|
Kith posted:There are very specifically secured/sanitized computers for seeing what's on these sorts of things. Yeah, basically. The fact that it was his computer and not the computer says a lot. Typically if theres a suspicious computer thing you put it on an empty system with nothing important and no internet/network connection. That way if it say... tries to take over the system it takes over a useless empty box instead of something harmful.
|
# ? Apr 9, 2019 01:37 |
|
|
# ? May 28, 2024 15:43 |
Starting with that NSA guy who was fired a couple of years ago for taking his work laptop home with him and getting it owned by the Chinese, I have lately eradicated any and all lingering assumptions that there are competent grown ups in charge of anything.
Data Graham fucked around with this message at 01:48 on Apr 9, 2019 |
|
# ? Apr 9, 2019 01:45 |
|
Data Graham posted:Starting with that NSA guy who was fired a couple of years ago for taking his work laptop home with him and getting it owned by the Chinese, I have lately eradicated any and all lingering assumptions that there are competent grown ups in charge of anything.
|
# ? Apr 9, 2019 02:02 |
|
double nine posted:I'm curious - from an engineering perspective, how do you stop a usb device from autostarting, assuming that at least part of the functionality will be input devices like keyboards and mice? Don't transmit any electricity. Basically it's that scene in the movie where each part takes turns saying "ah, but I knew you knew I knew you knew I knew" hopping you're the last one to know how to not give access to the file structure
|
# ? Apr 9, 2019 02:09 |
|
https://twitter.com/JustinElliott/status/1115582655146463233
|
# ? Apr 9, 2019 16:11 |
|
They've finally done it. The ultimate republican nightmare: A tax on taxes.
|
# ? Apr 9, 2019 16:26 |
|
Capitalism Delenda Est.
|
# ? Apr 9, 2019 16:28 |
|
The article doesn't mention it, but there are already laws or appropriation language that prevents other agencies from making their own apps, simply because it would compete with the private sector. Banning the IRS from making a tax app isn't really new ground.
|
# ? Apr 9, 2019 16:32 |
|
double nine posted:I'm curious - from an engineering perspective, how do you stop a usb device from autostarting, assuming that at least part of the functionality will be input devices like keyboards and mice? Serious reply, you can disable the USB ports on a device level(via bios) or partially via OS(windows and linux let you disable some or all the functionality but hardware-level exploits might go thru). If you don't trust the device-level blocks there are physical USB port blocker like this https://www.amazon.com/Lindy-USB-Port-Blocker-Green/dp/B000I2JWJ0 Autorun can be disabled at os level(which will lock simple software, hardware level exploits are hard to block) and you can enforce signed boot image to avoid autostarting an untrusted bootable usb before the os loads up(locking the usb ports if you or your it team decided so) SlowBloke fucked around with this message at 17:28 on Apr 9, 2019 |
# ? Apr 9, 2019 17:18 |
|
Why not just use a dedicated computer with no network cards, and boot from CD so it can't write anything to the operating system? That way if it does infect something, it's in RAM only and will be wiped on reboot, and it can't even get anywhere.
|
# ? Apr 9, 2019 18:16 |
|
edit: wrong thread
Z. Autobahn fucked around with this message at 18:28 on Apr 9, 2019 |
# ? Apr 9, 2019 18:25 |
|
IUG posted:Why not just use a dedicated computer with no network cards, and boot from CD so it can't write anything to the operating system? That way if it does infect something, it's in RAM only and will be wiped on reboot, and it can't even get anywhere. Modern hardware exploits let you write/rewrite the computer bios/firmware(UEFI for instance gives you much more room for running code compared to the old BIOS systems) so a boot from cd is not a 100% sure strategy against a properly equipped state actor. The best way to be sure that you are not keeping a bugged bios/firmware in your testing stable is having a stack of "disposable" one-time use computers to use for forensics on unknown devices and then thrash the computer after use. Wasteful i know. If you don't mind using alternative architectures than the one the USB stick is likely to infect, raspberry pis don't have a bios per se on the board(it's in the SD) so it would be fairly safe for this purpose. SlowBloke fucked around with this message at 18:38 on Apr 9, 2019 |
# ? Apr 9, 2019 18:30 |
|
IUG posted:Why not just use a dedicated computer with no network cards, and boot from CD so it can't write anything to the operating system? That way if it does infect something, it's in RAM only and will be wiped on reboot, and it can't even get anywhere. You could do that, but these days it's easier to mount it it on an emulated instance of Windows. The point is, it's INCREDIBLY bad form to plug suspect USB drives into your computer. It's right up there with "Tell the 3rd party IT guy your password so he can remote install something for you". This jackass isn't part of an elite cybersecurity unit doing testing in a secure environment. He is the Paul Blart of the Secret Service.
|
# ? Apr 9, 2019 18:41 |
|
VMs are likely to be using host OSs USB stack.
|
# ? Apr 9, 2019 18:45 |
|
Relentless posted:You could do that, but these days it's easier to mount it it on an emulated instance of Windows. (e: Using a Pi as suggested a few posts back is a great idea tho.) dwarf74 fucked around with this message at 20:00 on Apr 9, 2019 |
# ? Apr 9, 2019 19:56 |
|
Are there no open source alternatives?
|
# ? Apr 9, 2019 20:09 |
|
IUG posted:it's in RAM only and will be wiped on reboot, and it can't even get anywhere. uuhhh. I wouldn't bet too much on that. Restarting a computer does not guarantee that the RAM contents are still there, but it also doesn't guarantee to wipe them.
|
# ? Apr 9, 2019 20:17 |
|
Mano posted:uuhhh. Also can't someone have some sort of malware that overwrites the UEFI so that it's essentially there forever or until the UEFI is overwritten, or is UEFI read only?
|
# ? Apr 9, 2019 22:46 |
|
Ornedan posted:Are there no open source alternatives? Do you want to be the unpaid programmer legally liable for building a tax preparation platform?
|
# ? Apr 9, 2019 23:14 |
|
Some of the nastier stuff I've read about skips even that and installs itself right to the BIOS. So you can do all the bells and whistles you want with CD booting and restarting to clear out memory and whatnot but unless you get to the point of physically isolated hardware specifically dedicated to it there's never a guarantee it's completely sanitary and safe to re-connect to a live network.
|
# ? Apr 9, 2019 23:16 |
|
https://twitter.com/bradheath/status/1115735245146476546?s=21 https://www.justice.gov/opa/press-release/file/1153066/download https://www.ft.com/content/6cb506f0-5b0f-11e9-939a-341f5ada9d40 www.indivior.com posted:One day, addiction will no longer be viewed through the social lens of scorn and shame. One day, addiction will no longer be a global human crisis. Our Vision is that all patients around the world will have access to evidence-based treatment for the chronic conditions and co-occurring disorders of addiction. So, they’ll get off with a small fine?
|
# ? Apr 9, 2019 23:33 |
|
FronzelNeekburm posted:
Don't worry, I'm sure Google will have a machine learning AI for it soon enough.
|
# ? Apr 9, 2019 23:33 |
|
LordSloth posted:https://twitter.com/bradheath/status/1115735245146476546?s=21 suboxone was mostly prescribed to serious addicts who were trying to use less heroin and because suboxone clinics often had multi-year waiting lists for people to get in, I'm not surprised that doctors who realized that it got people out of the cycle of active heroin addiction were rxing more of it than the official guidelines allowed. That was also a time when doctors were rxing 50x more opioids beyond actual guidelines and maybe 1 in 1000 of the absolute worst offenders were getting in trouble. Suboxone treatment was a pretty clearcut case of harm reduction in practice as basically everyone getting themselves on sub were already active heroin addicts. Like among opiate users, no one was starting a suboxone regimen just as a for fun thing
|
# ? Apr 9, 2019 23:38 |
|
bird food bathtub posted:Some of the nastier stuff I've read about skips even that and installs itself right to the BIOS. So you can do all the bells and whistles you want with CD booting and restarting to clear out memory and whatnot but unless you get to the point of physically isolated hardware specifically dedicated to it there's never a guarantee it's completely sanitary and safe to re-connect to a live network. Maybe someone can make an in-place replacement for Flash ROM with some nice window erase ROM...
|
# ? Apr 9, 2019 23:38 |
|
I guess that Secret Service guy never watched Skyfall.
|
# ? Apr 10, 2019 00:34 |
|
Moktaro posted:I guess that Secret Service guy never watched Skyfall. "Hello, I need to find the troubleshooting article for when I plug in a USB stick and the SIS Building explodes."
|
# ? Apr 10, 2019 01:39 |
I'm a little curious why you can't just mount the USB stick as a read-only drive. Is it that the USB drive might have hardware-level malware?
|
|
# ? Apr 10, 2019 02:19 |
|
VikingofRock posted:I'm a little curious why you can't just mount the USB stick as a read-only drive. Is it that the USB drive might have hardware-level malware? Yes. When you plug in a USB device, it has to talk to your computer before it even moves any data around, so a malicious device can do all kinds of bad things just by being plugged in. Like, say, it reports itself as a USB keyboard and starts typing commands, or modify USB devices' firmware to run exploits, or access the debugging/server management parts of the motherboard.
|
# ? Apr 10, 2019 02:41 |
|
VikingofRock posted:I'm a little curious why you can't just mount the USB stick as a read-only drive. Is it that the USB drive might have hardware-level malware? Correct https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
|
# ? Apr 10, 2019 02:47 |
|
FronzelNeekburm posted:Yes. When you plug in a USB device, it has to talk to your computer before it even moves any data around, so a malicious device can do all kinds of bad things just by being plugged in. Like, say, it reports itself as a USB keyboard and starts typing commands, or modify USB devices' firmware to run exploits, or access the debugging/server management parts of the motherboard. I feel like it shouldn't be a difficult task to have a port that the computer only pretends to talk too and just intercepts all incoming days
|
# ? Apr 10, 2019 02:56 |
|
HootTheOwl posted:I feel like it shouldn't be a difficult task to have a port that the computer only pretends to talk too and just intercepts all incoming days Cheaper to have throw away laptops. Plenty of real-life Sec guys in this thread.
|
# ? Apr 10, 2019 03:16 |
|
Herstory Begins Now posted:suboxone was mostly prescribed to serious addicts who were trying to use less heroin and because suboxone clinics often had multi-year waiting lists for people to get in, I'm not surprised that doctors who realized that it got people out of the cycle of active heroin addiction were rxing more of it than the official guidelines allowed. That was also a time when doctors were rxing 50x more opioids beyond actual guidelines and maybe 1 in 1000 of the absolute worst offenders were getting in trouble. I agree with everything you wrote, but reading the indictment, the Suboxone guys are assholes. When their patent was running out on tabs, they apparently made up a safety concern with their tablets and pulled them from the market to force the FDA to halt approval on generic tablet manufacturers (p6 - seriously read the comments these guys are dicks). Then they dropped the films which were of course a new patent. It's standard lovely pharma behavior but it's still super lovely. I'm glad the drug is there but I wish the people making it weren't such tools. EDIT: That indictment is a loving trip. At one point their counsel had to tell them to stop putting their plans to defraud the FDA into email. Ohthehugemanatee fucked around with this message at 04:21 on Apr 10, 2019 |
# ? Apr 10, 2019 04:10 |
|
VikingofRock posted:I'm a little curious why you can't just mount the USB stick as a read-only drive. Is it that the USB drive might have hardware-level malware? Read-only? Like the computer can still read (and execute, thanks von Neumann) the stuff on the stick? I mean there are/were viruses distributed on official CD-Roms. Hmm, I wonder if I still have that old Internet Explorer CD with that one...
|
# ? Apr 10, 2019 12:53 |
|
Herstory Begins Now posted:suboxone was mostly prescribed to serious addicts who were trying to use less heroin and because suboxone clinics often had multi-year waiting lists for people to get in, I'm not surprised that doctors who realized that it got people out of the cycle of active heroin addiction were rxing more of it than the official guidelines allowed. That was also a time when doctors were rxing 50x more opioids beyond actual guidelines and maybe 1 in 1000 of the absolute worst offenders were getting in trouble. I personally/professionally find suboxone more safe than methadone, as well. The biggest barrier to use is cost right now. Methadone is much cheaper and used a lot more for indigent populations. But you're just swapping one opiate for another, and methadone doses can get absolutely ridiculous to the point that rare adverse reactions become common because of the high dose. QT prolongation is a problem in methadone users, even with relatively young healthy people.
|
# ? Apr 10, 2019 15:32 |
Mano posted:Read-only? Like the computer can still read (and execute, thanks von Neumann) the stuff on the stick? I mean there are/were viruses distributed on official CD-Roms. Hmm, I wonder if I still have that old Internet Explorer CD with that one... Yeah, that was a bit of a brainfart on my part. I was trying to ask what HootTheOwl asked, but that's been answered at this point too, and the whole discussion is getting a little off topic IMO. Back on topic, it looks like Bibi got VikingofRock fucked around with this message at 23:38 on Apr 10, 2019 |
|
# ? Apr 10, 2019 17:41 |
|
You're badly misreading those results. He won on the narrowest margins. e: also that projected coalition includes kulanu, which as I understand it has a grudge against Likud...? fool of sound fucked around with this message at 17:50 on Apr 10, 2019 |
# ? Apr 10, 2019 17:48 |
|
https://twitter.com/blakehounshell/status/1115917084620464128?s=19
|
# ? Apr 10, 2019 18:15 |
fool_of_sound posted:You're badly misreading those results. He won on the narrowest margins. You're right, and I'm glad to see that I was wrong. I've edited my post.
|
|
# ? Apr 10, 2019 23:40 |
|
Julian Assange Arrested.
|
# ? Apr 11, 2019 12:02 |
|
|
# ? May 28, 2024 15:43 |
On behalf of an American extradition warrant regarding his computer crimes. Get the gently caress IN
|
|
# ? Apr 11, 2019 13:32 |