|
Tayter Swift posted:Pounded in the Butt by My Own Information Security Policy
|
#
?
Oct 25, 2015 06:47
|
|
|
|
| # ? May 15, 2024 17:14 |
|
|
Suspicious Dish posted:i had to deal with that once with a travel agency in guatemala This happened to me on a cruise once. They refused to do anything with the card since they couldn't get an imprint. I had to use the card of someone I was traveling with and pay them back after. 😣
|
|
#
?
Oct 25, 2015 07:36
|
|
|
RZA Encryption posted:This happened to me on a cruise once. They refused to do anything with the card since they couldn't get an imprint. I had to use the card of someone I was traveling with and pay them back after. 😣 does visa/mastercard/whomever not get extremely pissed off if someone says they accept x card, but then selectively refuse certain people because of which bank it's issued by? because that's what that sounds like
|
|
#
?
Oct 25, 2015 07:54
|
|
|
Raluek posted:does visa/mastercard/whomever not get extremely pissed off if someone says they accept x card, but then selectively refuse certain people because of which bank it's issued by? because that's what that sounds like all the non embossed cards have "for electronic use only" or something printed on them somewhere and the processors have special rules for this
|
|
#
?
Oct 25, 2015 08:44
|
|
|
E4C85D38 posted:all the non embossed cards have "for electronic use only" or something printed on them somewhere and the processors have special rules for this clever girl
|
|
#
?
Oct 25, 2015 10:56
|
|
|
spankmeister posted:I like Stanford's password policy, makes a lot of sense to me. it's pretty good, but not quite right it vastly overestimates the strength of mixing in symbols. 8 upper+lower+numbers+symbols are equal to a 9 mixed case letters, not 16 it also needs to distinguish between "random letters" and "random words" this is more the chart I would make: 10+ mixed case letters, numbers, symbols (do not use words) 11+ mixed case letters (do not use words) 14+ lowercase letters (do not use words) 6+ entire words (do not start with a sentence. start with completely unrelated words. you can add more words to make a sentence, but don't count them. do not use a quote.) talking about how to estimate quality when you mix words with random symbols would take too much explanation to be worth it
|
|
#
?
Oct 25, 2015 13:34
|
|
|
overdesigned posted:My rectum is my passport. Verify me.
|
|
#
?
Oct 25, 2015 13:51
|
|
|
 so what's this "positive ssl" gimmick
|
|
#
?
Oct 25, 2015 14:34
|
|
|
it's just their brand name for domain validated ssl
|
|
#
?
Oct 25, 2015 15:14
|
|
|
Tayter Swift posted:here is my assword
|
|
#
?
Oct 25, 2015 16:14
|
|
|
pos ssl my neg http site
|
|
#
?
Oct 25, 2015 16:21
|
|
|
you can even use keep rear end on ps4 in a roundabout way: use the playstation app in your phone as a second screen and then when you have to input a login/password, paste them into the input field in the app it's pretty neato
|
|
#
?
Oct 25, 2015 16:22
|
|
|
https://www.trustwave.com/Resources...&year=0&month=0 Joomla sqli game over vuln. estimated 2.8 million sites currently vulnerable.
|
|
#
?
Oct 25, 2015 16:49
|
|
|
fins posted:https://www.trustwave.com/Resources...&year=0&month=0 my favourite sushi place  has an joomla website for online ordering
|
|
#
?
Oct 25, 2015 18:01
|
|
|
lol joomla
|
|
#
?
Oct 25, 2015 18:12
|
|
|
Westie posted:lol joomla
|
|
#
?
Oct 25, 2015 18:35
|
|
|
https://pax.grsecurity.net/docs/PaXTeam-H2HC15-RAP-RIP-ROP.pdf
|
|
#
?
Oct 25, 2015 19:02
|
|
|
if this guy doesn't keep your code safe, i don't know what will
|
|
#
?
Oct 25, 2015 21:42
|
|
|
can someone who knows poo poo about poo poo explain this
|
|
#
?
Oct 25, 2015 21:45
|
|
|
vOv posted:can someone who knows poo poo about poo poo explain this return address protection means rest in peace to return-oriented programming
|
|
#
?
Oct 25, 2015 22:08
|
|
|
okay i loving hate reading slide decks instead of papers
|
|
#
?
Oct 25, 2015 22:11
|
|
|
they're taking the return address, xor'ing it with a "key", saving that "separately", and then asserting that the return address is the same before returning. in their x86-64 implementation, the "key" is whatever value happens to be in a particular GPR at function entry. it's a callee-save register, so pragmatically if you can encourage compiled functions to not re-use it for other purposes, it's likely to be something properly diversified for your current stack, which means that if the xor'ed return address also gets dumped on the stack somewhere (not unlikely, but it might be down the call stack at least), it'll at least be a lot harder to rewrite it in tandem with your rop also, you might have fewer rop gadgets to play with because more epilogues will have this verification crap that'll theoretically be hard to satisfy
|
|
#
?
Oct 25, 2015 22:39
|
|
|
isn't this a pretty standard stack cookie?
|
|
#
?
Oct 25, 2015 22:43
|
|
|
stack cookies are often poorly-diversified, and the fact that the encrypted return address is stored separately (i.e. probably only spilled by callees) is a more effective counter-measure than my brief summary gives it credit for
|
|
#
?
Oct 26, 2015 04:12
|
|
|
Phone posted:the relative security increase of 4 nouns isn't vs 10 alphanumeric characters, it's usually 8 is this just a rough average, or based on something a little more complex? ive been considering seeing what i (or a much superior facsimile of me) can do as far as taking the passphrases that a user takes from say diceware and says "yes this is a good memorable one" and finding linguistic trends like word stress patterns or pleasing word placement etc that would nudge down realized entropy, ie towards a "predictive dictionary attack" but since i know jack about this end i could be following in many embarrassed jackasses footsteps
|
|
#
?
Oct 26, 2015 04:31
|
|
|
rjmccall posted:stack cookies are often poorly-diversified, and the fact that the encrypted return address is stored separately (i.e. probably only spilled by callees) is a more effective counter-measure than my brief summary gives it credit for when constructing rop gadgets, does it really matter what the cookie is? i already thought those were effective enough
|
|
#
?
Oct 26, 2015 04:35
|
|
|
Suspicious Dish posted:when constructing rop gadgets, does it really matter what the cookie is? i already thought those were effective enough if you're attacking a function that sanity-checks something in the frame before returning, you have to convince the check to succeed before your rop can do anything if your gadget is in a function that does some sort of sanity-check immediately before returning — i.e. your gadget has to start before that check — then, again, you have to make sure that check doesn't blow up your exploit literally, a function that just puts 0 in ebx in the prologue, does its stuff, and then asserts it's still 0 immediately before returning is a lot more annoying to make a rop gadget from
|
|
#
?
Oct 26, 2015 06:12
|
|
|
Wait, I thought stack canaries and cookies were checked immediately before returning? Did I get that one wrong?
|
|
#
?
Oct 26, 2015 06:15
|
|
|
right, but if the return address is at rbp and the stack canary is at rbp-16 and the buffer you're overflowing is at rbp-592, then all you have to do is make sure your "overwrite" of the canary actually leaves something acceptable there so that the canary check doesn't trip. that's why diversification is important for these things, because maybe there's a different exploit that can tell you a canary value, but if you're diversified across devices, processes, threads, operations, or (ideally) invocations, that might not be helpful. same basic effect as aslr, except that's at best per-process-diversified
|
|
#
?
Oct 26, 2015 06:38
|
|
|
every time i see aslr i read it as that weird asmr thing where girls whispering makes people's brains tingle
|
|
#
?
Oct 26, 2015 06:48
|
|
|
Parallel Paraplegic posted:every time i see aslr i read it as that weird asmr thing where girls whispering makes people's brains tingle full confession, i sometimes listen to those for relaxation it never works and i switch over to xhamster or xvideos and listen to women spanking each other's genitals
|
|
#
?
Oct 26, 2015 06:55
|
|
|
rjmccall posted:right, but if the return address is at rbp ocd compels me to correct myself that it will generally be at rbp+8, even though this obviously changes nothing
|
|
#
?
Oct 26, 2015 06:58
|
|
|
syscall girl posted:full confession, i sometimes listen to those for relaxation the ones where someone's taking a paint brush to a microphone work for me
|
|
#
?
Oct 26, 2015 07:11
|
|
|
Jabor posted:Is it stack cookies? It sounds like stack cookies.
|
|
#
?
Oct 26, 2015 07:32
|
|
|
Tying the value to the actual return address (so that you also stop something that overwrites the address while skipping over the cookie) is pretty neato though.
|
|
#
?
Oct 26, 2015 07:34
|
|
|
http://www.isi.edu/natural-language/mt/memorize-random-60.pdf Have a paper that references xkcd. "How to Memorize a Random 60-Bit String"
|
|
#
?
Oct 26, 2015 13:17
|
|
|
so now we have killed ROP, can someone now please remove %n and $-index adressing from the printf family of functions, features that have never been legitimately used since like 1985
|
|
#
?
Oct 26, 2015 13:31
|
|
|
whoops
|
|
#
?
Oct 26, 2015 13:32
|
|
|
Tayter Swift posted:Pounded in the Butt by My Own Information Security Policy lol'd irl
|
|
#
?
Oct 26, 2015 14:33
|
|
|
|
| # ? May 15, 2024 17:14 |
|
|
fins posted:http://www.isi.edu/natural-language/mt/memorize-random-60.pdf quote:As of 2011, available commercial products what kind of lovely password hashing method are they using
|
|
#
?
Oct 26, 2015 15:20
|
|
