|
Lutha Mahtin posted:when android added "wipe the drive after too many pin failures" there was a bug on a google phone where it was waking up in peoples pockets and activating the wipe from butt-dials SH/SC -> Yospos -> SecFuck M/T v18.5 - I wiped my phone with Butt-Dials
|
# ? Aug 3, 2020 17:43 |
|
|
# ? Apr 26, 2024 21:46 |
|
Jabor posted:right, but you'd think that the only way to get it that high would have required waiting half that amount of time to put in the final failed attempt oh right i forgot about the part where the lockout locks you out
|
# ? Aug 3, 2020 17:56 |
|
Lutha Mahtin posted:when android added "wipe the drive after too many pin failures" there was a bug on a google phone where it was waking up in peoples pockets and activating the wipe from butt-dials this routinely burned me with my blackberry circa 2001
|
# ? Aug 3, 2020 18:00 |
|
Subjunctive posted:this routinely burned me with my blackberry circa 2001 i mean you used a blackberry
|
# ? Aug 3, 2020 18:04 |
|
it was the style at the time
|
# ? Aug 3, 2020 18:06 |
|
Michaellaneous posted:i mean you used a blackberry I still miss the keyboard, but also the 850 was the state of the goddamn art for wireless email at the time.
|
# ? Aug 3, 2020 18:06 |
|
ymgve posted:how the gently caress does that even happen, I thought the lockout time doubled each time, not went superexponential IIRC the battery drained completely so now the iPad thinks it's 1970 and ~50 years off the timestamp that the kid really go to by doubling.
|
# ? Aug 3, 2020 18:43 |
|
taqueso posted:it was the style at the time Then why wasn't it tied to their belt?
|
# ? Aug 3, 2020 19:59 |
|
Michaellaneous posted:SH/SC -> Yospos -> SecFuck M/T v18.5 - I wiped my phone with Butt-Dials ive heard of rear end wipes but this is ridiculous
|
# ? Aug 3, 2020 19:59 |
|
Michaellaneous posted:SH/SC -> Yospos -> SecFuck M/T v18.5 - I wiped my phone with Butt-Dials
|
# ? Aug 3, 2020 20:00 |
|
Michaellaneous posted:i mean you used a blackberry so did everyone else in canada in the early 2000s a lot of them didn't stop after 2010 either
|
# ? Aug 3, 2020 21:38 |
|
my curve still works and it does what i need it to do, which is flash a red light and buzz when i need to check my email on a computer
|
# ? Aug 4, 2020 01:46 |
|
Proteus Jones posted:Then why wasn't it tied to their belt? there's a good chance it was, that was the peak era for phone belt-holsters
|
# ? Aug 4, 2020 01:58 |
|
https://twitter.com/campuscodi/status/1290366827713814528
|
# ? Aug 4, 2020 04:01 |
|
Question time for my secfuck fam. I do not own a printer and I want to print out sensitive documents. I am hesitant to use a communal printer because I am very suspicious of the security of printer firmware. Does anyone have any knowledge or understanding of this in order to educate me further? Or perhaps link to literature so that I may educate myself a little bit more about what the risks are?
|
# ? Aug 5, 2020 16:57 |
|
hypothetically, do you think it's more likely that you will be owned by the printer firmware (or just regular-rear end document retention settings), or by the device you use to print to the communal printer?
|
# ? Aug 5, 2020 17:02 |
|
CmdrRiker posted:Question time for my secfuck fam. I do not own a printer and I want to print out sensitive documents. I am hesitant to use a communal printer because I am very suspicious of the security of printer firmware. Does anyone have any knowledge or understanding of this in order to educate me further? Or perhaps link to literature so that I may educate myself a little bit more about what the risks are? The last is by far the most dangerous, btw. Never log into your email account from a shared computer (e.g. in a hotel lobby). The chance that your computer is going to be compromised by a malicious printer is probably not that high.
|
# ? Aug 5, 2020 17:05 |
|
CmdrRiker posted:Question time for my secfuck fam. I do not own a printer and I want to print out sensitive documents. I am hesitant to use a communal printer because I am very suspicious of the security of printer firmware. Does anyone have any knowledge or understanding of this in order to educate me further? Or perhaps link to literature so that I may educate myself a little bit more about what the risks are? if your documents are so sensitive that youre seriously worried about hacked firmware go to staples and buy the cheapest usb printer they have and plug that directly into your computer. the $200 is cheap insurance against that threat.
|
# ? Aug 5, 2020 17:06 |
|
CmdrRiker posted:Question time for my secfuck fam. I do not own a printer and I want to print out sensitive documents. I am hesitant to use a communal printer because I am very suspicious of the security of printer firmware. Does anyone have any knowledge or understanding of this in order to educate me further? Or perhaps link to literature so that I may educate myself a little bit more about what the risks are? if the documents are that sensitive you should have policies about which printers to use if there are no policies the documents are not actually that sensitive and you should be fine because the NSA already has your social security number
|
# ? Aug 5, 2020 17:06 |
|
Probably don't leave a copy of your bank statement on a usb drive you plug into a communal printer when you go to print cat pictures, though.
|
# ? Aug 5, 2020 17:08 |
|
infernal machines posted:hypothetically, do you think it's more likely that you will be owned by the printer firmware (or just regular-rear end document retention settings), or by the device you use to print to the communal printer? The former and I feel like a loving idiot for not considering the latter. So I suppose I am concerned for both now and I should just buy my own printer. But I would like to know more about the former. I did a little reading in the past about how it is not a good idea to print out 2FA backup codes on, say, even your work printer. But now I am curious and would like to know more about what goes on with most printer firmware. e: Additionally, I am also annoyed about clinics wanting to scan my driver's license and insurance card. For the same reasons. But I don't really say anything about it because I wonder if I am being too . CmdrRiker fucked around with this message at 17:11 on Aug 5, 2020 |
# ? Aug 5, 2020 17:08 |
|
CmdrRiker posted:The former and I feel like a loving idiot for not considering the latter. So I suppose I am concerned for both now and I should just buy my own printer. Companies scanning and retaining your personal information is more of an issue (not because of malicious scanners) but there's basically nothing you can do about it.
|
# ? Aug 5, 2020 17:11 |
|
multifunction devices tend to be less "printer" and more "maybe-unpatchable-and-certainly-unpatched windows xp computer with a printer attached to it", with all the fun that entails. we've had some fail their VAs (and send me on building-to-building searches to unplug the drat things), and if the machine was installed by an idiot then anyone who can google the default password can http/telnet into it and upload whatever weird firmware they want to oh and i guess you could pop the drive out of an mfd and reconstruct the images from the last few things it's printed, unless it has an encryption module [correctly-]installed but infernal machines is 100% correct in telling you that the most credible threat will be from the network between you and the printer, then its print server, THEN the printer itself e: mystes posted:You almost definitely don't have to worry about malicious printer firmware. It's a theoretical risk and it could become more of a problem in the future if printers start to run real OSes or something, but at this point you can basically ignore it unless you're worried about the NSA in which case you have bigger problems. by "we" here i mean my own personal opinions about my government employer who really does need protection from these threats; you very likely do not flakeloaf fucked around with this message at 17:15 on Aug 5, 2020 |
# ? Aug 5, 2020 17:11 |
|
CmdrRiker posted:I did a little reading in the past about how it is not a good idea to print out 2FA backup codes on, say, even your work printer. not really sure how that kind of attack would work, like even if you could tell that "this page of random numbers and letters is a set of 2FA codes" you'd then have to figure out who they belong to and what account they go to with no other information to go off of.
