|
Midjack posted:somewhat related, a hotel i stayed at in southeast asia had a camera at the front desk that was wired to channel 1 on tv so you could approve people coming to visit when the desk called up. it was fun to leave it on friday and saturday nights to see how many and what kinds of prostitutes were ordered in by guests. wonder how much this feature hurt their pay per view revenue
|
# ? Dec 30, 2017 20:38 |
|
|
# ? May 14, 2024 04:24 |
|
maybe they also take a cut out of prostitution referrals, so the lost PPv revenue is offset by the use of the cameras as an advertisement
|
# ? Dec 30, 2017 20:39 |
|
Notorious b.s.d. posted:maybe they also take a cut out of prostitution referrals, so the lost PPv revenue is offset by the use of the cameras as an advertisement shouldn't this be in the cyberpunk thread
|
# ? Dec 30, 2017 21:26 |
|
420 SWAGLORD posted:In a security fuckup far below the scope usually covered in this entertaining and engaging thread, the apartment building I have burrowed into the basement of is using those lil wifi nannycam deals as a "security system" and all of them are viewable to anyone on the building wifi. I stream one of the outdoor cams to a tv in my corner of the basement so it feels like I have a window. Also their routers all still use default logins so I prioritized my poo poo. I'm a coolguy hacker now right? Like Mr. Robot? so… don't touch the poop, but what're the odds you could do some fuckery and clobber one of those camera streams with your own
|
# ? Dec 30, 2017 21:36 |
|
secfuck's eleven
|
# ? Dec 30, 2017 21:45 |
|
danny digital ocean
|
# ? Dec 30, 2017 21:52 |
|
mod saas posted:danny digital ocean
|
# ? Dec 30, 2017 21:59 |
|
The Internet in Cuba: A Story of Community Resilience by Will Scott and kopek - Interesting look into the current state of the internet in Cuba as well as the huge SNET intranets, which began as people cobbling together neighborhood LANs to play games without lugging their computers around and ended up growing to an impressive scale as they started to link these self-contained networks together.
|
# ? Dec 30, 2017 22:51 |
|
Cocoa Crispies posted:so… Considering how they tend to work now, you can add your own on as one of the streams or gently caress up the signal environment badly enough that everything will be flaky, both very easily.
|
# ? Dec 30, 2017 23:56 |
|
hello posting pals i'm torn on the intersection of infosec stuff and the trash fire that is the infosec industry, the latter of which will undoubtedly keep coming up i know lots of folks enjoy the content in this thread, but in my opinion there's also a need to talk about the trash fire. i don't know if the happy medium is in here, or in another thread, or even in another subforum i just wanted to post this because i do see the reports, i do care, and i am talking about it with other posters. thanks for listening
|
# ? Dec 31, 2017 02:05 |
|
graph posted:hello posting pals just post, motherfucker the whole thing is a garbage fire. i don't care whether you create a new thread or crap all over this one -- i will read both and enjoy it either way
|
# ? Dec 31, 2017 02:08 |
|
graph posted:hello posting pals wait, is the trash fire the sex pests or the lovely secfucks themselves
|
# ? Dec 31, 2017 02:08 |
|
graph posted:hello posting pals The industry is the biggest sec gently caress of all
|
# ? Dec 31, 2017 02:12 |
|
I spoke out of turn before. Apologies to maskenfreiheit and to the thread.
|
# ? Dec 31, 2017 02:17 |
|
cis autodrag posted:I spoke out of turn before. Apologies to maskenfreiheit and to the thread. *hug* and sorry I misgendered you.
