cinci zoo sniper posted:https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/ lmao champagne posting posted:should've used tor
|
|
# ? Dec 2, 2021 14:20 |
|
|
# ? May 11, 2024 16:09 |
|
ewiley posted:if I’m reading this right it’s a buffer overflow in the certificate verification of Mozilla’s NSS that’s existed since like 2014 and Mozilla and Google and other third parties all missed it despite heavily auditing the same code? yes. most of the article is exploring why it was not caught by automated testing or by automated fuzzing tools
|
# ? Dec 2, 2021 14:28 |
|
BlankSystemDaemon posted:or surfshark got FISA'd and the authorities are hiding this by pretending that he was stupid, which any of us will readily assume surfshark is based in the netherlands and operates through the British Virgin Islands, so in theory the process for getting the information would have been slightly more complicated (not impossible, especially if the company cooperates or has representatives in the US). this person thought that using a commercial VPN service at the device level, through their home residence ISP, was good enough opsec for something this big, so I can definitely believe that they hosed up something as basic as preventing their connection from using anything other than the TAP adapter
|
# ? Dec 2, 2021 16:11 |
|
BlankSystemDaemon posted:tor by itself is great, but you need a way to make it so that no connection can be made without going through tor
|
# ? Dec 2, 2021 16:17 |
|
Ur Getting Fatter posted:surfshark is based in the netherlands and operates through the British Virgin Islands, so in theory the process for getting the information would have been slightly more complicated (not impossible, especially if the company cooperates or has representatives in the US). yeah the network outage would have killed the vpn and his HACKER TOOLS (web browser logged into aws) reconnected automatically when it came back up without going thru the tunnel. idk about surf shark but nordvpn has settings to prevent that so even a novice could have done it right with minimum effort
|
# ? Dec 2, 2021 17:06 |
|
i want to write a bunch "why didn't he x", "why didnt he y" stuff, but i'm terrified that my endpoint will get popped one day and my creds used to do something bad and then somebody will be all "look look achmed was talking about this online before THE CRIME" and ill be like "wait no i wasnt planning anything i was just saying any non-idiot could hide their tracks better, please do not put me in jail i didnt do anything" and then id end up fired or in jail or something and i dont want that maybe my brain broke because a ton of what i do is working on stuff to make services resilient against insider threats
|
# ? Dec 2, 2021 17:29 |
|
BlankSystemDaemon posted:or surfshark got FISA'd and the authorities are hiding this by pretending that he was stupid, which any of us will readily assume
|
# ? Dec 2, 2021 17:31 |
|
Ur Getting Fatter posted:surfshark is based in the netherlands and operates through the British Virgin Islands, so in theory the process for getting the information would have been slightly more complicated (not impossible, especially if the company cooperates or has representatives in the US). doesn’t the Investigatory Powers Act allow GCHQ to seize data from VPN providers without a warrant?
|
# ? Dec 2, 2021 17:42 |
|
vpn providers (supposedly) dont keep logs so there wouldnt be anything to collect. plus in a criminal case like this you i wouldnt think you'd have trouble getting a warrant
|
# ? Dec 2, 2021 17:52 |
|
the Investigatory Powers Act also requires retaining "connection records" for a year for British based communication service providers, which i assume would apply to surfshark if they have infra in BVI
|
# ? Dec 2, 2021 18:08 |
|
Trabisnikof posted:doesn’t the Investigatory Powers Act allow GCHQ to seize data from VPN providers without a warrant? BVI doesn't operate under UK law though
|
# ? Dec 2, 2021 18:09 |
|
Trabisnikof posted:the Investigatory Powers Act also requires retaining "connection records" for a year for British based communication service providers, which i assume would apply to surfshark if they have infra in BVI what a hosed up little island
|
# ? Dec 2, 2021 18:14 |
|
Rufus Ping posted:BVI doesn't operate under UK law though well that'd do it
|
# ? Dec 2, 2021 18:18 |
|
Net crime island
|
# ? Dec 2, 2021 18:21 |
|
BattleMaster posted:Net crime island
|
# ? Dec 2, 2021 18:23 |
|
BattleMaster posted:Net crime island
|
# ? Dec 2, 2021 18:24 |
|
BattleMaster posted:Net crime island
|
# ? Dec 2, 2021 18:47 |
|
BattleMaster posted:Net crime island
|
# ? Dec 2, 2021 18:51 |
|
BattleMaster posted:Net crime island
|
# ? Dec 2, 2021 18:52 |
|
Achmed Jones posted:i want to write a bunch "why didn't he x", "why didnt he y" stuff, but i'm terrified that my endpoint will get popped one day and my creds used to do something bad and then somebody will be all "look look achmed was talking about this online before THE CRIME" and ill be like "wait no i wasnt planning anything i was just saying any non-idiot could hide their tracks better, please do not put me in jail i didnt do anything" This story seems to have the hallmarks of "What if someone tries to pull an Office Space in real life?" With an added dose of unwarranted urgency. Like, it doesn't seem as though this was thought through very well. Ransom from home? Did he think to short the stock before "whistleblowing"? Why do this all at once? Need lots of cash real fast? Get too excited by the thrill of his first heist? Mega dunning Kruger?
|
# ? Dec 2, 2021 19:18 |
Shaggar posted:vpn providers (supposedly) dont keep logs so there wouldnt be anything to collect. plus in a criminal case like this you i wouldnt think you'd have trouble getting a warrant so unless the servers are in a place where there's good internet connectivity and no laws making them liable (and there's not a whole lot of places like that left, after it stopped being a thing in the Seychelles), it seems likely to assume that just because they say they don't keep logs, doesn't mean they aren't keeping logs with openbsm and a dtrace provider, it's trivial to do whole-system monitoring in a way that leaves no trace of it available to someone without privileged access - so i imagine it can be done the same way on other OS' also, remember that cross-country compliance with information sharing requests is a thing, even if there are no secret courts involved
|
|
# ? Dec 2, 2021 19:44 |
|
there's been enough examples of vpn providers claiming they don't keep logs and then turning out to that you'd be dumb to believe them
|
# ? Dec 2, 2021 19:59 |
|
Plorkyeran posted:there's been enough examples of vpn providers claiming they don't keep logs and then turning out to that you'd be dumb to believe them
|
# ? Dec 2, 2021 20:28 |
|
surf shart
|
# ? Dec 2, 2021 20:44 |
|
Ur Getting Fatter posted:this person thought that using a commercial VPN service at the device level, through their home residence ISP, was good enough opsec for something this big, so I can definitely believe that they hosed up something as basic as preventing their connection from using anything other than the TAP adapter he also thought he could lie to the feds rather than do the smart thing and just keep your mouth shut. instead he earned himself a criminal count for making false statements to the feds on top of everything else. he claimed some family member must have used his paypal password to buy that vpn service and literally anyone can tell that's baloney my wife used to be a criminal defense attorney, and she lamented that her job would be infinitely easier if her customers had just kept their mouths shut when cops asked them questions in conclusion if cops ask you questions you shut the gently caress up
|
# ? Dec 2, 2021 20:52 |
|
well, nowadays you have to explicitly say you are invoking your right to remain silent, otherwise maybe you just want a dog that is also a lawyer, how could a simple cop know
|
# ? Dec 2, 2021 21:07 |
|
yeah silence without invoking your rights is not protected quote:You Can't Be Silent If You Want to Be Silent but meanwhile in florida https://twitter.com/mjs_DC/status/1466442103513305093?s=20
|
# ? Dec 2, 2021 21:40 |
|
Trabisnikof posted:yeah silence without invoking your rights is not protected So what do you do yell as loudly as you can "I PLEASE THE FIFTH!"???
|
# ? Dec 2, 2021 22:37 |
|
champagne posting posted:So what do you do yell as loudly as you can "I PLEASE THE FIFTH!"??? you’d probably have more luck if you offer to please all of them
|
# ? Dec 2, 2021 23:28 |
|
in florida you have something called a sentencing scoresheet which takes into consideration prior offenses and the current charge plus aggravating circumstances in order to give judges an idea of what sentence to give. the dude in this case scored 10 years. the max punishment for the offense is 15 years. the state attorneys asked for 10 years. during his allocution, the convicted man again professed his innocence for constructive possession of a firearm, said that his counsel was ineffective, and that the police forced the kid in the car to say that the gun belonged to him in order to charge him. the judge said he didn't think the dude was showing any remorse and sentenced him to the max sentence of 15 years. scofl said that since the max punishment is 15 years, that the punishment itself is inherently lawful as that's the will of the legislature. they further said since the trial judge wasn't looking at aggravating factors that it wasn't wrong for him to do what he did. this result is not shocking at all if you've ever dealt with judges during sentencing.
|
# ? Dec 2, 2021 23:37 |
|
lol quote is not edit.
|
# ? Dec 2, 2021 23:38 |
|
BlankSystemDaemon posted:or surfshark got FISA'd and the authorities are hiding this by pretending that he was stupid, which any of us will readily assume is running tails that hard
|
# ? Dec 3, 2021 04:15 |
|
maybe i missed it but i didn't see this one posted https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control/ rce in a rdp dll apparently allowed escaping hyper-v if someone connects to it via console
|
# ? Dec 3, 2021 08:52 |
|
rce, my rdp dll?
|
# ? Dec 3, 2021 09:08 |
|
yeah but usually the rce is on the server, this time it was on the client which is funnier to me
|
# ? Dec 3, 2021 09:40 |
|
i was trying to make an "idk, my bff jill?" joke but it didn't really work and also that reference is like 20 loving years old by now so whatever
|
# ? Dec 3, 2021 09:53 |
|
BattleMaster posted:Net crime island oi, chav nicked me ip logs
|
# ? Dec 3, 2021 09:56 |
|
champagne posting posted:So what do you do yell as loudly as you can "I PLEASE THE FIFTH!"??? have you tried being extremely rich
|
# ? Dec 3, 2021 10:01 |
|
Shame Boy posted:rce, my rdp dll?
|
# ? Dec 3, 2021 13:47 |
|
|
# ? May 11, 2024 16:09 |
|
Shame Boy posted:i was trying to make an "idk, my bff jill?" joke but it didn't really work and also that reference is like 20 loving years old by now so whatever i had a giggle at it
|
# ? Dec 3, 2021 14:08 |