|
CRIP EATIN BREAD posted:black cat hacker
|
#
?
Sep 6, 2019 21:14
|
|
|
|
| # ? Jun 7, 2024 17:22 |
|
|
CRIP EATIN BREAD posted:black cat hacker ayyyyye
|
|
#
?
Sep 6, 2019 21:26
|
|
|
Lain Iwakura posted:thank you! in your PMs. e: of course, if the 4-second timing misses anything critical, or is a frame too late or something, just give me a list and i will manually pull frames as needed. Sniep fucked around with this message at 23:18 on Sep 6, 2019 |
|
#
?
Sep 6, 2019 22:30
|
|
|
CRIP EATIN BREAD posted:black cat hacker 
|
|
#
?
Sep 6, 2019 22:37
|
|
|
we think it's really unfair that people would think that the ios exploits were used for widespread monitoring of people everywhere. the exploits against our shockingly negligent code were actually only used for widespread monitoring of a persecuted ethnic minority, so what's the big deal?
|
|
#
?
Sep 6, 2019 22:40
|
|
|
so do we think they'll ever clarify their statement or just shitpost and run
|
|
#
?
Sep 6, 2019 22:49
|
|
|
and that ethnic minority doesn’t even manufacture iPhones, so what use are they really?
|
|
#
?
Sep 6, 2019 22:50
|
|
|
xtal posted:Is the joke that that already exists? https://github.com/cloudflare/boringtun no, the joke is that it was already linked in this discussion
|
|
#
?
Sep 7, 2019 00:25
|
|
|
Lain Iwakura posted:eh screw it love this idea, looking forward to seeing what comes out 
|
|
#
?
Sep 7, 2019 03:26
|
|
|
Krankenstyle posted:love this idea, looking forward to seeing what comes out i'm transcoding down hacker movies into MJPEG as we speak to help lamo
|
|
#
?
Sep 7, 2019 04:36
|
|
|
i liked this hot takequote:This upends pretty much everything we know about iPhone hacking. We believed that it was hard. We believed that effective zero-day exploits cost $2M or $3M, and were used sparingly by governments only against high-value targets. We believed that if an exploit was used too frequently, it would be quickly discovered and patched. https://www.schneier.com/blog/archives/2019/09/massive_iphone_.html Is there any organization project zero can't elicit a clueless and butthurt email from?
|
|
#
?
Sep 7, 2019 06:48
|
|
|
Boiled Water posted:i can't see myself even coming close to being as rigorous as airplane software engineers. I'm closer to like tesla levels of competence, while if nothing else being aware that i'm terrible i was thinking more in terms of the amount of fucks given by each party
|
|
#
?
Sep 7, 2019 08:06
|
|
|
xtal posted:Is the joke that that already exists? https://github.com/cloudflare/boringtun Subjunctive posted:no, the joke is that it was already linked in this discussion the actual joke is that i didn't see this in the four thrilling pages of wireguardchat also gently mocking the "write it in rust" crew while simultaneously alluding to rust's potential to avoid entire classes of vulnerabilities - per the earlier discussion also subtly questioning the decision to write such a critical component as a kernel module, although i'm sure they had a good reason performance. it's always performance gosh, what an elegant and multifaceted post
|
|
#
?
Sep 7, 2019 08:19
|
|
|
hmm i tried to ssh into a NAS and it saidquote:Unable to negotiate with 192.168.0.14 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc are these poo poo? i can log in via the web interface and gently caress around with it if i need to add something to the config, pls help 
|
|
#
?
Sep 7, 2019 11:31
|
|
|
as a company that just sold $7 billion bux o debt to a massive crowd of buyers, let's put out this dumb statement that will keep this noise in the news that would have otherwise been forgotten yesterday
|
|
#
?
Sep 7, 2019 12:24
|
|
|
and beside from the reasons they’d maybe have been better off not writing a open reply letter, they also just framed it so stupid great job, Tim
|
|
#
?
Sep 7, 2019 12:27
|
|
|
redleader posted:also subtly questioning the decision to write such a critical component as a kernel module, although i'm sure they had a good reason performance. it's always performance yeah performance is basicallly the enemy of security
|
|
#
?
Sep 7, 2019 14:37
|
|
|
Cocoa Crispies posted:yeah performance is basicallly the enemy of security well that’s ... certainly a take. do you carefully avoid any software that uses hardware accelerated aes?
|
|
#
?
Sep 7, 2019 15:52
|
|
|
Soricidus posted:well that’s ... certainly a take. do you carefully avoid any software that uses hardware accelerated aes? lmao no, I use whatever, I know it's all bad, and not giving a gently caress is expedient security isn't the goal of computing either, it's a name for a collection of services that we expect computers to provide while doing what we want them to I guess if I was being more complete I'd say that an uncompromising pursuit of performance is the enemy of security like how trying to make encryption go fast in software often leads to weird cache issues that allow sensitive information disclosure by measuring timing of power usage like every time-of-check/time-of-use vulnerability works like programming in C
|
|
#
?
Sep 7, 2019 16:28
|
|
|
Soricidus posted:well that’s ... certainly a take. do you carefully avoid any software that uses hardware accelerated aes? an isa needs to be at least 20 years old before you can use it for secure applications, and every vuln increases the timer by 5 years. this means you're allowed to use...a 6502, and before meltdown/spectre a 386 in protected mode. that means no hardware aes, sorry
|
|
#
?
Sep 7, 2019 16:58
|
|
|
Cocoa Crispies posted:I guess if I was being more complete I'd say that an uncompromising pursuit of performance is the enemy of security this is a correct take but serious security design does always put a high value on performance. like crypt algorithms (with some very specific exceptions, like password hashing) generally try to be as fast as possible. and that’s for a good reason: if people have to choose between fast and secure, they’ll make dumb decisions. (like trying to include null cipher suites “for when you don’t need security”, oh whoops there was a downgrade attack in the protocol welp)
|
|
#
?
Sep 7, 2019 19:19
|
|
|
Cocoa Crispies posted:I guess if I was being more complete I'd say that an uncompromising pursuit of performance is the enemy of security
|
|
#
?
Sep 7, 2019 19:30
|
|
|
Krankenstyle posted:hmm i tried to ssh into a NAS and it said
|
|
#
?
Sep 8, 2019 00:39
|
|
|
CRIP EATIN BREAD posted:black cat hacker
|
|
#
?
Sep 8, 2019 01:21
|
|
|
mystes posted:They're disabled by default because they aren't secure but you can try ssh -c aes256-cbc 192.168.0.14 or edit the configuration to allow it by default if you need to. ah thx. -c works it's all on a local wired network so I'm not super worried about hackers
|
|
#
?
Sep 8, 2019 03:06
|
|
|
Krankenstyle posted:ah thx. -c works *hacker voice* im in side the house
|
|
#
?
Sep 8, 2019 03:10
|
|
|
CRIP EATIN BREAD posted:black cat hacker a solid addition to any tiger team
|
|
#
?
Sep 8, 2019 03:31
|
|
|
Agile Vector posted:*hacker voice* nooo00 
|
|
#
?
Sep 8, 2019 03:55
|
|
|
Port knocking but with blockchain
|
|
#
?
Sep 8, 2019 04:12
|
|
|
taqueso posted:Port knocking but with blockchain block knocking
|
|
#
?
Sep 8, 2019 05:09
|
|
|
D. Ebdrup posted:Too bad that's been the sole focus for our industry for decades and decades now. then why’s everything in JavaScript now
|
|
#
?
Sep 8, 2019 05:43
|
|
|
Port knocking worked for synful knock 
|
|
#
?
Sep 8, 2019 07:51
|
|
|
Midjack posted:block knocking Back with another one of those block knockin' beats
|
|
#
?
Sep 8, 2019 08:22
|
|
|
taqueso posted:Port knocking but with blockchain Even I'm not that sick.
|
|
#
?
Sep 8, 2019 12:53
|
|
|
CommieGIR posted:https://twitter.com/rootsecdev/status/1170005535934033922?s=20 love all the replies that complain about it being released on a friday and they can't fix poo poo until monday the patch has been out for months
|
|
#
?
Sep 8, 2019 13:59
|
|
|
ymgve posted:love all the replies that complain about it being released on a friday and they can't fix poo poo until monday 
|
|
#
?
Sep 8, 2019 17:11
|
|
|
Sniep posted:
so I just watched The Net on lunch at work . It was as much of a computer hacking movie as Jurassic Park was.
|
|
#
?
Sep 8, 2019 20:31
|
|
|
Enemy of the State might have some good screenshots in the Faraday cage office
|
|
#
?
Sep 8, 2019 20:39
|
|
|
Sniep posted:
enemy of the state and mercury rising come to mind but those are more evil nsa films than hacking films edit: fb that cage would be perfect to include
|
|
#
?
Sep 8, 2019 20:42
|
|
|
|
| # ? Jun 7, 2024 17:22 |
|
|
Captain Foo posted:Enemy of the State might have some good screenshots in the Faraday cage office I don't have it tagged as a "hacker" movie but I have enemy of the state, can rip Partycat posted:so I just watched The Net on lunch at work . It was as much of a computer hacking movie as Jurassic Park was. i cant remember the last time ive seen it the plex description of the movie is loving lmao. written by like a 4th grader as a movie report. quote:Angela Bennett is a freelance software engineer who lives in a world of computer technology. When a cyber friend asks Bennett to debug a new game, she inadvertently becomes involved in a conspiracy that will soon turn her life upside down. While on vacation in Mexico, her purse is stolen. She soon finds that people and events may not be what they seem as she becomes the target of an assassination. Her vacation is ruined. She gets a new passport at the U.S. Embassy in Mexico but it has the wrong name, Ruth Marx. When she returns to the U.S. to sort things out, she discovers that Ruth Marx has an unsavory past and a lengthy police record. To make matters worse, another person has assumed her real identity ... amazing. Her vacation is ruined.
|
|
#
?
Sep 8, 2019 21:42
|
|