|
ugh.
|
# ? Jul 4, 2019 02:33 |
|
|
# ? Apr 19, 2024 21:54 |
|
fishmech posted:Security Now i think you meant Security NooooooOOOOOOOooooOOOOOoooooow
|
# ? Jul 4, 2019 03:02 |
|
The ippsec videos for HackTheBox are still up but he’s been pushing people to his patreon to download the raw files. worth the $10 imo.
|
# ? Jul 4, 2019 03:44 |
|
Does anyone have the necessary setup (jailbroken device + clutch/bfdecrypt etc) to dump decrypted ios app ipa's? Trying to get hold of a particular free app from the app store which is purportedly misbehaving, if anyone's in a position to help me out
|
# ? Jul 4, 2019 16:32 |
|
https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/quote:Approximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names.
|
# ? Jul 5, 2019 23:47 |
|
Kuvo posted:https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/ lol I was just about to post a twit about this https://twitter.com/gossithedog/status/1146885884928843776 that’s a real proper secfuuuuuckk
|
# ? Jul 5, 2019 23:50 |
|
Kuvo posted:https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/ I’m shocked a big Japanese company would make a security fuckup of this nature
|
# ? Jul 6, 2019 01:21 |
|
Cocoa Crispies posted:I’m shocked a big Japanese company would make a security fuckup of this nature
|
# ? Jul 6, 2019 01:33 |
|
Kuvo posted:https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/ 7/11 never forget
|
# ? Jul 6, 2019 02:12 |
|
Kuvo posted:https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/ good lord
|
# ? Jul 6, 2019 02:45 |
|
wow zdnet still around
|
# ? Jul 6, 2019 10:58 |
|
Kuvo posted:https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/ TBH, I was surprised because I was definitely expecting the latter half of the quote to say "...but the barcode was just the sequential user ID". Password reset vuln is bad, but I was definitely expecting even more super incompetent levels of bad for being owned in a single day.
|
# ? Jul 7, 2019 06:34 |
|
pseudorandom posted:TBH, I was surprised because I was definitely expecting the latter half of the quote to say "...but the barcode was just the sequential user ID". a rare example of the primordial definition of zero day.
|
# ? Jul 7, 2019 06:45 |
|
lol https://twitter.com/campuscodi/status/1148137762966650880
|
# ? Jul 8, 2019 14:54 |
quote:Hi all. I'm the (actual) owner of that gem.
|
|
# ? Jul 8, 2019 15:13 |
|
ui is hard https://twitter.com/__apf__/status/1148185033309675520
|
# ? Jul 8, 2019 16:49 |
https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/
|
|
# ? Jul 8, 2019 17:32 |
|
Absolutely shocking. Absolutely Anroid.
|
# ? Jul 8, 2019 17:39 |
|
not shocking at all reallyquote:Researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data. that's a little different than the headline makes it sound. that's not live user tracking in direct contravention of the permission flags, that's failure to strip exif data haveblue fucked around with this message at 17:42 on Jul 8, 2019 |
# ? Jul 8, 2019 17:40 |
|
gathering mac addresses from nearby aps and inferring a user's location because they said no when you asked them for it is a tad more blatant anyone who's not living like rms is living in a post-privacy world and you make your peace with that when you carry around your personal, serialized transmitter
|
# ? Jul 8, 2019 17:50 |
|
do android/ios still have permissions as "pretty please do not do this" or are they actually blocking system calls that the app haven't been given permission for
|
# ? Jul 8, 2019 17:50 |
|
ymgve posted:do android/ios still have permissions as "pretty please do not do this" or are they actually blocking system calls that the app haven't been given permission for don't know about android but for apple: -any permissions that pop up a dialog are enforced at the API level, if you tap no and the app makes the call anyway they get an error or a blank/useless result -the app store has a whitelist of permitted calls and using anything not on this list will get you automatically rejected. there are ways around this but if you're caught using them apple gets mad at you and has pulled apps over this in the past. it's also a great way to have your app spontaneously break on future ios releases ios also enforces its sandboxes and without a real exploit you can't do peeping hijinks haveblue fucked around with this message at 17:57 on Jul 8, 2019 |
# ? Jul 8, 2019 17:55 |
|
ymgve posted:do android/ios still have permissions as "pretty please do not do this" or are they actually blocking system calls that the app haven't been given permission for i think both of them deny until the user taps "ok". i know in android, every time you call a function that involves a permission you need to account for the call potentially failing, since the user could have gone into the OS settings and turned off a permission that they had previously granted
|
# ? Jul 8, 2019 17:58 |
|
haveblue posted:not shocking at all really yeah that's kind of a bullshit headline. its a bug in the OS
|
# ? Jul 8, 2019 17:58 |
|
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions” loving love personalized product suggestions based on my metadata!
|
# ? Jul 8, 2019 18:29 |
|
i love personalized targeted offers from my favourite brands! but how will they know which are which without scanning and tagging every photo i've ever taken? truly, i feel the added value this platform provides
|
# ? Jul 8, 2019 18:32 |
|
quote:• We designed a pipeline for automatically discovering vulnerabilities in the Android permissions system through a combination of dynamic and static analysis, in effect creating a scalable honeypot environment. It's a good read. The issue of twinned apps with different permissions has been around for a long time (read up on "gemini" for someone's blatantly obvious proof of concept). There's only so much that can be done if you allow apps to interact with each other.
|
# ? Jul 8, 2019 19:01 |
https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html
|
|
# ? Jul 8, 2019 20:50 |
|
it's amazing how bad android is
|
# ? Jul 8, 2019 20:53 |
|
https://github.com/omniauth/omniauth/pull/809 I am seriously upset with this Github thread. In 2015 there is a omniauth model mitm vulnerability that is technically possible due to Ruby on Rails not protecting redirects with mandatory CSRF tokens. There are several solutions that can be done either manually or with a new dependency installation, but now people are suddenly concerned about this poo poo again because it is blowing up security audits. I hate how the whole thing is getting handled. Mostly because it doesn't involve a dependency update and no one knows where the problem is technically occurring.
|
# ? Jul 8, 2019 21:09 |
|
who the gently caress is using ruby in 2019?
|
# ? Jul 8, 2019 21:10 |
|
Shaggar posted:who the gently caress is using ruby in 2019? You poor sweet summer child.
|
# ? Jul 8, 2019 21:13 |
|
Diva Cupcake posted:The ippsec videos for HackTheBox are still up but he’s been pushing people to his patreon to download the raw files. worth the $10 imo. Didnt even know he had one somehow. Ill have to check it out his stuff is enjoyable
|
# ? Jul 8, 2019 23:29 |
|
Shaggar posted:who the gently caress is using ruby in 2019? if you click on that link, you'll be at a site using ruby in 2019.
|
# ? Jul 8, 2019 23:49 |
|
that's insane
|
# ? Jul 8, 2019 23:52 |
|
Shaggar posted:that's insane What should everyone be using, then?
|
# ? Jul 9, 2019 00:10 |
|
CmdrRiker posted:What should everyone be using, then? asp dot net obviously
|
# ? Jul 9, 2019 00:22 |
|
yes
|
# ? Jul 9, 2019 00:24 |
|
CmdrRiker posted:What should everyone be using, then? whatever version of .net that still supports silverlight, obviously
|
# ? Jul 9, 2019 00:25 |
|
|
# ? Apr 19, 2024 21:54 |
|
akadajet posted:whatever version of .net that still supports silverlight, obviously what, not blackbird?
|
# ? Jul 9, 2019 00:25 |