anthonypants posted:is the secfuck thread going to get gassed or shutdown for too much off-topic posting already? it's just barely on page 3 is it off topic posting, or social engineering?
|
|
# ¿ Jun 27, 2017 04:07 |
|
|
# ¿ Apr 29, 2024 01:21 |
spankmeister posted:good, gooood it also would fail to properly execute on XP, causing the computer to blue screen instead of becoming encrypted. seems like that happens in this one too: https://twitter.com/PolarToffee/status/879718578798436352 who knows how many people were saved by the accidental triggering of the kill switch in wannacry and thought that they weren't vulnerable as a result.
|
|
# ¿ Jun 27, 2017 17:11 |
spankmeister posted:It wasn't even meant to be a kill switch, we got really lucky with that one did they figure out what it was actually supposed to be? the whole wannacry worm seemed like someone hosed up and shipped a beta build.
|
|
# ¿ Jun 27, 2017 17:28 |
a lot of reports from people dealing with infections of Petya seem to talk about affected systems rebooting to the ransom screen nearly simultaneously. I wonder if there is some sort of coordination between infected systems to pull that off.
|
|
# ¿ Jun 27, 2017 18:24 |
doesn't it only spread via SMB? that's some level of containment. it probably jumped out of Ukraine on VPNs or that one computer in an organization that was used to do business in Ukraine and had the accounting software on it. if you want to get a bit Ukraine has basically become a live fire bombing range for Russian cyber weapons and "loving every company doing business with the Ukrainian government so people think twice about such associations in the future" would be kind of be a plus as far as the Russian government is concerned. on the other hand you would expect the government to not run the risk of hitting Rosneft.
|
|
# ¿ Jun 27, 2017 20:52 |
what the gently caress... https://twitter.com/0xAmit/status/879778335286452224 https://twitter.com/0xAmit/status/879789734469488642
|
|
# ¿ Jun 27, 2017 23:13 |
Ulf posted:thats great! see you all again in a month no you see this solved the problem forever and nothing bad will ever happen again.
|
|
# ¿ Jun 28, 2017 01:10 |
I just point the browser at proquest and go to town. institutional access owns.
|
|
# ¿ Jun 29, 2017 03:34 |
spankmeister posted:Malware Tech refutes this: even if the installation ID wasn't just a random number and was actually generated in a way that would allow decryption, the whole decryption payment method stinks. you have a well written customized piece of malware deployed in a sophisticated manner which combines multiple exploits and multiple payloads, and it relies on a single bitcoin address, the manual transcription of a huge installation ID which doesn't even avoid ambiguous characters, and email? there's a reason the ransomware industry standard procedure for payment is the creation of a per-machine bitcoin address with TOR being used to confirm payment and supply the decryption code automatically on payment. whoever designed this thing didn't care about being paid. their goals were pretty clearly primarily to get credentials, to cause damage and disruption in Ukraine, or both.
|
|
# ¿ Jun 29, 2017 13:07 |
this is a pretty good rundown of it with links to the posts of the various security researchers who found the issues: https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4
|
|
# ¿ Jun 29, 2017 13:54 |
suffix posted:seems sensible to milk the vuln it for what its worth while people still haven't updated the whole thing is probably intended as a demonstration of capabilities. there was a report not too long ago that the US has malware already in place to cripple Russia's networks on command, deployed in response to the election hacking. even just the deployment method is scary. how many random auto-updaters are there out there that might be vulnerable? all it would take is one computer somewhere running improperly configured or user-installed software and your entire company is hosed. Shifty Pony fucked around with this message at 21:53 on Jun 29, 2017 |
|
# ¿ Jun 29, 2017 21:28 |
wired has a story on it which isn't entirely awful. it goes over the pattern of the attacks starting out as largely manually executed against a particular system and then iterating until they are automated attacks based on modular tools which could be more easily adapted for use against other targets. if you dig a bit online about each of the incidents in the article there are usually a few blog posts by researchers.
|
|
# ¿ Jun 29, 2017 22:25 |
hah we haven't even gotten completely shifted over to a 60 day password rotation yet. in four years I look forward to not changing my password all the drat time. smart-card based 2fa works pretty great though and make my life so much easier.
|
|
# ¿ Jun 30, 2017 04:04 |
we have 60 day rotation and warning emails about passwords expiring start getting sent out at 15 days from expiration. 1/4 of my working days I get a password reminder email.
|
|
# ¿ Jun 30, 2017 04:34 |
FAT32 SHAMER posted:But enough about android never. android will forever be a source of security fuckery. or at least as long as the devices ship loaded with auto-updating un-deletable bloatware with permissions like this: quote:Peel Smart Remote TV Guide apparently after the most recent rounds of updates it uses the "draw over other apps" permission to cause full screen popup ads systemwide and send notifications even if people disable notifications. additionally it uses that permission combined with the "prevent the device from sleeping" and "power device on and off" permissions to effectively replace the device lockscreen with its own.
|
|
# ¿ Jul 7, 2017 15:18 |
mrmcd posted:Google literally has a (completely different) EU antitrust investigation going on right now because they tried to tell manufacturers and telcos they couldn't ship Android phones with 10 GB of crapware and security holes. idk, there's probably enough wiggle room for them to set up some sort of quarantine for all preinstalled apps until they are actually launched by the user. they would just have to include their own apps in it too.
|
|
# ¿ Jul 7, 2017 15:58 |
Volmarias posted:Several years ago, a feature was added to Android so that garbage preload apps could be uninstalled. Apps that are required for phone functionality (Dialer, Settings, etc) could have a flag set that would mark them as "critical" and thus not allowed to be uninstalled. and if they cracked down and actually applied standards for what is critical functionality the manufacturers would simply pool the dialer and settings app with the bloat apps into a single package such that the former depend on code from the latter for operation, similarly to how MS deeply integrated IE into windows. hobbesmaster posted:The antitrust concern is that google is using android to advance their advertising business and disallowing others from doing the same. almost as though vertical integration is a Pandora's Box of anticompetitive awfulness even when you tag but with the internet onto the end.
|
|
# ¿ Jul 7, 2017 17:36 |
ate all the Oreos posted:i wouldn't mind this so much if I could just put a stock install on the phone or whatever via a process that's not "download some skeevy poo poo from xda-forums" the latter is exactly what they do: you can't call your phone an android phone or include any google apps (including the play store framework) without signing into a huge largely secret device manufacturer agreement. the agreement ties all google apps together (so you can't install YouTube without also including Google Now) and mandates integration down to things like the google search bar being top center on the default home screen and having chrome be the default browser and be on the quick access bar. you might be thinking that maybe google doesn't want to include bloatware controls for fear of antitrust prosecution but they already do include bans on preinstalling particular app types in the agreement, they just only do so when the apps compete directly with google (they prohibit including any competing search bars for example). and the other terms of the agreement are much much worse than any app restrictions, with the real nasty bit being that it straight up prohibits an android manufacturer from making any device based on open source android code, even if they don't brand it as Android or include google apps. that's why Samsung made Tizen instead of just using AOSP. so in short google could probably make android less of a privacy and security nightmare but they apparently dgaf about anything past ensuring they get first crack at collecting user data.
|
|
# ¿ Jul 7, 2017 19:23 |
Powaqoatse posted:don't use floating points for money. pretty much my reaction as well. completely omitting the ability to use floats means someone had a moment of insight into the inevitability of some *coiner using them in a dumb way if they were present. it's like realizing that kids will be in the kitchen and taking away everything sharper than a silicone spatula. or, given the shitshow of the rest of the language... someone hosed up in a way that for once turned out to be good.
|
|
# ¿ Jul 20, 2017 11:56 |
edit: dammit slickest part imo: https://twitter.com/pwnallthethings/status/888060321365209088 crash the server with the arresting swat team ready to go and then send them in when you see him log in to reboot it so you know his personal system isn't powered down and encrypted.
|
|
# ¿ Jul 20, 2017 17:14 |
anthonypants posted:nfc isn't going to fail inside your body unless you are actually a mutant and grow callouses that block rf signals the ones used in pets and other animals last multiple decades. they also afaik are extremely simple inductively coupled devices with hard coded ID numbers and zero authentication. the inductive coupling makes it hard to overload and the simple data structure doesn't take a fancy chip that could be hiding fun security vulnerabilities. maskenfreiheit posted:I have a friend who's an employment nah. you can't even require employees to use biometrics like hard scanning for ID without running into religious discrimination issues. requiring an implant would be completely off limits.
|
|
# ¿ Jul 24, 2017 13:18 |
mrmcd posted:Get Global Entry. It comes with PreCheck which means you get to skip the pornoscanner, and go through the super fast line where you keep shoes on and don't unpack all your electronic poo poo. Also super fast through passport and customs coming back on international trips. I really should get this. my credit card covers the cost.
|
|
# ¿ Jul 25, 2017 13:23 |
burying the lede: quote:The second method of operation spotted by the Dark Web community involves so-called "locktime" files that were downloaded from the Hansa Market before Dutch authorities shut it down on July 20. I wonder if the image URL was unique so they could tie IP addresses to usernames.
|
|
# ¿ Jul 27, 2017 12:22 |
Powerful Two-Hander posted:there is an EU law coming in called GDPR that includes right to be forgotten and stuff and it is going to gently caress. poo poo. up. because good luck finding which of your 100 old rear end hosed up document stores with 800Pb of data has my personal information in it when i vindictively pull that on you when i leave. hopefully a few big companies get hosed by this and it serves as an effective counterweight to the vague promises about some future big data powered magical algorithm payoff that companies use to justify mindlessly collecting and storing everything possible about everyone.
|
|
# ¿ Jul 28, 2017 14:19 |
Chalks posted:The proposed legislation is absurd. It has the potential to require you to retroactively redact the email address of a customer stored in a PDF file inside a database, and every copy of that information, including offline tape backups. And you'll need any third party provider, regardless of their location, to be able to do the same. "sure people regularly get their lives utterly wrecked by our collected information getting into the hands of the wrong people, but have you considered that complying with this regulation would be really hard if we don't actually address the root cause of the problem in our industry's complete disregard for securing or even keeping track of where that sort of information is located?"
|
|
# ¿ Jul 28, 2017 16:11 |
French Canadian posted:Can you explain a bit more how this would apply to me clicking a shameful link? normally when your computer gets infected with malicious software the hacker is after your login and password because once they have that they can use it to log into other systems and either take the data they have or infect them to get more login information. but if you have a second authentication factor (for example you need to enter in a constantly changing code from a little keyfob in addition to your password whenever you log in) they can't do that. they are still able to access anything on your machine and (when you are logged into the network) anything your machine can access like network shares. that's where additional layers come into play: your machine should only have read access to what you need to do you job and write access to things you need to change often. ideally your machine and something valuable like the payroll database server shouldn't be able to even figure out that the other exists, the network infrastructure should simply drop every attempt at communications between the two while also alerting the admins that the attempt was made.
|
|
# ¿ Aug 6, 2017 03:45 |
gonadic io posted:let me tell you about row-hammering, where other users running in other vms on the same physical hardware can alter and read your data still loving amazing that someone managed to whip up a working reasonably high bitrate covert communications channel between vms using that sort of behavior in the CPU cache https://cmaurice.fr/pdf/ndss17_maurice.pdf
|
|
# ¿ Sep 11, 2017 14:47 |
BangersInMyKnickers posted:lol I got a Symantec platform health report back from my account rep and 70% of the "Virus Detections" in my network were from one misbehaving desktop who kept quarantining a bad .js file then detecting its own quarantine as bad and re-quarantining the file it it already had in an endless loop this product is such a clown show in college I had that happen on a pc I was working on, but it spawned a new window each time it detected the file and the entire screen just filled up with them until the computer hard froze (I imagine from lack of resources). made an awful sound too.
|
|
# ¿ Oct 10, 2017 02:55 |
here's a thought about the Kaspersky poo poo: the example being discussed is a single hop where the antivirus was on the machine with the target files. is it not also nearly a certainty that Russian intelligence used this as a starting point for much deeper infiltration? I was thinking that if you had the means and dedication of a state actor the antivirus network would be very useful as part of an operation to break into a secured system. Even if the secured system didn't have the antivirus it is likely that one of the software or hardware providers for the secured system would and you could use it to easily get source code for that software or firmware to find 0-days. or even worse you could potentially use the root access of the antivirus to place an exploit or even an air-gap jumping data collector like Stuxnet in a relatively difficult to notice manner. jfc what a nightmare.
|
|
# ¿ Oct 12, 2017 15:02 |
cinci zoo sniper posted:unrelated, but how would airgap exfil happen here? versions of the software on air gapped systems would hide data packets on the hand carried USB drives used to carry data/updates to or from the air gapped systems. then when that drive was attached to a system which was internet connected and also infected the data is gotten out using more traditional means. this is not some theoretical PoC either, it has been seen in the wild
|
|
# ¿ Oct 12, 2017 18:33 |
ThePeavstenator posted:my premium browser purchase why wouldn't you spring for the Gold version of Netscape 3.0?!
|
|
# ¿ Oct 22, 2017 16:04 |
Netscape also pushed hard to incorporate their own proprietary solutions to lock in developers and users because at the time everyone was crowing about how soon the OS and native applications wouldn't matter at all and everything would be via web browser. then whenever people decided to not use whatever they were pushing they came up with horrible performance and stability killing hack jobs to make Navigator "work" with whatever actually became standard. iirc a page which had the gall to use both tables and css would almost guarantee a crash. that was solvable by disabling css which was accomplished by disabling JavaScript (because the browser rendered css by translating css into JavaScript and executing that).
|
|
# ¿ Oct 22, 2017 20:03 |
mrmcd posted:what the gently caress I'm eating here dude. JavaScript based style sheets were almost a standard https://www.w3.org/Submission/1996/1/WD-jsss-960822
|
|
# ¿ Oct 22, 2017 20:55 |
Pikavangelist posted:i now hate the 90s it is really the only proper response to that decade in tech. also all other decades.
|
|
# ¿ Oct 23, 2017 03:14 |
pseudorandom name posted:presumably they feed the images into the child pornography recognition algorithm and just store the output in a different result set nah this is Facebook. they'll ban the account of the victim for uploading nudity in violation of the TOS.
|
|
# ¿ Nov 8, 2017 13:36 |
evil_bunnY posted:If you're laughing at this remember which timeline we're in, and also what twitter's currently doing. I was not joking. I fully expect people to get banned by trying to use this "feature". Space Skeleton posted:they were infected via stuff given away at a trade show for property managers and have reinfected themselves at least twice so far drat, that's kind of impressive and can't be a one man show. I'm not seeing any warnings in the real estate press about it either, I wonder how many have been infected and don't know it.
|
|
# ¿ Nov 8, 2017 15:45 |
jfc why would you put that root vulnerability into a public tweet?MALE SHOEGAZE posted:imagine the sinking feeling the programmer responsible for that bug is feeling right about now or anyone involved in the response. imagine seeing this whopper pop up on the bug tracker at 7:00 AM PST while most of the main team is probably en route to work. it would be legitimately interesting to see a timeline of how long this took to get to the response team.
|
|
# ¿ Nov 28, 2017 22:58 |
akadajet posted:because it's funny and now apple has to clean it up definitely don't disagree there. this is hilarious.
|
|
# ¿ Nov 28, 2017 23:18 |
Ciaphas posted:dangit qbitorrent is gonna be one isn't it all withers under the roving eye of Tavis. we'll be lucky if he doesn't find some way to cause the protocol itself to trigger remote execution
|
|
# ¿ Nov 29, 2017 15:46 |
|
|
# ¿ Apr 29, 2024 01:21 |
DrPossum posted:these are useful and lots of aparement complexes have their own version too a local apartment complex added those but you now have to pay a monthly fee to get any packages lol
|
|
# ¿ Dec 27, 2017 01:38 |