|
Sirotan posted:Eh I don't know if I even remember the specifics. Just poo poo like "if you don't stop calling me I'm going to hunt you down and make you regret it". People get real mad about their phone spam I guess. Probably should stop calling them?
|
#
?
Oct 17, 2019 20:50
|
|
|
|
| # ? May 30, 2024 06:49 |
|
|
Sirotan posted:I almost never answer the phone anymore if it is a number not already in my contacts.
|
|
#
?
Oct 17, 2019 21:28
|
|
|
Combat Pretzel posted:Anyone here using Wireguard extensively over a mobile connection, in always-on mode? I keep having connectivity issues when my phone was too long in my pocket. My provider puts me behind CGNAT and seems to be yanking the rug from under my feet frequently (on their port mapping) when things are idle. I have persistent keep-alive configured, but whatever my mobile provider does, that won't gel with Wireguard. What's the problem exactly? Even if the CGNAT mapping times out, Wireguard should simply reconnect once your phone tries to use the tunnel. Are the keepalives on only one or both sides of the connection? The keepalives are sent from the side you configure them on. To keep traffic moving both ways, you need to configure it on both sides. Might help the ISP realize your connection is still active (just guessing).
|
|
#
?
Oct 18, 2019 13:59
|
|
|
After some time of phone idling, my network on the other side of the VPN becomes unreachable. And no amount of trying fixes anything (expecting it to notice and renegotiate), until I cycle the VPN connection. I currently changed the listen ports from the default 51820 to 1194, which is the OpenVPN one, expecting the CGNAT to treat it differently. Seems to work better currently, but I'm using the phone more today, too. Didn't know that keep alive needed to be set on both sides, gonna change that for a test. Most forum posts with configurations quoted only had it for one peer usually. Combat Pretzel fucked around with this message at 15:31 on Oct 18, 2019 |
|
#
?
Oct 18, 2019 15:27
|
|
|
Destroy all CGNAT, thanks in advance.
|
|
#
?
Oct 18, 2019 16:37
|
|
|
If my provider would finally introduce IPv6 on mobile, that'd be nice. I'm not sure what's dragging their asses to begin with, considering they were one of the first to roll it out wide worldwide. We've the highest IPv6 consumer adoption in the world according to Google's stats. I wonder what that'd be, if they'd start enabling it on mobile over here.
|
|
#
?
Oct 18, 2019 16:44
|
|
|
In case anyone remembers me mentioning it, there are now videos of former FreeBSD security officer and cache attack discoverer, Colin Percival, covering the history of side-channel attacks: https://www.youtube.com/watch?v=FOzClVgsWlU It's from vBSDCon, not EuroBSDCon like I said EDIT: And in similar news, Intel has yet another hardware solution to the OOO issues they caused, because of course they do. BlankSystemDaemon fucked around with this message at 18:59 on Oct 18, 2019 |
|
#
?
Oct 18, 2019 18:51
|
|
|
lol, our architecture is unfixable poo poo so lets just layer another thing on top
|
|
#
?
Oct 18, 2019 22:18
|
|
|
BangersInMyKnickers posted:lol, our architecture is unfixable poo poo so lets just layer another thing on top Even worse, it'll only work for the specific things they fix, and it seems like everyone including Intel are assuming there's just gonna be more issues forthcoming. In other news, ARM just announced a CHERI-compatible processor, so you can have hardware enforced capabilities. It supposedly runs at ~2GHz and there's no real reason why it can't scale as well as the ARM desktop CPUs which are starting to reach 3GHz.
|
|
#
?
Oct 18, 2019 22:48
|
|
|
D. Ebdrup posted:It is possible to fix the architectural issues by enforcing all privilege checking for speculatively executed code, but it's probably gonna slow down things even more than the software solutions do, and who knows when it'll come out in case they find some way to implement it in hardware to make it not slow. That helps against meltdown, but the issue in spectre is that privileged code speculating on privileged values causes side effects that unprivileged code can observe. Privilege checking the speculative path won't do much, since the speculating code is allowed to read those values just fine.
|
|
#
?
Oct 18, 2019 23:05
|
|
|
I'm having trouble finding good info online right now. Does anyone know what events to look for in ADFS if a user is presented with MFA but then the MFA event fails? (they hit deny in the app or it timed out, for example)
|
|
#
?
Oct 19, 2019 01:16
|
|
|
No but do it for yourself and check the logs, that should tell you what it is.
|
|
#
?
Oct 20, 2019 04:54
|
|
|
Yeah, I’ll do that on Monday. It was towards the end of the day Friday when I posted that and I was feeling lazy. Triggering mfa while in the office is kind of a pita because we geofence.
|
|
#
?
Oct 21, 2019 00:52
|
|
|
Co-opting the OpenVPN port for Wireguard seems to work in regards to stabilizing the connectivity. loving CGNATs.
|
|
#
?
