|
Yeah I was thinking a cheap chromebook with work stuff only accessible through vpn with no stored credentials would not be a bad idea in that instance.
|
#
?
Mar 14, 2017 21:06
|
|
|
|
| # ? Apr 28, 2024 17:54 |
|
|
The EFF has recently published a document about crossing the US borders, related to data privacy. They do recommend using a cheap Chromebook. But also that encrypting/wiping your devices prior to crossing the border might raise suspicion, etc.
|
|
#
?
Mar 14, 2017 22:03
|
|
|
Senso posted:The EFF has recently published a document about crossing the US borders, related to data privacy. They do recommend using a cheap Chromebook. For Canadians, here is the BCCLA's guide: https://bccla.org/wp-content/uploads/2012/03/BCCLA-Electronic-Devices-Handbook1.pdf I've contributed to it. 
|
|
#
?
Mar 14, 2017 22:09
|
|
|
It's not like I have anything to hide, I just don't think Joe Blow cbp agent needs to know I diagnosed private citizen Brick Hardstack with dick and ball cancer last month, for example. This is all hypothetical as I don't travel with work computers anyway but it's interesting to think about.
|
|
#
?
Mar 14, 2017 22:10
|
|
|
If the TSA wants to browse my nudes and read my emails showing how much money I spend on Amazon they're welcome to I guess. Doesn't make it not a gross invasion of privacy though.
|
|
#
?
Mar 14, 2017 22:27
|
|
|
TSA isn't CBP, they just think they are.
|
|
#
?
Mar 14, 2017 23:14
|
|
|
Meh, different acronym, same invasion of privacy, I plan to avoid them both for the next while
|
|
#
?
Mar 14, 2017 23:19
|
|
|
Chromebook is one idea, but if it's tied to my Google account I'm not really leaping at joy giving my Gmail password at the border. Honestly what I'll do is just reformat my lovely old macbook air if I ever do need to travel. Computer is less problematic than cellphone anyway. Divorcing myself from my daily mobile device is much more effort. I guess I could get a burner SIM or something. I'll have to read that guide for Canadians as I have done absolutely zero research on this to date. Thanks for the links.
|
|
#
?
Mar 14, 2017 23:22
|
|
|
Martytoof posted:I guess I could get a burner SIM or something. Does the SIM matter? I don't think anything interesting on my phone is tied to the SIM.
|
|
#
?
Mar 15, 2017 00:29
|
|
|
I wonder if phone/device development will evolve a border-catapult facility that's more friendly than a factory reset. I also wonder: are there any software robot-things that you can download and run from your hotel connection that will automate creating a fake user on a laptop, populating it with plausible user and internet activity and accounts, etc.? Or would that just be a silly toy?
|
|
#
?
Mar 15, 2017 00:31
|
|
|
If you're going to do the cheap chromebook, just buy it in country. Seems easier than creating the fake user.
|
|
#
?
Mar 15, 2017 00:34
|
|
|
Martytoof posted:My boss asked me which US security conference I wanted to attend this year and I just told her I'm not stepping foot across that border right now. Canada actually has a bunch of the best conferences tbh, RECON cansecwest northsec etc as a cheap floridian I'll probably never get the chance to hit these up
|
|
#
?
Mar 15, 2017 02:13
|
|
|
Subjunctive posted:Does the SIM matter? I don't think anything interesting on my phone is tied to the SIM. No, you're right, I wasn't thinking. Daman posted:Canada actually has a bunch of the best conferences tbh, RECON cansecwest northsec etc Yeah, I'm probably going to be at northsec and sector this year, but I'm also pushing for something more exotic 
some kinda jackal fucked around with this message at 02:35 on Mar 15, 2017 |
|
#
?
Mar 15, 2017 02:32
|
|
|
LOL ( , possibly)
|
|
#
?
Mar 15, 2017 02:54
|
|
|
Absurd Alhazred posted:LOL ( Context for those of us not Australian? Or is it just the funny goatse?
|
|
#
?
Mar 15, 2017 03:39
|
|
|
Volmarias posted:Context for those of us not Australian? Or is it just the funny goatse? It's the Goatse.
|
|
#
?
Mar 15, 2017 03:52
|
|
|
Double-posting for urgency: https://twitter.com/Maliciouslink/status/841789009852538880
|
|
#
?
Mar 15, 2017 04:16
|
|
|
Absurd Alhazred posted:Double-posting for urgency: Lmao
|
|
#
?
Mar 15, 2017 04:22
|
|
|
Absurd Alhazred posted:Double-posting for urgency: Hahahhahahahahahahahaha
|
|
#
?
Mar 15, 2017 18:11
|
|
|
I get to choose which conference I go to this year. I'm looking at either Black Hat or DEFCON. Anyone been to both that can comment on the key differences?
|
|
#
?
Mar 15, 2017 18:52
|
|
|
DEFCON is so ~~played out~~ man
|
|
#
?
Mar 15, 2017 19:17
|
|
|
psydude posted:I get to choose which conference I go to this year. I'm looking at either Black Hat or DEFCON. Anyone been to both that can comment on the key differences? Black Hat is immensely overpriced and all of the high profile talks usually get regurgitated at Defcon. If you're set on those two, go Defcon. If you want a more laid back atmosphere with excellent technical content, take a look at DerbyCon.
|
|
#
?
Mar 15, 2017 19:59
|
|
|
psydude posted:I get to choose which conference I go to this year. I'm looking at either Black Hat or DEFCON. Anyone been to both that can comment on the key differences? Black Hat is a hell of a lot more expensive than DEFCON and it's aimed more at the corporate enterprise space. It USED to have "good" parties (good in the sense of open bar), but I hear it's become much more austere. DEFCON is way more fun, and in my opinion more interesting. The talks can cover just about everything and a lot of them are bleeding edge stuff. It's a lot more sedate than the early days of putting concrete in the toilets, but it's still pretty fun crowd. I haven't been to either in a while. In fact, I think the last DEFCON I was at was still at the Riviera, while BlackHat was at Caesar's Palace. I should probably get off my rear end and get back to going to DEFCON at the least.
|
|
#
?
Mar 15, 2017 23:18
|
|
|
DEFCON is great if you are looking to socialise. Blackhat is great if you can swallow your own vomit when you run across poo poo vendors.
|
|
#
?
Mar 15, 2017 23:39
|
|
|
DEFCON it is. Thanks!
|
|
#
?
Mar 16, 2017 01:04
|
|
|
Still using LastPass? https://twitter.com/taviso/status/842205051082821632
|
|
#
?
Mar 16, 2017 05:01
|
|
|
OSI bean dip posted:Still using LastPass? 
|
|
#
?
Mar 16, 2017 05:16
|
|
|
OSI bean dip posted:Still using LastPass? Those replies, 10/10.
|
|
#
?
Mar 16, 2017 05:22
|
|
|
OSI bean dip posted:Still using LastPass? Shruggie is really the spirit emoticon for security
|
|
#
?
Mar 16, 2017 06:25
|
|
|
If only an image could be a thread title
|
|
#
?
Mar 16, 2017 06:44
|
|
|
https://twitter.com/taviso/status/842215197116780544
|
|
#
?
Mar 16, 2017 13:29
|
|
|
Dodged a bullet there!
|
|
#
?
Mar 16, 2017 13:31
|
|
|
KeeFox plugin for KeePass integration with FF had similar issue recently.
|
|
#
?
Mar 16, 2017 16:25
|
|
|
Minor kvetch here: I occasionally get spam emails with what look like JPG attachments. Sometimes no subject or content just a JPG. Never open them up and just report them and delete them. I am guessing that is to get around spam filtering? You just have a spam message as an attached JPG so there is basically nothing that can be filtered by the spam prevention system? Only drawback is data usage when sending out millions of emails but if it's from say a hacked email address then the person responsible probably doesn't care about that.
|
|
#
?
Mar 16, 2017 20:56
|
|
|
Are you sure it's an attachment and not an embedded image? That's often done so when the client loads the file they can track that someone (or something, but whatever) is checking the account, and then mark the address as a valid destination for future spam. Edit: there are also random JPEG exploits like this that exist too, I guess. Sheep fucked around with this message at 21:25 on Mar 16, 2017 |
|
#
?
Mar 16, 2017 21:21
|
|
|
Absurd Alhazred posted:MD5 is deader than dead. I don't get this. Calculating the md5 of something isn't a security flaw, they're supposed to be easy to calculate. Yeah, md5 sucks but.... And at any rate I'm not sure this works because I'm getting 52bfcc1edf4620ceff2c74bb59fc04ea as the md5 for the file, while it calculates f5ca4f935d44685c431a86f788c0eaca.
|
|
#
?
Mar 16, 2017 21:41
|
|
|
Salt Fish posted:I don't get this. Calculating the md5 of something isn't a security flaw, they're supposed to be easy to calculate. Yeah, md5 sucks but.... Someone correct me if I'm wrong 'cause I don't know much, but it's broken because it's now trivial to make an identical hash/fingerprint aka a collision, defeating the whole purpose of calculating it in the first place. If you can't guarantee the hash is unique, then there's no point. There was already an incident where a committed file with an identical hash to another file broke Webkit's SVN repo because SVN relied on the fact that the hash was supposed to be unique. So unless you're just using the hash to.. show a cool number/letter combo after a file's name? It can't be safely relied upon. And that file does calculate to f5ca... I checked using hacker tool onlinemd5.com Last Chance fucked around with this message at 22:01 on Mar 16, 2017 |
|
#
?
Mar 16, 2017 21:50
|
|
|
Salt Fish posted:I don't get this. Calculating the md5 of something isn't a security flaw, they're supposed to be easy to calculate. sure. but managing to construct a document that contains a representation of its own md5 is something one might expect to be very difficult - unlike e.g. a document containing its own crc32, which is trivial to construct i believe the postscript example takes advantage of md5 using the merkle-damgard construction, where a block can be replaced with another block which is equal to it under the compression function, without affecting subsequent blocks in the pipeline (or the final hash value) while surprising, susceptibility to this switcheroo itself isn't prohibited by the definition of a cryptographic hash function. nevertheless, it is undesirable and the wide pipe m-d construction was designed to avoid this Last Chance posted:Someone correct me if I'm wrong 'cause I don't know much, but it's broken because it's now trivial to make an identical hash/fingerprint aka a collision, defeating the whole purpose of calculating it in the first place. Last Chance posted:If you can't guarantee the hash is unique, then there's no point. Last Chance posted:There was already an incident where a committed file with an identical hash to another file broke Webkit's SVN repo because SVN relied on the fact that the hash was supposed to be unique.
|
|
#
?
Mar 17, 2017 00:37
|
|
|
Anybody have tips for parsing PST files? I need to grab every email sent or received in an eight month time-span. Once I've done that I need to comb through the emails for certain keywords. I've tried using the built in advanced features in outlook but for some reason Outlook isn't returning all of the results. I'd like to do this programmatically but searching for python libraries that can parse PST files doesn't bring up much. Maybe this is a chance to export the PST and use one of the encase machines in my office. Combing through peoples emails is really boring.
|
|
#
?
Mar 17, 2017 05:27
|
|
|
|
| # ? Apr 28, 2024 17:54 |
|
|
I've had success using libpst/readpst to convert them to maildir format
|
|
#
?
Mar 17, 2017 06:02
|
|