|
Ha. Of course. How stupid of me. Obviously.
|
# ? Jul 9, 2019 03:04 |
|
|
# ? Apr 28, 2024 03:46 |
|
flakeloaf posted:gathering mac addresses from nearby aps and inferring a user's location because they said no when you asked them for it is a tad more blatant wait a sec i thought apple had their devices lying about their mac addresses until a user authenticated connection occurred for years now
|
# ? Jul 9, 2019 03:42 |
|
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! tl;dr the zoom application on MacOS has a webserver running listening on localhost. A malicious site can join you in to a meeting (potentially enabling your webcam)
|
# ? Jul 9, 2019 04:01 |
|
Rex-Goliath posted:wait a sec i thought apple had their devices lying about their mac addresses until a user authenticated connection occurred for years now as long as it lies consistently for a few minutes at a time, thats enough to track someone in like a store, or to make a quick confirmation with something else local to the device that x mac address is associated with y user in whatever app for now
|
# ? Jul 9, 2019 04:03 |
|
fishmech posted:as long as it lies consistently for a few minutes at a time, thats enough to track someone in like a store, or to make a quick confirmation with something else local to the device that x mac address is associated with y user in whatever app for now right i thought every handshake attempt generated a new random mac. could be wrong about this i have no clue that’s just what i thought
|
# ? Jul 9, 2019 04:05 |
|
CoasterMaster posted:https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 oh word? the app phone support scammers have been installing for years has an rce?
|
# ? Jul 9, 2019 04:08 |
|
nice of them to keep the webserver active after uninstall
|
# ? Jul 9, 2019 07:29 |
|
cinci zoo sniper posted:https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html ugh, I like my spotlight
|
# ? Jul 9, 2019 10:44 |
|
CoasterMaster posted:https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 lol just saw that on Twitter https://twitter.com/backlon/status/1148464344876716033
|
# ? Jul 9, 2019 11:17 |
|
cinci zoo sniper posted:https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html quote:Additionally, Logitech reiterates that any pairing of a receiver with a device should only be done "if it is ensured that there are no suspicious activities within a radius of 10 meters". sure, no problemo
|
# ? Jul 9, 2019 11:52 |
|
Rex-Goliath posted:wait a sec i thought apple had their devices lying about their mac addresses until a user authenticated connection occurred for years now https://arxiv.org/abs/1703.02874v1 remembered this paper made the rounds awhile ago.
|
# ? Jul 9, 2019 11:54 |
|
Bulgakov posted:https://arxiv.org/abs/1703.02874v1 hard to not cry while remembering the day that apple went bankrupt due to mac address crimes
|
# ? Jul 9, 2019 12:01 |
|
Rex-Goliath posted:right i thought every handshake attempt generated a new random mac. could be wrong about this i have no clue that’s just what i thought i didn't know that you can't do that well you can but you shouldn't; like, what abou Bulgakov posted:hard to not cry while remembering the day that apple went bankrupt due to mac address crimes yeah, that thing
|
# ? Jul 9, 2019 13:34 |
|
i seem to remember apple getting spicy over someone spoofing their USB VID to give a device itunes compatibility way back when
|
# ? Jul 9, 2019 13:41 |
|
Jon Rubenstein!
|
# ? Jul 9, 2019 13:48 |
|
infernal machines posted:i seem to remember apple getting spicy over someone spoofing their USB VID to give a device itunes compatibility way back when iirc that was rhapsody, aka napster trying to go legit
|
# ? Jul 9, 2019 13:50 |
|
haveblue posted:iirc that was rhapsody, aka napster trying to go legit
|
# ? Jul 9, 2019 13:54 |
|
Lol if you think there was "iPod compatibility" in the stebe times
|
# ? Jul 9, 2019 14:16 |
|
Volmarias posted:Lol if you think there was "iPod compatibility" in the stebe times https://www.theregister.co.uk/2004/12/15/apple_vs_real/ mystes fucked around with this message at 14:29 on Jul 9, 2019 |
# ? Jul 9, 2019 14:25 |
|
I don't remember the exact details but there was something about the proprietary ipod protocol that was closed and kept secret so only itunes could sync with it (and apple's version of musicmatch jukebox before itunes for windows). rhapsody or whoever reverse engineered this and released a client that could talk to ipods without approval. they went through a few rounds of protocol cat and mouse before giving up e: yeah that article e2: quote:That's bad news for Real - partly because the move limits the company's ability to sell to iPod owners, but mostly because no one has noticed until now, almost a month and a half later. That suggests that Real's iPod-owning customer base is rather smaller than it would like. lol haveblue fucked around with this message at 14:32 on Jul 9, 2019 |
# ? Jul 9, 2019 14:29 |
|
it was palm, spoofing the vendor ID of the Pre so that iTunes would sync to it
|
# ? Jul 9, 2019 14:30 |
|
peepaw rotor explain yourself
|
# ? Jul 9, 2019 14:37 |
|
Rex-Goliath posted:wait a sec i thought apple had their devices lying about their mac addresses until a user authenticated connection occurred for years now I think you’re confusing APs tracking the phone’s location using the phone’s MAC address with apps tracking the phone’s location using the AP’s MAC address
|
# ? Jul 9, 2019 15:38 |
|
yeah there's two separate things going on here if you are a physical space and want to track inhabitants, you record every mac address that hits your APs so you can see how they move. this is what apple breaks by sending a different random mac to every AP if you are an app and want to track your user, you get the list of every AP in the area and send their macs off to skyhook or whoever. this will give your server the device's location without using the OS GPS service which would alert the user. this is what the apps were caught doing in that study
|
# ? Jul 9, 2019 15:58 |
|
but why the gently caress do apps have access to the list of visible APs
|
# ? Jul 9, 2019 16:54 |
|
a very good question!
|
# ? Jul 9, 2019 16:56 |
|
ymgve posted:but why the gently caress do apps have access to the list of visible APs we actually use the functionality in an embedded system based on android, but it's an explicit permission the application has to request. i think the problem is that the android permissions are far too fine grained, which is good for developers who are TRYING to request the bare minimum, but bad for users since it's hard to understand. google should come up with some system that takes all the permission requests of an application and builds a human-readable list that groups together related permissions in an easy to read format.
|
# ? Jul 9, 2019 17:13 |
|
Users are just going to mash "accept" without reading anything, though.
|
# ? Jul 9, 2019 17:39 |
|
they are the same ones who blindly skip through UAC dialogs or sudo dialogs. eventually you just gotta blame the people making GBS threads their own pants
|
# ? Jul 9, 2019 18:31 |
|
I hope android has the thing ios does where you can go back and revoke individual permissions you've granted to apps
|
# ? Jul 9, 2019 18:33 |
|
One of the main reasons I left android and refuse to come back was the lovely permission model. Another one was forever not receiving updates from my carrier and having to travel to the US to get them from AT&T instead while I was there for work.
|
# ? Jul 9, 2019 18:34 |
|
haveblue posted:I hope android has the thing ios does where you can go back and revoke individual permissions you've granted to apps It does. MononcQc posted:One of the main reasons I left android and refuse to come back was the lovely permission model. Another one was forever not receiving updates from my carrier and having to travel to the US to get them from AT&T instead while I was there for work. Permissions are radically different compared to a few years ago. It's a lot better now.
|
# ? Jul 9, 2019 18:37 |
|
except for the backward compatibility necessary to keep old apps running android's problem was that apps could demand the world before they even agreed to run, and they've been slowly moving to the (mostly correct) iOS model where the app has to specifically request each individual permission before first use the iOS problem is you can't downgrade permission requests, if the app demands full read and write access to your photo library, you can't say "no, gently caress you, you'll ask me to choose a specific photo every single time"
|
# ? Jul 9, 2019 18:49 |
|
I don’t see why an apple mac shouldn’t get to choose any mac address it chooses. there’s a hint in the name after all
|
# ? Jul 9, 2019 18:50 |
|
i love the facebook comments plugin that demands permissions on my mobile browser if i touch it and refuses to display anything if i don't approve
|
# ? Jul 9, 2019 18:56 |
|
A black principal, four white teens and the ‘senior prank’ that became a hate crime posted:He started to cry. He would be the only one who immediately admitted what they did. The others, court records show, would deny it. Tyler wished Willingham good luck in finding out who did it.
|
# ? Jul 9, 2019 19:45 |
|
some days you gently caress the sec...
|
# ? Jul 9, 2019 19:49 |
|
holy poo poo zoom persistent local webservers imagine some hell future in which local webservers become the basis of highly agile deployment of js-inserting apps to desktops
|
# ? Jul 9, 2019 20:05 |
|
"what if the world's most popular chat apps were built on stacks vulnerable to script-kiddie even-a-computer-janitor-can-do-it attacks?" -
|
# ? Jul 9, 2019 20:07 |
|
|
# ? Apr 28, 2024 03:46 |
|
death to prank culture
|
# ? Jul 9, 2019 20:09 |