hate these ads?, log in or register to hide them
Page 58 of 58 FirstFirst ... 84855565758
Results 1,141 to 1,160 of 1160

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #1141
    Mashie Saldana's Avatar
    Join Date
    April 10, 2011
    Location
    Peterborough, UK
    Posts
    1,214
    Quote Originally Posted by Nordstern View Post
    AMD potentially has new vulnerabilities.

    https://www.tomshardware.com/news/ne...n-architecture
    That is already fixed on the current generation AMD CPU's. But hey, at least Intel are trying hard to find something to use as negative marketing towards AMD :

    https://twitter.com/Cmoney_319/statu...78894253473797



    And just for the fun of it, another Intel hole that can't even be patched as the broken code is read only:

    https://arstechnica.com/information-...ats-unfixable/

    That flaw isn't that terrible from a hacking point of view but very handy for those that need to bypass DRM restrictions now and then.
    How to tell the difference between Machine Learning and AI:
    If it is written in Python it is most likely Machine Learning.
    If it is written in PowerPoint it is most likely AI.

  2. #1142

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    7,048
    lol "it's a conspiracy" fuck off and read the twitter thread you posted.
    Please don't teach me what to do with my pc.

  3. #1143
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,785
    Another day, another Intel security flaw.

    https://www.zdnet.com/article/intel-...w-lvi-attacks/
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  4. #1144
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,785
    And, another day, another 'Antivirus is shit' example

    https://github.com/taviso/avscript
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  5. #1145

    Join Date
    May 31, 2011
    Posts
    5,325
    Good article about alternative authenticator apps. I was looking for an alternative to Google Authenticator for quite some time now, especially one that is easier to backup/restore. This one mentions a couple that allow multiple devices. Bonus points for also detailing the risks involved with this.

    https://arstechnica.com/information-...-dont-have-to/

  6. #1146

    Join Date
    May 31, 2011
    Posts
    5,325
    Why oh why don't these people put their obvious creativity and efforts into something good.

    The PowerShell script reaches out to either imgur.com or imgbox.com and downloads an image that has malicious code hidden inside the pixels through a technique called steganography. The data is encoded by the Base64 algorithm, encrypted with an RSA key, and then Base64-encoded again. In a clever move, the script contains an intentional error in its code. The resulting error message that’s returned—which is different for each language pack installed on the OS—is the decryption key.
    https://arstechnica.com/information-...ustrial-firms/

  7. #1147
    Mashie Saldana's Avatar
    Join Date
    April 10, 2011
    Location
    Peterborough, UK
    Posts
    1,214
    Quote Originally Posted by Hel OWeen View Post
    Why oh why don't these people put their obvious creativity and efforts into something good.

    The PowerShell script reaches out to either imgur.com or imgbox.com and downloads an image that has malicious code hidden inside the pixels through a technique called steganography. The data is encoded by the Base64 algorithm, encrypted with an RSA key, and then Base64-encoded again. In a clever move, the script contains an intentional error in its code. The resulting error message that’s returned—which is different for each language pack installed on the OS—is the decryption key.
    https://arstechnica.com/information-...ustrial-firms/
    Good is probably not as well paid.

    Very clever approach but not good enough as it got detected.
    How to tell the difference between Machine Learning and AI:
    If it is written in Python it is most likely Machine Learning.
    If it is written in PowerPoint it is most likely AI.

  8. #1148

    Join Date
    May 31, 2011
    Posts
    5,325
    Quote Originally Posted by Mashie Saldana View Post
    Quote Originally Posted by Hel OWeen View Post
    Why oh why don't these people put their obvious creativity and efforts into something good.

    The PowerShell script reaches out to either imgur.com or imgbox.com and downloads an image that has malicious code hidden inside the pixels through a technique called steganography. The data is encoded by the Base64 algorithm, encrypted with an RSA key, and then Base64-encoded again. In a clever move, the script contains an intentional error in its code. The resulting error message that’s returned—which is different for each language pack installed on the OS—is the decryption key.
    https://arstechnica.com/information-...ustrial-firms/
    Good is probably not as well paid.

    Very clever approach but not good enough as it got detected.
    It isn't mentioned anywhere how it got detected, but I suspect it being some kind of by-catch caught by some regular automation, e.g. uploads to VirusTotal, own honeypots.

    It's an Office document with macros after all, so I'd suspect those being paid closer attention to.

  9. #1149

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    7,048
    Monthly reminder to patch your shit: https://portal.msrc.microsoft.com/en.../CVE-2020-1350

    TLDR: all windows DNS servers have had a remote admin vulnerability for 10 years.

    Then again, if you are a server admin, and you don't insta-patch your DC's these days, well good luck to ya!
    Please don't teach me what to do with my pc.

  10. #1150

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    7,048
    And today in "lol wtf"

    Want to send a push notification to every fucking android device on the planet ? Sure, here are the keys....
    https://cybernews.com/security/expos...notifications/
    https://abss.me/posts/fcm-takeover/

    It seems google changed some of their keys, but not all. Teams is beign hit today with random notifications everywhere.
    It's being weaponized right now JOY!
    Please don't teach me what to do with my pc.

  11. #1151

    Join Date
    May 31, 2011
    Posts
    5,325
    That's actually not a bad idea.


  12. #1152
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,922
    Quote Originally Posted by Hel OWeen View Post
    That's actually not a bad idea.

    Did the vendor sanitize their database inputs?
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  13. #1153
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    10,025
    Windows XP source leaked today. Not a big deal... unless you're an ATM or embedded medical device.

  14. #1154
    Super Moderator DonorGlobal Moderator whispous's Avatar
    Join Date
    April 9, 2011
    Location
    Mails Tegg > пошел ты на хуй
    Posts
    4,854
    Quote Originally Posted by Sparq View Post
    Windows XP source leaked today. Not a big deal... unless you're an ATM or embedded medical device.
    So what if I AM an ATM

  15. #1155
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,922
    Quote Originally Posted by Sparq View Post
    Windows XP source leaked today. Not a big deal... unless you're an ATM or embedded medical device.
    Or a point-of-sale terminal. Or an industrial controller.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  16. #1156
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    10,025
    So I've since read it may not have been the whole of the source, but it was quite a chunk.

    BTW apparently there was a nation-wide (US) cyber attack on the UHS Hospital chain

    Twitter link for details:


  17. #1157
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    10,025
    Update on UHS ransom

    Updated Monday, October 5, 2020, 12:30 PM ET Universal Health Services (UHS) is pleased to confirm substantial progress toward restoration of online operations across all UHS IT Networks. The company experienced a cyberattack early Sunday morning, September 27, 2020, at which time UHS IT quickly disconnected all systems and shut down the network in order to prevent further propagation.

    The UHS IT Network has been restored and applications are in the process of being reconnected. The recovery process has been completed for all servers at the corporate data center and connectivity has been re-established for all U.S.-based inpatient facilities. Our major information systems such as the electronic medical record (EMR) were not directly impacted; we are in the process of restoring connections to these systems and back-loading data from the past week. More than half of our Acute Care hospitals are live already or scheduled to be live by the end of today. UHS has deployed a significant number of IT and clinical resources to the hospitals, to support the resumption of online operations. The go-lives will continue on a rolling basis; in the meantime, those working toward go-live are continuing to use their established back-up processes including offline documentation methods.

    All patient safety protocols remain in effect and patient care continues to be delivered safely and effectively at our facilities across the country. As we conduct our IT remediation work, we continue to have no indication that any patient or employee data has been accessed, copied or misused. As previously stated, the company's U.K. operations were not impacted.
    anyway, here's something cool:


  18. #1158
    Donor Spaztick's Avatar
    Join Date
    April 10, 2011
    Location
    No Longer up High Sierra's Ass
    Posts
    10,685
    What happens when anon finds out you can commit voter fraud because security is terrible: you post about it on pol.

    >oregon (now WA and more) has had huge delays in their voter ballots for the presidency getting out with majority still not having one
    >it's one of the few states that has 100% mail in balloting
    >the voter system online is so insecure that if you know someone's name and DOB you can change their registration
    >anon in another thread enters his friends information and realizes
    >he can change who he voted for
    >these can be changed, printed off, and dropped off at any courthouse with NO ID REQUIRED AT ANY STAGE
    >this is one of the easiest ways to tamper with an election ever conceived
    >if the dems use this they can make every person who has ever registered in oregon as a vote for the dem candidate

    AAAAAAAAAAAAAAH
    SOMEONE NEEDS TO FIX THIS SHIT NOW

    this IS HAPPENING IN OTHER STATES
    >Ok I just logged into the washington state system for my ex wife, not only can i submit a ballot for her, but by even STARTING the process it cancels her other ballots. So if she orders a ballot, fills it out and sends it in THEN i start the online process even if I stop it and never file it CANCELS her ballot she thinks counts. THIS IS MASSIVE.

    RELATED SINCE ALL THEY NEED IS INFO
    https://www.oregonlive.com/news/2020...onal-data.html

    this should be obvious but
    [WE'RE NOT CHANGING ANYTHING WE'RE EXPOSING THE WEAKNESS DON'T COMIT VOTER FRUAD]

  19. #1159

    Join Date
    April 12, 2011
    Posts
    2,793
    Considering US states have been hilariously unresponsive to security concerns about electronic voting, I'm actually sympathetic to the idea of broadcasting the vulnerabilities as wide as possible in order to force a response.

  20. #1160
    Keckers's Avatar
    Join Date
    July 31, 2012
    Posts
    22,039
    Quote Originally Posted by El Capitano View Post
    Considering US states have been hilariously unresponsive to security concerns about electronic voting, I'm actually sympathetic to the idea of broadcasting the vulnerabilities as wide as possible in order to force a response.
    It's very bold of you to assume the least worst outcome in 2020. If anything they'll use it to justify removing democracy.
    Look, the wages you withheld from the workmen who mowed your fields are crying out against you. The cries of the harvesters have reached the ears of the Lord of Hosts. You have lived on earth in luxury and self-indulgence. You have fattened yourselves for slaughter.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •