hate these ads?, log in or register to hide them
Page 30 of 30 FirstFirst ... 2027282930
Results 581 to 600 of 600

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #581
    Larkonis Trassler's Avatar
    Join Date
    April 9, 2011
    Location
    FEARLESS.
    Posts
    11,520
    Quote Originally Posted by Daneel Trevize View Post
    (I might have already ranted about this, but) Plusnet was doing that as of 2 months ago, with an update scheduled by May to make it so that the customer service employees also only see the chosen characters that the customer are to supply for that call session.
    Why store plaintext? Because they reuse the same web portal credentials for the actual modem connection, and can't figure out instead generating signed key pairs while shipping the hardware...

    Not that it matters, the routers probably have hardcoded backdoors, both in the home and the backbone network, because Cisco got caught with yet another one...

    Oh and every US phones' location was being leaked by some data broker.
    I often use rude words for secure stuff. I had a giggle from the rep when I rang experian after I forgot my password and he pulled up my memorable phrase. I just assumed he could see it all when he asked for the 2nd and 7th characters.


  2. #582
    Cosmin's Avatar
    Join Date
    March 14, 2012
    Location
    UK
    Posts
    5,876
    Quote Originally Posted by Itiken View Post
    All chips are fucked, mk IV:

    Variants 1 and 2 are known as Spectre (CVE-2017-5753, CVE-2017-5715), and variant 3 is Meltdown (CVE-2017-5754). Today, variant 4 (CVE-2018-3639) was disclosed by Microsoft and Google researchers.

    It affects modern out-of-order execution processor cores from Intel, AMD, and Arm, as well as IBM's Power 8, Power 9, and System z CPUs. Bear in mind, Arm cores are used the world over in smartphones, tablets, and embedded electronics.

    The fourth variant can be potentially exploited by script files running within a program such as JavaScript on a webpage in a browser tab to lift sensitive information out of other parts of the application such as personal details from another tab.
    https://www.theregister.co.uk/2018/0...rosoft_google/
    Honestly at this point in time I think banning JavaScript is easier than patching all the world chips out there.


    Sent from my iPhone using Tapatalk
    Guns make the news, science doesn't.

  3. #583

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,169
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by tulip View Post
    Request thread title be amended to include "Javascript>hardware".
    Request denied.
    sudo 'Request thread title be amended to include \"Javascript\>hardware\"\.'
    Please don't teach me what to do with my pc.

  4. #584
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    9,068
    Quote Originally Posted by Itiken View Post
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by tulip View Post
    Request thread title be amended to include "Javascript>hardware".
    Request denied.
    sudo 'Request thread title be amended to include \"Javascript\>hardware\"\.'
    Enter password for nordstern@fhc:
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  5. #585
    Shaikar's Avatar
    Join Date
    April 9, 2011
    Location
    Kador
    Posts
    2,219
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by Itiken View Post
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by tulip View Post
    Request thread title be amended to include "Javascript>hardware".
    Request denied.
    sudo 'Request thread title be amended to include \"Javascript\>hardware\"\.'
    Enter password for nordstern@fhc:
    hunter2

  6. #586
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    9,068
    Quote Originally Posted by Shaikar View Post
    Quote Originally Posted by Nordstern View Post
    Enter password for nordstern@fhc:
    hunter2
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  7. #587
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    3,088
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  8. #588
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,335
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  9. #589
    XenosisMk4's Avatar
    Join Date
    July 13, 2017
    Location
    More turbo-lightspeed neoliberal platitudes/virtue signaling/misplaced priorities on full display.
    Posts
    3,771
    Quote Originally Posted by Larkonis Trassler View Post
    Quote Originally Posted by Daneel Trevize View Post
    (I might have already ranted about this, but) Plusnet was doing that as of 2 months ago, with an update scheduled by May to make it so that the customer service employees also only see the chosen characters that the customer are to supply for that call session.
    Why store plaintext? Because they reuse the same web portal credentials for the actual modem connection, and can't figure out instead generating signed key pairs while shipping the hardware...

    Not that it matters, the routers probably have hardcoded backdoors, both in the home and the backbone network, because Cisco got caught with yet another one...

    Oh and every US phones' location was being leaked by some data broker.
    I often use rude words for secure stuff. I had a giggle from the rep when I rang experian after I forgot my password and he pulled up my memorable phrase. I just assumed he could see it all when he asked for the 2nd and 7th characters.
    I had a coworker badger me for an ex-employee's local account details this week, his password was "ClungePlunger5000"

    I'm very surprised that he's no longer with us.

  10. #590
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,494
    TBH that's at least hard to brute force...
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  11. #591
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,335
    Good news: we've turned generating & installing fresh OS images into a simple text file mechanism leveraging union filesystems, for trivially spinning up identical stateless systems whenever & whereever you need at minimal resource usage.
    You can also publish your customised images for others.

    Bad news: people are always going to be lazy and not audit their dependancies before trusting them with their credentials, data, etc.

    https://www.bleepingcomputer.com/new...om-docker-hub/
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  12. #592

    Join Date
    April 13, 2011
    Posts
    6,247
    Docker is an absolute fucking catastrophe for dependency and vulnerability management. I'm fairly convinced we'll look back in about five years on this particular phase of its lifecycle and think what the fuck were we doing. It's just so damned opaque.

  13. #593
    Donor halbarad's Avatar
    Join Date
    April 9, 2011
    Posts
    4,934
    Quote Originally Posted by elmicker View Post
    Docker is an absolute fucking catastrophe for dependency and vulnerability management. I'm fairly convinced we'll look back in about five years on this particular phase of its lifecycle and think what the fuck were we doing. It's just so damned opaque.
    But the "it works on my machine and now in prod" crowd will cry about that.

    Docker is certainly interesting tech but I see people trying to ram it into any situation that could use it without understanding anything about what it's doing. I know I don't understand that stuff and don't want to assume it's the perfect solution to a problem until I've researched how it will handle whatever I'm doing.

  14. #594
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,426
    The fucking Tapplock

    Pwn via unscrewing the back of it

    Pwn via BLE

    Pwn via api



    ~ you could purchase this alternative, which is held together by three standard hex head bolts and is invulnerable to everyone without a screw driver.

  15. #595
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    13,897
    Quote Originally Posted by Sparq View Post
    The fucking Tapplock

    Pwn via unscrewing the back of it

    Pwn via BLE

    Pwn via api



    ~ you could purchase this alternative, which is held together by three standard hex head bolts and is invulnerable to everyone without a screw driver.
    Your PWN via BLE video link is the wrong one, that's a tour of a PCB factory in China. It is an interesting video though.

    You meant to post this:

    nevar forget

  16. #596
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    9,068
    Semi-related: why you never buy Master locks.

    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  17. #597
    XenosisMk4's Avatar
    Join Date
    July 13, 2017
    Location
    More turbo-lightspeed neoliberal platitudes/virtue signaling/misplaced priorities on full display.
    Posts
    3,771
    don't most commercial saves have a "time to unlock" in the seconds now?

  18. #598

    Join Date
    April 13, 2011
    Posts
    6,247
    For cheap ones like what you see in a hotel there's almost certainly some quick way in. The fastest way into a good safe is still a fuckoff great big diamond core bit and a drill you don't mind trashing.

  19. #599
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    13,897
    Quote Originally Posted by elmicker View Post
    For cheap ones like what you see in a hotel there's almost certainly some quick way in. The fastest way into a good safe is still a fuckoff great big diamond core bit and a drill you don't mind trashing.
    Gun safe requirements in Germany as such that it's easier to haul off the safe than break into. However that means they need to move more than 200kg (if the safe is lighter than that, it needs to be bolted to the floor and wall).

    Locks like those in the video are however really trivial to pick or break.
    nevar forget

  20. #600
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,426
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Sparq View Post
    The fucking Tapplock

    Pwn via unscrewing the back of it

    Pwn via BLE

    Pwn via api



    ~ you could purchase this alternative, which is held together by three standard hex head bolts and is invulnerable to everyone without a screw driver.
    Your PWN via BLE video link is the wrong one, that's a tour of a PCB factory in China. It is an interesting video though.

    You meant to post this:

    weird, it's the same link when I quote you?

    There's also now a video for the Uervoton 'lock' I linked.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •