|
I wouldn’t have thought so, since that’s basically the purpose of them, but you seem to disagree. the lockscreen background image is also available without a PIN, and the device’s notion of the current time!
|
#
?
Feb 22, 2020 11:52
|
|
|
|
| # ? Jun 18, 2024 09:32 |
|
|
hasn't there been like a dozen different ways to get the full photos or contacts list on iOS directly from the lock screen because of some loopholes in the ui? how can that be if the data on the phone is encrypted with the pin?
|
|
#
?
Feb 22, 2020 11:56
|
|
|
it’s encrypted behind the PIN after reboot, until first unlock
|
|
#
?
Feb 22, 2020 12:00
|
|
|
CmdrRiker posted:I love it when people who know nothing about software security think they know everything about software security. https://www.npr.org/2020/02/21/805032627/trump-administration-targets-your-warrant-proof-encrypted-messages "Pull requests welcome."
|
|
#
?
Feb 22, 2020 12:17
|
|
|
https://twitter.com/letsencrypt/status/1230957211590873088
|
|
#
?
Feb 22, 2020 12:26
|
|
|
Let's Encrypt saved my rear end by being baked into Bomgar when my company didn't know how to Certificate
|
|
#
?
Feb 22, 2020 16:22
|
|
|
Doom Mathematic posted:"Pull requests welcome." please don't put your grindr profile in your sig
|
|
#
?
Feb 22, 2020 17:46
|
|
|
dont git shame
|
|
#
?
Feb 22, 2020 21:00
|
|
|
Krankenstyle posted:dont git blame
|
|
#
?
Feb 23, 2020 01:45
|
|
|
Krankenstyle posted:lol at autodecrypting contacts on boot netplwiz.exe
|
|
#
?
Feb 23, 2020 13:16
|
|
|
physical security fuckup: NBNco, the company created by the government responsible for deploying a
|
|
#
?
Feb 23, 2020 14:44
|
|
|
Methanar posted:Is there an iot furnace yet. I want to streamline and disrupt the thermostat middle man industry and connect my natural gas combuster directly to the internet This is industrial/office HVAC. Systems that have the capacity to injure people and destroy property run XP (edit - and ancient Andriod) connected to "secure backnets" that are just tcp/ip networks badly partitioned from existing corporate infrastructure. You haven't felt fury until you've been shrugged off by a bunch of fat, 50-year-old, pickup-driving hicks who confidently assure you that your security concerns are a non-issue because everything is connected to this "backnet." Potato Salad fucked around with this message at 19:25 on Feb 23, 2020 |
|
#
?
Feb 23, 2020 19:17
|
|
|
Potato Salad posted:This is industrial/office HVAC. you know "bacnet" is a protocol yeah
|
|
#
?
Feb 23, 2020 19:58
|
|
|
baby got bacnet edit: building got bacnet
|
|
#
?
Feb 23, 2020 20:02
|
|
|
abigserve posted:you know "bacnet" is a protocol yeah today I learned something! im wondering if this is contributing to the confusion -- facility guys not really realizing that their unpatched endpoints are actually on improperly-segregated, chatty tcp/ip networks instead of a separate control network Potato Salad fucked around with this message at 20:11 on Feb 23, 2020 |
|
#
?
Feb 23, 2020 20:07
|
|
|
Potato Salad posted:today I learned something! guaranteed most people dealing with this poo poo are just electricians entirely unaware of anything beyond plugging poo poo in (edit: as in they don't care about anything beyond layer 1) (and why should they, there's no accreditation or standards for installing this poo poo, as long as it works they get paid).
|
|
#
?
Feb 23, 2020 20:23
|
|
|
There is though, it's just not their job. Electricians have to qualify under an apprenticeship. They hook it up to plan, and yeah as long as it works, they get paid. Facility won't care, because they get paid to maintain it, not plan it. It's the fault of the doofus that decided to hook the pos system, automation, and wifi up to the same lan. The best way to get it fixed is to get them to cut you another contract to tell their cj's what to rearrange.
|
|
#
?
Feb 23, 2020 22:03
|
|
|
is bacnet even mac based layer 2? i know layer 1 is ethernet, but i thought everything above that was completely different. to the extent that it's exposed to your regular tcp/ip network it's through a gateway device specifically designed to provide an interface to the bacnet gear
|
|
#
?
Feb 23, 2020 22:30
|
|
|
iirc bacnet can run on multiple layers so in addition to bacnet over rs-485 it could be ethernet or ip etc etc sounds like they’re running on an (*isolated*, lol) ip network
|
|
#
?
Feb 23, 2020 22:36
|
|
|
when you discover bits of a client's HVAC infra via shodan, there's work to be done
|
|
#
?
Feb 23, 2020 22:48
|
|
|
Potato Salad posted:when you discover bits of a client's HVAC infra via shodan, there's work to be done adiabatic thinking, number one
|
|
#
?
Feb 23, 2020 23:27
|
|
|
Potato Salad posted:when you discover bits of a client's HVAC infra via shodan, there's work to be done ah the Target strategy
|
|
#
?
Feb 24, 2020 01:21
|
|
|
infernal machines posted:is bacnet even mac based layer 2? i know layer 1 is ethernet, but i thought everything above that was completely different. to the extent that it's exposed to your regular tcp/ip network it's through a gateway device specifically designed to provide an interface to the bacnet gear The other benefit is that you might not need to run another cable at all! But of course that has it's issues ... I might be just pulling this out of my rear end based on the couple of times I have seen it, both at hotels for some reason.
|
|
#
?
Feb 24, 2020 02:05
|
|
|
Oh, and now that I remember, in the case of hotels at least ... room thermostats were on the same bacnet network as everything else.
|
|
#
?
Feb 24, 2020 02:16
|
|
|
huh. there's moderate sized bacnet deployment at one of my client's offices, i thought it was physically independent of the building management network. i guess i'll take a poke around the next time i'm there.
|
|
#
?
Feb 24, 2020 02:20
|
|
|
infernal machines posted:huh. there's moderate sized bacnet deployment at one of my client's offices, i thought it was physically independent of the building management network. i guess i'll take a poke around the next time i'm there. Please keep us updated on how the poop touching is going for you
|
|
#
?
Feb 24, 2020 05:33
|
|
|
Oooh, this chat reminds me of a great talk at FOSDEM this year, which has great potential to be a secfuck: https://fosdem.org/2020/schedule/event/modbus_2020/ 
|
|
#
?
Feb 24, 2020 12:01
|
|
|
Pile Of Garbage posted:physical security fuckup: NBNco, the company created by the government responsible for deploying a I've heard of cgi-bin but this is ridiculous!
|
|
#
?
Feb 24, 2020 13:05
|
|
|
~Coxy posted:cgi-bin Is this where they dump rejected live action sonic designs
|
|
#
?
Feb 24, 2020 13:19
|
|
|
Potato Salad posted:today I learned something! where's that article where someone found a random cat 5 cable on the bridge of an oil tanker and it turned out to be some sort of internal engineering diagnostic/control network that nobody knew about
|
|
#
?
Feb 24, 2020 13:56
|
|
|
unpacked robinhood posted:Is this where they dump rejected live action sonic designs not to be confused with where they dump bizarre hyper-expensive graphics workstations, sgi-bin
|
|
#
?
Feb 24, 2020 14:40
|
|
|
unpacked robinhood posted:Is this where they dump rejected live action sonic designs It's where they dump all of the animators just before release 
|
|
#
?
Feb 24, 2020 21:46
|
|
|
One thing I've noticed with facilities systems is that facilitates purchasing is super different to other purchasing internally for some reason Like if you go out to tender for servers, you go out to tender for a huge stack of them and it becomes your encumbant solution so you can buy more if needed until it's time for a full refresh Facilities they get three quotes for loving everything and pick the cheapest. Even if it's the same thing they'll get three quotes and buy a totally different solution if it's cheaper. A HVAC monitoring system one building away from another one will be a totally different vendor, installed and managed by someone else. It's mental. I remember once convincing a big BMS solution to use dhcp and reservations instead of static addressing because it's easier and cleaner, so they rolled out two hundred devices without a hitch. The exact same solution, for the same purpose, starts in the next state over...and they buy equipment that doesn't do dhcp
|
|
#
?
Feb 24, 2020 22:10
|
|
|
Powerful Two-Hander posted:where's that article where someone found a random cat 5 cable on the bridge of an oil tanker and it turned out to be some sort of internal engineering diagnostic/control network that nobody knew about
|
|
#
?
Feb 24, 2020 22:39
|
|
|
abigserve posted:equipment that doesn't do dhcp I honestly didn't know this was possible in tyool 2020
|
|
#
?
Feb 24, 2020 23:36
|
|
|
NecroBob posted:I honestly didn't know this was possible in tyool 2020 there’ll always be someone who’s willing to disable a feature and knock a cent off the price to get beancounters’ business
|
|
#
?
Feb 25, 2020 01:16
|
|
|
NecroBob posted:I honestly didn't know this was possible in tyool 2020 our LARGEST CUSTOMER sourced OUR PRODUCT from a BEST BUY and plugged it into their IT closet and it TOOK DOWN their ENTIRE NETWORK I dont CARE what the spec sheet says, TAKE IT OUT
|
|
#
?
Feb 25, 2020 01:26
|
|
|
Sniep posted:our LARGEST CUSTOMER sourced OUR PRODUCT from a BEST BUY and plugged it into their IT closet and it TOOK DOWN their ENTIRE NETWORK We had a lab network that was suppoed to be VLAN'ed and sandboxes. One day they enabled DHCP on a POC device.....and it took down the switch on that floor. It wasn't as sandboxed as they claimed.
|
|
#
?
Feb 25, 2020 03:28
|
|
|
Powerful Two-Hander posted:where's that article where someone found a random cat 5 cable on the bridge of an oil tanker and it turned out to be some sort of internal engineering diagnostic/control network that nobody knew about i haven't seen the article but i have experienced that exact situation a couple times off-shore on drilling rigs and deep-water subsea/pipelay vessels . poo poo is so haphazard out there.
|
|
#
?
Feb 25, 2020 15:56
|
|
|
|
| # ? Jun 18, 2024 09:32 |
|
|
abigserve posted:One thing I've noticed with facilities systems is that facilitates purchasing is super different to other purchasing internally for some reason it’s the thing where free market makes efficient and good decisions because of freedom of choice op like a robotics startup paying phds for time spent freeing space on their laptops because gently caress spending a tiny bit more to get a disk that can actually hold the necessary software instead of taping an external hdd to a rugged machine meant to go on outdoors field testing
|
|
#
?
Feb 26, 2020 07:49
|
|
