OSI bean dip posted:

MononcQc posted:

This is old stuff (May 2015) but I just stumbled upon it; a fairly informal introduction to how ECC / ECDH / ECDSA works in 4 posts, and that seems to be understandable without being too good at maths:

• Elliptic curves over real numbers and the group law
  
• Elliptic curves over finite fields and the discrete logarithm problem
  
• Key pair generation and two ECC algorithms: ECDH and ECDSA
  
• Algorithms for breaking ECC security, and a comparison with RSA
  

geonetix posted:

welcome back thread!

Luigi Thirty posted:

blink twice if you've been replaced with a replicant

hackbunny posted:

just my luck, I get out of kitty jail just in time for the thread to be disappeared <>

italy is currently being rocked by a bizarre scandal of the cyber persuasion. the occhionero siblings, entrepreneurs in the finance sector, freemasons and by all accounts smart people (he's a nuclear engineer, she's a chemistry phd), are found to be conducting a multi-year spearfishing campaign against politicians, entrepreneurs and... other freemasons. their spyware appears to have been entirely developed in-house, and it's been active since at least 2011. kaspersky describes it as "amateurish" but I've gotten my hands on a recent sample and it appears to have been developed by someone who, if not a cybercriminal, has at least an idea of how malware analysis is done and how to slow it down. well, at least the anti-analysis protection and obfuscation was, and I know it's not a commercial framework because the few unobfuscated strings are unique to the malware

on the other hand, the occhionero siblings made huge, gigantic opsec blunders, and I argue that they had outside help with the malware development, because they clearly aren't serious criminals. consider the strongest piece of evidence against them: the malware exfiltrates data by sending e-mails and uses a commercial component to do so, which requires a license code to unlock. not only the malware contains said license code, but italian police asked the fbi for help, the fbi obtained the name of the licensee, and it was the occhionero brother: the guy had virtually embedded his real name in his phishing malware

on the other other hand, when the police came to arrest them, the brother rebooted the bitlocker-encrypted computer and now refuses to provide the password, while the sister locked her smartcard by entering the wrong pin several times. it's not going to help them much because the amount of evidence against them is impressive: they didn't just embed personally identifying information in the malware, they also hosted the c&c server on their company's website, and they talked about their dirty business on regular cleartext phone calls, that the police duly wiretapped

all considered, the campaign wasn't terribly successful. of about 18000 targets, only about 10% are estimated to have been compromised

the motive is still a mystery. insider trading seems to be the current consensus

the malware samples I've seen raise some extremely obvious red flags when run in the simplest of the automated analysis tools, and they're clearly part of a shared lineage dating back years, so it's a little amazing to me that it took so long for it to be noticed

hackbunny posted:

Raere posted:

crosspost from jobs thread:

Is there a market for independent PCI or some other standard auditors/assessors? I think I have the skills and I wonder if I can make more than my salaried job securing and auditing

spankmeister posted:

There's some good stuff in the Mirai source code:

code:

                table_unlock_val(TABLE_KILLER_ANIME);
                // If path contains ".anime" kill.
                if (util_stristr(realpath, rp_len - 1, table_retrieve_val(TABLE_KILLER_ANIME, NULL)) != -1)
                {
                    unlink(realpath);
                    kill(pid, 9);
                }
                table_lock_val(TABLE_KILLER_ANIME);

Seems that Mirai was a variant of killallnerds.exe all along.

Truga posted:

snowden died in vain https://www.whitehouse.gov/the-press-office/2017/01/25/presidential-executive-order-enhancing-public-safety-interior-united


if you're not a us citizen get your poo poo out of us services. probably if you're us citizen too

Phone posted:

Hunter2!

e: https://twitter.com/leahmcelrath/status/824678929214636033?ref_src=twsrc%5Etfw

apseudonym posted:

I've heard rumblings.

AV and security products make great targets because they're highly privileged low quality code. They're absolutely perfect targets if you're doing something targeted and want to be sneaky.

If I wanted to get on your network all sneaky like I'd go for security boxes you've got (firewalls, AV boxes, MitM boxes, etc) first.

Hed posted:

I need the ability for one person in my company to send PII outside the organization. Right now she encrypts an archive, sends as an email attachment, and calls the other person with the archive password. Other orgs send her encrypted attachments through an external exchange--are any of these not awful?

What service should we use? Bonus if it integrates with Office 365 / Outlook somehow for these people.

Hed posted:

I'm just gonna have her use this Office 365 encrypted portal thing. It would be cool to, in steps, roll out PKI for encryption and then later work on sender verification and yadda yadda but I'll save all that for another day.


I had to look this one up.

anthonypants posted:

people are way too stupid to open that attachment

vOv posted:

windows has a javascript dialect that's intended to be used for scripting and has APIs for loving with the registry.

vOv posted:

obviously it doesn't work from the browser

ate all the Oreos posted:

It's not that windows scripting thing, I dug around more and it's a .Net application that basically just opens a window with an embedded WebBrowser control that loads the included HTML pages and lets it access a bunch of system-level objects to play with in javascript land, then it does all the scary installer poo poo directly from within the browser instance because why not.

As far as I can tell it's not downloading and executing any other javascript from the internet so it's probably fine but I didn't actually look into it that far

ate all the Oreos posted:

because you presumably like what you do and/or care about doing it well. presumably the people who do not wind up making PUP

ate all the Oreos posted:

i am indeed calling it what it is

ate all the Oreos posted:

for the record I call it malware or adware or bloatware or shitware usually but this is funny internet forum and I like the way SMELLS LIKE PUP sounds

spankmeister posted:

you just downloaded a bunch of malware good job

CommunistPancake posted:

actually, printer paper is bad for wiping your butt

quote:

h. Somehow disallow rm -rf for the PostgreSQL data directory? Unsure if this is feasible, or necessary once we have proper backups

spankmeister posted:

Because it complains about directories otherwise.

anthonypants posted:

yes, you need rm -f to get rid of the directories otherwise it will complain about there being directories. -r deletes files in subdirectories but will still complain about, like, /usr being a directory

Phone posted:

what's the thread favorite for a password manager these days?

Cocoa Crispies posted:

lol i've had the same bozo trying to sign up a 2k sports account with one of my gmails for weeks now

i already killed someone's hollister club cali account for the same crime