hate these ads?, log in or register to hide them
Page 12 of 30 FirstFirst ... 2910111213141522 ... LastLast
Results 221 to 240 of 600

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #221
    Cosmin's Avatar
    Join Date
    March 14, 2012
    Location
    UK
    Posts
    5,888
    Quote Originally Posted by Aea View Post
    Yeah that’s because you’ve got one router. Not dozens or hundreds over various buildings.


    Sent from my iPhone using Tapatalk
    I'm not sure if I get this right, but can't you just VPN into the network with that specific router and fix it or just reboot it by calling somebody in that building after you identify that's the issue?

    Idk, but exposing a firewall management interface to the whole www seems dumb to me (again, I'm not an IT professional).
    Guns make the news, science doesn't.

  2. #222

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,183
    We noticed a load of odd traffic last week going through our web filters.
    Hundreds upon hundreds of thousands of requests to BING using random 6 character extensions eg www.bing.com/xhg65s . Only on the mobile wireless networks though.

    Support got back to us today saying it's some 'new' of vpn enterprising students seem to have found. A new way through our filters and blocks which, it looks like, may have been working for a few weeks. Little fuckers
    Trying to look around the internet for any kind of information is an exercise in futility though.
    Please don't teach me what to do with my pc.

  3. #223
    Donor halbarad's Avatar
    Join Date
    April 9, 2011
    Posts
    4,940
    Block Bing? Nothing of value will be lost anyway.

  4. #224
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    13,915
    Quote Originally Posted by Itiken View Post
    We noticed a load of odd traffic last week going through our web filters.
    Hundreds upon hundreds of thousands of requests to BING using random 6 character extensions eg www.bing.com/xhg65s . Only on the mobile wireless networks though.

    Support got back to us today saying it's some 'new' of vpn enterprising students seem to have found. A new way through our filters and blocks which, it looks like, may have been working for a few weeks. Little fuckers
    Trying to look around the internet for any kind of information is an exercise in futility though.
    My students feel clever when they circumvent our filter by using Google translate.
    Yes, our filter is that weak but it's not my problem really, it's run by the education department on the state level iirc. Not that it would matter, our computers grab new images after each boot and our students are never unsupervised anyway.

    Tapapapatalk
    nevar forget

  5. #225

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,183
    Quote Originally Posted by halbarad View Post
    Block Bing? Nothing of value will be lost anyway.
    Regex blocked the traffic now, but i'm just curious to find the exact app/ phone vpn that's causing it.
    Please don't teach me what to do with my pc.

  6. #226
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,521
    Quote Originally Posted by Cosmin View Post
    Quote Originally Posted by Aea View Post
    Yeah that’s because you’ve got one router. Not dozens or hundreds over various buildings.


    Sent from my iPhone using Tapatalk
    I'm not sure if I get this right, but can't you just VPN into the network with that specific router and fix it or just reboot it by calling somebody in that building after you identify that's the issue?

    Idk, but exposing a firewall management interface to the whole www seems dumb to me (again, I'm not an IT professional).
    You can... It comes down to convenience really.. If the VPN to that site is down its the quick and easy backup to get it all back up again.. In reality the number of times it would get used are probably so small you would actually forget it was enabled when you needed it, so yeah, not something I would ever set. If you REALLY need a backup solution to get in to the site if the primary VPN went down then there are solutions to this that don't compromise your security (heck, even a modem to dial in too works still).
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  7. #227
    Keckers's Avatar
    Join Date
    July 31, 2012
    Posts
    16,260
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Itiken View Post
    We noticed a load of odd traffic last week going through our web filters.
    Hundreds upon hundreds of thousands of requests to BING using random 6 character extensions eg www.bing.com/xhg65s . Only on the mobile wireless networks though.

    Support got back to us today saying it's some 'new' of vpn enterprising students seem to have found. A new way through our filters and blocks which, it looks like, may have been working for a few weeks. Little fuckers
    Trying to look around the internet for any kind of information is an exercise in futility though.
    My students feel clever when they circumvent our filter by using Google translate.
    Yes, our filter is that weak but it's not my problem really, it's run by the education department on the state level iirc. Not that it would matter, our computers grab new images after each boot and our students are never unsupervised anyway.

    Tapapapatalk
    We used to be able to beat the school filter by replacing http with https back in the day.

    We were also able to use an interesting permissions escalation exploit with .wmv file copies to view all the school's financial records and stuff. Unsurprisingly the friend of mine who discovered that is now a network security consultant.
    Quote Originally Posted by Paul Mason
    It is absurd that we are capable of witnessing a 40,000 year old system of gender oppression begin to dissolve before our eyes yet still see the abolition of a 200 year old economic system as an unrealistic utopia.

  8. #228
    tulip's Avatar
    Join Date
    April 11, 2011
    Posts
    2,042
    Quote Originally Posted by Keckers View Post
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Itiken View Post
    We noticed a load of odd traffic last week going through our web filters.
    Hundreds upon hundreds of thousands of requests to BING using random 6 character extensions eg www.bing.com/xhg65s . Only on the mobile wireless networks though.

    Support got back to us today saying it's some 'new' of vpn enterprising students seem to have found. A new way through our filters and blocks which, it looks like, may have been working for a few weeks. Little fuckers
    Trying to look around the internet for any kind of information is an exercise in futility though.
    My students feel clever when they circumvent our filter by using Google translate.
    Yes, our filter is that weak but it's not my problem really, it's run by the education department on the state level iirc. Not that it would matter, our computers grab new images after each boot and our students are never unsupervised anyway.

    Tapapapatalk
    We used to be able to beat the school filter by replacing http with https back in the day.

    We were also able to use an interesting permissions escalation exploit with .wmv file copies to view all the school's financial records and stuff. Unsurprisingly the friend of mine who discovered that is now a network security consultant.
    First thing they did with us was simply remove access to all the programs that could access the internet on our instances. We spent a long time just creating hyperlinks in MS word which merrily ignored all the restrictions they placed because default settings in MS word>permission settings in their environment, simple but effective, doubt it would work these days.
    Quote Originally Posted by Tarminic View Post
    Just for the record, "sending a needy text" is never the right answer.

  9. #229
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    13,915
    Quote Originally Posted by Keckers View Post
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Itiken View Post
    We noticed a load of odd traffic last week going through our web filters.
    Hundreds upon hundreds of thousands of requests to BING using random 6 character extensions eg www.bing.com/xhg65s . Only on the mobile wireless networks though.

    Support got back to us today saying it's some 'new' of vpn enterprising students seem to have found. A new way through our filters and blocks which, it looks like, may have been working for a few weeks. Little fuckers
    Trying to look around the internet for any kind of information is an exercise in futility though.
    My students feel clever when they circumvent our filter by using Google translate.
    Yes, our filter is that weak but it's not my problem really, it's run by the education department on the state level iirc. Not that it would matter, our computers grab new images after each boot and our students are never unsupervised anyway.

    Tapapapatalk
    We used to be able to beat the school filter by replacing http with https back in the day.

    We were also able to use an interesting permissions escalation exploit with .wmv file copies to view all the school's financial records and stuff. Unsurprisingly the friend of mine who discovered that is now a network security consultant.
    We run two separate networks afaik to prevent exactly that. Only the principal and the vice principals have access to the second one.
    And we don't really have financial records as we don't run our own budget. We declare what we want to do with our budget and then the school department approves each individual expense or not.

    Tapapapatalk
    nevar forget

  10. #230

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,183
    ah, that's why we pay these people for proper support.

    X-VPN appears to be a highly evasive application leveraging usually open ports for tunneling purposes, it has fall back methods if certain ports are blocked:
    TCP8080
    FTP 20 and 21
    TCP Port Ranges 20020 -> 20030
    UDP Ports 31000 upwards
    NTP Port 123
    DNS Port 53
    HTTP Port 80
    SMTP Port 25
    TLS port 443

    From testing with X-VPN on iOS I have seen the following:

    The VPN payload points to the loop back, then the Application proxies out on TCP port 8080.
    If TCP port 8080 is blocked this it attempts to connect out on FTP ports 20 and 21.
    If TCP ports 20 and 21 are blocked then it attempts to connect out on TCP port ranges 20020 -> 20030.
    If TCP port range 20020 -> 20030 is blocked then it attempts to connect out over UDP ports 31000 upwards.
    If UDP ports 31000 -> 31030 are blocked then it attempts to connect out over NTP port 123.
    If UDP port 123 is blocked then it attempts to connect out on DNS port 53.

    If UDP port 53 is blocked then it attempts to connect out to www.bing.com and www.interconnect.com on various destination IP addresses, this continually occurs with a randomly generated 6 char long string(www.bing.com/p3r4sh- www.interconnect.com/9s8evn).
    None of the IP addresses that are contacted resolve to either www.bing.com or www.interconnect.com this would indicate some host header spoofing technique. Each http request generated is a post request, example header below: "Destination IP 149.14.224.138 "


    POST /gavkvf HTTP/1.1
    Host: www.bing.com
    Connection: keep-alive
    Cache-Control: max-age=0
    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en
    Content-Length: 61
    Hash=%p.:.67I#.].......:3.>.
    =c.......G.K>F....c.[[....<.k
    `.v..!POST /fzy89u HTTP/1.1



    If a block list entry is built to block "www.bing.com" and "www.interconnect.com" then it attempts to connect out on SMTP port 25.
    If TCP port 25 is blocked then it attempts to connect out over TLS port 443.


    Some of the distinct destination IP addresses I have found used are :
    103.251.109.112
    104.238.146.56
    104.238.149.93
    104.238.154.84
    104.238.165.168
    107.170.192.9
    107.191.63.81
    107.21.29.187
    107.21.8.103
    107.23.27.174
    108.61.123.180
    108.61.192.141
    108.61.207.92
    108.61.229.163
    108.61.242.76
    108.61.247.217
    108.61.84.58
    128.199.137.86
    128.199.187.239
    128.199.210.231
    138.197.139.202
    138.197.142.156
    138.197.143.166
    138.197.156.24
    138.197.161.217
    138.197.9.198
    138.68.163.46
    138.68.169.195
    138.68.184.191
    139.59.151.97
    139.59.252.173
    146.185.157.221
    149.14.159.58
    149.14.159.66
    149.14.224.130
    149.14.224.138
    149.14.241.34
    149.6.163.82
    149.6.163.90
    159.203.167.177
    159.203.2.81
    159.203.67.203
    159.89.143.4
    159.89.198.93
    165.227.203.93
    165.227.206.45
    165.227.211.188
    165.227.224.250
    165.227.226.81
    165.227.232.248
    165.227.40.117
    165.227.42.228
    165.227.42.229
    169.56.96.167
    169.56.96.168
    169.56.96.169
    169.56.96.170
    169.56.96.174
    169.57.64.178
    169.57.64.184
    169.57.64.189
    173.199.70.233
    174.138.16.84
    174.138.42.203
    178.62.198.214
    178.62.76.225
    178.62.86.245
    185.55.218.243
    188.166.177.175
    188.226.139.23
    188.226.152.184
    188.226.156.178
    188.226.189.46
    198.13.45.51
    198.199.121.16
    198.199.70.79
    198.199.96.249
    207.154.236.104
    207.154.247.171
    207.246.105.107
    207.246.106.98
    207.246.70.107
    207.246.84.114
    207.246.84.133
    207.246.88.111
    209.250.232.189
    209.250.232.62
    209.250.233.0
    209.250.233.18
    209.250.233.97
    217.170.205.123
    217.170.207.103
    34.194.253.174
    34.195.146.49
    34.196.179.92
    34.199.191.93
    34.203.58.14
    34.230.116.55
    34.230.130.74
    34.230.223.214
    34.232.131.58
    34.233.171.8
    34.234.224.56
    34.236.215.177
    34.237.202.235
    34.237.208.79
    34.237.64.93
    34.238.36.90
    38.142.216.218
    38.88.191.74
    45.32.103.136
    45.32.123.202
    45.32.129.114
    45.32.146.112
    45.32.148.9
    45.32.150.232
    45.32.167.129
    45.32.192.128
    45.32.193.148
    45.32.202.119
    45.32.205.145
    45.32.214.65
    45.55.17.199
    45.55.18.63
    45.63.17.126
    45.63.64.121
    45.63.68.126
    45.63.74.140
    45.63.76.100
    45.76.116.7
    45.76.125.84
    45.76.177.83
    45.76.179.80
    45.76.229.205
    45.76.230.145
    45.76.232.171
    45.76.236.57
    45.76.240.64
    45.76.243.126
    45.76.255.134
    45.76.255.149
    45.76.255.72
    45.76.47.136
    45.76.52.67
    45.76.56.87
    45.76.57.231
    45.76.59.199
    45.76.97.144
    45.77.1.67
    45.77.116.208
    45.77.117.22
    45.77.120.226
    45.77.123.52
    45.77.174.30
    45.77.189.153
    45.77.190.60
    45.77.191.54
    45.77.214.77
    45.77.253.71
    45.77.34.149
    45.77.61.136
    45.77.61.153
    45.77.62.236
    45.77.78.41
    45.77.92.225
    46.101.11.137
    46.101.246.90
    46.101.249.229
    46.101.55.85
    52.0.88.153
    52.2.143.20
    52.203.135.178
    52.205.153.107
    52.206.135.203
    52.21.49.141
    52.22.148.140
    52.22.214.172
    52.3.69.1
    52.54.1.36
    52.6.131.163
    52.6.216.121
    54.175.43.49
    54.209.126.172
    54.210.102.208
    54.210.232.167
    54.85.129.90
    66.55.159.21
    103.253.147.113
    104.238.146.56
    104.238.149.93
    104.238.154.84
    104.238.157.200
    104.238.165.168
    107.170.192.9
    107.191.63.81
    108.61.123.180
    108.61.192.141
    108.61.207.92
    108.61.229.163
    108.61.242.76
    108.61.247.217
    108.61.251.113
    108.61.84.58
    128.199.137.86
    128.199.187.239
    128.199.210.231
    138.197.139.202
    138.197.142.156
    138.197.143.166
    138.197.156.24
    138.197.161.217
    138.197.221.132
    138.197.9.198
    138.68.163.46
    138.68.169.195
    138.68.184.191
    138.68.230.226
    138.68.68.20
    139.59.151.97
    139.59.252.173
    146.185.157.221
    149.14.159.58
    149.14.159.66
    149.14.224.130
    149.14.224.138
    149.14.241.34
    149.6.163.82
    149.6.163.90
    159.203.167.177
    159.203.2.81
    159.203.67.203
    159.89.134.137
    159.89.143.4
    159.89.198.93
    165.227.145.211
    165.227.203.93
    165.227.206.45
    165.227.211.188
    165.227.224.250
    165.227.226.81
    165.227.232.248


