|
Krankenstyle posted:ew did anyone use it I think I only saw one person who was working the booth get in any of the times I was walking by. Definitely wasn't anything approaching a line to get in.
|
#
?
Aug 10, 2019 03:06
|
|
|
|
| # ? Apr 28, 2024 09:39 |
|
|
Harry Lime posted:I think I only saw one person who was working the booth get in any of the times I was walking by. Definitely wasn't anything approaching a line to get in. lmao i bet it was in their contract "enter the ballpit at least once per half hour"
|
|
#
?
Aug 10, 2019 03:10
|
|
|
shades of dashcon
|
|
#
?
Aug 10, 2019 03:15
|
|
|
Krankenstyle posted:lmao i bet it was in their contract "enter the ballpit at least once per half hour" dev manager job description sounding unreasonable
|
|
#
?
Aug 10, 2019 03:15
|
|
|
|
|
#
?
Aug 10, 2019 03:32
|
|
|
nvm
|
|
#
?
Aug 10, 2019 04:51
|
|
|
Subjunctive posted:the alerts are stored in the balls this post needs to get more love
|
|
#
?
Aug 10, 2019 05:46
|
|
|
Subjunctive posted:the alerts are stored in the balls You have some alerts on your face
|
|
#
?
Aug 10, 2019 06:27
|
|
|
If they had a sign that said "wouldn't you rather drown in drinks than alerts" and then had a liquor pit, then I'd be interested.
|
|
#
?
Aug 10, 2019 06:49
|
|
|
pseudorandom posted:If they had a sign that said "wouldn't you rather drown in drinks than alerts" and then had a liquor pit, then I'd be interested. to be honest it would be an even worse toxic waste pit
|
|
#
?
Aug 10, 2019 07:00
|
|
|
|
|
#
?
Aug 10, 2019 12:24
|
|
|
Lain Iwakura posted:to be honest it would be an even worse toxic waste pit for a Second I thought you were talking about your balls 
|
|
#
?
Aug 10, 2019 14:05
|
|
|
toxicity is stored in the balls
|
|
#
?
Aug 10, 2019 16:08
|
|
|
I feel like I’ve heard a million people talking about splunk and elk stack all weekend either I’m finding a pattern where none exists or I’m lucky to not have to store and search logs
|
|
#
?
Aug 10, 2019 16:41
|
|
|
Captain Foo posted:for a Second I thought you were talking about your balls Lain's a dudette, dude.
|
|
#
?
Aug 10, 2019 16:50
|
|
|
MITRE attack framework was also the free space on the Blackhat vendor hall bingo card this year
|
|
#
?
Aug 10, 2019 17:45
|
|
|
Cocoa Crispies posted:I feel like I’ve heard a million people talking about splunk and elk stack all weekend tbh it's a good chunk of my job and something that have gotten pretty adept with in the past decade
|
|
#
?
Aug 10, 2019 18:07
|
|
|
Subjunctive posted:Lain's a dudette, dude. I'm aware
|
|
#
?
Aug 10, 2019 18:22
|
|
|
Subjunctive posted:Lain's a dudette, dude. it was a joke about my getting... everything removed
|
|
#
?
Aug 10, 2019 18:26
|
|
|
Lain Iwakura posted:tbh it's a good chunk of my job and something that have gotten pretty adept with in the past decade yeah, and this is my second def con in a long time where I haven’t been knee deep in binary poo poo from 7a-7p so it’s probably just me noticing it more
|
|
#
?
Aug 10, 2019 18:34
|
|
|
Cocoa Crispies posted:yeah, and this is my second def con in a long time where I haven’t been knee deep in binary poo poo from 7a-7p so it’s probably just me noticing it more it seems a bit more prominent this year.
|
|
#
?
Aug 10, 2019 19:47
|
|
|
Log ingestion, indexing, and long term storage is far from a solved problem so it makes sense.
|
|
#
?
Aug 10, 2019 23:59
|
|
|
This has been fun to follow this week https://www.vice.com/en_us/article/8xw9kp/black-hat-talk-about-time-ai-causes-uproar-is-deleted-by-conference
|
|
#
?
Aug 11, 2019 04:09
|
|
|
🤨✋ talks, especially from vendors 😊👍 making friends in the villages
|
|
#
?
Aug 11, 2019 08:20
|
|
|
Harry Lime posted:This has been fun to follow this week looks more like mental illness than a scam to me  like you see this specific kind of kookery a lot and they always have some new mathematics or unbreakable crypto or what not
|
|
#
?
Aug 11, 2019 18:27
|
|
|
If it's a random pgp email to an academic, sure This is a company who paid big money for the slot
|
|
#
?
Aug 11, 2019 19:35
|
|
|
Rufus Ping posted:If it's a random pgp email to an academic, sure quacks have money, Peter thief believes in jail breaking the universe
|
|
#
?
Aug 11, 2019 19:37
|
|
|
If you’re making money off quackery it’s a scam even if you believe it. See: Theranos
|
|
#
?
Aug 11, 2019 21:04
|
|
|
https://www.forbes.com/sites/gordonkelly/2019/08/10/apple-iphone-ipad-security-warning-ios-12-ios13-iphone-xs-max-xr/amp/ Warning Issued For Apple's 1.4 Billion iPad And iPhone Users Aug 10, 2019,7:40 pm Every iPhone released since 2011 is potentially vulnerable to having their data and passwords stolen Apple is having a bad week. Just days after Face ID was hacked and the company’s “user-hostile” iPhone battery practices were exposed, an extraordinary story of Apple neglect has resulted in a warning every iPhone and iPad user needs to know about. Picked up by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13. This spread covers eight years of devices (iOS 8 supports the 2011 iPhone 4S) and, with Tim Cook stating there are 1.4BN active iOS devices around the world, this is worrying news for the owners of pretty much all of them. What Check Point discovered is that the Contacts app built into iOS can be exploited using the industry-standard SQLite database so that any search of Contacts can trick the device into running malicious code capable of stealing user data and passwords. ............
|
|
#
?
Aug 12, 2019 00:32
|
|
|
you need physical access to the unlocked device, lol here's another security flaw for ya: a hacker can browse through your contacts and copy the information with a pen and paper
|
|
#
?
Aug 12, 2019 00:53
|
|
|
The data being leaked is not contacts, it says it's passwords
|
|
#
?
Aug 12, 2019 00:57
|
|
|
or not infernal machines fucked around with this message at 01:17 on Aug 12, 2019 |
|
#
?
Aug 12, 2019 01:01
|
|
|
if apple is storing plaintext passwords somewhere for this to leak then yeah that's a fuckup, but i don't see that mentioned in the article? the entire passwords line seems to be "the hacker could set up malware that steals your password if you type it in later" and again, need physical access and for the device to already be unlocked.
|
|
#
?
Aug 12, 2019 01:06
|
|
|
go up one level: https://appleinsider.com/articles/19/08/10/apples-ios-contacts-app-claimed-to-be-vulnerable-to-sqlite-hack the bug appears to be a general exploit for storing and invoking executable code with sqlite. contacts was the app chosen for the example. I’m not sure what exactly they did to contacts to compromise it but it doesn’t seem to be doable remotely, they need physical access to an unlocked device password only seem to come up because stealing passwords is a traditional thing to do once you have malicious code running somewhere
|
|
#
?
Aug 12, 2019 01:12
|
|
|
yeah, i read that and "For the purpose of the demonstration, they just had the app crash. The researchers said that they could have crafted the app to steal passwords." is pretty unclear. they don't mention this bypassing sandboxing or anything, so it's basically just "we can execute arbitrary code now"
|
|
#
?
Aug 12, 2019 01:17
|
|
|
I doubt they could steal passwords anyway since even if you have your malicious code running you'd need the Secure Enclave to give you a key to unlock the keychain. Now presumably the malicious code could popup a touchID dialog and if the user authenticates through that as they have been trained to do then your code might be able to read passwords...
|
|
#
?
Aug 12, 2019 02:57
|
|
|
that’s actually a serious issue with touchid, users will reflexively press home to escape a misbehaving app but the act of putting your finger on home triggers fingerprint recognition and there’s a good chance it will report authentication before it actually exits the app there are apps that use this trick to activate subscriptions while confusing the user about whether or not it went through
|
|
#
?
Aug 12, 2019 04:22
|
|
|
i guess that's fixed with face id
|
|
#
?
Aug 12, 2019 04:26
|
|
|
Subjunctive posted:Lain's a dudette, dude. dude's been gender-neutral for like ten years IMO
|
|
#
?
Aug 12, 2019 05:47
|
|
|
|
| # ? Apr 28, 2024 09:39 |
|
|
okay, so this appears to be the original, four-year-old bug. tl;dr: sqlite has a pair of bugs in its query and database-file parsers in theory the query parser bug shouldn't be exploitable because nobody would ever be dumb enough to inject user input directly into an sql query string, right? the file parser bug is only exploitable if you can corrupt the database file that sqlite is working with, but you probably can if there's literally any other bug in the program, because parts of the database file are probably just mmap'ed writably into the address space because that's how databases work. and corruption of the database file will generally persist across reboots, so potentially the exploit can persist, too i don't know why ios was apparently using an ancient sqlite. probably because the whole clever point of sqlite is that you can just copy it into your project without worrying about adding a dependent project, so people do and then they don't worry about keeping up with security updates the thing about passwords sounds like bullshit
|
|
#
?
Aug 12, 2019 06:01
|
|
