|
https://www.theregister.co.uk/2017/10/13/us_hack_back_law/?mt=1508202813102 Stand your cyberground
|
# ? Oct 17, 2017 02:13 |
|
|
# ? Mar 29, 2024 10:24 |
|
Cup Runneth Over posted:https://www.theregister.co.uk/2017/10/13/us_hack_back_law/?mt=1508202813102 What the loving gently caress, America
|
# ? Oct 17, 2017 02:15 |
|
We found your IP in our logs, so we've remotely formatted your hard drive
|
# ? Oct 17, 2017 02:18 |
|
Such a terrible idea. The collateral damage alone will be catastrophic. Who knew 80's movies were right. WELCOME TO OUR DYSTOPIAN CYBER-FUTURE!
|
# ? Oct 17, 2017 02:21 |
|
Proteus Jones posted:Such a terrible idea. The collateral damage alone will be catastrophic. Except we got all the lovely parts of cyberpunk fiction without all the cool sexy bits, like scantily clad punk ladies with borg bits stuck in them or seedy japanese diners on every street corner. Corporatism found a way to make even real-life Johnny Mnemonic boring as hell.
|
# ? Oct 17, 2017 03:23 |
|
|
# ? Oct 17, 2017 08:16 |
|
|
# ? Oct 17, 2017 08:19 |
|
Modern poetry
|
# ? Oct 17, 2017 11:55 |
|
https://crocs-muni.github.io/roca/ Uhm.... I think this is kind of sisyphean guys, let's just quit and open a bar in Hawaii E: It's a result of the TPM flaw
|
# ? Oct 17, 2017 14:43 |
|
orange sky posted:https://crocs-muni.github.io/roca/ I'm not trying to minimize this, because it's a big deal, but my understanding is this is for the Infineon library derived keys; OpenSSL/GNU gpg keys do not have the factorization weakness.
|
# ? Oct 17, 2017 15:50 |
|
Proteus Jones posted:I'm not trying to minimize this, because it's a big deal, but my understanding is this is for the Infineon library derived keys; OpenSSL/GNU gpg keys do not have the factorization weakness. Yeah I wasn't trying to go all "the world is gonna end" though, just mentioning that this struggle between fixing and finding new stuff is going to speed up like hell. I really believe stuff like this will pop up on a daily (or much much higher) frequency since we're only getting more and more and more people working on this stuff, on both teams. Let's build a little think tank here, guys. Where will this end? What's the future of data? Full transparency? Going back to paper or another medium?
|
# ? Oct 17, 2017 15:55 |
|
orange sky posted:Yeah You will have to verify your identity using the iPhone XXV with the SmartJab™ DNA Sequencer using a 21 allele validation.
|
# ? Oct 17, 2017 16:00 |
|
anthonypants posted:Does android still do that thing where if you install a root certificate, like you might for a VPN, it leaves a notification forever that your phone's network activity is being monitored? There were at least two threads about it on the Google issue tracker, but that was a while ago and they've been disappeared. If you install it and confirm your lockscreen credentials no, if its installed via API yes or you have no/clear the lockscreen as well. You shouldn't install a CA into the device wide user added CA set for a VPN, if you do you're doing something wrong, the builtin legacy VPNs dont require it and any VPN app will let you provide there so its only trusted for what it should be trusted for.
|
# ? Oct 17, 2017 16:17 |
|
I use strongswan for my vpn app on Android and the network-activity-monitored notification is so irritating.
|
# ? Oct 17, 2017 16:21 |
|
I use strongswan and don't get that I think.
|
# ? Oct 17, 2017 16:25 |
|
Estonian and Hungarian ID cards use Infineon RNG and are now compromised. So, uh, pay 50000€ to be able to brute force a legally binding signature of anyone whose public key you have. Nice.
|
# ? Oct 17, 2017 17:27 |
|
EssOEss posted:Estonian and Hungarian ID cards use Infineon RNG and are now compromised. So, uh, pay 50000€ to be able to brute force a legally binding signature of anyone whose public key you have. Nice. Uh I think the Portuguese cards use this as well, where can I check?
|
# ? Oct 17, 2017 17:35 |
|
Infineon are the guys who just got their TPM chips hacked. Pretty nice.
|
# ? Oct 17, 2017 20:31 |
|
orange sky posted:Uh I think the Portuguese cards use this as well, where can I check?
|
# ? Oct 17, 2017 20:34 |
|
You can paste a key here to check it: https://keychest.net/roca Another site is https://keytester.cryptosense.com/ Ars Technica says it is Estonia and Slovakia that are vulnerable (I misremembered the second one earlier). I did find the Portugese cards listed on Gemalto's website. As Gemalto was the provider of the Infineon-manufactured cards to Estonia, there is some cause to suspect a link here, indeed. Double Punctuation posted:Infineon are the guys who just got their TPM chips hacked. Pretty nice. Yeah, the RNG vulnerability that affects the TPMs is the exact same as the one for the ID cards. In both cases, they generate RSA keys that are not as unpredictable as they should be.
|
# ? Oct 17, 2017 20:53 |
|
Thread's best VPN recommendation for anonymization ?
