|
DrDork posted:[...] you just have to kinda admit to yourself before going in that there's almost no chance that whatever you're working on will see the light of day or ever actually make an impact anywhere. Just another boondoggle some excited C-suite dude decided they NEEDED to blow some money on to get investors excited or whatever. Also known as "95% of software development projects at Google".
|
#
?
Jul 23, 2021 05:25
|
|
|
|
| # ? May 23, 2024 11:40 |
|
|
Klyith posted:Yes, with asterisks. Thank you for the very thorough answer. She only uses Windows (I mentioned Linux to her and she said that she tried to use it and hated it because they didn't make it enough like Windows) and has a 2600X. I didn't realize that newer CPUs had a TPM built in, but my last training that mentioned them was 2014 or 2015 and I haven't worked with hardware since 2017 so I guess I'm behind the times.
|
|
#
?
Jul 23, 2021 15:29
|
|
|
https://twitter.com/ncweaver/status/1418578635347304452?s=20
|
|
#
?
Jul 23, 2021 15:35
|
|
|
So, I am not 100% sure this would be the right thread, but gently caress it, when do I ever do anything right to begin with?  Without going into too much detail, there is a website idea I want to do, but I am concerned about being SWATted, or some other insane person finding me. How can I make it very hard, or impossible for someone to find out that I own/operate a domain?
|
|
#
?
Jul 24, 2021 16:44
|
|
|
Johnny Aztec posted:So, I am not 100% sure this would be the right thread, but gently caress it, when do I ever do anything right to begin with? Register it in someone elses name Or, for a way that isn't in violation of the law, pay for one of the privacy guard services(i think all registrars offer this) that makes it so people have to actually call the registrar to get the info
|
|
#
?
Jul 24, 2021 16:47
|
|
|
Hrmm, I'll have to look into LLCs, I think, and/or a shell company.
|
|
#
?
Jul 24, 2021 16:53
|
|
|
RFC2324 posted:Register it in someone elses name I am not a lawyer, but I believe you could also register an LLC out of one of the various tax haven states [delaware,nevada,etc] as an anonymous owner and register the domain under that. Alternatively RFC2324 posted:pay for one of the privacy guard services(i think all registrars offer this) that makes it so people have to actually call the registrar to get the info
|
|
#
?
Jul 24, 2021 16:54
|
|
|
For the full technical nitty-gritty of how these bugs worked, Crypto Museum has a full writeup. https://www.cryptomuseum.com/covert/bugs/selectric/
|
|
#
?
Jul 24, 2021 16:57
|
|
|
Most registrars e.g. Namecheap offer free WHOISGuard forever due to the GDPR regulations or whatever. As mentioned, that makes it so that the records do not show any of your personal information, unless you register a TLD that has its own whois database and doesn't care about your privacy.
|
|
#
?
Jul 24, 2021 18:46
|
|
|
I'd also weigh the risk of the potential threat actors against how much risk you're willing/able to mitigate. Like if your goal is doxxing members of an aggressive group who own guns, the amount of care you'd want to put into making sure that you're unidentifiable is different than posting fursuit content.
|
|
#
?
Jul 24, 2021 19:05
|
|
|
Alternately embrace and don’t be ashamed of the fursuit content 
|
|
#
?
Jul 24, 2021 19:40
|
|
|
https://twitter.com/mruef/status/1418693478574346242 So aside from being another trash platform, they've also just been hacked.
|
|
#
?
Jul 24, 2021 20:07
|
|
|
Do I wanna know what Clubhouse is?
|
|
#
?
Jul 24, 2021 21:52
|
|
|
Social media app, iPhone only, the platform is all speaking. The leak is kinda crap tho. If it’s just rankings and phone numbers what’s different than just randomly calling numbers? Does it include any personal info? I didn’t see that in the leak.
|
|
#
?
Jul 24, 2021 21:58
|
|
|
Buff Hardback posted:I'd also weigh the risk of the potential threat actors against how much risk you're willing/able to mitigate.
|
|
#
?
Jul 24, 2021 23:13
|
|
|
The newest Darknet Diaries episode is about a guy getting harassed just for an Instagram handle. https://darknetdiaries.com/episode/97/ While you can protect your info with a domain reg, the company you host the site with it may or not disclose your info in a legal situation or even through social engineering.
|
|
#
?
Jul 24, 2021 23:44
|
|
|
Bonzo posted:The newest Darknet Diaries episode is about a guy getting harassed just for an Instagram handle. P sure they are required to in a legal situation, but if you are worried about someone looking you up to harass you thats not usually your threat model. Social engineering maybe, buut is it a thing that actually happens?
|
|
#
?
Jul 24, 2021 23:51
|
|
|
yes. exes especially know a lot about you that they can leverage into getting information (like where you are currently, if you're trying to get away from them). same for abusive family members.
|
|
#
?
Jul 25, 2021 00:12
|
|
|
Harik posted:yes. Yep. I worked for a small hosting company in the early 00's and we had this happen often. Say a married couple run ThisIsOurBusiness.com. We'd get a call from one party asking to cancel the hosting account and all info like password and CC info is confirmed. A week later the other party calls wanting to know why the site was offline. We'd then find out that they were in the middle of a divorce/custody battle/caught in affair. But it was usually too late as we had removed all data from the server and they wouldn't have access to a backup. Even if you've never had a social media account, your info such as address, people related to you, even people who used to be related to you (I divorced my 1st wife in 1998, never even seen her since then but her name shows up next to mine in general 411 info sites) if out there and can be used against you. Considering everything is tied to your cell # now, it's incredibly easy to social engineer your way into someone's digital life.
|
|
#
?
Jul 25, 2021 01:08
|
|
|
Bonzo posted:Considering everything is tied to your cell # now, it's incredibly easy to social engineer your way into someone's digital life. use google voice and let googles complete lack of customer service work in your favor for once
|
|
#
?
Jul 25, 2021 01:32
|
|
|
GVoice is only a minor layer of obfuscation at best, since the telcos happily sell name/number information to brokers and it's trivially obtainable because in that particular ecosystem the best players are absolute scumbags and it only gets worse each layer down.
|
|
#
?
Jul 25, 2021 02:05
|
|
|
RFC2324 posted:use google voice and let googles complete lack of customer service work in your favor for once If only it was possible to not have a real phone number in your personal or professional life. Even if you somehow managed this, an attacker will go after a family member or anyone else close to you
|
|
#
?
Jul 25, 2021 15:29
|
|
|
Plus, given Google's insistence on killing anything good, how long can Google voice possibly last.
|
|
#
?
Jul 25, 2021 16:07
|
|
|
CommieGIR posted:Plus, given Google's insistence on killing anything good, how long can Google voice possibly last. Ive been holding my breathe for at least 5 years expecting it to die.
|
|
#
?
Jul 25, 2021 16:11
|
|
|
CommieGIR posted:Plus, given Google's insistence on killing anything good, how long can Google voice possibly last. It's also US only.
|
|
#
?
Jul 25, 2021 16:11
|
|
|
RFC2324 posted:Ive been holding my breathe for at least 5 years expecting it to die. I know quite a few SOCs and Support Teams that use it for call routing for on call, so its going to be hilarious how many teams they accidentally break if they do.
|
|
#
?
Jul 25, 2021 16:12
|
|
|
For identity protection, would there be any value in setting up an LLC, and having that entity own the domain and pay for the hosting? Business stuff makes my eyes glaze over but I think some US states don't require a business to make its ownership details public. e: vvvv Totally missed that this was already suggested, apologies. Powered Descent fucked around with this message at 17:14 on Jul 25, 2021 |
|
#
?
Jul 25, 2021 16:17
|
|
|
Powered Descent posted:For identity protection, would there be any value in setting up an LLC, and having that entity own the domain and pay for the hosting? Business stuff makes my eyes glaze over but I think some US states don't require a business to make its ownership details public. Yeah, that was mentioned almost immediately, and is actually probably the best solution Trying to find a different solution is a fun exercise tho
|
|
#
?
Jul 25, 2021 16:19
|
|
|
Is there a good reason that antivirus/malware systems couldn't defend against ransomware by tripping If all of a sudden a program starts sequentially altering (encrypting) ever byte in a filesystem? Or do some systems already do this?
|
|
#
?
Aug 1, 2021 18:00
|
|
|
cr0y posted:Is there a good reason that antivirus/malware systems couldn't defend against ransomware by tripping If all of a sudden a program starts sequentially altering (encrypting) ever byte in a filesystem? there are several that do, some though, like Sophos, sell it as an add-on product
|
|
#
?
Aug 1, 2021 19:59
|
|
|
Windows Defender has ransomware protection / Controlled Folder Access, which is just a blunt access control for writes to folders limited to an exe whitelist. But it's the same problem as all virus protection -- if the malware has system access to disable it, it doesn't matter what protection method you use.
|
|
#
?
Aug 1, 2021 21:05
|
|
|
it's like that prodigy song, "back your poo poo up"
|
|
#
?
Aug 1, 2021 21:23
|
|
|
Yeah safe to assume if it's ransomware half worth it's salt, it'll disable the anti-malware first
|
|
#
?
Aug 1, 2021 22:06
|
|
|
Achmed Jones posted:it's like that prodigy song, "back your poo poo up"
|
|
#
?
Aug 1, 2021 22:18
|
|
|
CommieGIR posted:Yeah safe to assume if it's ransomware half worth it's salt, it'll disable the anti-malware first It's worth remembering that nowadays if the victim is big enough the ransomware crews actually are manually active on a the victim's network, sometimes for weeks, before finally deploying the final ransomware. They use that time to recon the network, determine which endpoint security is running, which other security products might get in their way and how to avoid them, how to remain undetected until it's too late, how to sabotage backups, etc. Ransomware is a multi million dollar industry and over the last 5 or 10 years or so they've really professionalized. Of course regular drive-by ransomware still exists and you might be lucky enough to be able to catch those with behavioral heuristics like that but I wouldn't bet on it. All it takes is one host that doesn't have that particular setting enabled for whatever reason and still have access to the network folders and you're still hosed.
|
|
#
?
Aug 1, 2021 22:31
|
|
|
I often listen to the Risky Business podcast, and every so often the guy behind thinkst canary is on the show. How well do canaries work in the real world? Perhaps not surprisingly, there's not too many people shouting about finding out their network is being owned...
|
|
#
?
Aug 1, 2021 22:44
|
|
|
Any y'all heading out to hacker summer camp this week? FYI: Black hat is doing free business hall passes for defcon attendees if you're already registered. Doesn't look like Rapid7 is doing any parties, but there's a bunch of other vendors hosting stuff. Blue team village released all their workshop signups, and they're all virtual this year. Some good stuff on malware deobfuscation and windows forensics.
|
|
#
?
Aug 1, 2021 23:50
|
|
|
America is insane for having in-person conferences right now.
|
|
#
?
Aug 1, 2021 23:52
|
|
|
CLAM DOWN posted:America is insane for having in-person conferences right now. Well, I'll be masked and vaxxed, so  Wouldn't really be so much of a problem if it weren't for the chuds scared of needles.
|
|
#
?
Aug 2, 2021 00:06
|
|
|
|
| # ? May 23, 2024 11:40 |
|
|
CLAM DOWN posted:America is insane for having in-person conferences right now. yea
|
|
#
?
Aug 2, 2021 00:22
|
|
