|
The selling point of Chromecast is that if you cast media (not a tab) then the service you're using has built a small web app that the Chromecast loads and then goes off to get the stream. If you want to get around region locking then you need to put the Chromecast behind a VPN or see if one of those custom DNS things works to get around a region lock.
|
# ? Oct 7, 2021 20:54 |
|
|
# ? May 31, 2024 02:10 |
A lot of people think a VPN will protect them from anything (partially because of the misleading advertisements by the VPN companies), but unless the company is in a place which has no laws relating to the internet (and those places are few and far between, nowadays - and fewer of them have excellent IX connectivity), they're more than likely keeping logs despite promising not to, simply because they want to protect their own rear end. Now, they're probably not gonna do anything about video streaming, but it's just important to remember what VPN does and what the implications are - because if you look at the latest ProtonMail scandal, where the company was forced by Swiss authorities to give information to French authorities about a climate activist who was using their service - not even nominally sovereign country status will prevent this kind of exchange of information, so you shouldn't really expect it to protect you. All that being said, using it to bypass geo-located content locking is probably fairly risk-free, especially if you're actually paying for the service you're streaming from.
|
|
# ? Oct 7, 2021 21:03 |
|
loquacius posted:What would be the best way to protect myself while doing this process? VPNs are decent cover when you're doing P2P filez (torrents), because the problem with P2P is that they're basically public. You're getting chunks of the file from other people, and sending chunks back to other people. So all the copyright cops need to do is join that crowd and they can pretty much watch everyone downloading a movie. A video stream from a website OTOH is a single direct connection, from you to the website. The only people who are even aware of that connection are the internet routers in between, but a HTTPS connection means they can't see what you're doing. Just that data is moving. Nobody along the chain can snitch to the NFL. loquacius posted:If I install NordVPN on the Shield, would I still be able to cast the tab to it? No, because in that case if the VPN is working properly your chromecast won't appear to be on your local network anymore. The chromecast will have a pipe going to the other side of the VPN tunnel, so it'll appear to be in norway or whatever and your PC isn't looking for chromecasts in norway. Klyith fucked around with this message at 21:25 on Oct 7, 2021 |
# ? Oct 7, 2021 21:22 |
|
Martytoof posted:e: Thoughts on the content of that Cybersec course -- it seems like a good potpourri of things you will want to know in this field and probably a good kickoff into figuring out WHAT you want to do in infosec. I'm not going to guess at the quality of education you get in that short timeframe but I will say -- I do like that you get a little exposure to everything. Often I find that governance and audit have very poor understanding of networking or testing activities, etc. As an employer in this field I would probably like to see a little more than just a bootcamp on a resume absent any other previous IT experience, but I could see it parlaying into an internship, (very) junior analyst or SOC role. I'm being honest just based on what I read -- there's positives and negatives to the bootcamp aspect -- obviously an individual interview would flesh out capabilities or learned experience much better. This post is very helpful, thank you!
|
# ? Oct 7, 2021 21:26 |
|
Defenestrategy posted:Personally this annoys me. If you're gonna vague post about a company flipping you the finger after finding a vuln instead of naming and shaming what good are you exactly as an independent researcher looking for vulns? Dunno, but if your service is leaking people's information and you are basically giving the finger to the researcher trying to save your rear end, at some point something's gotta give. I've had a couple client like that where they basically said "We're safe, you hacked us!" and a couple even tried to sue and it was fun when I had to show them in discovery that publicly available info isn't protected info when you are leaving it exposed to the net et large.
|
# ? Oct 8, 2021 00:11 |
|
Time for another phishing scheme analysis! This time I evaded being compromised, despite the scheme being pretty well-crafted. I received a message from a friend on Discord offering, in a casual tone, some leftover Nitro, with a link to a plausible-seeming Discord link that had a properly embedded preview using Discord's latest "imagine a place" marketing. Upon clicking through I was taken to a plausible recreation of login page, with the proper background, page styling, and even loading animations. It then presented me with a QR code to scan with my phone, which I thought was odd, given that I was already logged in on my browser and expected Discord to use my browser session; plus, unfortunately for them, the code was misaligned and overlapping the text, and that's where I noticed the page didn't have a favicon and the URL was actually "discord-app.uk". Props to them for going to the trouble of setting up a Let's Encrypt SSL cert, though I suspect this scheme is semi-automated and not quite up to date because I'm fairly sure Discord has switched to a different QR code appearance recently and it didn't match. Had they presented me with a login form instead, it also would have ended there immediately when 1Password didn't show my login details, and I have 2FA on anyway, so that's probably why they prefer the QR code. I assume the way the scheme works is that it requests a QR code from Discord, then presents it to you to validate so that they can log in as you. The perils of convenient one-click login methods. Naturally, the phisher had removed me as a friend after sending the message, though unusually they didn't bother to block me, so I reconnected with them fairly easily (Discord's a lot better about that than Steam is), though they already knew about the compromise. I reported the website to Cloudflare, Namecheap (who they registered through), and the domain registrar.
|
# ? Oct 8, 2021 03:39 |
|
Cup Runneth Over posted:Time for another phishing scheme analysis! This time I evaded being compromised, despite the scheme being pretty well-crafted. There's been a couple interesting phising/malware campaigns on Discord https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/
|
# ? Oct 8, 2021 03:51 |
|
CommieGIR posted:There's been a couple interesting phising/malware campaigns on Discord I believe it. Discord's file hosting is extremely convenient and therefore a prime target for malware. It doesn't help that Discord's abuse/support team is close to nonexistent and pretty lazy when it does respond. Anything deleted before they answer a ticket is gone-zo and they will refuse to look into it any further. e: After reading this article, I encouraged my friend to disconnect all the apps and services they had connected to Discord to suspend the OAuth tokens. Thanks! Cup Runneth Over fucked around with this message at 04:50 on Oct 8, 2021 |
# ? Oct 8, 2021 04:20 |
|
Thanks for your help, guys So, in summary, let me know if I have anything wrong hereDefenestrategy posted:All the VPN is doing is routing your traffic from your desktop to a server located in what ever city you chose before it goes off to what ever website you chose. So if you're casting from your desktop, the chain is still Thanks Ants posted:The selling point of Chromecast is that if you cast media (not a tab) then the service you're using has built a small web app that the Chromecast loads and then goes off to get the stream. If you want to get around region locking then you need to put the Chromecast behind a VPN or see if one of those custom DNS things works to get around a region lock. These posts seem to contradict each other w/r/t whether the data is actually going through my VPN'd PC, but, this post indicates that a VPN is probably unnecessary anyway since I can't really get nailed for watching a stream, and that running the VPN on the Shield directly (as I had been considering doing) would break my process. Am I understanding correctly?
|
# ? Oct 8, 2021 15:52 |
|
you're literally asking "how can i pirate poo poo", you probably want to stop doing that. if the threat you're countering is someone watching your traffic other than the data's host, and you're not using p2p, you do not need a vpn. tls provides this for web traffic. your ISP can see your DNS resolution probably, but you probably don't care about this. if the threat you care about is someone seeing what you're doing as part of a p2p network, use a vpn if the threat you care about is the owner of the server themselves being malicious, a vpn can be part of your strategy to hide identity, but is in no way complete due to how easy it is to fingerprint people. plus, if they serve you malicious code a VPN won't generally do anything to help
|
# ? Oct 8, 2021 16:43 |
|
But all this marketing tells me VPNs protect me!
|
# ? Oct 8, 2021 16:50 |
|
Mustache Ride posted:But all this marketing tells me VPNs protect me! No, it just means all of your browsing data belongs to the Nords
|
# ? Oct 8, 2021 17:20 |
|
Volmarias posted:No, it just means all of your browsing data belongs to the Nords I figure vikings are probably as trustworthy as anyone else in the modern capitalist hellscape
|
# ? Oct 8, 2021 17:27 |
|
RFC2324 posted:I figure vikings are probably as trustworthy as anyone else in the modern capitalist hellscape At least they'll pay taxes when they sell your information to a broker.
|
# ? Oct 8, 2021 18:02 |
|
loquacius posted:Thanks for your help, guys So, in summary, let me know if I have anything wrong here You don't need a VPN, but the post saying that Chromecasts make their own connections is the correct one.
|
# ? Oct 8, 2021 18:10 |
You could do site-to-site at the demarc, then default route through the VTI.
|
|
# ? Oct 8, 2021 19:15 |
|
https://twitter.com/AnEternalEnigma/status/1446421951883489281 https://www.theverge.com/2021/10/8/22716184/twitch-hack-jeff-bezos-pictures-defaced
|
# ? Oct 8, 2021 20:51 |
|
Inept posted:https://twitter.com/AnEternalEnigma/status/1446421951883489281 They are still heeeeeerrreeee
|
# ? Oct 9, 2021 00:15 |
|
https://restoreprivacy.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/
|
# ? Oct 9, 2021 09:42 |
|
Cup Runneth Over posted:https://restoreprivacy.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/ In the future, please put a bit more content in your post. Some random link with nothing else said isn't great.
|
# ? Oct 9, 2021 16:33 |
|
For all I know, these VPN providers are all just fronts to some Five Eyes members. I still don't know how they can maintain several hundreds of servers and afford the shitload of data volume required for mostly video and pirating, at a price level of tree fiddy with 75% off for the first three months.
|
# ? Oct 10, 2021 01:02 |
|
Combat Pretzel posted:For all I know, these VPN providers are all just fronts to some Five Eyes members. I still don't know how they can maintain several hundreds of servers and afford the shitload of data volume required for mostly video and pirating, at a price level of tree fiddy with 75% off for the first three months. They usually pick servers with cheap providers. You can get commits like 100Gbps @ $2k/m
|
# ? Oct 10, 2021 02:57 |
|
Combat Pretzel posted:For all I know, these VPN providers are all just fronts to some Five Eyes members. I still don't know how they can maintain several hundreds of servers and afford the shitload of data volume required for mostly video and pirating, at a price level of tree fiddy with 75% off for the first three months. I'm guessing a large segment of customers are just doing regular web browsing (including porn and streaming) in a way that fits with having an otherwise busy life.
|
# ? Oct 10, 2021 07:57 |
|
Combat Pretzel posted:For all I know, these VPN providers are all just fronts to some Five Eyes members. I still don't know how they can maintain several hundreds of servers and afford the shitload of data volume required for mostly video and pirating, at a price level of tree fiddy with 75% off for the first three months. There are some other vpns that go out of their way to avoid five/nine eyes You will not avoid the fact that their servers in countries like the US or UK can only get so far with full disk/memory encryption on running servers. it's enough of a deterrence that any attacker of those systems would rather try everything else rather than trying to brute force keys for a system that will wipe itself if it is rebooted at any point making all previous work useless. EVIL Gibson fucked around with this message at 14:50 on Oct 10, 2021 |
# ? Oct 10, 2021 14:47 |
|
I treat VPNs like disposable proxies. If I need one, I set up an Algo server on a new GCP/AWS account, use it, and shut it down when I'm done.
|
# ? Oct 10, 2021 14:51 |
|
Cup Runneth Over posted:https://restoreprivacy.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/ Stay safe cyber ghost!!!
|
# ? Oct 10, 2021 23:38 |
|
.
Laopooh fucked around with this message at 20:57 on Oct 12, 2021 |
# ? Oct 12, 2021 20:45 |
|
I'm a little confused by the question. Are you backing up from the client device, wanting to grab files within the Virtual Desktop or app? You won't be able to. One of the big draws of something like Citrix is that the data is not on the device. Also, I'm not sure you should post something that you already know you want to delete later. And technically, asking for how to get around work security stuff is against SH/SC rules.
|
# ? Oct 12, 2021 20:54 |
|
.
Laopooh fucked around with this message at 21:23 on Oct 12, 2021 |
# ? Oct 12, 2021 21:04 |
|
Are you sure that you're not breaking any laws by exfiltrating banking information? Don't ask forums goons about this. Nobody can help you here. Step 1: Consult a lawyer so that you don't end up in prison. Step 2: Figure out the appropriate channel (law enforcement, media, etc) for what you're tying to accomplish and then do that.
|
# ? Oct 12, 2021 21:12 |
|
.
Laopooh fucked around with this message at 21:24 on Oct 12, 2021 |
# ? Oct 12, 2021 21:17 |
|
Consult a lawyer. Stop posting about it. Now.
|
# ? Oct 12, 2021 21:17 |
|
edit those posts blank, see a lawyer, odds are they'll involve a relevant regulator, do not do any actions at work unless the lawyer and regulator sign off
|
# ? Oct 12, 2021 21:23 |
|
Thanks for the advice goons, I appreciate it. I'll consult a lawyer.
|
# ? Oct 12, 2021 21:24 |
|
Laopooh posted:e: the lawyer advice is good, I suppose I could look for a computer savvy one. We're not going to be much help here, anyhow, even if we wanted to: Data loss protections are very much a per-company type thing, so there's no general answer on how they function. That said, in general a virtualized client like a Citrix desktop or other thin-client has no idea what's happening on the host system (eg, the computer on your desk that you are then using to log in to the Citrix environment). But also in general most even semi-competent companies have logging for doing stuff like emailing documents to addresses outside the domain, making file transfer requests, etc. If the computer itself is also owned/managed by the company, then it's probably a very good bet it's monitored and logged. If it's your own personal computer, then that'll likely depend on what (if anything) additional you had to install other than Citrix when you set it up to access the workspaces. And as others have noted, there are serious legal questions you need answered by someone competent to do so before you even consider moving files around that you may not (almost certainly not) have the authority to move.
|
# ? Oct 12, 2021 21:26 |
|
the most vital part is that the relevant authority will be pulling the files directly and backups will exist, and the email/phone records of a coverup are as revealing. it's extremely likely you send the correct messages and it'll seem like nothing's happening for years due to a background investigation (which can be already underway as far as you know) don't expect a sudden shake-up in a week and you to be personally involved, do not touch a single document or hint at it in any way. send the message up the channel and act like you didn't see anything
|
# ? Oct 12, 2021 21:30 |
|
Godspeed, goon.
|
# ? Oct 12, 2021 21:31 |
|
Laopooh posted:Thanks for the advice goons, I appreciate it. I'll consult a lawyer. Chiming in here, having worked with US banking regulators: Talk to a lawyer before you talk to a regulator. That is the order of operations, do not skip that first step.
|
# ? Oct 12, 2021 22:02 |
|
Always consult a lawyer before admitting or telling anyone anything that might have legal impact.
|
# ? Oct 13, 2021 00:23 |
|
|
# ? May 31, 2024 02:10 |
|
Now I wish I had read this thread before the edits
|
# ? Oct 13, 2021 02:00 |