Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass
 
  • Post
  • Reply
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?

EVIR Gibson posted:

I found a Cisco device where, without any creds on the login page, could run commands on the server, as root, through the password field.

I use it for a demonstration (while not mentioning the product or model) of why you sanitization is a thing when dealing with user input.

Same box also allowed me to change a password without knowing the previous password by making sure the pass auth response was changed a "false" to "true" (easy to do with Burp Suite) to submit back to the server.

In summary, it is like saying I give the guy that checks my previous password garbage and he tells me to gently caress off. I step to the next guy in the process who asks me what the previous guy said about me and I tell him the other guy just loved me.

"Everything checks out, your password is changed."

Which device?

* # ¿ Mar 3, 2016 04:07
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 5, 2024 18:24
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?
I was gonna seriouspost about the OSCP but this page is :laffo:

* # ¿ Mar 29, 2016 06:07
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?

Mustache Ride posted:

Jesus tapdancing christ, why is everyone so loving angry in these threads?

Infosec Internet Discussions:
75% "How hack girlfrindz facebook????"
10% "12 year old copy-pasting old 'zine articles about wardialing and acting smug and/or charlatans"
10% "Adults with jobs comparing internet dicks"
2.5% "We made a logo and a name for some real stupid non-exploitable bug to make our resume's look cooler p.s. please hire us"
2.5% "Actual good information and discussion"

invision fucked around with this message at 20:32 on May 1, 2016

* # ¿ May 1, 2016 20:23
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?

OSI bean dip posted:

You forgot to add charlatans somewhere in that list.

fixed.

* # ¿ May 1, 2016 20:32
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?
Anyways, back on track:

If ya'll haven't done OSCP, you're missing out on a stupidly fun time.

* # ¿ May 1, 2016 21:41
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?

Subjunctive posted:

Yeah, I wrote software that handled all the data on some classified clusters as a foreign national without a background check. The parameters of gov't contracting are broad and varied.

Were you like sub-sub-sub-sub-contracted?

* # ¿ May 2, 2016 00:59
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?
thread.mp4
https://www.youtube.com/watch?v=bKgf5PaBzyg

/server irc.synirc.org
/join #infosec

invision fucked around with this message at 03:16 on May 2, 2016

* # ¿ May 2, 2016 03:07
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?

Daman posted:

nobody is targeting grandma for an AV RCE that requires a mitm.

Jokes on you, I'm from MawMawSec - make all my money getting grandma boxes and selling their AOL account information on underground forumz.

* # ¿ May 2, 2016 18:05
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 5, 2024 18:24
  • Quote
invision
Mar 2, 2009

I DIDN'T GET ENOUGH RAPE LAST TIME, MAY I HAVE SOME MORE?
https://en.wikipedia.org/wiki/Stagefright_(bug)

e:fb

On October 1st, 2015, Zimperium released details of further vulnerabilities, also known as Stagefright 2.0. This vulnerability affects specially crafted MP3 and MP4 files that execute their payload when played using the Android Media server. The vulnerability has been assigned identifier CVE-2015-6602 and was found in a core Android library called libutils; a component of Android that has existed since Android was first released. Android 1.5 through 5.1 are vulnerable to this new attack and it is estimated that one billion devices are affected.[25]

* # ¿ May 3, 2016 22:56
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass