|
Captain Foo posted:0day poastin' ratbert90 posted:Gonna leave this here: finally php will be a useful scripting language like python or perl
|
# ¿ Jan 5, 2017 17:58 |
|
|
# ¿ May 2, 2024 10:26 |
|
just cuz I was curious if this existed in everyone's other favorite web language, it sure does: https://www.npmjs.com/package/ioctl
|
# ¿ Jan 5, 2017 18:13 |
|
pr0zac posted:What are you up to currently and why wouldn't you wanna move? secops can be fun, get to play with a bunch of cool security tools my gf got invited to move to the sec team because once the boss of the team couldn't tell if a super obvious phishing scam letter was actually a phishing letter and she was like "uh yeah it clearly is, you idiots" and they were like "wow you're real smart!" her boss rejected the transfer though because he's short staffed, so she'll stay at her current position ...which is tier III tech support
|
# ¿ Jan 5, 2017 18:41 |
|
Wiggly Wayne DDS posted:best source is still curated twitter unfortunately infosectaylorswift and thegrugq, ignore basically everything they post themselves and just read the retweets
|
# ¿ Jan 5, 2017 18:42 |
|
Rooney McNibnug posted:
quote:The KillDisk ransomware variant that targets Windows machines worked by encrypting each file via an AES-256 key, and then encrypting the AES keys with a public RSA-1028 key. 4 extra bits to make it 4 times more secure
|
# ¿ Jan 5, 2017 19:28 |
|
apseudonym posted:That was me, and I'm gonna stand by that with skill its not impossible to catch using things like timing and sizes and such signals, I worked with people who built tools for this kind of stuff (and sold them to lovely human being ) and I hosed a lot of lovely tor stealth projects that tried to mask as other things. wanna talk about how to not broadcast traceable signals if you know about it?
|
# ¿ Jan 6, 2017 15:47 |
|
Heresiarch posted:you still can't download a windows 7 ISO from MS afaict, but they even have a tool for downloading windows 10 i am so loving glad microsoft is making this easy now so i don't have to clean viruses from torrented ISO's my friends got because they had a license but not a CD, which has happened several times Silver Alicorn posted:that's because windows 10 is free software not anymore
|
# ¿ Jan 6, 2017 15:49 |
|
BiohazrD posted:yeah it is just run the installer and itll still activate just fine lmao you sure it didn't have an OEM license attached to the computer at all? because my friend thought this with a new built computer and it required a key.
|
# ¿ Jan 6, 2017 16:01 |
|
Flagrama posted:windows 10 clean install was never free. upgrade from win7/8/8.1 was free and then would activate on your hardware even if you installed again clean. yeah that's what i thought
|
# ¿ Jan 6, 2017 16:52 |
|
Winkle-Daddy posted:Yeah, I use that too, but this isn't internet accessible, so I was just hoping for a solid config for those two options. check out sslscan which does most of the things ssl labs does but you can run it locally. spankmeister posted:Here u go: https://wiki.mozilla.org/Security/Server_Side_TLS yeah i think that's where i originally got mine from, then i massaged it until i was happy. here's mine if anyone cares: code:
- ssl_dhparam - ssl_session_* - ssl_stapling also if you're a cool ssl bro and are 100% sure you'll only use SSL forever you wanna do: code:
|
# ¿ Jan 6, 2017 18:43 |
|
ratbert90 posted:Random question: uhh... sign it yourself? all my dumb embedded poo poo, routers, switches, whatever are signed by a little CA I made that my devices all have installed. or do you mean you need to have it signed by a valid globally-known CA?
|
# ¿ Jan 6, 2017 18:59 |
|
Winkle-Daddy posted:afaik, no. since you'd have to provide a host name and i'm assuming you won't know that in advance. depends on what the cert is being used for, if it's just to identify the device as valid it's common name could be a serial number or something instead of a domain name e: this assumes you're not using it for HTTPS if that's not clear
|
# ¿ Jan 6, 2017 19:44 |
|
Meat Beat Agent posted:so far their method for doing this seems to consist of not being able to spell people's names correctly ahahahahahhaha
|
# ¿ Jan 7, 2017 00:11 |
|
why is it a laptop version
|
# ¿ Jan 7, 2017 07:56 |
|
Trabisnikof posted:Lol yes you only exploited 0-days when your clients said it was ok, but youre pretty sure none were bad guys i like "she never hired anyone she knew to have a criminal background" we don't run background checks or anything, i just don't hire any people i personally know to be criminals
|
# ¿ Jan 7, 2017 20:11 |
|
Shaggar posted:why would it need integration into AD? *does a doubletake at shaggar not wanting something integrated with AD*
|
# ¿ Jan 9, 2017 17:09 |
|
negromancer posted:If you have more than 12 sessions open you either need to start using config management or screen sessions there buddy. look at this noob who doesn't have 80 different terminals showing completely worthless but cool-looking stats at all times
|
# ¿ Jan 9, 2017 18:10 |
|
ratbert90 posted:Wait what? Why would anybody want this? because the $1 a month shared hosting I bought for my vidyagame server doesn't support HTTPS
|
# ¿ Jan 9, 2017 22:40 |
|
Perplx posted:my vps cost 1.29 USD a month yeah but you had to, like, know what a linux is for that LastInLine posted:for now thats an option but just like tvs what will happen is that "premium" sizes or featuresets will eventually be smart only then ones with relatively mundane features like everything with an ice maker or a timer on the oven and then it will just be the lovely rental unit ones that arent smart and everything else will be smart at work we just bought a 55" TV that is "a giant android tablet" since it runs android and has a capacitive touchscreen and everyone in the office but me thinks it's so cool and amazing and i'm just like "lol it's gonna get ransomware and become a $5000 wall decoration"
|
# ¿ Jan 10, 2017 15:50 |
|
i was explaining what a ransomware was to a coworker who didn't know anything about it and why TV's can now get them and he was like "but if the TV isn't smart how will I watch netflix on it??" "you know they sell like $30 boxes that do that that you can hook up to the TV, and then even if that thing gets rekt you're only out $30 instead of an entire TV" "ohhhhhhh that makes much more sense!" thanks guy
|
# ¿ Jan 10, 2017 16:10 |
|
Volmarias posted:Maybe don't go to dodgy russian app "stores" on your smart TV? i wonder if it's been patched for that issue where just opening any kind of image on the thing owned it or if it's been patched at all, actually
|
# ¿ Jan 10, 2017 16:44 |
|
Segmentation Fault posted:are you not aware of security problems with internet of things poo poo (and by extension smart tvs) my mom has one and you can install "apps" but it's only like, a selection of 20-30 apps that are just things like hulu or netflix i like that thing actually, it has a really weird "free TV" service on it that has "channels" composed of bizarre garbage sub-youtube dregs, like there's this one 'channel' about videogames where every single 'show' takes place in the exact same room and they're all just 'nerds sit around and talk about videogames' or 'nerds sit around while wearing onesies and talk about videogames,' it's like some kind of modern public access station
|
# ¿ Jan 10, 2017 16:51 |
|
Subjunctive posted:My Sony TV gets an update every few months, no doubt to introduce new vulnerabilities. idk maybe, there's different roku versions and i know my mom has a cheaper, older one so maybe it's significantly more locked down than the "nice" ones? idk i just remember it having barely anything besides major services and angry birds for some reason.
|
# ¿ Jan 10, 2017 17:20 |
|
fishmech posted:older/cheaper rokus (the cheaper rokus often being the old hardware packaged in a newer case) are too slow or missing codec support to handle all the services the newer/more expensive rokus do. so they only get access to a limited subset of the choices. ah ok. it has the netflix and the hulus and the hbo so it does the things my mom needs it to do and nothing more and that is good and more products need to be like that
|
# ¿ Jan 10, 2017 17:51 |
|
Subjunctive posted:over in the BWM thread a former Steadfast employee is saying he knows the mods to have access to credit card data, presumably because the staff there look at tenant data? it's hard to figure out who is least credible he's in this thread too friend, on this very page
|
# ¿ Jan 10, 2017 18:08 |
|
LeftistMuslimObama posted:just want to point out that tiny brontosaurus is legitimately a good poster who is constantly harassed because she calls out racist posts. that it's escalated to people doxxing her is horrible and it is an irl secfuck that the moderation here doesn't give a poo poo at all because she calls them out on their poo poo too. yeah idk how much of that particular story is accurate but they're a Good Poster (tm) and seem to get poo poo on quite a lot and it's a shame
|
# ¿ Jan 10, 2017 19:26 |
|
yeah that's my favorite part too, mostly because I know a few turbonerds who do the same poo poo actually some of them are the same people i mentioned looking at customer data while working for hosting providers, maybe hosting providers just attract horrible people?
|
# ¿ Jan 10, 2017 22:05 |
|
Subjunctive posted:a hosting provider that tries sql injection against a client's software without consent or even notice is pretty hosed up, even by the generous standard of hosting fuckups my last company's provider did this all the time, mostly because the guy that owned the provider was very full of himself and proudly displayed CERTIFIED ETHICAL HACKER as his job title on all his stuff he was hilariously incompetent though and also an outright scammer - "of course you need this $75,000 bespoke storage server solution that only I am allowed to admin," "of course you need a direct leased fiber connection between your office and mine to serve you internet because VPN's are unsafe" etc. CEO was best friends with him and bought his poo poo all the time without question too.
|
# ¿ Jan 10, 2017 22:12 |
|
remember when myspace sent passwords in plaintext without HTTPS, and most wifi was unencrypted? i sure do, what a glorious time it was to be a nerd who knew what wireshark was
|
# ¿ Jan 11, 2017 03:14 |
|
Shinku ABOOKEN posted:i don't know any company that backs up workstations lol mine does or well they tell us to, and once the IT intern walked around to see if we had time machine enabled! a year ago
|
# ¿ Jan 11, 2017 20:14 |
|
fishmech posted:counterpoint: trump is mama's little pissboy and loves to drinkos the peepee emptyquoting fishmech
|
# ¿ Jan 11, 2017 20:20 |
|
Kuvo posted:http://www.chicagotribune.com/lifestyles/health/ct-cybersecurity-flaw-in-heart-devices-20170111-story.html quote:"Your average patient isn't going to be targeted by assassins," said Matthew Green i assume in this case you'd actually need to access the specific transmitter etc but i guarantee that some time in the near future there will be a life-critical device that will allow some 15 year old who just discovered what a metasploit is to kill someone and you bet your rear end they will do it
|
# ¿ Jan 11, 2017 21:09 |
|
i think it's funny that cuba has advanced cancer treatments because surprise when there's not an overriding profit motive to spend $20bn developing and marketing the next big dick pill you actually get useful poo poo done
|
# ¿ Jan 11, 2017 22:47 |
|
so... "i don't know how to do anything else" basically?
|
# ¿ Jan 12, 2017 15:56 |
|
OSI bean dip posted:Usually a warning sign for me is when there are more marketing people than actual technical people. "do they employ at least one videographer?" is a pretty good test too
|
# ¿ Jan 12, 2017 15:56 |
|
last night i had a dream that i clicked a random link in this thread and it zero-day'd my browser and changed my user avatar to pepe the frog and started automatically making a bunch of bad posts and i couldn't close the browser
|
# ¿ Jan 13, 2017 16:19 |
|
pr0zac posted:the even more ridiculous paranoia version of this is people who refuse to use Signal because it integrates Google Play services to send notifications (not the messages) are you talking about my dumb friend that i brought up in this thread before or do you also know someone who's that dumb
|
# ¿ Jan 13, 2017 19:36 |
|
my experience with whatsapp so far was when talking to a friend I used it as an example of a messaging app that's based on your phone number like Telegram or Signal, because she thought this was really annoying so I was like "yeah well WhatsApp does it that way and they're real popular now so everyone's gotta do it that way" except it turns out she had never heard of it either and then she thought I was making up the name "WhatsApp" because "nothing with a name that stupid could possibly be as popular as you're saying"
|
# ¿ Jan 13, 2017 22:42 |
|
then how do they check it for valuable bomb components
|
# ¿ Jan 15, 2017 03:10 |
|
|
# ¿ May 2, 2024 10:26 |
|
anthonypants posted:they probably do that before in front of you, like if they want to inspect your gun case i mean i only saw the "wrapping" poo poo a couple times a while ago and i seem to remember them being far away from where the TSA was but it was a long time ago so who knows if I'm remembering it right
|
# ¿ Jan 15, 2017 03:17 |