions to an override group that you can control if you're worried about something valid actually using it
|
# ? Nov 8, 2018 16:13 |
|
you should also remove permissions from calc.exe since that seems to be involved in all these exploit write-ups I keep reading
|
# ? Nov 8, 2018 16:15 |
|
shoulda been my name mshta cellophane cause you can log right in me root right through me they'll never know you're there
|
# ? Nov 8, 2018 16:16 |
|
Powered Descent posted:https://twitter.com/arstechnica/status/1060250790860910593 when will people stop using these stupid applications? they get owned over and over again. just use gpg.
|
# ? Nov 8, 2018 17:08 |
|
Powered Descent posted:https://twitter.com/arstechnica/status/1060250790860910593 quote:Key among them: warning messages that notified users when their contacts’ encryption keys had changed were easy to overlook because they were provided in a font much smaller than the rest of the conversation. hi where are you crimesing today conversation ended with mudasir, now detective salman is your internet friend
|
# ? Nov 8, 2018 17:14 |
|
Ur Getting Fatter posted:ah yes the TBAG cipher
|
# ? Nov 8, 2018 17:18 |
|
flakeloaf posted:hi where are you crimesing today hahahaha
|
# ? Nov 8, 2018 17:32 |
|
Luv 2 have unproductive conversations with an Online Pharmacy Service™ where I explain to them that using RC4 by default and supporting 1028-bit DHE is a Bad Idea Stop Stop Please Stop It
|
# ? Nov 8, 2018 17:34 |
|
BangersInMyKnickers posted:Luv 2 have unproductive conversations with an Online Pharmacy Service™ where I explain to them that using RC4 by default and supporting 1028-bit DHE is a Bad Idea Stop Stop Please Stop It um 10 years ago they said this would take a thousand years to crack, we still have 990 years to replace it
|
# ? Nov 8, 2018 17:41 |
|
tbf 1028 is very forward thinking
|
# ? Nov 8, 2018 18:08 |
|
CRIP EATIN BREAD posted:just use gpg.
|
# ? Nov 8, 2018 18:28 |
|
Bhodi posted:when you figure out how to do this, let the rest of the class know What's the challenge, getting your gpg key on the phone? Sharing it with people over the internet?
|
# ? Nov 8, 2018 18:30 |
|
flakeloaf posted:hi where are you crimesing today Beautiful
|
# ? Nov 8, 2018 18:31 |
|
Janitor Prime posted:What's the challenge, getting your gpg key on the phone? Sharing it with people over the internet?
|
# ? Nov 8, 2018 18:32 |
|
i got all set up with gpg and a yubikey a few years ago, got mail signing and optional encryption configured, got all excited about it, then quickly found out that literally nobody in the world cares and never used it a single time. i mean i signed some emails by default for a little while but all that did was confuse my mom. the bridge that lets you use it as an SSH key is useful as hell though and i still use that to this day
|
# ? Nov 8, 2018 18:36 |
|
just use microsoft OME or whatever. i remember being upset in like 2002 after publishing a public key to the MIT key server after having lost the private key and thinking that now all the people who want to send me encrypted email wont ever know which public key to use. literally zero people have ever attempted to send me a pgp encrypted message.
|
# ? Nov 8, 2018 22:11 |
|
Midjack posted:my balls are my passport. verify me. ERROR: Key too small. Identity verified.
|
# ? Nov 8, 2018 22:17 |
|
hacking IoT garbage through the analog sensor inputs https://www.youtube.com/watch?v=d2_lFovD4NA e: skip to 33:30 to jump past the theory stuff to the first computer attacks BangersInMyKnickers fucked around with this message at 23:10 on Nov 8, 2018 |
# ? Nov 8, 2018 22:33 |
|
endlessmonotony posted:ERROR: Key too small. 4chan nazis hate the tbag cipher because it refuses to let them in to their anime drive on dec 1st
|
# ? Nov 8, 2018 23:05 |
|
Bhodi posted:find one other person on earth who uses it, and for extra credit: successfully encrypt and decrypt your emails to them on your phone if you have real life security concerns that absolutely must be encrypted, you have to deal with maybe not reading your email on your phone. otherwise lovely software written by idiots, for idiots, will get cracked and then you're worse off than if you just waited to get to a computer to read a loving email.
|
# ? Nov 8, 2018 23:13 |
|
Shame Boy posted:i got all set up with gpg and a yubikey a few years ago, got mail signing and optional encryption configured, got all excited about it, then quickly found out that literally nobody in the world cares and never used it a single time. i mean i signed some emails by default for a little while but all that did was confuse my mom. yeah i use yubikey for both gpg and ssh and I enforce the policy here that nobody has access to their SSH key outside of a yubikey. the private keys are generated on an airgapped computer, sent to the yubikey, then printed out as a few QR codes and jammed into a safe and a safety deposit box, then the airgapped machine's drive are erased. but i've also sent a decent amount of files/passwords to third parties via gpg so if you can't find people who will use it to send/receive sensitive information to you probably shouldn't be sending them sensitive information.
|
# ? Nov 8, 2018 23:16 |
|
in finest ValuJet style, Comodo is now Sectigo
|
# ? Nov 8, 2018 23:28 |
|
BangersInMyKnickers posted:hacking IoT garbage through the analog sensor inputs the microphone hack makes me want to go on a ghost tour with those loony people that carry those recorders and make a civil war ghost ask if he can suck someone’s dick
|
# ? Nov 8, 2018 23:45 |
|
Ulf posted:please enjoy my sophomore effort, where i've documented tls 1.3 instead of 1.2: https://tls13.ulfheim.net this is very cool ty for sharing e: also added you on the twitter Pile Of Garbage fucked around with this message at 11:12 on Nov 9, 2018 |
# ? Nov 9, 2018 06:00 |
|
CRIP EATIN BREAD posted:the private keys are generated on an airgapped computer, sent to the yubikey, then printed out as a few QR codes and jammed into a safe and a safety deposit box, then the airgapped machine's drive are erased. did you remember to epoxy the ports and then bury the yubikey under a birdbath
|
# ? Nov 9, 2018 10:14 |
|
flakeloaf posted:hi where are you crimesing today rofl
|
# ? Nov 9, 2018 16:59 |
|
Soricidus posted:did you remember to epoxy the ports and then bury the yubikey under a birdbath yubikey stays on my keychain. epoxying ports is dumb but at least i know none of the devs here can accidentally upload their SSH keys anywhere, or have it compromised, unless someone steals the physical yubikey and uncaps it.
|
# ? Nov 9, 2018 17:12 |
|
CRIP EATIN BREAD posted:yubikey stays on my keychain. i just have one of those yubikeys that can sit flush inside the USB port and leave it there, since i'm pretty sure nobody who could steal my laptop would even know what the hell it is so that's not really a risk, but poo poo that breaks into my computer digitally would probably immediately go looking for id_rsa etc.
|
# ? Nov 9, 2018 17:49 |
|
this exposed ethernet is 100% connected to their internal network, isn't it?
|
# ? Nov 9, 2018 18:42 |
|
Shame Boy posted:i just have one of those yubikeys that can sit flush inside the USB port and leave it there, since i'm pretty sure nobody who could steal my laptop would even know what the hell it is so that's not really a risk, but poo poo that breaks into my computer digitally would probably immediately go looking for id_rsa etc. I couldn't stand brushing up against it and having it spit all these characters into my text editor
|
# ? Nov 9, 2018 18:48 |
|
Ur Getting Fatter posted:
Nah it's totally using 802.1x certs and a well-sanitized network See, they cut corners on their physical installation only because they wanted to spend more on netsec Potato Salad fucked around with this message at 18:59 on Nov 9, 2018 |
# ? Nov 9, 2018 18:55 |
|
Shame Boy posted:i got all set up with gpg and a yubikey a few years ago, got mail signing and optional encryption configured, got all excited about it, then quickly found out that literally nobody in the world cares and never used it a single time. i mean i signed some emails by default for a little while but all that did was confuse my mom. I spent 4 days getting GPG + Yubikey working from WSL -- it remains yet to be seen if it was worth it. Janitor Prime posted:I couldn't stand brushing up against it and having it spit all these characters into my text editor You can turn that off.
|
# ? Nov 9, 2018 19:01 |
|
Xarn posted:You can turn that off. I know but I wanted to use it that way, it was just annoying that it would do it randomly even when I wasn't pushing on it.
|
# ? Nov 9, 2018 19:22 |
|
I almost immediately changed the settings on my yubikey to require a 1 second press before typing out random poo poo and can't understand why that isn't the loving default.
|
# ? Nov 9, 2018 20:37 |
|
|
# ? Jun 9, 2024 02:45 |
|
Janitor Prime posted:I couldn't stand brushing up against it and having it spit all these characters into my text editor it just likes you
|
# ? Nov 9, 2018 21:38 |