|
# ? Aug 5, 2020 17:12 |
|
Midjack posted:if your documents are so sensitive that youre seriously worried about hacked firmware go to staples and buy the cheapest usb printer they have and plug that directly into your computer. the $200 is cheap insurance against that threat. Agreed. Thank you. mystes posted:You almost definitely don't have to worry about malicious printer firmware. It's a theoretical risk and it could become more of a problem in the future if printers start to run real OSes or something, but at this point you can basically ignore it unless you're worried about the NSA in which case you have bigger problems. OK. Fair. But still buying a printer, I guess.
|
# ? Aug 5, 2020 17:14 |
|
Shame Boy posted:not really sure how that kind of attack would work, like even if you could tell that "this page of random numbers and letters is a set of 2FA codes" you'd then have to figure out who they belong to and what account they go to with no other information to go off of.
|
# ? Aug 5, 2020 17:14 |
|
CmdrRiker posted:OK. Fair. But still buying a printer, I guess.
|
# ? Aug 5, 2020 17:17 |
|
Apparently most big office printers have a surprisingly big hard drive (because storage is cheap) and they don't bother deleting any files sent to the printer until it actually fills up. Which is thousands and thousands of pages. It is possible to wipe the disk but you have to be aware that this is even an issue, or you won't think of it. People have gotten rather sensitive documents off a printer's hard drive after buying it second-hand from some company. Including legal stuff and government stuff.
|
# ? Aug 5, 2020 17:17 |
|
Carbon dioxide posted:Apparently most big office printers have a surprisingly big hard drive (because storage is cheap) and they don't bother deleting any files sent to the printer until it actually fills up. Which is thousands and thousands of pages.
|
# ? Aug 5, 2020 17:19 |
|
if they get your mfa seed it's fine because you have 2fa enabled on your account (the password),
|
# ? Aug 5, 2020 17:19 |
|
In general, worrying about someone getting your personal 2FA recovery codes from your work printer or something is probably silly anyway. The chance that someone comes across that information and bothers trying to put it together with other information that would be necessary to gain access to your account seems pretty small. It's a bit like worrying that if you store a hardcopy backup of passwords in your house, a burglar might find and use them. Edit: The moral of the story is to consider what your threat model is.
|
# ? Aug 5, 2020 17:22 |
|
really stealing your phone number and getting the 2fa removed from the account is far easier and more realistic. thats how a bunch of bitcoins get stolen
|
# ? Aug 5, 2020 17:24 |
|
at this point why not take some time to write the 2fa recovery codes on a piece of paper? idk this may be a dumb suggestion if this means writing down a even a kilobyte of base64 or something
|
# ? Aug 5, 2020 17:30 |
|
Not sure if this counts as SecFuck but my multifunction printer runs a web UI for administration, the problem is that it's lovely code that causes Javascript errors in any modern browser and probably hardly worked on IE 8 to begin with. I had to reverse engineer their Javascript and run proper code line by line in the console to set it up and now I'm just hoping not to use it again.
|
# ? Aug 5, 2020 17:37 |
|
print every other character on one printer and then take the paper and put it in a different printer in another location and print only the missing characters
|
# ? Aug 5, 2020 17:44 |
|
I don't have any links, but adversarial firmware on a printer isn't generally in my threat model for personal docs. Printers aren't expensive, though
|
# ? Aug 5, 2020 17:51 |
|
have someone that you trust (maybe a close friend) carry a printer over to your home or wherever you need it printed
Last Chance fucked around with this message at 18:36 on Aug 5, 2020 |
# ? Aug 5, 2020 18:33 |
|
Last Chance posted:have someone that you trust (maybe a close friend) carry a printer over to your home or wherever you need it printed lol
|
# ? Aug 5, 2020 18:44 |
|
Last Chance posted:have someone that you trust (maybe a close friend) carry a printer over to your home or wherever you need it printed hugging optional
|
# ? Aug 5, 2020 18:51 |
|
|
# ? Apr 26, 2024 21:46 |
|
The biggest risk for a communal printer is that somebody walks by and looks at your docs before you grab them imo
|
# ? Aug 5, 2020 19:50 |