|
# ? Dec 31, 2017 02:24 |
|
reminder that i don't have a monopoly on talking about 34c3, if you watch a talk then talk about its pros/cons and feel free to disagree with me leftovers from day 1: Defeating (Not)Petya's Cryptography by Sebastian Eschweiler (54:44) - talk takes a bit to get going and the speaker isn't good with public speaking. content is pretty front-loaded (mistakes in (not)petya), then the rest of the talk is on iterating different approaches to get a functional key recovery via known-plaintext. alright watch, q&a salvages content out of the last half of the talk DPRK Consumer Technology by Will Scott and Gabe Edwards (31:28) - good talk which aims to publicise consumer system images from dprk consumer devices. also explains the process involved in breaking the drm applied to educational material. no q&a due to time Microarchitectural Attacks on Trusted Execution Environments by Keegan Ryan (55:02) - do you want to learn about side-channels? this talk is for you then. great introduction to cache attacks focusing on trustzone and sgx. great watch with good q&a Doping your Fitbit by jiska and DanielAW (22:49) - a teardown and reverse engineer of a fitbit. short talk but pretty dense covering a lot of ground BootStomp On the Security of Bootloaders in Mobile Devices by Audrey Dutcher (28:23) - aka "what if we point angr at bootloaders?" p good talk that takes a bit to get going but the speaker trips over themselves a few times. q&a is light KRACKing WPA2 by Forcing Nonce Reuse by Mathy Vanhoef (61:42) - corrects some misconceptions on the attack and provides a thorough walkthrough of the attack with issues on specific implementions highlighted. great watch imo, q&a is good too The Ultimate Apollo Guidance Computer Talk by Michael Steil and Christian Hessmann (61:42) - another in the ultimate series - fast and dense talk. 60m to learn as much as possible about the apollo guidance computer. must watch imo, no q&a. day 2: Mobile Data Interception from the Interconnection Link by Dr. Silke Holtmanns (48:19) - ss7? eh that's old let's look at diameter. crash course on lte networking and a brief overview of a viable attack. good watch, and any operator should take notes. q&a is a must watch for informed ss7 vuln impact Deep Learning Blindspots by Katharine Jarmul (53:48) - more of a light literature overview of creating adversarial examples to defeat different machine learning models generically. there's a few examples given but missable unless you're interested in the field but haven't seen examples before. q&a is p light as well Reverse engineering FPGAs by MathiasL (42:09) - p rough talk (always have backups for presenting demos), but good content on reversing commercial fpgas. q&a is a bulk of the video with lots of good questions Spy vs. Spy A Modern Study Of Microphone Bugs Operation And Detection by Veronica Valeros and Sebastian Garcia (62:31) - a sdr-based transmitter detection tool. starts out alright but their narrow scope focusing on poo poo commercial bugs limits its use. talk's alright but had a lot more potential, they're more concerned with transmission than suitability of microphone types and only look at post-processing lightly. q&a just highlight the limitations Electromagnetic Threats for Information Security by @EMHacktivity and José Lopes Esteves (49:11) - it starts off alright then goes into the academia hole of overly defining the scope and possible issues. 23m in they get to testing then show good examples of active attacks so it's worth watching from there. good watch overall, q&a is a bit of a waste though Internet of Fails by Barbara Wimmer (59:21) - the IoT talk of the day, covers a lot of ground but it's more an overview than presenting anything new. worth a watch though, q&a is light Everything you want to know about x86 microcode, but might have been afraid to ask by Benjamin Kollenda and Philipp Koppe (57:25) - talk is really on reversing microcode updates, then writing arbitrary microcode updates to modify runtime. demo is great as well, must watch. q&a is thorough as well Inside Android’s SafetyNet Attestation Attack and Defense by Collin Mulliner (59:11) - an attempt at documenting safetynet, then goes into bypasses and other attacks on the system. good watch despite demo hell, light on q&a How to drift with any car by Guillaume Heilles and P1kachu (51:18) - must watch talk going in depth on reading the can bus and reversing commercially successful fuel improvement tools. good demos and the q&a is gold Console Security - Switch by plutoo and derrek and naehrwert (49:41) - good talk but skips over a few critical points and they're still nervous after years of talks. their demo also falls apart, but it's worth a watch, no q&a though Taking a scalpel to QNX by Jos Wetzels and Ali Abbasi (46:18) - QNX 7: prngs and exploit mitigations. great in-depth talk building on last year that's a must watch. q&a is light Financial surveillance by Jasmin Klofta and Tom Wills (59:06) - must watch talk on evaluating a leaked list of WorldCheck and finding their 'reputable sources' for flagging people as terrorists/money launderers. q&a is good as well Intel ME Myths and reality by Igor Skochinsky and Nicola Corna (62:34) - alt name: "a very nervous hex-rays dev walks into a security conference". a pretty rough talk going through the history of intel's remote management attempts and how it evolved into intel me. after the history it's bad for a while - conjecture and unreliable sources mainly. gets good from ~27m when they shift to vulns and then the other speaker takes over. q&a is alright The Noise Protocol Framework by Trevor Perrin (32:04) - general overview of the framework, good entry level talk on the design rationale and implementation. very short q&a LatticeHacks by djb and Tanja Lange and Nadia Heninger (65:56) - the headline crypto talk of the conference. bit more straightforward than the last few years so great for beginners. must watch, but no time for q&a
|
# ? Dec 31, 2017 03:14 |
|
Wiggly Wayne DDS posted:The Ultimate Apollo Guidance Computer Talk by Michael Steil and Christian Hessmann (61:42) i watched this one last night. most of it was way over my head, but it was still completely fascinating.
|
# ? Dec 31, 2017 03:49 |
|
The_Franz posted:The Internet in Cuba: A Story of Community Resilience by Will Scott and kopek God a bunch of Nerds couldn't read subtext* during the talk and so shitted up the Q&A asking why the Cuban guy didn't want to become a telecom, and why interconnects to other cities was a stupid idea. *The subtext being that the authorities would be happy to bash some skulls and shut the whole thing down if it crossed over any lines. freeasinbeer fucked around with this message at 05:03 on Dec 31, 2017 |
# ? Dec 31, 2017 04:59 |
|
Punkbob posted:God a bunch of Nerds couldn't read subtext* during the talk and so shitted up the Q&A asking why the Cuban guy didn't want to become a telecom, and why interconnects to other cities was a stupid idea. it wasn't even subtext; he flat out said that doing things like bridging to the internet or using encryption is forbidden and ultimately ban worthy because it would bring down the wrath of the state. i imagine that's the big reason why they don't do email either. one of the slides mentioned occasional crackdowns too, although he never went into detail. the cuban government is fine with it existing as long as it's just a giant bbs/lan party with people playing games, swapping car parts and talking tech, but the cuban government is still a dictatorship and as soon as they do anything which starts seriously competing with or allows people to bypass the state telecom entity in any way the fun is over.
|
# ? Dec 31, 2017 06:22 |
|
this came up in my logwatch this morning anyone know what talk it belongs to /your-software/and-have-a-great-2018/from-the-folks-at-34c3: 1 Time(s)
|
# ? Dec 31, 2017 06:28 |
|
maskenfreiheit posted:i;m the idea it's manslaughter if you call the police and they shoot someone, but not manslaughter if you are the police who shoot someone
|
# ? Dec 31, 2017 07:23 |
|
cheese-cube posted:reading his posts on the blue light forums was surreal af Seems like half the thread was him talking to himself too, best post from one of his obviously fake accounts:
|
# ? Dec 31, 2017 08:53 |
graph posted:hello posting pals we derail just fine on nigh any subject so just post
|
|
# ? Dec 31, 2017 09:00 |
|
i don't know if an infosec community drama thread, or even an open-source community drama thread, would be self-sustaining
|
# ? Dec 31, 2017 18:46 |
|
reminder that i don't have a monopoly on talking about 34c3, if you watch a talk then talk about its pros/cons and feel free to disagree with me day 2 leftovers: ASLR on the line by brainsmoke (44:14) - very nervous speaker and an intermediate talk on tackling aslr. focused on attacking aslr from javascript with perf timing attacks and working around existing mitigations. there's a lot better introductions to side channels that also go into more depth, but good talk if you want to see it from the browser and can deal with a nervous speaker. q&a is rough as well Uncovering vulnerabilities in Hoermann BiSecur by Markus Muellner and Markus Kammerstetter (51:36) - pretty nice talk on breaking garage door openers. q&a is nice and thorough day 3: Policing in the age of data exploitation by Eva Blum--Dumontet and Millie Wood (60:07) - good overview of powers the police have, but focuses more on lack of awareness than providing new information. alright watch with a good q&a Internet censorship in the Catalan referendum by Matthias (50:25) - good talk on the censorship methods utilised and workarounds used. worth a watch and good q&a Protecting Your Privacy at the Border by Kurt Opsahl and William Budington (58:01) - more aimed at the general public, but a good talk. q&a is good as well, but the speakers are a bit behind on ssd forensics Are all BSDs created equally? by Ilja van Sprundel (58:58) - alright talk attempting a code quality assessment across open/net/free bsd. worth watching for the different responses from the respective security teams. q&a is good as well Running GSM mobile phone on SDR by Vadim Yanitskiy and ptrkrysik (31:20) - good talk with a nice demo. not a lot a progress in the gsm sdr space since last year but worth a watch. no q&a due to time How Alice and Bob meet if they don't like onions by Tobias Mueller and Erik and Matthias (61:53) - decent overview of alternative networks, but focuses on the theoretical models than how they work in practice. q&a is alright but a large chunk of the talk Decoding Contactless (Card) Payments by Simon Eumes (58:19) - great overview of how contactless transactions work, well informed. 20m of q&a that bring a lot of good questions Public FPGA based DMA Attacking by Ulf Frisk (31:27) - must watch on using pcileech for dma attacks. great demos and presentation, with no real wasted time. q&a is good as well day 4: TrustZone is not enough by Pascal Cotret (31:24) - audio issues but a weird talk that has the strangest introduction to side channels so far. doesn't really bring anything new beyond using fpgas. no q&a either Italy's surveillance toolbox by boter (27:49) - good talk on the funding behind the various italian interception companies obtained through public tenders. q&a is alright as well The Internet in Cuba: A Story of Community Resilience by Will Scott and kopek (58:30) - must watch talk on networking in cuba, mainly focusing on havana's snet - a rarely discussed community network. q&a is good with few dumb questions Uncertain Concern by Allison McDonald (58:15) - good talk on how undocumented US immigrants deal with risk and common misconceptions held. q&a is alright MQA - A clever stealth DRM-Trojan by Christoph Engemann and Anton Schlesinger (60:32) - self-aware audiophile discusses a new drm audio format (MQA). second speaker has the sniffles, but rips the scientific basis apart. it's a great watch with good q&a Type confusion: discovery, abuse, and protection by gannimo (56:39) - good talk on type confusion focusing on c++. shows off a nice tool (hextype) that allows instrumentation for type confusion that integrates with afl. good fuzzing examples on popular projects. q&a is good as well SCADA - Gateway to (s)hell by Thomas Roth (45:09) - the yearly ics talk. tackles 3 devices with vulnerabilities for them all. must watch, with a great q&a as the speaker buffered for the demos failing any other talks you want reviewed mention
|
# ? Dec 31, 2017 21:11 |
|
Wiggly Wayne DDS posted:any other talks you want reviewed mention how bout thisn https://www.youtube.com/watch?v=2Qkydp2lNgg
|
# ? Dec 31, 2017 21:25 |
|
atomicthumbs posted:how bout thisn Holography of Wi-Fi radiation by Friedemann Reinhard - good talk on visualing wi-fi radiation as holograms building upon recent prior research. academic but covers a lot of real world applications. security assessment doesn't seem to care about long-term recon of fixed buildings (e.g. embassies) instead focusing on reactional recon e.g. in tactical engagements. q&a is good but only one question tries to tackle this premise
|
# ? Dec 31, 2017 21:59 |
|
https://twitter.com/sawaba/status/947459948329472000
|
# ? Dec 31, 2017 23:27 |
|
yeah that's been in the public for a while and got repopularised a week ago get better sources than hunt imo
|
# ? Dec 31, 2017 23:29 |
|
such as i mean yeah this is an old thing, use a password manager that's sane, but how is hunt at fault
|
# ? Dec 31, 2017 23:35 |
|
i didn't imply fault, more that he gets stories pretty late then resurfaces them as new things
|
# ? Dec 31, 2017 23:40 |
|
alright apologies for my assumptions nonetheless hunt has been getting traction outside the infosec field so even if late its good he draws some attention to it i guess
|
# ? Dec 31, 2017 23:43 |
|
this is more of a personal complaint anyway as i see the stories as they come down the pipe, so watching them resurface a week, month, year later then only get noticed then is a tad annoying
|
# ? Dec 31, 2017 23:45 |
|
Wiggly Wayne DDS posted:day 3 additional: How were you able to review a one hour talk in thirty minutes or had you already seen it?
|
# ? Dec 31, 2017 23:52 |
|
Wiggly Wayne DDS et al, thank you for the writeups! I'm probably not going to have time to watch even a lot of the videos. What's the top one or two videos for stupid idiot hellfucker dilettantes?
|
# ? Dec 31, 2017 23:56 |
|
Applebees posted:How were you able to review a one hour talk in thirty minutes or had you already seen it? i do make allowances for q&a given the difference in speakers' accents and the minutiae their questioning can bring. but with a few select speakers in a talk it's pretty easy to accommodate for their speech patterns and accent. there aren't a lot of dense talks, and there's a lot of repetitive introductory material that can be assessed p easy. there wasn't a skip for these videos though, watched them all. this is a difference compared to prior conferences where i watched at 1x though
|
# ? Jan 1, 2018 00:00 |
|
so if I use Firefox pw manager how hosed am I?
|
# ? Jan 1, 2018 00:13 |
|
maskenfreiheit posted:so if I use Firefox pw manager how hosed am I? go to auto:config and set signon.autofillforms to false not 100% as i don't use firefox (nor autofill) but that seems supported by the documentation and no real alternative seems to exist
|
# ? Jan 1, 2018 00:17 |
|
Wiggly Wayne DDS posted:as a generic issue it's more about autofilling usernames/passwords so: http://kb.mozillazine.org/Signon.autofillForms cool did this also i simply don't store any important passwords in there... stuff like the bank or my email pw get manually copied from keepass so i've got that going for me
|
# ? Jan 1, 2018 00:23 |
|
|
# ? May 14, 2024 04:24 |
|
if anyone has any german-only talks please recommend away though as i unfortunately didn't have any jump out to me throughout the conference, which is strange as there's usually a few good ones hidden in there overall though the conference was not as great as prior years, but there was no real bad talks either so better overall? i'll blame 2017 for having too much insanity to dedicate to a talk
|
# ? Jan 1, 2018 00:25 |