|
rjmccall posted:my faithful Horse William threw a Shoe this Morning on another of these damned Spanish Roads. as this is a fairly ordinary Matter i would of course think Nothing of it but i had just rounded a Hill-top from which one might perceive a great Distance, and i had on my Person a Telescope following the Design of the august Sir Robert Hooke, which i regularly employ to spy upon the Game in these blighted Lands. and so i am left to wonder if an Agent of the hated Enemy might have mistaken my Activity for a Spy-ing of a quite different Nature rest in peace William, thought of null pointers and died
|
# ¿ Apr 13, 2017 06:48 |
|
|
# ¿ May 22, 2024 06:55 |
|
if you live somewhere cold then it'll probably offset your heating bill at least
|
# ¿ Apr 14, 2017 03:07 |
|
it's interesting that all of the names start with E
|
# ¿ Apr 15, 2017 08:44 |
|
yeah it looks like it loads the dll from the same directory as the exe, so it's not a secfuck at all
|
# ¿ Apr 16, 2017 23:45 |
|
huh, i remember watching some cop drama show that featured gunshot detection stuff and i figured it was just something they made up for the show
|
# ¿ Apr 21, 2017 02:25 |
|
Rufus Ping posted:he applied for an internship at trailofbits please tell me there are screenshots of this
|
# ¿ Apr 22, 2017 02:28 |
|
Carbon dioxide posted:With the way bitcoins work, the amount of bitcoins mined per period of time cannot change, I think. the difficulty adjustment isn't instant but i don't remember how often it happens, i want to say twice a month or something g
|
# ¿ Apr 26, 2017 23:38 |
|
Powerful Two-Hander posted:security fuckup megathread: /* should we even bother? */.
|
# ¿ Apr 27, 2017 20:14 |
|
funny Star Wars parody posted:unironically though is there any one framework that has security benefits over another or is it poo poo all the way down? i've used python+flask for relatively small sites and it worked well enough. if you're writing something that'll be exposed to the public it's probably worth figuring out how to properly sandbox it so that even if someone gets code execution they can't do anything ate poo poo on live tv posted:How do you determine "some minimum amount of entropy" in a byte stream that you do not know the source of? kolmogorov complexity yes i know it's not computable in general
|
# ¿ May 3, 2017 05:31 |
|
https://twitter.com/whitequark/status/860549648494321666
|
# ¿ May 5, 2017 18:48 |
|
https://twitter.com/bcrypt/status/860735972756963328
|
# ¿ May 6, 2017 22:09 |
|
tavis tweeted that he figured out a key part of one of his lastpass exploits in the shower
|
# ¿ May 6, 2017 22:37 |
|
Meat Beat Agent posted:oh haha, i remember that if he ever goes to a day spa or something he'll break AES
|
# ¿ May 6, 2017 22:50 |
|
CVE-2013-4866 posted:The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort.
|
# ¿ May 7, 2017 02:05 |
|
yeah that's what I'm curious about is what they do to avoid someone just chewing up CPU/memory
|
# ¿ May 9, 2017 03:47 |
|
Rufus Ping posted:No that sounds like jscript.exe yeah it's distinct from tavis's thing
|
# ¿ May 12, 2017 05:46 |
|
yeah there exists malware out there that will do nasty poo poo to your BIOS/EFI/ring -2 but i don't think standard ransomware will do it. just swap the drives and you're good
|
# ¿ May 12, 2017 22:27 |
|
i wonder if in the cyberpunk future we'll have basilisk malware that infects your cyberbrain by displaying an image that triggers a buffer overflow and makes you pay them all your bitcoins if you want to remember your childhood
|
# ¿ May 12, 2017 22:51 |
|
VikingofRock posted:basically the plot of snow crash minus the cyberspace samurai oh yeah i forgot about that qkkl posted:So WCry sends the private key it generates to the main WCry servers. Shouldn't that be enough to figure out where the WCry servers are located? Once they are located the private keys can be extracted and given out to infected users for free. that assumes there aren't more proxies in the chain and that you can get the hosts to cooperate; many times they'll be in china or russia and explicitly market themselves as not cooperating with law enforcement
|
# ¿ May 13, 2017 03:16 |
|
the presence of the domain being the kill signal as opposed to the absence is kind of weird though https://twitter.com/MalwareTechBlog/status/863187104716685312
|
# ¿ May 13, 2017 04:09 |
|
it gets the value from the txt record, then if sha1(value) = 2e4e7fbb709a6e832ae7047f9880e101b261135f it turns itself off obviously you still have the hash in the malware but it means you have to break the hash
|
# ¿ May 13, 2017 06:19 |
|
surebet posted:wcry monetization update: so wait, if the same address is used then how do they know who to give the unlock keys to?
|
# ¿ May 13, 2017 21:00 |
|
Chalks posted:Yeah, but there have been some instances of "scam" ransomware that just encrypts your poo poo without bothering to have the whole unique key retrieval infrastructure. yeah that's what i'm thinking. if you generate a unique address for each victim then it's easy, but if you have everyone send money to the same address then you'd need a more complicated system
|
# ¿ May 14, 2017 00:17 |
|
https://twitter.com/_supernothing/status/863687990823968768
|
# ¿ May 15, 2017 17:41 |
|
RFC2324 posted:My first computer porn was downloading a pic a Kathy Ireland at 2400 baud, only to discover it was so badly airbrushed her bush was 3 inches down her left leg. ugh, yet another unrealistic standard of beauty for women https://twitter.com/liamosaur/status/864713419458437121
|
# ¿ May 17, 2017 06:50 |
|
cinci zoo sniper posted:hows that a fuckup i think they're saying that the company that issued the CC in my tweet is a fuckup nfc cards kinda weird me out in general; what's stopping me from just getting a payment terminal and bumping it against random people's back pockets? with apple pay i have to actually push a button to make it listen for transactions
|
# ¿ May 17, 2017 07:10 |
|
extremely important announcement: if you search ニャンサムウェア ('nyansomware') on twitter you get pictures of cats on top of computers
|
# ¿ May 19, 2017 09:31 |
|
let i hug posted:want to know if this is the most worthless security article ever written or if I'm just not used to people thinking an undergrad cybersecurity course teaches them everything they need to know about secure OS design: https://mortoray.com/2017/05/17/microsoft-is-absolutely-at-fault-for-wannacry/ i don't know details about eternalblue but the author basically seems to assume that marking the stack nonexecutable prevents code injection exploits which isn't true at all. even in my 'babby's first security' class in college we had an assignment that involved attacking a program with an nx stack. also he talks about samba being more secure because it's 'isolated' but iirc samba runs as root so lol vOv fucked around with this message at 21:06 on May 21, 2017 |
# ¿ May 21, 2017 20:59 |
|
it's interesting how the US doesn't have that problem despite the fact that the US has iirc some of the strongest speech protection laws anywhere of course that leads to a whole host of other problems but that's even less ontopic for secthread, so have an article about a patched xss in verizon's sms app thingy
|
# ¿ May 22, 2017 07:07 |
|
spankmeister posted:One good example is google translate this makes me imagine an app that uses whatever API this is to overlay black boxes or !^$# on top of expletives bonus points if you censor porn with
|
# ¿ May 24, 2017 22:44 |
|
ate all the Oreos posted:lol what is that from i absolutely need it some cursory searching suggests a christian comic called Serenity (not actually japanese, just drawn in the style)
|
# ¿ May 24, 2017 23:49 |
|
funny Star Wars parody posted:the Bible doesn't talk about how much Jonah enjoyed being swallowed whole now that I think of it lmao holy poo poo when did we get
|
# ¿ May 25, 2017 05:01 |
|
Instant Grat posted:I read the argument a while ago that if someone wants to kill you by reprogramming the pacemaker, and they have to get close enough to do it that they'd be able to stab you to death anyway, extra authentication and poo poo on the pacemaker isn't gonna save your life isn't that just a question of transmitter power though, or is there a distance-bounding protocol somewhere? also my favorite part of that eaglesoft video is the godawful ui that looks like a desk
|
# ¿ May 27, 2017 21:40 |
|
wolrah posted:In either case those who say you could just stab the person are missing the point. Stabbing tends to create a scene, leave evidence, etc. Reconfiguring a pacemaker could look just like a hardware failure or simply a known questionable heart giving up, depending on what sorts of audit logging these devices actually keep. the other thing is that depending on how programmable those things are you might be able to make them keep working for a couple days and then stop, at which point you've got no chance in hell of identifying who did it
|
# ¿ May 28, 2017 23:14 |
|
Deep Dish Fuckfest posted:check /var/log? this is if you can do unauthed reprogramming, if you have to auth then that obviously makes it harder because you can look at who changed it, figure out if their credentials got stolen, etc. jre posted:Unless of course you think it's likely that someone would put the effort into finding someone in the .001% of the population who are paced, find out which model they have and then following them round with a big gently caress off attenna this is a good point though, my bad. i was more thinking of 'someone just wants to kill random people and get away with it' than 'someone with a motive wants to target a specific person'
|
# ¿ May 28, 2017 23:46 |
|
ymgve posted:Not sure what my current home reporting device does under the hood but it's not connected to my home internet, and the previous one just used a direct phone connection (complete with loud 28K modem sounds when it connected). I also haven't seen any doctor programming devices being connected via wired networking but there are probably some stupid vendors that make them wifi compatible with all the issues that will cause. yeah there's a pretty simple distance-bounding protocol of just 'generate a random 128-bit sequence, send it, and require the receiver to send it back within N nanolightseconds'
|
# ¿ May 29, 2017 01:52 |
|
only sort of a secfuck but apparently people have been getting banned from nintendo's online 3ds stuff for having custom firmware on their 3dses even if they don't hack in multiplayer or pirate games. nobody knows for sure how nintendo's checking but there's a bunch of telemetry enabled by default which iirc includes a log of what applications are run, and so they might just be banning everyone that runs an app on a blacklist of common cfw apps like FBI (which manages custom apps, cause they're stored in .cia files ) of course you're not banned from the eshop because nintendo will still happily take money from you, they're not *completely* dumb
|
# ¿ May 30, 2017 17:12 |
|
Midjack posted:then you get to have a wonderful debate over whether the online communion involves transfiguration of the data packets upon receipt or if you are downloading the actual body and blood of christ it's the former, because you can't send jesus over tcp he was free from SYN
|
# ¿ May 31, 2017 05:03 |
|
i'm the encryption using a hash protocol
|
# ¿ Jun 1, 2017 06:44 |
|
|
# ¿ May 22, 2024 06:55 |
|
everyone knows hackers only work 9-5 weekdays
|
# ¿ Jun 2, 2017 22:46 |