|
https://twitter.com/selenalarson/status/893179822473490433
|
#
¿
Aug 3, 2017 19:43
|
|
|
|
| # ¿ May 14, 2024 15:32 |
|
|
https://www.documentcloud.org/documents/3912524-Kronos-Indictment-R.html
|
|
#
¿
Aug 3, 2017 19:54
|
|
|
Jamsta posted:So he was fitted up, or commited a crime he thought everyone would forget. https://twitter.com/MalwareTechBlog/status/488373794168254464
|
|
#
¿
Aug 3, 2017 20:03
|
|
|
assuming brit/wisconsin combo how's the russian in this compared to native:
|
|
#
¿
Aug 3, 2017 20:31
|
|
|
yeah that's how everyone learns about rootkits though so i wouldn't read into that much e: interesting on the russian part, not that native russian would mean more than someone was paid to translate
|
|
#
¿
Aug 3, 2017 21:08
|
|
|
bicycle posted:https://twitter.com/jeremiahg/status/893206892901670912 https://twitter.com/MalwareTechBlog/status/398830021801811968 you come out with a defendant with an axe to grind. still i'd wait for evidence
|
|
#
¿
Aug 3, 2017 21:56
|
|
|
i've always been a fan of spinning up a vpn on a vps somewhere. your poo poo will be monitored after the fact but at least it isn't the vpn company itself (also cheaper)
|
|
#
¿
Aug 4, 2017 03:35
|
|
|
a bit more detail on the lnk vuln patched last month on windows ( https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464 ) https://www.kb.cert.org/vuls/id/824672 quote:Microsoft Windows automatically executes code specified in shortcut files
|
|
#
¿
Aug 4, 2017 13:31
|
|
|
Proteus Jones posted:I'm getting a real vibe of this guy said something stupid and sarcastic online= and the FBI is taking it at face value. maybe they have actual evidence though
|
|
#
¿
Aug 5, 2017 10:28
|
|
|
neat little bug in how windows handles TMI icons https://www.cybereason.com/labs-a-z...-special-icons/ https://www.youtube.com/watch?v=cF3sw80oBjY 
|
|
#
¿
Aug 5, 2017 14:44
|
|
|
Chris Knight posted:as if we didn't know already that the outline is garbage: https://theoutline.com/post/2054/the-wannacry-hacker-hero-was-spending-big-in-vegas-before-his-arrest
|
|
#
¿
Aug 5, 2017 21:30
|
|
|
i'm the signup page that also takes all your payment info in one stage
|
|
#
¿
Aug 6, 2017 01:50
|
|
|
i've found it, the dumbest opinion so far: https://cybersecpolitics.blogspot.co.uk/2017/08/the-killswitch-story-feels-like-bullshit.htmlquote:But let me float my and others initial feeling when MalwareTech got arrested: The "killswitch" story was clearly bullshit. What I think happened is that MalwareTech had something to do with Wannacry, and he knew about the killswitch, and when Wannacry started getting huge and causing massive amounts of damage (say, to the NHS of his own country) he freaked out and "found the killswitch". This is why he was so upset to be outed by the media.
|
|
#
¿
Aug 6, 2017 02:27
|
|
|
listen i'm just the messenger, what do you expect from me some sort of journalism?
|
|
#
¿
Aug 6, 2017 02:33
|
|
|
some fun quirks between win32 and nt apis https://googleprojectzero.blogspot.co.uk/2017/08/windows-exploitation-tricks-arbitrary.html
|
|
#
¿
Aug 8, 2017 17:59
|
|
|
the transcript for malwaretech's august 4th proceeding is up: https://www.documentcloud.org/documents/3923335-USA-v-Marcus-Hutchins-August-4-2017-Hearing.html there's a bunch of absurd parts in there, but crucially the prosecution's claiming there's another co-defendant at large conveniently excusing why kronos is still getting updates also the tale has now evolved to sold software that later became the malware
|
|
#
¿
Aug 11, 2017 19:41
|
|
|
ThePeavstenator posted:I could've walked to the courthouse he had an appearance in on Tuesday morning. If he's got any more dates coming up I might try to go and see it. http://www.wied.uscourts.gov/court-hearings-calendar posted:08/14/2017
|
|
#
¿
Aug 11, 2017 21:05
|
|
|
can't see where security patches aren't being handled properly, just that features are a/b tested for crashes. then again their wiki still thinks aurora exists so who knows what's happening
|
|
#
¿
Aug 12, 2017 18:46
|
|
|
so malwaretech update: - plead not guilty - the no internet access bail condition has been removed, now it's "don't touch that wannacry sinkhole" that's publicly known - wisconsin is no longer relevant re: jurisdiction given he'll reside in LA and has CA lawyers now - trial currently set in october, probably be moved back
|
|
#
¿
Aug 14, 2017 17:08
|
|
|
nice slip-up https://twitter.com/josephfcox/status/897796042317594624 https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html quote:Intriguingly, in the cyberattack during the Ukrainian election, what appears to have been a bungle by Channel 1, a Russian state television station, inadvertently implicated the government authorities in Moscow.
|
|
#
¿
Aug 16, 2017 14:44
|
|
|
ask ahmeni he's had 8 months head start
|
|
#
¿
Aug 17, 2017 16:00
|
|
|
Cocoa Crispies posted:run strings on it and see what pops out
|
|
#
¿
Aug 18, 2017 20:16
|
|
|
i'd put grub's 28 backspaces to root bug pretty high in such a list
|
|
#
¿
Aug 18, 2017 20:47
|
|
|
the newsbeuter's came through debian's security mailing list earlier but given it required bookmarking meh go find somewhere vaguely upstream and if they have a decent signal:noise security feed to trawl
|
|
#
¿
Aug 18, 2017 21:49
|
|
|
nice https://sso.godaddy.com expired 14th August 2017 and still not renewed e: and they fixed it between me posting and re-checking, or its one of the servers in rotation
|
|
#
¿
Aug 18, 2017 22:30
|
|
|
i'm glad them changing management again erasing all past attempts to hide changes in management
|
|
#
¿
Aug 19, 2017 23:18
|
|
|
mdl posted:surely the browser/ca forum is capable of vetting CAs, which, i would like to point out, account for far fewer heads total than a single CA has customers. you'd get more information if you didn't edit in your replies
|
|
#
¿
Aug 19, 2017 23:51
|
|
|
mdl posted:commercial pilots who crash a plane aren't generally given second chances. startcom/wosign flew their plane into the WTC of trust models. is the bar so low that nobody from CAB is even blinking at the notion that a closely affiliated company (and i am being generous) is allowed to simply "reapply"? if you have complaints about the trust model for CAs then go back to 2002 where there's people defending it
|
|
#
¿
Aug 20, 2017 00:01
|
|
|
mdl posted:the majority of verisign, dt, or belgian government employees have no relation or access to anything concerning the fact that they can act as trusted CAs.
|
|
#
¿
Aug 20, 2017 00:32
|
|
|
so that's a no then
|
|
#
¿
Aug 20, 2017 00:51
|
|
|
unfortunately i don't think that'd fit in the thread title
|
|
#
¿
Aug 20, 2017 01:01
|
|
|
really good in-depth read on virtualbox's attempts at hardening their usermode process to protect their lax kernel drivers and bypasses found then fixed: https://googleprojectzero.blogspot.co.uk/2017/08/bypassing-virtualbox-process-hardening.html i was going to read it thoroughly before posting but it's a very long read
|
|
#
¿
Aug 23, 2017 18:08
|
|
|
Last Chance posted:Google's design team, everyone. Raises all around.
|
|
#
¿
Aug 24, 2017 16:50
|
|
|
On Dumpster diving, this is my opinion. I used to be in the food industry, I dropped out of Culinary school, most of the "food rules" we have are extremely conservative which makes sense for liability reasons. I've found over the past couple years that in my experience as long as my body doesn't reject the food it's most likely safe to eat. I assume it's the same thing as listening to my intuition and that in the beginning it's hard to tell what your reaction to the food is, but the more aware I've become of how I am, the more reliable my judgement is.
|
|
#
¿
Aug 30, 2017 08:32
|
|
|
im Date & Time: August, 2017 (GMT)
|
|
#
¿
Aug 31, 2017 16:17
|
|
|
as fun as randomly poking at s3 buckets is i want to say you don't want to incur liability by providing tools to make processing them in bulk easier doesn't make the target painted on multiple researchers backs any smaller when they publicly disclose them mind you
|
|
#
¿
Sep 1, 2017 23:23
|
|
|
the jury's still out i will note that liability is also on the ability of clientele of s3 buckets for large data storage to swamp you in legal docs
|
|
#
¿
Sep 1, 2017 23:44
|
|
|
and yet look at all those s3 bucket disclosures with the named researcher behind a company that is v unlikely to be able to handle such a reaction
|
|
#
¿
Sep 1, 2017 23:47
|
|
|
i prefer 10m as my rule of thumb for lab-prepped recovery of ram data in an ideal scenario
|
|
#
¿
Sep 2, 2017 00:03
|
|
|
|
| # ¿ May 14, 2024 15:32 |
|
|
there's been practical examples pre-ddr4. haven't heard anything lately
|
|
#
¿
Sep 2, 2017 09:45
|
|