infernal machines posted:a bunch of RCEs discovered in old VxWorks IP stack The other part became Walnut Creek CDROM aka ftp.cdrom.com, which is now iXsystems.
|
|
# ? Jul 30, 2019 16:40 |
|
|
# ? Apr 25, 2024 13:33 |
|
and hackers got into the dsn in 2018 so maybe we will get our first interplanetary pwn
|
# ? Jul 30, 2019 16:47 |
|
D. Ebdrup posted:Not only does this affect the Mars rovers which run VxWorks why would you spend power on tcp & ip for a mars rover
|
# ? Jul 30, 2019 16:57 |
|
Cocoa Crispies posted:why would you spend power on tcp & ip for a mars rover curiosity sends data primarily through other probes in mars orbit that relay to earth, an off the shelf tcp/ip stack would work for that
|
# ? Jul 30, 2019 16:59 |
|
imagine bricking a 2.5 billion dollar rover
|
# ? Jul 30, 2019 17:02 |
|
Perplx posted:imagine bricking a 2.5 billion dollar rover Goddamn that'd be an expensive smarthands request.
|
# ? Jul 30, 2019 17:05 |
|
"commander we've decrypted the signal from the rover and there are definite signs of advanced life forms here" "well what does it say" "dear sir: your files have been encrypted..."
|
# ? Jul 30, 2019 17:14 |
|
the last 9 months of the rover's lifespan was spent dragging its shovel across the surface of the planet to draw penises in the sand, after lizard squad hijacked its transmitter and changed its access codes
|
# ? Jul 30, 2019 17:16 |
|
haveblue posted:curiosity sends data primarily through other probes in mars orbit that relay to earth, an off the shelf tcp/ip stack would work for that iirc one of the experiments on one of the mars orbiters is in fact a special packet-switched network... thing... that's meant to be a prototype for a future interplanetary internet e: nevermind it was on Deep Impact, not a mars orbiter there was a cancelled mars orbiter too: https://en.wikipedia.org/wiki/Mars_Telecommunications_Orbiter Shame Boy fucked around with this message at 17:29 on Jul 30, 2019 |
# ? Jul 30, 2019 17:27 |
|
considering that one of the mars viking missions ended because an engineer mistakenly sent a command to turn down a receiving antenna...
|
# ? Jul 30, 2019 17:57 |
|
Lain Iwakura posted:considering that one of the mars viking missions ended because an engineer mistakenly sent a command to turn down a receiving antenna... was it lil jon or dj snake?
|
# ? Jul 30, 2019 18:00 |
|
I really want to delve more into satellite/probe security, but not sure where to start other than listening in on our local ground station with an SDR and seeing what I can discover.
|
# ? Jul 30, 2019 18:13 |
|
CommieGIR posted:I really want to delve more into satellite/probe security, but not sure where to start other than listening in on our local ground station with an SDR and seeing what I can discover. first I think you perform a summoning ritual to call forth jonny290
|
# ? Jul 30, 2019 18:21 |
|
Cocoa Crispies posted:was it lil jon or dj snake? this was also my first thought
|
# ? Jul 30, 2019 18:24 |
|
CommieGIR posted:I really want to delve more into satellite/probe security, but not sure where to start other than listening in on our local ground station with an SDR and seeing what I can discover. there are a few decent talks like this one https://www.youtube.com/watch?v=2aBXpho5b7w but i hope you like gnuradio
|
# ? Jul 30, 2019 18:29 |
|
https://twitter.com/iangcarroll/status/1155986280234119170
|
# ? Jul 30, 2019 18:37 |
|
yep im here (i did not namesearch lol) Satellites come in three flavors: - no security - our old military communications satellites were like this. Absolutely no way to control. Thinking is that you could run crypto on top for the actual data, and you did not want there to be a shutdown code AT ALL because what if the commies got it. These are still usable today if you can suss out the uplink and downlink freqs, and are the satellites that Vice or Wired or whoever write stories about BRAZILIAN PIRATES SENDING SLOW SCAN TV ON MILITARY SATELLITES. - modest security - Most ham satellites are like this. One of the few waivers we get for the "no crypto on the airwaves" clause is to secure control communications on ground to satellite links. So, most ham birds do have a way to be turned off and on from the ground securely. Of course, all the voice and data we actually relay through them is in the clear and you're welcome to listen, but it's not the most exciting thing - just dudes yelling their callsign and Maidenhead grid square and "QSL" then on to the next contact. - Modern mil/spy poo poo - no way you're getting any useful data from these, but it's fun to tune into the carrier signals and watch them Doppler across your screen the NOAA satellites around 137 MHz are super easy to get into because they're nuclear powered or something and have super high powered transmitters, and the decode software is easily available. Realtime maps, yo. probably the easiest way to get into satellite snooping is to get: - RTL SDR stick, of course - Two inexpensive VHF+UHF tv antennas off Amazon - something that looks like this, not something that looks like this. figure out a way to mount them back to back pre:+-+-|-|---|-|-+-+ | | |pole mast broomstick whatever ya got Then start tuning around the 225-400 MHz range for mil satellites, 135-138 for NOAA or 145.8-146.0 and 435-438 MHz for hams. You'll find all sorts of data transmissions and voice squawks. Jonny 290 fucked around with this message at 18:42 on Jul 30, 2019 |
# ? Jul 30, 2019 18:38 |
|
Shame Boy posted:it's primarily a mechanism to deny things to minorities in a way that doesn't look discriminatory so it doesn't need to mean anything My wife and a minority came to the US about 19 years ago and has a score around 825. She didn't do anything with paperwork from banks where she's from, she's just not an idiot living off credit cards and loans. I just let her manage the money and ride her coattails, which gets my score just below hers but occasionally I'll be above hers. She has store cards and junk but she uses them to get whatever points she can and then just pays them off at the end of the month instead of living outside our means. She waits for 0% financing on things like furniture and pays that stuff off before the time limit when interest starts getting charged. Amazon has a store card that does 0% for some things too, if you prefer that route. https://securityaffairs.co/wordpress/88696/breaking-news/llucian-banner-web-flaw.html quote:“A user’s unique identifier, UDCID, is leaked via a cookie and it could lead to account compromise if this identifier is captured or otherwise known, in the case tested the UDCID was known to be the institutional ID printed on ID cards. The UDCID could be used to exploit a race condition that would provide an attacker with unauthorized access.” continues the advisory. “For a student, the attacker could drop them from their courses, reject financial aid, change their personal information, etc. For a professor, this could lead to an inability to manage their courses, allow a malicious student to put in false final grades, etc. For an administrator, an attacker could change users information, place false holds on student accounts, etc.” This link's a bit better https://www.insidehighered.com/news/2019/07/19/ellucian-banner-security-flaw-highlighted-education-department chemosh6969 fucked around with this message at 19:54 on Jul 30, 2019 |
# ? Jul 30, 2019 19:51 |
|
Volmarias posted:There are Secured Credit cards, where you make a small refundable deposit then can draw against it via the card. It's like a debit card but worse, but builds a history of being able to repay your credits and with effectively no risk for the bank. there are some banks, like capital one, that deal in the subprime market and give cards with very low limits to people with no or very bad credit, or at least they used to, so they can start or rebuild their credit history the real bs is that your credit score can also impact things that have nothing to do with loan repayment like your car insurance rate, and having no credit can be worse than bad credit in these situations
|
# ? Jul 30, 2019 20:53 |
|
psst this is the security fuckup thread, not the finance and credit one
|
# ? Jul 30, 2019 20:53 |
|
‘No way to prevent this’, Says Only Development Community Where This Regularly Happens https://medium.com/@nimelrian/no-way-to-prevent-this-says-only-development-community-where-this-regularly-happens-8ef59e6836de
|
# ? Jul 30, 2019 21:04 |
|
Jonny 290 posted:yep im here A quality post
|
# ? Jul 30, 2019 21:56 |
|
I have an internal site that I'm hosting in azure blob storage but I can't actually limit access to it because the "whitelist microsoft services" button doesn't include azure devops.
|
# ? Jul 30, 2019 22:06 |
|
Shame Boy posted:it's primarily a mechanism to deny things to minorities in a way that doesn't look discriminatory so it doesn't need to mean anything
|
# ? Jul 31, 2019 00:06 |
|
i have good credit. sometimes i think "i'm gonna shop around for a credit card". it's hosed up that i have to look for a way to _spend_ money with rebates rather than _save_ (accumulate) money
|
# ? Jul 31, 2019 00:24 |
|
Security Fuckup Megathread: don't go to jail plz Security Fuckup Megathread: Im like > ipredator > tor > s3 on all this poo poo or maybe just Security Fuckup Megathread: wa wa wa wa, wa wa wa wawaaaaaaaaaaa
|
# ? Jul 31, 2019 00:28 |
|
Jonny 290 posted:yep im here Nice. I'm gonna try this. I already use GNUradio with my RTL-SDR, and can decode NOAA satellite maps. Thanks for the quality post!
|
# ? Jul 31, 2019 00:45 |
|
Shame Boy posted:Security Fuckup Megathread: Im like > ipredator > tor > s3 on all this poo poo fits, do it
|
# ? Jul 31, 2019 01:12 |
|
Trabisnikof posted:and hackers got into the dsn in 2018 so maybe we will get our first interplanetary pwn pwn stars
|
# ? Jul 31, 2019 02:52 |
hhahahaha how dumb you have to be to post haul from a major hack to your legit personal github?
|
|
# ? Jul 31, 2019 07:40 |
|
quote:An AWS spokesman confirmed that the company’s cloud had stored the Capital One data that was stolen, and said it wasn’t accessed through a breach or vulnerability in AWS systems. Prosecutors alleged that the access to the bank data came through a misconfigured firewall protecting one of its applications.
|
# ? Jul 31, 2019 08:19 |
|
mystes posted:Was there really a "firewall" or was this not even really a hack and the s3 buckets were just misconfigured to allow pubic access? why not both?
|
# ? Jul 31, 2019 08:31 |
|
mystes posted:Was there really a "firewall" or was this not even really a hack and the s3 buckets were just misconfigured to allow pubic access? "firewall" is probably lawyer-speaking-to-jury-speak for "access control"
|
# ? Jul 31, 2019 14:06 |
|
someone left 22 open to the world on an edge security group
|
# ? Jul 31, 2019 14:07 |
|
cinci zoo sniper posted:hhahahaha how dumb you have to be to post haul from a major hack to your legit personal github? uh he used multiple proxies connected together, i think you'll find it's impossible to trace his ip address even if you had a gui interface in visual basic
|
# ? Jul 31, 2019 14:49 |
|
mystes posted:Was there really a "firewall" or was this not even really a hack and the s3 buckets were just misconfigured to allow pubic access? the "firewall" was "misconfigured" to allow internal access
|
# ? Jul 31, 2019 14:53 |
|
mystes posted:Was there really a "firewall" or was this not even really a hack and the s3 buckets were just misconfigured to allow pubic access? The affidavit is actually worth reading. They're claiming she accessed an internal system that wasn't supposed to be publicly exposed, then pivoted from there to using the access on that system to pull from their (otherwise properly configured) buckets.
|
# ? Jul 31, 2019 15:07 |
|
Shame Boy posted:uh he used multiple proxies connected together, i think you'll find it's impossible to trace his ip address even if you had a gui interface in visual basic And the system didn't automatically reroute the ports when it detected an intruder trying to break in?
|
# ? Jul 31, 2019 15:18 |
|
good thread title
|
# ? Jul 31, 2019 16:27 |
|
|
# ? Apr 25, 2024 13:33 |
|
infernal machines posted:the "firewall" was "misconfigured" to allow internal access Volmarias posted:The affidavit is actually worth reading. They're claiming she accessed an internal system that wasn't supposed to be publicly exposed, then pivoted from there to using the access on that system to pull from their (otherwise properly configured) buckets.
|
# ? Jul 31, 2019 16:41 |