|
If you want to play with this, I wrote a quick Golang tool to do so: https://github.com/ZedCode/autofill-pwn code:
|
# ¿ Jan 5, 2017 21:49 |
|
|
# ¿ May 4, 2024 22:53 |
|
Sharktopus posted:if you're scrolled above a full address form and half of it is off screen do you think autofill should fill the whole form or just the fields you can see??? I'm pretty sure it should only auto-fill fields you can see, otherwise you don't know what it's filling in. If you care about this kind of poo poo you're not using auto fill in the first loving place, though.
|
# ¿ Jan 5, 2017 21:54 |
|
pseudorandom name posted:does it autofill credit card information?
|
# ¿ Jan 5, 2017 21:57 |
|
is autofill per domain? I'm copying various login page form fields and serving it and it's not auto completing poo poo. e: maybe this could happen if someone doesn't turn off autocomplete on that form field? Winkle-Daddy fucked around with this message at 22:09 on Jan 5, 2017 |
# ¿ Jan 5, 2017 22:03 |
|
I don't see the auto-fill behavior described in Chromium. When I test it, I have to click into each form field to see a list of options. I don't seem to have a way to auto fill the whole form? maybe someone else can do something more interesting with my code.
|
# ¿ Jan 5, 2017 22:16 |
|
Hey sec fuckup thread! I know I've seen some awesome posts about what cipher suites should be enabled...does anyone have a config or can link to an ideal nginx SSL config? Specifically for ssl_protocols and ssl_ciphers?
|
# ¿ Jan 6, 2017 17:43 |
|
Truga posted:My personal procedure is to use https://www.ssllabs.com/ssltest/analyze.html until it shows A or A+. It says what the problematic ciphers are if you have them enabled. Yeah, I use that too, but this isn't internet accessible, so I was just hoping for a solid config for those two options.
|
# ¿ Jan 6, 2017 17:47 |
|
spankmeister posted:Here u go: https://wiki.mozilla.org/Security/Server_Side_TLS this is awesome. thank you!
|
# ¿ Jan 6, 2017 18:05 |
|
ratbert90 posted:Random question: afaik, no. since you'd have to provide a host name and i'm assuming you won't know that in advance.
|
# ¿ Jan 6, 2017 19:13 |
|
ate all the Oreos posted:depends on what the cert is being used for, if it's just to identify the device as valid it's common name could be a serial number or something instead of a domain name yeah, i was assuming https was the purpose of that... Is there a way in OSX to see what extension it's complaining about? e: I'm reading OSX just doesn't support name constraints, so nevermind. GG Apple. Winkle-Daddy fucked around with this message at 21:30 on Jan 6, 2017 |
# ¿ Jan 6, 2017 21:19 |
|
zen death robot posted:that drive is way too new thats the one that has the location of this one: e: it's no longer as new as in that picture.
|
# ¿ Jan 10, 2017 23:33 |
|
this is an interesting and cool post. keep us updated on the details because I've not seen much but ~Trump News~ over this way.
|
# ¿ Jan 16, 2017 23:12 |
|
McGlockenshire posted:if he can't even figure out that SuperMicro makes servers not routers and that those devices exposing IPMI to the world also has nothing to do with routers being hacked, I'm not really sure I trust anything else in that article to be factually correct Krebs is actually pro-tier awesome and a very good and reputable info sec journalist (though his areas of expertise tend to be more of the organized cyber crime type). The part you're complaining about to sound so smart and knowledgable to all of us, and to show how much better you are than my man with the giant forehead is pretty silly though since it's a summary from verisign mentioned as a throw away: quote:Verisign said the 2014 attack was launched by a botnet of more than 100,000 hacked routers sold by a company called SuperMicro. Days before the huge attack on ProxyPipe, a security researcher published information about a vulnerability in the SuperMicro devices that could allow them to be remotely hacked and commandeered for these sorts of attacks. quote:same thing with crediting Microsoft for Minecraft jesus learn to read quote:The most frequent target of the lelddos gang were Web servers used to host Minecraft, a wildly popular computer game sold by Microsoft that can be played from any device and on any Internet connection. e: sorry, this came off a lot more dickish than I meant. Winkle-Daddy fucked around with this message at 23:01 on Jan 18, 2017 |
# ¿ Jan 18, 2017 22:54 |
|
|
# ¿ Jan 31, 2017 22:46 |
|
OSI bean dip posted:ayyyyy quote:How does the latest version of redis fix this issue?
|
# ¿ Jan 31, 2017 22:59 |
|
fins posted:more printerchat lmbo, if PostScript is the attack vector this is all Adobe's fault...again.
|
# ¿ Feb 1, 2017 18:46 |
|
E: ^^^ I was like you once before. Then I learned I was being stupid. :/infernal machines posted:is it still sop for "internet security" suits to mitm ssl traffic with self-signed certs? MitM SSL strip isn't just about security, it's also about liability. In that regard it does what it needs to. I think F5 is one of the companies to stay away from. We reported some tls issues to them and they were huge cocks about how they know what they're doing (despite providing a poc exploit). We're working on our ssl decryption project now so I've been indulged in business meetings where it's made clear security is secondary to appeasing lawyers. But our biggest concern at the moment is industrial espionage. Winkle-Daddy fucked around with this message at 01:21 on Feb 8, 2017 |
# ¿ Feb 8, 2017 01:19 |
|
Dylan16807 posted:go ahead and MitM if you need to, but doing it on the end device with a self-signed cert seems like a terrible way to get there And the better way would be to............?
|
# ¿ Feb 8, 2017 17:32 |
|
BangersInMyKnickers posted:Yeah, when I was looking over Eset's implementation they generated a unique self-signed cert and added it to the trust store. Each install was unique and it seemed to be the best way of going about that at the endpoint if that's what you're trying to accomplish. Hopefully they were dumping all the crypto in and out through schannel instead of some bundled openssl library or custom horseshit but there's still plenty of wiggle room to gently caress up cert validation and plenty of other vendors have been extremely guilty in that area. my post was more directed at trying to find out what alternative to mitm'ing ssl that poster might be suggesting, obviously there are poo poo vendors (F5 *cough*) and better ones. There are poo poo deployments and good deployments. but your packets are getting inspected in corporate america.
|
# ¿ Feb 8, 2017 18:14 |
|
infernal machines posted:well the other option is gateway filtering through an appliance or dedicated server, whether that's better or worse depends on your budget and key-management policies. oh, what, I thought that's what we were talking about the whole time. The only acceptable scenario I'm aware of (outside of just air-gapping) is a well managed chain of trust with company certs pushed down to all end points so that your appliances can seamlessly decrypt all traffic. I was referring to that scenario as being inevitable and necessary. what the gently caress kind of whack rear end a/v bonkers poo poo product were you guys talking about?
|
# ¿ Feb 8, 2017 18:36 |
|
can you give some examples? our research team had fun with some endpoints protection stuff recently and I'd love to throw them some suggestions of things to look at next
|
# ¿ Feb 8, 2017 18:45 |
|
infernal machines posted:nothing i can show being exploited, although i'll see if i can find something. just one that looks lovely, we have a research team that's traditionally been auditing IoT devices, but some of the members have had an increased interest in endpoint security. So I'm always looking for something to name drop for them to look at.
|
# ¿ Feb 8, 2017 18:54 |
|
Wiggly Wayne DDS posted:speaking of: https://isc.sans.edu/diary/Ticketbleed+vulnerability+affects+some+f5+appliances/22051 lmao what timing
|
# ¿ Feb 9, 2017 17:25 |
|
All the discussion in media of file-less malware has got me interested in how this is actually accomplished. Does anyone have any links to decent write ups for how you can actually inject malicious code into memory without touching the filesystem at all? I'm not sure what the techniques for this are. e: i found this: https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/ which is a decent primer, so far. Winkle-Daddy fucked around with this message at 19:47 on Feb 16, 2017 |
# ¿ Feb 16, 2017 19:39 |
|
|
# ¿ May 4, 2024 22:53 |
|
cheese-cube posted:pretty much all modern malware which is spread via drive-by infects clients entirely in memory before ever touching the file system, usually through arbitrary code execution using buffer overflow exploits and then chained with a privilege escalation exploit to run as system. after that they'll usually touch the file system in some way to root the machine thus ensuring that they remain resident. yeah, I heard a bunch of news articles talking about this new fileless malware and was trying to understand if this was some "new" technique. seems like a whole lotta nothin' new.
|
# ¿ Feb 16, 2017 19:56 |