Oct 21, 2019 07:45
|
|
|
That makes sense, I recently got hit with an attempted MFAM originating from a TRUOP connection when I was logging into FLEP and mistakenly used my ZBLOINK
|
|
#
?
Oct 21, 2019 08:15
|
|
|
Dumb Lowtax posted:That makes sense, I recently got hit with an attempted MFAM originating from a TRUOP connection when I was logging into FLEP and mistakenly used my ZBLOINK 
|
|
#
?
Oct 21, 2019 13:55
|
|
|
Dumb Lowtax posted:That makes sense, I recently got hit with an attempted MFAM originating from a TRUOP connection when I was logging into FLEP and mistakenly used my ZBLOINK Wise guy, eh?
|
|
#
?
Oct 21, 2019 14:10
|
|
|
https://twitter.com/ThreeFDDI/status/1186277086538948608?s=20
|
|
#
?
Oct 21, 2019 15:12
|
|
|
NordVPN had some keys stolen 19 months ago, and just went public with it today. https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/ They've been quick to shift blame to the datacenter. https://nordvpn.com/blog/official-response-datacenter-breach/
|
|
#
?
Oct 22, 2019 01:01
|
|
|
Powered Descent posted:NordVPN had some keys stolen 19 months ago, and just went public with it today. I'm not sure what I enjoy more the obvious disclosure fuckup or the people surprised that VPN keys get stolen to enable active attacks.
|
|
#
?
Oct 22, 2019 02:55
|
|
|
Powered Descent posted:NordVPN had some keys stolen 19 months ago, and just went public with it today. Wow, I heard they delayed it but didn't know it was that long. That's incredible.
|
|
#
?
Oct 22, 2019 03:45
|
|
|
I don't even get that VPN craze. Just about every loving YouTube video is sponsored by some VPN company. "Protect my data"? From whom? The route to the website is certainly the least issue, and the data mining algorithms of the final destinations are surely smart enough to not get obfuscated by the moving geo IP.
|
|
#
?
Oct 22, 2019 05:13
|
|
|
Combat Pretzel posted:I don't even get that VPN craze. Just about every loving YouTube video is sponsored by some VPN company. "Protect my data"? From whom? The route to the website is certainly the least issue, and the data mining algorithms of the final destinations are surely smart enough to not get obfuscated by the moving geo IP. The illegal downloads you make are not seen by MPAA. And they don't, therefore, send your ISP (and to you) a nasty letter saying you should pay because you downloaded the latest lovely Hollywood movie. That's all. It's definitely not protecting you from Google (there are ways to do a better job, but there a VPN is but one of the gears in the system).
|
|
#
?
Oct 22, 2019 05:20
|
|
|
Combat Pretzel posted:I don't even get that VPN craze. Just about every loving YouTube video is sponsored by some VPN company. "Protect my data"? From whom?
|
|
#
?
Oct 22, 2019 09:48
|
|
|
Every time I stay at a hotel or use public wifi I'm glad I have a VPN Unfortunately it's Nord, thanks SA Deal
|
|
#
?
Oct 22, 2019 15:09
|
|
|
Why should VPN providers be any less likely to rat people out to MPAA and other alphabet soup entities, when they keep logs for the explicit purpose of proving they're not at fault (even if they say they don't), once the alphabet soup entities catch on that people are using VPNs?
|
|
#
?
Oct 22, 2019 15:25
|
|
|
D. Ebdrup posted:Why should VPN providers be any less likely to rat people out to MPAA and other alphabet soup entities, when they keep logs for the explicit purpose of proving they're not at fault (even if they say they don't), once the alphabet soup entities catch on that people are using VPNs? The shadowy 3 letter agencies like the NSA are not following up on copyright strikes from the loving movie industry e: maybe I misunderstood. PIA specifically doesn't do traffic logging so they can't pick out which of their customers were downloading fast and the furious 25, movie industry won't get that information mewse fucked around with this message at 15:34 on Oct 22, 2019 |
|
#
?
Oct 22, 2019 15:31
|
|
|
mewse posted:The shadowy 3 letter agencies like the NSA are not following up on copyright strikes from the loving movie industry How do you know PIA doesn't log? Have you audited their entire systems? If they didn't, and someone used them to download and distribute some of the actually really incredibly gross stuff that's on the internet, they'd be responsible for it. I don't think they want to go to prison for someone over that, do you?
|
|
#
?
Oct 22, 2019 15:46
|
|
|
klosterdev posted:Every time I stay at a hotel or use public wifi I'm glad I have a VPN Still better than nothing, and this Nord thing has been plenty blown up and exaggerated by the ~*~tech media~*~
|
|
#
?
Oct 22, 2019 16:03
|
|
|
D. Ebdrup posted:Yeah, you did misunderstand - or, well, at least to my mind there's a difference between Three Letter Agencies and alphabet soup entities like MPAA (and all their equivalencies in other countries). Wasn't the exactly the stand that Kim Dotcom went through when he relaunched Mega? Full encryption end to end with a disclaimer that says "don't do illegal poo poo" so that he can't be held liable again?
|
|
#
?
Oct 22, 2019 16:38
|
|
|
Combat Pretzel posted:I don't even get that VPN craze. Just about every loving YouTube video is sponsored by some VPN company. "Protect my data"? From whom? The route to the website is certainly the least issue, and the data mining algorithms of the final destinations are surely smart enough to not get obfuscated by the moving geo IP. If you have a bad ISP or use public wifi that collects traffic for mining, a VPN limits it.
|
|
#
?
Oct 22, 2019 16:40
|
|
|
D. Ebdrup posted:How do you know PIA doesn't log? Have you audited their entire systems? If they didn't, and someone used them to download and distribute some of the actually really incredibly gross stuff that's on the internet, they'd be responsible for it. Has there ever been a single case where a commercial VPN provider has "gone to prison" because they didn't have an activity log? Is there any actual law behind your notion here that if your record-keeping is incomplete, you assume guilt for any crimes you failed to record? I'm sure the FBI knows what a VPN is. They aren't stupid. They probably aren't very fond of no-log policies, but those aren't actually illegal, and I don't think they can just transfer "responsibility" for crimes in retaliation for them.
|
|
#
?
Oct 22, 2019 16:42
|
|
|
Taking moment in the VPN chat to plug Algo: https://github.com/trailofbits/algo
|
|
#
?
Oct 22, 2019 16:47
|
|
|
D. Ebdrup posted:How do you know PIA doesn't log? Have you audited their entire systems? If they didn't, and someone used them to download and distribute some of the actually really incredibly gross stuff that's on the internet, they'd be responsible for it. They have no knowledge of what's being transmitted, and are under no obligation to keep track of who is talking to who. Also nothing is stored on their servers, they're literally just a fancy SSL tunnel and extra routing as-a-service. The terms and conditions are also pretty straightforward. We don't look at your traffic, we don't log your traffic, don't do illegal poo poo. If we're made aware that what you're doing is obviously illegal, we ban you.
|
|
#
?
Oct 22, 2019 16:52
|
|
|
CLAM DOWN posted:Still better than nothing, and this Nord thing has been plenty blown up and exaggerated by the ~*~tech media~*~ as far as tlas if you're low on funding/a small country it's p cheap to start your own vpn company to get data on targets/software on systems compared to tapping pipes globally. you can try finding needles in a haystack or have the needles pay you to anonymise them Wiggly Wayne DDS fucked around with this message at 17:10 on Oct 22, 2019 |
|
#
?
Oct 22, 2019 17:08
|
|
|
NordVPN was audited last year in regards to their no-log policy. Maybe some others have done audits too?
|
|
#
?
Oct 22, 2019 17:09
|
|
|
Wiggly Wayne DDS posted:yeah they only kept quiet on a breach for 19 months before someone else found it out and tried retroactive pr, think of the poor company I'm not defending them dude, chill out, they hosed up. I just don't believe in the hyperbole everywhere that infosec on social media and blog sites constantly use.
|
|
#
?
Oct 22, 2019 17:12
|
|
|
Nord was apparently compromised via a Dell iDrac with default creds. https://twitter.com/NathOnSecurity/status/1186419430256824321?s=20
|
|
#
?
Oct 22, 2019 18:18
|
|
|
ChubbyThePhat posted:Wasn't the exactly the stand that Kim Dotcom went through when he relaunched Mega? Full encryption end to end with a disclaimer that says "don't do illegal poo poo" so that he can't be held liable again? Powered Descent posted:Has there ever been a single case where a commercial VPN provider has "gone to prison" because they didn't have an activity log? Is there any actual law behind your notion here that if your record-keeping is incomplete, you assume guilt for any crimes you failed to record? I'm still not talking about Three Letter Agencies. Copyright trolls aren't clever, it took them two decades to figure out people were pirating and how to clamp down on it. Nalin posted:NordVPN was audited last year in regards to their no-log policy. Maybe some others have done audits too? Methylethylaldehyde posted:They have no knowledge of what's being transmitted, and are under no obligation to keep track of who is talking to who. Also nothing is stored on their servers, they're literally just a fancy SSL tunnel and extra routing as-a-service.  I have no doubt they stick to the TAC as a way to cancel your contract, but I don't think it's unfair of me to demand a public report on their security auditing for the claim of not logging
|
|
#
?
Oct 22, 2019 18:18
|
|
|
|
| # ? May 30, 2024 06:49 |
|
|
CommieGIR posted:Nord was apparently compromised via a Dell iDrac with default creds. root/calvin oh my god I still remember this
|
|
#
?
Oct 22, 2019 18:22
|
|