|
|
# ¿ Jan 24, 2017 22:58 |
|
|
# ¿ May 21, 2024 04:24 |
|
https://twitter.com/ericgeller/status/823337091719397377
|
# ¿ Jan 25, 2017 15:36 |
|
BiohazrD posted:Hahahahahahahahahahahahahahahahahahahahahahahahahahahaha BiohazrD posted:Hahahahahahahahahahahahahahahahahahahahahahahahahahahaha BiohazrD posted:Hahahahahahahahahahahahahahahahahahahahahahahahahahahaha BiohazrD posted:Hahahahahahahahahahahahahahahahahahahahahahahahahahahaha BiohazrD posted:Hahahahahahahahahahahahahahahahahahahahahahahahahahahaha BiohazrD posted:Hahahahahahahahahahahahahahahahahahahahahahahahahahahaha
|
# ¿ Jan 25, 2017 16:29 |
|
flosofl posted:He explains later on that there's a hash for each image (or something like that). So the new file won't display because there's no way that someone that has managed to compromise the computer to load the images can replace the hashes.
|
# ¿ Jan 31, 2017 12:04 |
|
Countdown until Giuliani gets invited to Keynote RSA and/or BlackHat
|
# ¿ Jan 31, 2017 19:50 |
|
https://twitter.com/DKMatai/status/831250823757848576 loving rsa in a nutshell
|
# ¿ Feb 13, 2017 22:28 |
|
Gonna be at rsa this week, any good things to do there or good party recommendations for thursday?
|
# ¿ Feb 14, 2017 02:26 |
|
this is literally one hour of RSA tomorrow. such quality and part of the rest of the afternoon
|
# ¿ Feb 14, 2017 06:56 |
|
Finally recovered from RSA. The security bubble is in some serious decline y'all. 1) The free shwag was lovely this year. No free shirts or other poo poo. 2) Want any of the cool poo poo, time to sit through a 20-30 minute sales presentations 2) The parties were garbage. One of the 'hottest' parties gave you two free drink tickets. 3) There were also way less parties than previous years Dare I say, IT Security might be in decline Also, as a white person..............
|
# ¿ Feb 23, 2017 04:10 |
|
https://twitter.com/NathOnSecurity/status/834796736308793344
|
# ¿ Feb 24, 2017 04:39 |
|
So, infosec twitter is all abuzz about mastodon. What is it and why would I sign up for it other than a stupid username land grab? Is it like that dumb facebook replacement from a while ago?
|
# ¿ Apr 6, 2017 20:06 |
|
Luigi Thirty posted:oh and also due to its hosed up federation model anyone can start their own federation and download all your locked/blocked/whatever posts and publish them anyway Feature not bug. Won't fix.
|
# ¿ Apr 7, 2017 02:21 |
|
OSI bean dip posted:Most (really all) people who post in this thread will never be the target of such attacks. Even though I do have legitimate and founded fears about certain actors and my line of work, the use of a Stingray is far down the list and should be for anyone else. Seriously, I've been under investigation and three letter agencies read my blog and even then I'm not worried about this poo poo. If you're worried just shred the phone and get a new number.
|
# ¿ Apr 13, 2017 08:31 |
|
Also, the exploits were still useful to them anyway. Just cause someone has your kit doesn't mean you burn your tools. Like, they could still use them despite knowing someone has access to them. Ethically questionable. But this is the NSA we're talking about so......
|
# ¿ Apr 15, 2017 17:43 |
|
So I use nmap all the loving time. If you have a service that doesn't just barf out whatever the gently caress it is to any ole synack (or anything) and you put it on a non-standard port you have a good chance of making sure people have no idea what the gently caress it is. For example, NJE defaults to port 175. Unless you send a very specific packet with the right user/pass combo (I'm simplifying here) it just sends a RST packet. You put that on some weird rear end port like 60666 there's no way an attacker will know what it is. On top of that, in an enterprise environment scanning one host with nmap -p- takes me about 10-15 minutes. I have 100 systems included in a pentest, thats 25 hours to just check open ports. Forget banner grabbing with -sV. Obviously you can just speed that up with masscan, but lol you'll get detected so loving fast using masscan and hopefully blocked, so whats the point. I'm not saying it's good security, like, how does putting sshd on port 42069 make it any harder to find it? But I can understand why less experienced people might see moving a port away from standard can have any effect on security because it appears to obfuscate. And does lower the risk (a minuscule amount) from automated poo poo hitting it and getting lucky, but if your box gets popped cause the username/password was in some default wordlist used by those bots your company is hosed anyway. I'll caution with this though, if you're in an enterprise and they have all these lovely custom apps running on non-default ports, your asset tracking (IP/Port to Application) better be spot loving on. Otherwise you're gonna be hosed when something like struts comes calling. And this feeds back in to logging. If you can't map IP/Port back to an application back to an owner and use some weird custom port ranges to track that poo poo for forensics you're hosed long term. Edit: Also, wanted to add, nmaps tcp probes are hot garbage. So say you put a weird server (some weird sip server) on a non-standard port. There's a very good change nmap won't be able to do the banner correlation because of the way those rules are written. You can fix that with some flags but most people don't even know this is a potential problem. If you put it on the standard port it will find it in half a second. Not saying it'll stop someone of YOSPOS caliber but it'll stop most script kiddies and/or pentesters at trustwave. Optimus_Rhyme fucked around with this message at 01:51 on Apr 20, 2017 |
# ¿ Apr 20, 2017 01:47 |
|
Most companies also don't put signage on their datacenters. Why? But yeah, convention centers are an apt comparison. Was a car metaphor unavailable?
|
# ¿ Apr 20, 2017 02:39 |
|
hackbunny posted:this is mega retarded. giga retarded even. think about what you just wrote and then throw your computer in the trash. what an idiotic thing to say, I'm not even attempting to refute this ridiculous assertion. what is it about security that makes people into the smartest idiots on earth Dunning Krueger and makes it people the loving worst case in point the AV thread in grey forums
|
# ¿ May 27, 2017 23:03 |
|
I'm just glad I can watch a movie with my wife and not scoff at the scene where the politician with a pacemaker dies from a hacker in some Amsterdam hacker space
|
# ¿ May 31, 2017 04:38 |
|
Because security people are the worst. Like they're cjs on steroids
|
# ¿ Jun 1, 2017 15:48 |
|
https://twitter.com/wendynather/status/870094831082651648
|
# ¿ Jun 1, 2017 18:01 |
|
You should put this as your signature when you reply:
|
# ¿ Jun 1, 2017 20:33 |
|
I like this time of year. About a month and a half from DEFCON all the lovely Stunt Hacks come out as they get acceptance letter from DEFCON.
|
# ¿ Jun 8, 2017 00:25 |
|
|
# ¿ Jun 9, 2017 03:55 |
|
How's proton mail? Does signal let you delete messages from all devices or have a timer?
|
# ¿ Jun 10, 2017 23:46 |
|
Is there an app you cam self host that you can trust?
|
# ¿ Jun 11, 2017 02:38 |
|
funny Star Wars parody posted:all computer touchers will perish along with their bourgeoisie overlords for enabling capitalist domination Thats why you work in security so you can pivot to evil insider when the guillotines start fallin
|
# ¿ Jun 11, 2017 16:10 |
|
apseudonym posted:Wait I thought we were here to put down internet revolutionaries Lol, why you think enterprise security is so bad? Nobody can be this incompetent by accident.
|
# ¿ Jun 11, 2017 16:46 |
|
http://la9deanon.tumblr.com/post/161704038759/comprometida-la-pasarela-de-pagos-de-idental Hackers stole money from company and returned to wronged customers
|
# ¿ Jun 12, 2017 08:16 |
|
code:
|
# ¿ Jun 20, 2017 20:00 |
|
quote:Hacking Sony’s SIEA for fun and unreleased games
|
# ¿ Jun 22, 2017 20:09 |
|
https://www.youtube.com/watch?v=EzedMdx6QG4
|
# ¿ Jun 24, 2017 00:39 |
|
|
# ¿ May 21, 2024 04:24 |
|
Someone get that person am account
|
# ¿ Jun 25, 2017 17:07 |