|
OSI bean dip posted:if you guys want me to put images or highlights from previous threads, just share them and i'll put them into the second post or some poo poo
|
# ¿ Apr 8, 2016 19:39 |
|
|
# ¿ May 22, 2024 06:42 |
|
cheese-cube posted:i'll buy this tag for the next 10 ppl who quote this post (might take me a couple of days to do so, ive just moved house and have no internet yet)
|
# ¿ Apr 9, 2016 19:01 |
|
cheese-cube posted:anyway, the following ppl should have baud dudes tags now. if not then let me know.
|
# ¿ Apr 10, 2016 01:18 |
|
Let's Encrypt is leaving beta https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html amongst their new sponsors is Gemalto: quote:“We’re very proud to be a Gold Sponsor for Let’s Encrypt which leverages our industry-leading hardware security modules to protect their certificate authority system,” says Todd Moore, Vice President of Encryption Product Management at Gemalto. “Encryption by default is critical to privacy and security, and by working with Let’s Encrypt Gemalto is helping to deliver trust for the digital services that billions of people use every day.”
|
# ¿ Apr 12, 2016 17:05 |
|
Subjunctive posted:I thought, nay hoped, that they meant vice-presidents.
|
# ¿ Apr 12, 2016 17:55 |
|
http://badlock.org/ The security vulnerabilities can be mostly categorised as man-in-the-middle or denial of service attacks. Man-in-the-middle (MITM) attacks: There are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user. Impact examples of intercepting administrator network traffic: Samba AD server - view or modify secrets within an AD database, including user password hashes, or shutdown critical services. standard Samba server - modify user permissions on files or directories. Denial-of-Service (DoS) attacks: Samba services are vulnerable to a denial of service from an attacker with remote network connectivity to the Samba service. booooooooooooooooooring
|
# ¿ Apr 12, 2016 18:02 |
|
BangersInMyKnickers posted:so you could spoof a DC and use that to get a root payload on a client system enrolled in the domain probably quote:Windows SAM and LSAD Downgrade Vulnerability- CVE-2016-0128
|
# ¿ Apr 12, 2016 18:11 |
|
Number19 posted:oh hey, we should look at the rest of the MS security bulletins because loving lol: i'll start: https://access.redhat.com/security/cve/CVE-2015-5370 quote:Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).
|
# ¿ Apr 12, 2016 18:53 |
|
Migishu posted:So, this was linked to me earlier:
|
# ¿ Apr 14, 2016 17:00 |
|
if the HMRC's site gets breached a password hash is the least of your worries android security annual report is out: https://security.googleblog.com/2016/04/android-security-2015-annual-report.html
|
# ¿ Apr 19, 2016 18:40 |
|
goddamnedtwisto posted:what's the reason for hating lastpass again? is it the general "trusting a third party with all your logins" thing or is there something specifically bad about lastpass?
|
# ¿ Apr 21, 2016 19:13 |
|
anthonypants posted:also they're owned by logmein now, the company that bought hamachi back in the day
|
# ¿ Apr 21, 2016 19:20 |
|
Thermopyle posted:like i said, its more that I'm just too used to the lastpass way...which lets me select the sites credentials via mouse right on the form input, or it automatically fills the input as soon as the site loads
|
# ¿ Apr 22, 2016 18:33 |
|
prefect posted:i bought 1password because people in here recommended it, and i'm not even close to used to it after one whole day. (also it doesn't import from password safe, so this will be a migration that never, ever fully ends)
|
# ¿ Apr 22, 2016 19:50 |
|
anthonypants posted:rip applocker http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html
|
# ¿ Apr 22, 2016 23:19 |
|
Subjunctive posted:are there apps that will stream off a NAS or whatever? my upstream can probably handle that depends on the videos you watch though, plex hates anything that's more than a few hours long and badly encoded - emby will work with whatever it can. resume ability is nice, but the security options of each are Lacking so segregate and have backups
|
# ¿ Apr 26, 2016 09:06 |
|
Ghost Farts posted:i think every synology nas can do that through synology's apps for android or ios. i'm not sure about synology's security track record though
|
# ¿ Apr 26, 2016 18:06 |
|
i am strictly talking about security atm though, not extra features consumers nitpick over
|
# ¿ Apr 26, 2016 18:18 |
|
jony ive aces posted:extra features irrelevant consumer anklebiters nitpick over like being able to actually recover your data goddamnedtwisto posted:i'm sure i've heard the name chris vickery before, isn't he the guy who just scans for open mongodb instances? also lol at "oh it was just a test server", because apparently that makes it okay
|
# ¿ Apr 26, 2016 18:33 |
|
regarding apple's 1970 bug here's some ntpd vulnerabilities that could be used http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html
|
# ¿ Apr 27, 2016 21:23 |
|
Dessert Rose posted:guess what, sometimes your crypto really does need to be as physically secure as possible, because people can die if someone fucks up. it's not all just "lol time to change some passwords and get a year of identity protection"
|
# ¿ Apr 28, 2016 20:19 |
|
pr0zac posted:wait
|
# ¿ Apr 28, 2016 20:36 |
|
for certain quantities of knowledge
|
# ¿ May 1, 2016 22:19 |
|
Tayter Swift posted:current security status: password must be between 8 and 12 characters long and must contain a special character
|
# ¿ May 2, 2016 15:28 |
|
https://medium.com/@rhuber/imagemagick-is-on-fire-cve-2016-3714-379faf762247quote:There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
|
# ¿ May 3, 2016 18:05 |
|
i've never seen anyone competent from that office
|
# ¿ May 4, 2016 17:54 |
|
Parallel Paraplegic posted:at least it's using SSL when it wgets a kernel module and insmod's it without checking anything about what it is .globl rsaVerifySignByBase64EncodePublicKeyBlob is called by checkFirmware twice, and it'll yell about the firmware RSA sig being ok. i see 4 possible keys near the checks
|
# ¿ May 12, 2016 18:31 |
|
Wiggly Wayne DDS posted:looks like it's just verifying the firmware's signed properly: binary seems to control just about everything -dhcp client/server, gpio, wlan, firmware (download, verify, flash), "fake_httpd" (throw out headers then shut up), ntp, etc. not surprised there's 20 versions running given how often it forks.
|
# ¿ May 12, 2016 19:04 |
|
they've just deployed their patent-pending cryptanalysis-resistant trade secret algorithm on their web server surely
|
# ¿ May 13, 2016 15:45 |
|
atomicthumbs posted:i had to temporarily set selinux to permissive mode to install my php-based portfolio cms because ????
|
# ¿ May 13, 2016 19:50 |
|
quote:Should all of this have failed, it will make a last ditch effort to fork/exec "netstat -ni" and hash the output of that.
|
# ¿ May 21, 2016 00:22 |
|
http://ieee-security.org/TC/SP2016/papers/0824a018.pdf A2: Analog Malicious Hardware quote:Abstract—While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party — often overseas — to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design http://www.cs.vu.nl//~kaveh/pubs/pdf/dedup-sp16.pdf Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector quote:Abstract—Memory deduplication, a well-known technique to reduce the memory footprint across virtual machines, is now also a default-on feature inside the Windows 8.1 and Windows 10 operating systems. Deduplication maps multiple identical copies of a physical page onto a single shared copy with copy-on-write semantics. As a result, a write to such a shared page triggers a page fault and is thus measurably slower than a write to a normal page. Prior work has shown that an attacker able to craft pages on the target system can use this timing difference as a simple single-bit side channel to discover that certain pages exist in the system.
|
# ¿ May 25, 2016 19:36 |
|
Sharktopus posted:wow 3 pages of real garbage Truga posted:post some content then Wiggly Wayne DDS posted:http://ieee-security.org/TC/SP2016/papers/0824a018.pdf
|
# ¿ May 26, 2016 12:04 |
|
Parallel Paraplegic posted:pci is mandating that we all install AV's, so what hilarious things has Avast! done that I can laugh at with the IT guy
|
# ¿ May 26, 2016 20:43 |
|
Cocoa Crispies posted:lol that's a really loving unethical way to validate a password dump
|
# ¿ May 27, 2016 21:03 |
|
whole lot of non-fuckup chat itt that could use its own thread
|
# ¿ Jun 1, 2016 17:41 |
|
count_von_count posted:Is there a good overview of the current vulnerabilities in TeamViewer? Asking for a friend.
|
# ¿ Jun 1, 2016 18:15 |
|
more importantly who's the neighbour in essex who just happened to have that machine
|
# ¿ Jun 1, 2016 19:53 |
|
Thanks Ants posted:so is this teamviewer-using malware linked to the service being offline or are these separate issues
|
# ¿ Jun 1, 2016 20:42 |
|
|
# ¿ May 22, 2024 06:42 |
|
Volmarias posted:Look into this thread, and listen to what your heart tells you.
|
# ¿ Jun 3, 2016 13:49 |