|
# ? Oct 18, 2017 17:07 |
|
Don't rely on just a vpn for anonymization
|
# ? Oct 18, 2017 17:14 |
|
The Fool posted:Don't rely on just a vpn for anonymization right, proxy and other things, but was curious who people used for vpn.. private internet access, expressvpn, nord? fyallm fucked around with this message at 17:19 on Oct 18, 2017 |
# ? Oct 18, 2017 17:15 |
|
orange sky posted:https://crocs-muni.github.io/roca/ So wait, you're telling me that OpenSSL was, for once, not the least-secure implementation of something?
|
# ? Oct 18, 2017 17:31 |
|
fyallm posted:Thread's best VPN recommendation for anonymization ? You need to be more specific about your goals.
|
# ? Oct 18, 2017 17:38 |
|
fyallm posted:right, proxy and other things, but was curious who people used for vpn.. private internet access, expressvpn, nord?
|
# ? Oct 18, 2017 17:42 |
|
fyallm posted:right, proxy and other things, but was curious who people used for vpn.. private internet access, expressvpn, nord? I would suggest nordvpn.
|
# ? Oct 18, 2017 17:44 |
|
fyallm posted:right, proxy and other things, but was curious who people used for vpn.. private internet access, expressvpn, nord? Proxies also don't annonymize things either. What are you trying to do? Also keep in mind if there's one place heavily monitored on the Internet it's the exit from VPN services sold for anonymity.
|
# ? Oct 18, 2017 18:13 |
|
I use PIA when I'm connecting to public wifi but yeah, don't think that it's keeping you anonymous or anything like that. If I ever decide to do the math I'll figure out if it'd be cheaper to host an OpenVPN instance on AWS or something.
wyoak fucked around with this message at 18:20 on Oct 18, 2017 |
# ? Oct 18, 2017 18:17 |
|
anthonypants posted:Gonna link this again https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa This article links to Streisand, which I had heard about but forgotten the name of. And is one of the coolest bits of technology I've read about in a while.
|
# ? Oct 18, 2017 18:22 |
|
EssOEss posted:You can paste a key here to check it: https://keychest.net/roca Gemalto hasn't come forward with an official reaction yet. They're "working on it".
|
# ? Oct 18, 2017 18:41 |
|
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_svenda.pdf
|
# ? Oct 18, 2017 18:48 |
|
wyoak posted:I use PIA when I'm connecting to public wifi but yeah, don't think that it's keeping you anonymous or anything like that. If I ever decide to do the math I'll figure out if it'd be cheaper to host an OpenVPN instance on AWS or something. Same. I don't use VPNs for anonymity. I use them so I'm not the low hanging fruit.
|
# ? Oct 18, 2017 18:59 |
|
The Fool posted:This article links to Streisand, which I had heard about but forgotten the name of. The problem with Streisand is that it installs a poo poo ton of services. Try algo instead. (says guy who used to use Streisand and moved to algo) algo guys say about Streisand: quote:Good concept. Poor implementation.
|
# ? Oct 18, 2017 20:26 |
|
wyoak posted:I use PIA when I'm connecting to public wifi but yeah, don't think that it's keeping you anonymous or anything like that. If I ever decide to do the math I'll figure out if it'd be cheaper to host an OpenVPN instance on AWS or something. As I just looked I this, AWS and other cloud services are prohibitively expensive for most users/uses. The cheapest usable machine I could make for it was about $600 a month not including bandwidth, but even if you just use an AMI or something it was around a hundred (unless you do a micro which gives you 750 hours a month free, but back to potatoe network speeds). You can also be sure as poo poo any of the big cloud providers are going to be monitoring traffic and give your information to the government, so it would really be useful only as a way to VPN while not being associated with the usual end points. Best option looks like doing a coop with a datacenter and maybe getting some people you trust to split the cost/use.
|
# ? Oct 18, 2017 20:30 |
|
Mr. Crow posted:As I just looked I this, AWS and other cloud services are prohibitively expensive for most users/uses. The cheapest usable machine I could make for it was about $600 a month not including bandwidth, but even if you just use an AMI or something it was around a hundred. I transfer like a terabyte per month through my DigitalOcean-hosted VPN which costs me $5/month. Thermopyle fucked around with this message at 20:46 on Oct 18, 2017 |
# ? Oct 18, 2017 20:32 |
|
Mr. Crow posted:As I just looked I this, AWS and other cloud services are prohibitively expensive for most users/uses. The cheapest usable machine I could make for it was about $600 a month not including bandwidth, but even if you just use an AMI or something it was around a hundred (unless you do a micro which gives you 750 hours a month free, but back to potatoe network speeds). I run a VPN on gce as part of my MiTM security testing setup and it's not even $15 a month with bandwidth.
|
# ? Oct 18, 2017 20:46 |
|
Mr. Crow posted:As I just looked I this, AWS and other cloud services are prohibitively expensive for most users/uses. The cheapest usable machine I could make for it was about $600 a month not including bandwidth, but even if you just use an AMI or something it was around a hundred (unless you do a micro which gives you 750 hours a month free, but back to potatoe network speeds). Amazon Lightsail? https://amazonlightsail.com
|
# ? Oct 18, 2017 20:49 |
|
Multi implant authentication
|
# ? Oct 18, 2017 22:12 |
|
|
# ? Mar 29, 2024 10:24 |
|
Potato Salad posted:Multi implant authentication All servers open to everyone in a world information sharing utopia
|
# ? Oct 18, 2017 22:15 |