hate these ads?, log in or register to hide them
Page 57 of 58 FirstFirst ... 7475455565758 LastLast
Results 1,121 to 1,140 of 1144

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #1121
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,960
    Not sure. I mean, I agree that I admire the creativity and technical skill.

    The only real counter I can see right now is having the presence of mind to check the actual account name being displayed after/under the display name.

    There's a similar problem being increasingly reported in Australia at the moment to do with banks accused of failing to protect customers from billing scams by not checking account names.

  2. #1122
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,960
    Techcrunch: A 'Stalkerware' app leaked phone data from thousands of victims
    A spyware app designed to “monitor everything” on a victim’s phone has been secretly installed on thousands of phones.

    The app, KidsGuard, claims it can “access all the information” on a target device, including its real-time location, text messages, browser history, access to its photos, videos and app activities, and recordings of phone calls.

    But a misconfigured server meant the app was also spilling out the secretly uploaded contents of victims’ devices to the internet.

  3. #1123
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,271
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  4. #1124
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,678
    I mean, if you're a fucking retard and don't sanitise yours inputs/avoid buffer overflows, sure. How else is data being read becoming arbitrary code executed on a CPU?

    P.S. That was an article from 08.10.2017. Whenever that was, you terribly-formatted-datetime publishers...

    the translation from physical DNA to the digital format, known as FASTQ, that's used to store the DNA sequence. And when that FASTQ file is compressed with a common compression program known as fqzcomp ... it hacks that compression software with its buffer overflow exploit

    the attack was fully translated only about 37 percent of the time, since the sequencer's parallel processing often cut it short or—another hazard of writing code in a physical object—the program decoded it backward
    That's it, that's the story, non-computer scientists cobble together vulnerable code, news at 11.
    Last edited by Daneel Trevize; February 24 2020 at 08:42:12 AM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  5. #1125
    Keckers's Avatar
    Join Date
    July 31, 2012
    Posts
    20,729
    Article here: https://www.wired.com/story/malware-dna-hack/

    That's definitely the most sci fi shit I've read this year
    Look, the wages you withheld from the workmen who mowed your fields are crying out against you. The cries of the harvesters have reached the ears of the Lord of Hosts. You have lived on earth in luxury and self-indulgence. You have fattened yourselves for slaughter.

  6. #1126
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,271
    Older article, but another reason not to use Chrome: https://www.theregister.co.uk/2019/1...kable_tracker/
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  7. #1127
    Donor Spaztick's Avatar
    Join Date
    April 10, 2011
    Location
    No Longer up High Sierra's Ass
    Posts
    10,407
    Quote Originally Posted by Nordstern View Post
    Older article, but another reason not to use Chrome: https://www.theregister.co.uk/2019/1...kable_tracker/
    It makes me question the security of chrome derivatives like brave or dissenter as well.

  8. #1128

    Join Date
    May 31, 2011
    Posts
    5,046
    Irrelevant validation is irrelevant


  9. #1129
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    15,154
    Quote Originally Posted by Hel OWeen View Post
    Irrelevant validation is irrelevant

    Paypal claims it's been fixed. I would put equal blame on Mastercard as they provided the virtual cards. At least in my amateur opinion.

    Tapapapatalk

    Edit: Google is removing PayPal for contactless pay for some users.
    I wonder how people can use a mastercard online without a valid expiry date and cvc number.
    Last edited by Joe Appleby; February 26 2020 at 02:45:36 PM.
    nevar forget

  10. #1130

    Join Date
    May 31, 2011
    Posts
    5,046
    Quote Originally Posted by Joe Appleby View Post
    I would put equal blame on Mastercard as they provided the virtual cards. At least in my amateur opinion.
    [...]
    I wonder how people can use a mastercard online without a valid expiry date and cvc number.
    That's actually a good question you raise there: CVCs arent's supposed to be stored, but entered every time by the user.

    I've never done any programming against a CC's API, but the verfircation process could very well be:
    - Merchant (PayPal) collects card data from user
    - Merchant sends request about card to Mastercard
    - Mastercard returns all necessary card info (CVV, expiry date) back to the merchant
    - Merchant then has to compare the values provided by the customer to those of the card issuer. If they don't match, don't follow thru with the transaction

    In that case, it's not MasterCard's fault - the merchant simply failed the verification. This procedure would make sense btw, as the merchant would be the party involved that should know how to best handle a failed verification criteria, i.e. highlighting the field in question for the user with an according error message so that the user might correct it. None of this is Mastercard's business.

    But I am assuming here.

  11. #1131
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,678
    Meanwhile, keep layering that security, people. https://arstechnica.com/information-...-eavesdroppng/
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  12. #1132
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,271
    Quote Originally Posted by Daneel Trevize View Post
    Meanwhile, keep layering that security, people. https://arstechnica.com/information-...-eavesdroppng/
    Oof. I helped make those chips.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  13. #1133
    rufuske's Avatar
    Join Date
    April 9, 2011
    Posts
    2,802
    Quote Originally Posted by Hel OWeen View Post
    Quote Originally Posted by Joe Appleby View Post
    I would put equal blame on Mastercard as they provided the virtual cards. At least in my amateur opinion.
    [...]
    I wonder how people can use a mastercard online without a valid expiry date and cvc number.
    That's actually a good question you raise there: CVCs arent's supposed to be stored, but entered every time by the user.

    I've never done any programming against a CC's API, but the verfircation process could very well be:
    - Merchant (PayPal) collects card data from user
    - Merchant sends request about card to Mastercard
    - Mastercard returns all necessary card info (CVV, expiry date) back to the merchant
    - Merchant then has to compare the values provided by the customer to those of the card issuer. If they don't match, don't follow thru with the transaction

    In that case, it's not MasterCard's fault - the merchant simply failed the verification. This procedure would make sense btw, as the merchant would be the party involved that should know how to best handle a failed verification criteria, i.e. highlighting the field in question for the user with an according error message so that the user might correct it. None of this is Mastercard's business.

    But I am assuming here.
    Wrong, I do it all the time. Verifone, Cybersource, Paypal, Paypal express blah blah you name it. You don't verify anything on your side, there's literally nothing on your side in case of cybersource as it's all either in their iframe or script loaded from them. All authorization/capture validations happen on their side and you're only supposed to handle errors resulting from it. By the looks of it someone accidentally deployed sandbox/test env code on production as those exact validations are turned off there or forgot to flip the notTestEnv feature switch.

  14. #1134

    Join Date
    May 31, 2011
    Posts
    5,046
    Thanks, rufuske.

    I appretiated both the correction and the insight on how this actually work.

  15. #1135
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    15,154
    So Mastercard fucked up for allowing test data to be used in a production environment?

    Because the attack is guessing a random mastercard card number and using that in other stores. The virtual card within Google Pay is not available to the user through Pay Pal nor Google Pay for anything outside of NFC payments. As a user you don't see the card number except the last four digits.

    I used it until this breach, but I wasn't affected. I will use it again once it's been actually fixed. My local branch of my bank (a local Sparkasse for the Germans) doesn't offer NFC payments through their app and I don't use my credit card from another bank at all to make that switch.

    Tapapapatalk
    nevar forget

  16. #1136

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,897
    More intel CPU problems: It seems the root TPM keys are compromisable.
    "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
    https://www.theregister.co.uk/2020/0...tel_csme_flaw/

    Joy.
    Please don't teach me what to do with my pc.

  17. #1137
    Donor Spaztick's Avatar
    Join Date
    April 10, 2011
    Location
    No Longer up High Sierra's Ass
    Posts
    10,407
    One of the first things it does is set up memory protections on its own built-in RAM so that other hardware and software can't interfere with it. However, these protections are disabled by default,
    nice one intel

  18. #1138
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,271
    I'm betting the timing window will be too small to attack it remotely, so a local attack would be necessary.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  19. #1139

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,897
    Roses are red
    Water is wet
    Cars are full of horrible vulnerabilities
    Poem.

    The researchers developed their technique by buying a collection of immobilizers' electronic control units from eBay and reverse-engineering the firmware to analyze how they communicated with key fobs. They often found it far too easy to crack the secret value that Texas Instruments DST80 encryption used for authentication. The problem lies not in DST80 itself but in how the carmakers implemented it: The Toyota fobs' cryptographic key was based on their serial number, for instance, and also openly transmitted that serial number when scanned with an RFID reader. And Kia and Hyundai key fobs used 24 bits of randomness rather than the 80 bits that the DST80 offers, making their secret values easy to guess. "That's a blunder," says Garcia. "Twenty-four bits is a couple of milliseconds on a laptop."
    https://arstechnica.com/cars/2020/03...-and-kia-keys/
    Please don't teach me what to do with my pc.

  20. #1140
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,271
    AMD potentially has new vulnerabilities.

    https://www.tomshardware.com/news/ne...n-architecture
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •