|
JewKiller 3000 posted:3do didn't have anything worth stealing either, though
|
#
¿
Jun 27, 2017 05:35
|
|
|
|
| # ¿ Apr 28, 2024 19:58 |
|
|
Jewel posted:Another day, another bitcoin ransomware. https://twitter.com/PolarToffee/status/879709615675641856 congrats on people not patching after the previous major incident
|
|
#
¿
Jun 27, 2017 15:45
|
|
|
cinci zoo sniper posted:that's the wannacry 2: electric tears?
|
|
#
¿
Jun 27, 2017 16:01
|
|
|
spankmeister posted:I hope this one comes in via email and then spreads internally
|
|
#
¿
Jun 27, 2017 16:04
|
|
|
ratbert90 posted:Hello! If you are seeing this it's because your pacemaker is no longer accessible, because it has been encrypted. Perhaps you are looking for a way to recover your heartbeat?
|
|
#
¿
Jun 27, 2017 16:09
|
|
|
Migishu posted:Looking forward to the Wiggly Wayne DDS overview of Defcon videos
|
|
#
¿
Jun 27, 2017 18:10
|
|
|
Shifty Pony posted:a lot of reports from people dealing with infections of Petya seem to talk about affected systems rebooting to the ransom screen nearly simultaneously. WAR DOGS OF SOCHI posted:does anyone here have a good sec twitter list they can point me to? i'd really appreciate it, because left to my own devices i'd probably end up with dudes like thrurrott on my list and my pants on my head. given it's 2017 it's v hard to separate politics from pure sec feed though
|
|
#
¿
Jun 27, 2017 18:44
|
|
|
i'll get out the stick i swear
|
|
#
¿
Jun 27, 2017 19:30
|
|
|
more than just a rumour me-doc are saying they're spreading it http://www.me-doc.com.ua/vnimaniyu-polzovateley and maersk use me-doc https://twitter.com/wanapagan/status/879769249715286016 in the possibility that this was somehow meant to be contained to ukraine i have serious questions. like where the hell are any attempts at containing it
|
|
#
¿
Jun 27, 2017 19:39
|
|
|
microsoft have a good writeup on petya https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/ no confirmation for the email vector waterhole attack being mentioned though https://twitter.com/craiu/status/880011103161524224 so far the petya/notpetya arguments are on the dropper, which has changed in the past, so further analysis required
|
|
#
¿
Jun 28, 2017 12:13
|
|
|
finally a new attack on sha2 https://github.com/laie/WorldsFirstSha2Vulnerability
|
|
#
¿
Jun 28, 2017 16:30
|
|
|
infernal machines posted:a breathless and poorly written piece on the petya variant that hit recently  comes out
|
|
#
¿
Jun 29, 2017 05:54
|
|
|
pseudorandom name posted:does ExPetr actually rely on ETERNALBLUE or did the Russians just throw that in there to blame the NSA?
|
|
#
¿
Jun 29, 2017 07:28
|
|
|
the elephant in the room is that petya is ransomware already with a working payment chain, there was no need for these changes to exist
|
|
#
¿
Jun 29, 2017 13:16
|
|
|
microsoft's thrown together exploit analysis on eternal champion: https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/
|
|
#
¿
Jun 29, 2017 19:28
|
|
|
spankmeister posted:Straight up blackmail lmao e: more info on how vulnerable the medoc update process was: http://blog.uk.fujitsu.com/information-security/petya-medoc-and-the-delivery-of-malicious-software/ Wiggly Wayne DDS fucked around with this message at 10:59 on Jun 30, 2017 |
|
#
¿
Jun 30, 2017 10:55
|
|
|
oh and you'll have to punch windows defender updates through elsewhere %ProgramFiles%\Windows Defender\MSASCui.exe iirc
|
|
#
¿
Jun 30, 2017 19:08
|
|
|
BangersInMyKnickers posted:Also the Windows Firewall is Very Good and you are wrong about it. This is the OS's fault for having an absurdly convoluted update mechanism that routes through 3+ services seriously though if they bothered to make any of this at all functional and didn't quietly throw in their own rules you'd be able to lockdown most consumer systems pretty easily
|
|
#
¿
Jun 30, 2017 19:16
|
|
|
it is under svchost for the record, i don't remember which services it uses though
|
|
#
¿
Jun 30, 2017 19:20
|
|
|
cyber was definitely used by itself for years before then
|
|
#
¿
Jul 4, 2017 10:11
|
|
|
well things get more and more interesting https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/ evidence of a backdoor in medoc since mid-april
|
|
#
¿
Jul 4, 2017 17:20
|
|
|
actions are occurring https://twitter.com/GossiTheDog/status/882362847677882368 https://twitter.com/codelancer/status/882363855145283584
|
|
#
¿
Jul 4, 2017 23:23
|
|
|
i'm the blur on the tech showing off the servers but ignoring the clear reflection of their face
|
|
#
¿
Jul 5, 2017 16:26
|
|
|
SeaborneClink posted:What was it? https://twitter.com/GarbageDotNet/status/882620748023476224 they still have it liked though
|
|
#
¿
Jul 5, 2017 18:40
|
|
|
what could possibly go wrong https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
|
|
#
¿
Jul 6, 2017 16:52
|
|
|
gonadic io posted:Also isn't doing pentesting with bespoke 0days kind of missing the point?
|
|
#
¿
Jul 7, 2017 10:34
|
|
|
 https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/71AXGTgcX9c quote:Hello,
|
|
#
¿
Jul 12, 2017 20:29
|
|
|
anthonypants posted:how bad are the infosec books currently in the humble bundle https://www.humblebundle.com/books/cybersecurity-wiley
|
|
#
¿
Jul 18, 2017 00:20
|
|
|
Wiggly Wayne DDS posted:
|
|
#
¿
Jul 20, 2017 16:28
|
|
|
i approve of the dutch national police's new approach: https://twitter.com/musalbas/status/888129544170885121  
|
|
#
¿
Jul 20, 2017 21:22
|
|
|
mixture of write-once memory, challenge/response restricted memory and the restricted setting of the hardware itself so physical tampers aren't a real concern (re: cloning specifically)
|
|
#
¿
Jul 24, 2017 13:51
|
|
|
Subjunctive posted:what's the threat there?
|
|
#
¿
Jul 24, 2017 17:59
|
|
|
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-206-01quote:CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable of causing a denial of service (DoS) to Siemens SIPROTEC devices.
|
|
#
¿
Jul 25, 2017 19:41
|
|
|
lot of fuckups itt atm
|
|
#
¿
Jul 28, 2017 21:11
|
|
|
why would you go to defcon ever: https://twitter.com/JGamblin/status/890998008355069952 in what world is this groundbreaking research: https://twitter.com/threatresearch/status/890607598738694144 no real surprises though: https://twitter.com/ldmxcsr/status/891046114501173248 in other news: https://twitter.com/kaepora/status/890667846837161986
|
|
#
¿
Jul 28, 2017 23:48
|
|
|
we're still good for meeting up after your dinner plans right?
|
|
#
¿
Jul 30, 2017 04:34
|
|
|
yeah the best part is when they told microsoft who said it's not a security issue and wontfix
|
|
#
¿
Jul 30, 2017 20:49
|
|
|
well this certainly is a response to a security issue: https://beingwinsysadmin.blogspot.co.uk/2017/07/bug-windows-10-default-user-profile-is.html
|
|
#
¿
Jul 31, 2017 08:03
|
|
|
who was asking if i was going to defcon again
|
|
#
¿
Aug 3, 2017 18:06
|
|
|
|
| # ¿ Apr 28, 2024 19:58 |
|
|
spankmeister posted:Has to be something like that. Twitter is up in arms and saying that def con is forever over
|
|
#
¿
Aug 3, 2017 18:49
|
|