Combat Pretzel posted:Using unbound as local full resolver would still get me to the proper edge servers of CDNs, right? This isn't something coordinated with the ISPs DNS resolvers? You need 'nsd' (also by NLnet Labs) for that. EDIT: Or are you talking about GeoIP or topological round-robin CDNs?
|
|
# ? Nov 21, 2020 17:16 |
|
|
# ? Jun 9, 2024 18:36 |
|
edns-client-subnet doesn't matter if you are directly hitting their nameserver and they can get the full ip of the requestor
|
# ? Nov 21, 2020 19:30 |
|
|
# ? Nov 29, 2020 15:09 |
|
Condensing out all the “lol I upvote this insult good sir” comments ruining this nugget of joy I found while trying to trouble shoot Kali Linux. Butter Activities fucked around with this message at 16:48 on Nov 29, 2020 |
# ? Nov 29, 2020 16:46 |
|
Humble bundle has a bunch of No Starch Press's hacking books up: https://www.humblebundle.com/books/...ress_bookbundle
|
# ? Dec 1, 2020 00:29 |
|
CommieGIR posted:Humble bundle has a bunch of No Starch Press's hacking books up: Oh gently caress yeah I almost dropped 20 dollars on just one book in that bundle yesterday.
|
# ? Dec 1, 2020 03:13 |
|
CommieGIR posted:Humble bundle has a bunch of No Starch Press's hacking books up: some top tier book covers in here can't decide if i'm the alcoholic robot or the alien autopsy
|
# ? Dec 1, 2020 07:43 |
|
The Practical Packet Capture book is worth almost the entire bundle. I bought that for my team's little reference library one year. It disappeared during one of our building moves years ago.
|
# ? Dec 1, 2020 08:35 |
|
Yea, I have a few of those books and they're pretty good.
|
# ? Dec 1, 2020 13:46 |
|
I need to brush up on my crypto so I'm in for twenty-something dollaroos.
|
# ? Dec 1, 2020 14:23 |
|
You could learn infosec at the same time by pirating them
|
# ? Dec 1, 2020 15:50 |
|
CommieGIR posted:Humble bundle has a bunch of No Starch Press's hacking books up: I bought a copy of practical packet analysis for every single member of my team 3 years ago We are mysteriously quicker at zeroing in application problems
|
# ? Dec 2, 2020 06:26 |
|
Did someone say crypto?!?!
|
# ? Dec 2, 2020 11:45 |
|
gently caress off seraph
|
# ? Dec 2, 2020 12:05 |
Ian Beer at Project Zero posted:In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30'000 words I'll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data.
|
|
# ? Dec 2, 2020 12:11 |
|
BlankSystemDaemon posted:Hollywood ain't got poo poo on this. Yeah, it almost reads like one of those Hollywood plots where you roll your eyes a bit and go, "That's not really how things work" even if it's theoretically plausible.
|
# ? Dec 2, 2020 12:19 |
|
Here's a fun read. https://twitter.com/i41nbeer/status/1333885229086412801?s=20
|
# ? Dec 2, 2020 20:58 |
|
Diva Cupcake posted:Here's a fun read. Or, if you want a direct link to the fun read: https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
|
# ? Dec 2, 2020 21:30 |
|
Diva Cupcake posted:Here's a fun read. It gets super in the weeds, but has a great breakdown of how AWDL works.
|
# ? Dec 2, 2020 21:35 |
|
https://twitter.com/thugcrowd/status/1334974030559006724?s=20
|
# ? Dec 4, 2020 22:39 |
|
Much as anyone may hate OANN, this isn't responsible disclosure and shouldn't be encouraged or directly linked, in my opinion.
|
# ? Dec 4, 2020 23:13 |
|
Sheep posted:Much as anyone may hate OANN, this isn't responsible disclosure and shouldn't be encouraged or directly linked, in my opinion. I feel like ThugCrowd may not be the most responsible organization. E: I do appreciate their all ascii art website tho
|
# ? Dec 4, 2020 23:16 |
|
I used to be all about responsible disclosure, but I have since changed my opinion. Some companies just don't deserve it.
|
# ? Dec 5, 2020 00:25 |
|
Sheep posted:Much as anyone may hate OANN, this isn't responsible disclosure and shouldn't be encouraged or directly linked, in my opinion. gently caress that, OANN deserves it.
|
# ? Dec 5, 2020 00:28 |
|
CLAM DOWN posted:gently caress that, OANN deserves it.
|
# ? Dec 5, 2020 00:31 |
|
Sheep posted:Much as anyone may hate OANN, this isn't responsible disclosure and shouldn't be encouraged or directly linked, in my opinion. Not familiar with OANN but you sound like a huge square saying this. Your boss or whoever you're trying to suck up to isn't watching. Get over yourself
|
# ? Dec 5, 2020 00:58 |
|
Rufus Ping posted:Not familiar with OANN but you sound like a huge square saying this. Your boss or whoever you're trying to suck up to isn't watching. Get over yourself If you don't know what OANN is then he's right, responsible disclosure is important to keep in infosec. If people stop assuming researchers are acting in good faith, a legal crackdown could hurt good security everywhere. On the other hand, this org specifically is reprehensibly morally bankrupt.
|
# ? Dec 5, 2020 01:03 |
|
Rufus Ping posted:Not familiar with OANN but you sound like a huge square saying this. Your boss or whoever you're trying to suck up to isn't watching. Get over yourself It's the propaganda rag for people who think that Fox News is an extreme left organization. They're on the same level of respect as Stormfront would be if they were still around.
|
# ? Dec 5, 2020 01:04 |
|
klosterdev posted:If you don't know what OANN is then he's right, responsible disclosure is important to keep in infosec. If people stop assuming researchers are acting in good faith, a legal crackdown could hurt good security everywhere. The way to avoid good faith researchers getting blowback is not to dress all hacking up as "research". It's the SWIM "research chemicals" gambit of the computing world. Posting this guy's creds is good and would still be good if the site were less reprehensible. It sounds like they should have finished the job, in fact, and anonymously wrecked their poo poo beyond repair rather than simply giving them a kindly heads up to rotate their passwords. It's okay to have the courage of one's convictions and defend hacking on its own terms rather than handwringing over appearing sensible and grown-up.
|
# ? Dec 5, 2020 01:18 |
|
Having dealt with a fair number of Responsible Disclosures and Coordinated Vulnerability Disclosures myself, I can tell you that sometimes it's really not worth the time and effort. Because it really takes a lot of time and effort to do RD. Some companies just don't respond, or they threaten to sue. I totally understand why some researchers feel the only way to achieve your goal (get vulnerability fixed) is to embarrass a company publically.
|
# ? Dec 5, 2020 01:43 |
|
There is no world in which brute-forcing a wordpress password (or whatever) is "research." This was just some skids owning some shitbirds, except instead of doing it themselves they're hoping somebody else will use the creds to finish the job. Good on those kids, I hope they don't get caught, but they aren't exactly tavis over here. Responsible disclosure shouldn't be part of this conversation because it's way beside the point
|
# ? Dec 5, 2020 02:00 |
|
Brute forcing? The creds were in a pdf accessible to the entire internet.
|
# ? Dec 5, 2020 02:24 |
|
hence the "or whatever". but that seems like even less research-like, if that's possible e: holy poo poo is that pdf _just_ what they found? i thought they'd made the 'use these creds, here is how' pdf and were hosting it on OANN itself for funsies. that's even funnier Achmed Jones fucked around with this message at 02:48 on Dec 5, 2020 |
# ? Dec 5, 2020 02:46 |
|
I guess infosec really isn't punk rock after all.
|
# ? Dec 5, 2020 03:03 |
|
Achmed Jones posted:hence the "or whatever". but that seems like even less research-like, if that's possible If you thought it was anything other than "haha look at these morons, these absolute buffoons" I really don't know what to tell you.
|
# ? Dec 5, 2020 03:45 |
|
Internet Explorer posted:I guess infosec really isn't punk rock after all. They arrested all the punk ones
|
# ? Dec 5, 2020 04:05 |
|
I feel like somebody should quote the thing from slc punk, but I don't want to look it up myself
|
# ? Dec 5, 2020 04:06 |
|
This is the dumbest thing. OANN sucks but the level of interest I have in celebrating leaked Wordpress credentials is nonexistent. They’re not owning anyone. They’re certainly not pwning anyone.
|
# ? Dec 5, 2020 04:24 |
|
Chill out nobody claimed anyone "pwned" anyone. We can all have a good laugh at a reprehensible organization doing real dumb poo poo.
|
# ? Dec 5, 2020 16:42 |
|
|
# ? Jun 9, 2024 18:36 |
|
Don't you see? Its impossible that someone could have done this without a capitalist profit motive!
|
# ? Dec 5, 2020 16:44 |