|
Schadenboner posted:Can you walk me through what the mechanism here would be? Legitimately wondering. embedded controllers that behave in non-deterministic ways if they get unexpected data from the network i've seen that issue with network enabled cnc controllers and time clocks
|
#
?
Aug 4, 2018 13:03
|
|
|
|
| # ? Jun 13, 2024 15:06 |
|
|
Schadenboner posted:Can you walk me through what the mechanism here would be? Legitimately wondering. A badly set up network might let the office doing mass pooling poo poo on the real time network part, especially if someone is using old hubs as a cost saving measure (for controlling 100 M€ of machinery) which is extremely likely E: also see above, yeah
|
|
#
?
Aug 4, 2018 13:03
|
|
|
a lot of power generation and distribution systems are very elaborate and dangerous rube goldberg machines
|
|
#
?
Aug 4, 2018 15:57
|
|
|
Phone posted:a lot of power generation and distribution systems are very elaborate and dangerous rube goldberg machines its because they're all piecemeal. every little fiefdom did things slightly different when they were first being built and the amalgamated monster is what we're left with today.
|
|
#
?
Aug 4, 2018 16:03
|
|
|
SIGSEGV posted:Aside from that, does anyone have more funny SCADA safety stories? They make me pretty hard. I wish I could be open about my job here
|
|
#
?
Aug 4, 2018 16:41
|
|
|
apparently we've started running physical pen tests internally because a colleague had some random dude sit in the empty desk next to him an plug in a laptop mumbling something about "unblocking ports" and reported it and got a gold star for catching on pretty standard but I said I bet there are a shitload of fails because we have such a fragmented structure and revolving cast of vendors I don't know who the gently caress half of the office are anymore and nobody else does either
|
|
#
?
Aug 4, 2018 16:53
|
|
|
i hadn't thought about that particular vector of attack wrt hotdesking lol
|
|
#
?
Aug 4, 2018 17:00
|
|
|
Phone posted:i hadn't thought about that particular vector of attack wrt hotdesking lol yeah someone mentioned this and we got a good laugh on it. for my part Ive had 3+ random vendor people rotating desks next to me for ages and while I know they're legit, I have no idea what they're doing also I think they tried a social engineering voice call on me to get names of senior people and I lamely stonewalled them. either that or I made myself look like a tool to a recruiter.
|
|
#
?
Aug 4, 2018 17:07
|
|
|
Powerful Two-Hander posted:apparently we've started running physical pen tests internally because a colleague had some random dude sit in the empty desk next to him an plug in a laptop mumbling something about "unblocking ports" and reported it and got a gold star for catching on do you not have nac? or were they able to bypass it?
|
|
#
?
Aug 4, 2018 17:50
|
|
|
don’t run nmap against your ICS networks this is my pro tip
|
|
#
?
Aug 4, 2018 17:51
|
|
|
Shinku ABOOKEN posted:do you not have nac? or were they able to bypass it? I don't know if they were actually testing extraction or just whether some Rando could get away with plugging in a laptop and doing stuff.... tbh thoigh I'm gonna guess that once they've got access to the lan we'd be owned pretty fast regardless
|
|
#
?
Aug 4, 2018 17:54
|
|
|
there's a new attack on wpa and wpa2 that's significantly easier than the previous best-known one:
|
|
#
?
Aug 5, 2018 00:29
|
|
|
Mr.Radar posted:there's a new attack on wpa and wpa2 that's significantly easier than the previous best-known one: tl;dr - you need to intercept much less traffic to grab the password hash. Specifically, you don't need any active users - you can get it just from probing the AP. Once you have the hash the process is pretty much the same however (dictionaries and brute force)
|
|
#
?
Aug 5, 2018 01:10
|
|
|
This is why your wifi password especially should be very long and complex. Your computer will generally just remember the password and a sticky note inside your locked house is actually harder to get at than using this technique on a weak password now.
|
|
#
?
Aug 5, 2018 04:21
|
|
|
jit bull transpile posted:This is why your wifi password especially should be very long and complex. Your computer will generally just remember the password and a sticky note inside your locked house is actually harder to get at than using this technique on a weak password now. cert auth 
|
|
#
?
Aug 5, 2018 04:28
|
|
|
Cocoa Crispies posted:cert auth I was thinking home stuff but yeah a Corp network should be using certs
|
|
#
?
Aug 5, 2018 04:43
|
|
|
jit bull transpile posted:This is why your wifi password especially should be very long and complex. Your computer will generally just remember the password and a sticky note inside your locked house is actually harder to get at than using this technique on a weak password now. 
|
|
#
?
Aug 5, 2018 05:39
|
|
|
Dsyp?
|
|
#
?
Aug 5, 2018 05:46
|
|
|
there's no excuse for weak wifi passwords when you don't even have to type them in
|
|
#
?
Aug 5, 2018 05:48
|
|
|
pseudorandom name posted:there's no excuse for weak wifi passwords when you don't even have to type them in i do have to type them in to my many internet of things appliances though 
|
|
#
?
Aug 5, 2018 06:22
|
|
|
https://spideroak.com/canary
|
|
#
?
Aug 5, 2018 08:19
|
|
|
or, more likely, someone forgot and will still get around to it
|
|
#
?
Aug 5, 2018 08:29
|
|
|
James Baud posted:or, more likely, someone forgot and will still get around to it their whole website also went down around the time that was supposed to be updated. folks seem to be saying the site is compromised and the message on the canary is BS or put there by whoever has taken control of the servers.
|
|
#
?
Aug 5, 2018 08:35
|
|
|
PleasureKevin posted:their whole website also went down around the time that was supposed to be updated. folks seem to be saying the site is compromised and the message on the canary is BS or put there by whoever has taken control of the servers. 
|
|
#
?
Aug 5, 2018 08:40
|
|
|
|
|
#
?
Aug 5, 2018 08:40
|
|
|
did you just empty quote yourself
|
|
#
?
Aug 5, 2018 09:37
|
|
|
Well that's unfortunate, they were one of the solutions I was looking at to replace CrashPlan Home.
|
|
#
?
Aug 5, 2018 19:53
|
|
|
https://forum.parallels.com/threads/ssl-certificate-for-activatepd-parallels-com-expired-on-july-19-2018.345067/ Parallels activation server's SSL Cert has been expired for 19 days now. 
|
|
#
?
Aug 5, 2018 19:54
|
|
|
ratbert90 posted:https://forum.parallels.com/threads/ssl-certificate-for-activatepd-parallels-com-expired-on-july-19-2018.345067/
|
|
#
?
Aug 5, 2018 20:09
|
|
|
Warrant canaries are loving dumb
|
|
#
?
Aug 5, 2018 22:00
|
|
|
Suspicious Dish posted:Warrant canaries are loving dumb nice try, cop
|
|
#
?
Aug 5, 2018 22:14
|
|
|
lmao if you think a cheeky game of "i never said we got a warrant, i stopped saying we didn't get a warrant" will work on any judge, ever
|
|
#
?
Aug 5, 2018 23:16
|
|
|
I play a keyboard and am legit interested brb starting a synthwave band called cybercrime
|
|
#
?
Aug 6, 2018 01:26
|
|
|
make sure to also get
|
|
#
?
Aug 6, 2018 01:34
|
|
|
Suspicious Dish posted:make sure to also get Stop stealing my porn!
|
|
#
?
Aug 6, 2018 01:58
|
|
|
Suspicious Dish posted:lmao if you think a cheeky game of "i never said we got a warrant, i stopped saying we didn't get a warrant" will work on any judge, ever sounds like exactly what a cop would say
|
|
#
?
Aug 6, 2018 02:42
|
|
|
I thought the whole point of warrant canaries was that you can’t be legally compelled to lie.
|
|
#
?
Aug 6, 2018 03:15
|
|
|
Suspicious Dish posted:lmao if you think a cheeky game of "i never said we got a warrant, i stopped saying we didn't get a warrant" will work on any judge, ever afaict the whole notion that warrant canaries are built on is that the government can't legally compel you to lie, and I've never really seen a reason to believe that that's true (or that it'd even matter if it was true)
|
|
#
?
Aug 6, 2018 03:22
|
|
|
|
| # ? Jun 13, 2024 15:06 |
|
|
pseudorandom name posted:I thought the whole point of warrant canaries was that you can’t be legally compelled to lie. Not sure that’s been legally challenged, yet. If you aren’t allowed to disclose Star Chamber Warrants, the act of removing that statement from annual reports *is* disclosing. But at the same time, not including that phrase is not specifically stating “We got a secret warrant”. It honestly needs to be tested in court. Personally, the fact we have “secret justice system” loving terrifies me and anything that shines a light on that bullshit is a good thing. Also, the idea the government can compel you to lie is horrific, as well.
|
|
#
?
Aug 6, 2018 03:22
|
|
