Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
suffix
Jul 27, 2013

Wheeee!

vOv posted:

is this actually true because :shepface:

afaik yes
my impression is that atm whatsapp are mostly testing the technology in cooperation with moxie/whisper systems, and are just opportunistically using the (very good) encryption scheme transparently to the user
maybe they'll add an indicator to the ui later if they commit to the feature and think users want it

i think it's good that they are doing strong encryption by default, and that the axolotl ratchet gets large-scale testing, but i wouldn't rely on it for secure messaging for the above reasons


in other moxie news, textsecure has removed encrypted sms support. all encrypted messages must now go via their servers

now this is all well and good, and their blog post makes some good points, except they forgot to communicate that to their users. cue the one-star reviews:

quote:

2.8 update takes away sms support Latest update removes ability to send encrypted sms, you are forced to use their push message service. The reason I got this app was to send encrypted text messages. If you're going to change your service that drastically, at least let your users know.

quote:

No more SMS encryption Why did you drop sms encryption, and why is it not it the change log? Pretty sneaky, time to move on from this app.

drat it, moxie! :argh:

so predictably, there's now a fork of textsecure that only does sms encryption. not the worst outcome, tbh, so yay, open source?

Adbot
ADBOT LOVES YOU

Winkle-Daddy
Mar 10, 2007

fins posted:

It can be used to escalate ANY user to root by passing nill to the authenticateUsingAuthorizationSync.

Oh, I read up to this point:

quote:

There’s still a limitation with the exploit code, it only works for users with admin permissions. As I mentioned earlier, almost all OS X users are admin (since OS X users often are single user systems).

And missed:

quote:

But I actually found a way to make it work for all users later

crapple indeed.

chemosh6969
Jul 3, 2004

code:
cat /dev/null > /etc/professionalism

I am in fact a massive asswagon.
Do not let me touch computer.

suffix posted:

so predictably, there's now a fork of textsecure that only does sms encryption. not the worst outcome, tbh, so yay, open source?

maybe they'll gently caress the encryption up like apparently everyone else does

GameCube
Nov 21, 2006

Snapchat A Titty posted:

there are a ton of crawlers that create "yellow pages"-like listings from addresses & poo poo that they come by. this is noise to make those crawlers pick up bullshit and make internet detectivery harder

at least i thnk thats the intention

e: yeah reading the page actually says exactly that so i guess i dunno what your question means
it does but is one site really going to gently caress up all of spokeo et al, especially if the guy admits right on the page that it's fake

i think this explanation

JawnV6 posted:

part of the broken design is driven by ad impressions
makes more sense

Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano

suffix posted:

in other moxie news, textsecure has removed encrypted sms support. all encrypted messages must now go via their servers

now this is all well and good, and their blog post makes some good points, except they forgot to communicate that to their users. cue the one-star reviews:

drat it, moxie! :argh:

so predictably, there's now a fork of textsecure that only does sms encryption. not the worst outcome, tbh, so yay, open source?

this kinda blows for people without data plans nghhhh

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
yeah. but encrypting sms is like scrambling your phone calls. sure the contents are not going to be known but they'll know who you texted. it's really just about meta data

if encrypted sms is important to someone they'll use that fork

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
https://twitter.com/pent0thal/status/586280487058022400

quote:

Well, the TV5Monde YouTube channel password was "lemotdepassedeyoutube" In English "thepasswordofyoutube"

h

bonne idee, tv5monde

je suis tres amuse

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
those are passwords behind him btw

Luigi Thirty
Apr 30, 2006

Emergency confection port.

sacre bleu!

Beeftweeter
Jun 28, 2005

a medium-format picture of beeftweeter staring silently at the camera, a quizzical expression on his face

OSI bean dip posted:

those are passwords behind him btw

lol

i wonder what kind of production setup they have that's knocked them off the air for so long. apparently they can only air prerecorded stuff atm which makes even less sense

spankmeister
Jun 15, 2008







wow if this is true then wow


wow

Nintendo Kid
Aug 4, 2011

by Smythe

spankmeister posted:

wow if this is true then wow


wow

lots of tv companies have been caught out with passwords on display in their offices on live tv.

usually it's for entirely internal facing systems though.

spankmeister
Jun 15, 2008






Nintendo Kid posted:

lots of tv companies have been caught out with passwords on display in their offices on live tv.

usually it's for entirely internal facing systems though.

No i believe that but the lemotdepassedeyoutube

Forums Terrorist
Dec 8, 2011

remember the super bowl password fuckup

kitten emergency
Jan 13, 2008

get meow this wack-ass crystal prison
why would you ever assume that any sort of messaging using a cell phone is "secure" for a very very strident definition of the word

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

burner, imho

i hardly know her

Nintendo Kid
Aug 4, 2011

by Smythe

uncurable mlady posted:

why would you ever assume that any sort of messaging using a cell phone is "secure" for a very very strident definition of the word

numbers station method over gsm

Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

uncurable mlady posted:

why would you ever assume that any sort of messaging using a cell phone is "secure" for a very very strident definition of the word

because signal ticks 5/6 of the boxes:

content & metadata x confidentiality, integrity, availability:

content confidential: use a good protocol and a secure software environment like non-jailbroken iOS
content integrity: see above
content availability: store messages locally, use a reliable and easy to back-up system like non-jailbroken iOS and iTunes encrypted backups
metadata confidentiality: you can't do this without sacrificing the real-time nature of particularly compelling channels that people like to use
metadata integrity: verify the key phrase signal gives you over a different channel if you care
metadata availability: see content availability

Nintendo Kid
Aug 4, 2011

by Smythe

From CSI: Cyber S1E5 “Crowd Sourced”. Supposedly, this is the source code of a web site that interfaces with a bomb– and more specifically, a “dead man’s switch” that immediately detonates the bomb if any of the code is modified.

vOv
Feb 8, 2014

those quotes are triggering me

EMILY BLUNTS
Jan 1, 2005

#DEFINE detonation exit();

Agile Vector
May 21, 2007

scrum bored



does 'taken from the headlines' include weekly world news?

Wheany
Mar 17, 2006

Spinyahahahahahahahahahahahaha!

Doctor Rope

Nintendo Kid posted:


From CSI: Cyber S1E5 “Crowd Sourced”. Supposedly, this is the source code of a web site that interfaces with a bomb– and more specifically, a “dead man’s switch” that immediately detonates the bomb if any of the code is modified.

seems legit

anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

Nintendo Kid posted:


From CSI: Cyber S1E5 “Crowd Sourced”. Supposedly, this is the source code of a web site that interfaces with a bomb– and more specifically, a “dead man’s switch” that immediately detonates the bomb if any of the code is modified.
to be fair this is a lot better than some random webpage or github project

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
scrub tier language

just use python

Python code:
import bomb
bomb()

Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

OSI bean dip posted:

scrub tier language

just use python

Python code:
import bomb
bomb()

you have to get really close to the metal
JavaScript code:
var bomb = import("../../bomb");
bomb()

Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki

Nintendo Kid posted:


From CSI: Cyber S1E5 “Crowd Sourced”. Supposedly, this is the source code of a web site that interfaces with a bomb– and more specifically, a “dead man’s switch” that immediately detonates the bomb if any of the code is modified.

im the incomplete <a at the beginning that presumably makes everything after unparseable.

ultramiraculous
Nov 12, 2003

"No..."
Grimey Drawer

Cocoa Crispies posted:

you have to get really close to the metal
JavaScript code:
var bomb = import("../../bomb");
bomb()

i think me mean require("../../../../bomb"), scrub.

Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
i really want to be the guy making those after effects screens. you can tell the dude was just told to make a bomb explode script and decided to gently caress with everybody

Pile Of Garbage
May 28, 2007



EMILY BLUNTS posted:

#DEFINE detonation exit();

explode() or die;

Tangra
May 1, 2008

Rrrreligion?

It's the catnip of the purrrrrrrrletariat


Mad about your :10bux: ?

:haw:

Wheany
Mar 17, 2006

Spinyahahahahahahahahahahahaha!

Doctor Rope
i'll have to go with pizza

Carthag Tuek
Oct 15, 2005

Tider skal komme,
tider skal henrulle,
slægt skal følge slægters gang



did u hit the lol button

Wiggly Wayne DDS
Sep 11, 2010



hrm https://citizenlab.org/2015/04/chinas-great-cannon/

Shame Boy
Mar 2, 2010

Nintendo Kid posted:


From CSI: Cyber S1E5 “Crowd Sourced”. Supposedly, this is the source code of a web site that interfaces with a bomb– and more specifically, a “dead man’s switch” that immediately detonates the bomb if any of the code is modified.

i'm the "checkif" operator

Shame Boy
Mar 2, 2010

also i'm the random syntax highlighting that makes no goddamn sense

Carbon dioxide
Oct 9, 2012

So, Facebook felt it was necessary to "correct" some Belgian security report which showed that Facebook sucks.

https://newsroom.fb.com/news/h/setting-the-record-straight-on-a-belgian-academic-report/

It's quite funny, really, lots of weaseling.

quote:

Facebook does receive standard “web impressions,” or website visit information, when people visit sites with our plugins or other integrations. The authors misleadingly call this “tracking.”
Misleadingly?

quote:

Claim: Facebook wants to use Social Plugins to add cookies to the browsers of people who don’t use Facebook.

Fact: We don’t, and this is not our practice. However, the researchers did find a bug that may have sent cookies to some people when they weren’t on Facebook. This was not our intention – a fix for this is already under way.
Ah. It was not their intention that the 'bug' would be found. They're fixing it so the 'bug' can't be found by outside researchers any more.
Additionally, they say nothing about tracking non-Facebook users using other methods, without cookies. Such as IP-based tracking, which certainly happens.

quote:

Fact: You can opt out of having your social actions paired with ads.
Fact: they'll randomly opt you back in without telling you whenever they update their systems.

This Richard Allan figure would make a very good politician.

Lysidas
Jul 26, 2002

John Diefenbaker is a madman who thinks he's John Diefenbaker.
Pillbug
if [ "code altered"]
then
trigger detonation

Shame Boy
Mar 2, 2010

Carbon dioxide posted:

So, Facebook felt it was necessary to "correct" some Belgian security report which showed that Facebook sucks.

https://newsroom.fb.com/news/h/setting-the-record-straight-on-a-belgian-academic-report/

It's quite funny, really, lots of weaseling.
Misleadingly?
Ah. It was not their intention that the 'bug' would be found. They're fixing it so the 'bug' can't be found by outside researchers any more.
Additionally, they say nothing about tracking non-Facebook users using other methods, without cookies. Such as IP-based tracking, which certainly happens.
Fact: they'll randomly opt you back in without telling you whenever they update their systems.

This Richard Allan figure would make a very good politician.

if you define "tracking" to be "following an animal through the woods using instinct and careful observation of the environment around you" then no Facebook doesn't do any tracking :smug:

Adbot
ADBOT LOVES YOU

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


pro-click, not a LAFFful article tho

  • Locked thread