Segmentation Fault posted:

looks like them secfuck boys are at it again

quote:

...
According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:

“hard-coded” login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed;
a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.
According to the complaint, hackers could exploit these vulnerabilities using any of several simple methods. For example, using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.

The FTC alleges that by using a compromised camera, an attacker could monitor a consumer’s whereabouts in order to target them for theft or other crimes, or watch and record their personal activities and conversations.
...

Ur Getting Fatter posted:

what the gently caress, Citibank





edit: greenpos bestpos

Powaqoatse posted:

tiny brontosaurus is cool

Subjunctive posted:

OSI bean dip posted:

i have proof

Tesseraction posted:

Once on the SA servers it's saved to /tmp/Wiggly Wayne DDS.details until the folder is cleared out at midnight.

zen death robot posted:

I don't know enough about webdev to fix the lovely way the cookie info is handled. That's why lowtax got an actual webdev guy to recode things, but if anyone can point me to some resouces I'll do what I can to fix that poo poo too.

anthonypants posted:

well YOUR claim is also unsupported therefore YOU are also just as much the gullible idiot. check mate

OSI bean dip posted:

this is the security fuckup thread; not the journalism integrity one

if you want to talk about how much buzzfeed and vox suck, go make a new thread


e:

here you go:
https://forums.somethingawful.com/showthread.php?threadid=3804977

ate all the Oreos posted:

i assume in this case you'd actually need to access the specific transmitter etc but i guarantee that some time in the near future there will be a life-critical device that will allow some 15 year old who just discovered what a metasploit is to kill someone and you bet your rear end they will do it

Ur Getting Fatter posted:

i still think a setting that asks you to reverify a contact before resending messages when the key has changed, would pretty much fix this problem. it doesn't have to be on by default, like with signal

hackbunny posted:

sorry to disappoint with a relatively lame post and no eyepyramid update, but the opera 12 source code has just been leaked:

https://github.com/prestocore/browser

already dmca'd lol but mirrored here:

https://bitbucket.org/prestocore-fan/presto/

it's out and about! if you're still using opera 12 for some goddamn reason (not even I am) it's time to quit it for good

quote:

On January 12th, an automatic Adobe Acrobat update force installed a new chrome extension with ID efaidnbmnnnibpcajpcglclefindmkaj. You can view it on the Chrome Webstore here: https://chrome.google.com/webstore/detail/adobe-acrobat/efaidnbmnnnibpcajpcglclefindmkaj/

I can see from the webstore statistics it's already got ~30M installations.

It didn't take long to notice there's a DOM XSS in data/js/frame.html

code:

531         } else if (request.current_status === "failure") {
532             analytics(events.TREFOIL_HTML_CONVERT_FAILED);
533             if (request.message) {
534                 str_status = request.message;
535             }
536             success = false;

Presumably you can do

code:

window.open("chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/data/js/frame.html?message=" + encodeURIComponent(JSON.stringify({
        panel_op: "status",
        current_status: "failure",
        message: "<h1>hello</h1>"
})));

I think CSP might make it impossible to jump straight to script execution, but you can iframe non web_accessible_resources, and easily pivot that to code execution, or change privacy options via options.html, etc.

I've also noticed the way they've designed the "to_html" RPC seems racy, the url of a tab might change (because an attacker can do x = window.open(); x.location = "new location"). Right now I don't think you can do very much with it because it doesn't seem to be feature complete...but still, it seems worth noting this so it doesn't introduce a vulnerability when they enable it.



This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

hackbunny posted:

eyepyramid trivia: there's some unused code related to captchas, functions to download/upload both images and text from <url>/captcha/<unique id>. the same module contains code to scrape forms from the page currently open in IE and upload them. no idea about the captcha stuff but it seems out of place. I wonder if eyepyramid is part of a larger family of malware

BangersInMyKnickers posted:

ios doesn't allow all of those application rights and you have the ability to block it from accessing specific things when it attempts

Subjunctive posted:

oh that's fine then