    During initialisation we see the below destinations contacted in the clear, assuming these are used for server list updates:
    8v9m.com/clientapi
    130.211.50.202/clientapi
    not fucking bad for an iOS package. i didn't know you could do half this stuff on iOS.
    Please don't teach me what to do with my pc.

  11. #231
    Cosmin's Avatar
    Join Date
    March 14, 2012
    Location
    UK
    Posts
    5,888
    Itiken, some more details at what we're looking there? ^^


    Sent from my iPhone using Tapatalk
    Guns make the news, science doesn't.

  12. #232

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,183
    it's a mobile app called X-VPN that dodges around firewalls & content filters.
    Essentially for "freedom".

    Sorry. Dodged
    I'm more concerned about the amount of logs it generates on the college content filter.
    Last edited by Itiken; December 22 2017 at 05:04:32 PM.
    Please don't teach me what to do with my pc.

  13. #233

    Join Date
    May 31, 2011
    Posts
    3,884
    Honest question: why filter at all?

    It's a bit like DRM: for those seriously trying to circumvent it, there's most lilely a way. And for Jane/John Doe users, it's an annoyance, which most likely blocks more legit results than what the filters where set up for in the first place.

    That's at least my (limited) experience with (administrating/implementing) (web content) filters.

  14. #234
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    13,915
    Quote Originally Posted by Hel OWeen View Post
    Honest question: why filter at all?

    It's a bit like DRM: for those seriously trying to circumvent it, there's most lilely a way. And for Jane/John Doe users, it's an annoyance, which most likely blocks more legit results than what the filters where set up for in the first place.

    That's at least my (limited) experience with (administrating/implementing) (web content) filters.
    What about porn filters at schools?

    Tapapapatalk
    nevar forget

  15. #235

    Join Date
    May 31, 2011
    Posts
    3,884
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Hel OWeen View Post
    Honest question: why filter at all?

    It's a bit like DRM: for those seriously trying to circumvent it, there's most lilely a way. And for Jane/John Doe users, it's an annoyance, which most likely blocks more legit results than what the filters where set up for in the first place.

    That's at least my (limited) experience with (administrating/implementing) (web content) filters.
    What about porn filters at schools?

    Tapapapatalk
    Those (=porn) are the filters that worked the least in my limited exposure in web filtering. Real, sometimes hardcore, stuff, happily passed the filter, while all kinds of false positives happened and legit (=informational) content was blocked, based on whatever strange algos, i.e. medical sites got blocked, because of "skin detection" or some such thing (not a viable option for an institute like the Frankfurter AIDS-Hilfe, one of the customers back than that was trialing web filters). We've also experienced lots of blocked contents from touristic sites, because of all the mostly nude (aka "wearing swimwear") people shown in the promotional pictures of hotels, tour operators and the like. Not to mention real FKK locations.

    I've heard similar false positives stories (for porn filters) from mates that dealt with customers in sports. Certain sports, i.e. swimming, beach volleyball also tended to trigger the porn filter.

    This is an experience from a few years ago, mind you. Perhaps filters have gotten better in the meanwhile. But I still think the result vs. reward is not worth the hassle.

  16. #236
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    13,915
    Quote Originally Posted by Hel OWeen View Post
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Hel OWeen View Post
    Honest question: why filter at all?

    It's a bit like DRM: for those seriously trying to circumvent it, there's most lilely a way. And for Jane/John Doe users, it's an annoyance, which most likely blocks more legit results than what the filters where set up for in the first place.

    That's at least my (limited) experience with (administrating/implementing) (web content) filters.
    What about porn filters at schools?

    Tapapapatalk
    Those (=porn) are the filters that worked the least in my limited exposure in web filtering. Real, sometimes hardcore, stuff, happily passed the filter, while all kinds of false positives happened and legit (=informational) content was blocked, based on whatever strange algos, i.e. medical sites got blocked, because of "skin detection" or some such thing (not a viable option for an institute like the Frankfurter AIDS-Hilfe, one of the customers back than that was trialing web filters). We've also experienced lots of blocked contents from touristic sites, because of all the mostly nude (aka "wearing swimwear") people shown in the promotional pictures of hotels, tour operators and the like. Not to mention real FKK locations.

    I've heard similar false positives stories (for porn filters) from mates that dealt with customers in sports. Certain sports, i.e. swimming, beach volleyball also tended to trigger the porn filter.

    This is an experience from a few years ago, mind you. Perhaps filters have gotten better in the meanwhile. But I still think the result vs. reward is not worth the hassle.
    You are expecting smart filters. I'm fairly certain that we simply have a list of URLs that are blocked. Hence why students bypass it by using Google Translate.

    One school had a filter that blocked Facebook.de but not Facebook.com - I was very confused.

    Tapapapatalk
    nevar forget

  17. #237

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,183
    Quote Originally Posted by Hel OWeen View Post
    Honest question: why filter at all?
    It's a college. We have to.
    Please don't teach me what to do with my pc.

  18. #238

    Join Date
    May 31, 2011
    Posts
    3,884
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Hel OWeen View Post
    Quote Originally Posted by Joe Appleby View Post
    Quote Originally Posted by Hel OWeen View Post
    Honest question: why filter at all?

    It's a bit like DRM: for those seriously trying to circumvent it, there's most lilely a way. And for Jane/John Doe users, it's an annoyance, which most likely blocks more legit results than what the filters where set up for in the first place.

    That's at least my (limited) experience with (administrating/implementing) (web content) filters.
    What about porn filters at schools?

    Tapapapatalk
    Those (=porn) are the filters that worked the least in my limited exposure in web filtering. Real, sometimes hardcore, stuff, happily passed the filter, while all kinds of false positives happened and legit (=informational) content was blocked, based on whatever strange algos, i.e. medical sites got blocked, because of "skin detection" or some such thing (not a viable option for an institute like the Frankfurter AIDS-Hilfe, one of the customers back than that was trialing web filters). We've also experienced lots of blocked contents from touristic sites, because of all the mostly nude (aka "wearing swimwear") people shown in the promotional pictures of hotels, tour operators and the like. Not to mention real FKK locations.

    I've heard similar false positives stories (for porn filters) from mates that dealt with customers in sports. Certain sports, i.e. swimming, beach volleyball also tended to trigger the porn filter.

    This is an experience from a few years ago, mind you. Perhaps filters have gotten better in the meanwhile. But I still think the result vs. reward is not worth the hassle.
    You are expecting smart filters. I'm fairly certain that we simply have a list of URLs that are blocked.
    Yeah, "filter(ing)" somewhat implied something smart, as opposed to "block(ing)".

  19. #239

    Join Date
    May 31, 2011
    Posts
    3,884
    Quote Originally Posted by Itiken View Post
    Quote Originally Posted by Hel OWeen View Post
    Honest question: why filter at all?
    It's a college. We have to.
    Which raises the follow-up question: why do you have to? Is that some kind of legal requirement? Or is it a self-imposed rule?

  20. #240
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,338
    Something big & bad might be brewing in CPU/hypervisor land, though not AMD's hardware (go team green, once again).

    http://pythonsweetness.tumblr.com/po...nux-page-table

    https://www.reddit.com/r/linux/dupli...ux_page_table/

    re: X86_BUG_CPU_INSECURE
    https://lkml.org/lkml/2017/12/27/2
    AMD processors are not subject to the types of attacks that the kernel
    page table isolation feature protects against. The AMD microarchitecture
    does not allow memory references, including speculative references, that
    access higher privileged data when running in a lesser privileged mode
    when that access would result in a page fault.



    Also, unrelated, today's top thread in /r/programming has several direct links to our very own FHC, for the PL forum counter-intel implementations from ~2013.
    Last edited by Daneel Trevize; January 2 2018 at 06:53:05 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •