Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
ChickenOfTomorrow
Nov 11, 2012

god damn it, you've got to be kind

:bsdsnype:

Adbot
ADBOT LOVES YOU

vOv
Feb 8, 2014

what is the Offical Yospos Security Opinion on gpg anyway

good security with a terrible interface?

anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

vOv posted:

what is the Offical Yospos Security Opinion on gpg anyway

good security with a terrible interface?
the gpgtools.org website uses an ssl certificate for *.aquila.uberspace.de

goddamnedtwisto
Dec 31, 2004

If you ask me about the mole people in the London Underground, I WILL be forced to kill you
Fun Shoe

ultramiraculous posted:

someone demonstrated this at some point, maybe even at defcon. i donno if lte is better at all, but you can definitely mitm gsm traffic if you can convince the phone to pick your "tower". if the phone is connecting and communicating, it's probably not a huge jump to capture the phone number and send a "you been phreaked bitch *hello.jpg*" message.

it's fairly trivial with gsm (you used to be able to buy the kit to do it off the shelf, it only needed a couple of pretty standard pcs and, intriguingly, a very particular old nokia) - i can't remember the exact details but istr it had to do with having a big old bunch of rainbow tables to be able to complete the challenge-response handshake that a handset uses when moving onto a new cell. i do remember you did need to know at least the number of the phone you wanted to intercept and either call it while it was in range of the intercept gear or spend a long time building those rainbow tables for that particular phone, but once you had it you could continue to intercept all traffic to and from it for as long as it was in range.

as far as i know it's possible but very very hard on 3g and up which have specific protections against mitm attacks because of those attacks.

e: however if you can jam the non-gsm signals, most phones will give up and try gsm so the attack is still relevant today, but you'd need a lot of juice to selectively jam all those bands and would be putting a big "kick me" sign on your back if the networks happen to be looking

goddamnedtwisto fucked around with this message at 08:39 on Aug 8, 2014

spankmeister
Jun 15, 2008






i disabled gsm on my phone

something you cant do on iphone
stebe let us be free of the gsm menace

Heresiarch
Oct 6, 2005

Literature is not exhaustible, for the sufficient and simple reason that no single book is. A book is not an isolated being: it is a relationship, an axis of innumerable relationships.

spankmeister posted:

i disabled gsm on my phone

doesn't this completely wreck your battery life, especially when you're using wifi

or am i misunderstanding what you're doing

Wiggly Wayne DDS
Sep 11, 2010



goddamnedtwisto posted:

it's fairly trivial with gsm (you used to be able to buy the kit to do it off the shelf, it only needed a couple of pretty standard pcs and, intriguingly, a very particular old nokia) - i can't remember the exact details
have a german bachelor's thesis: http://oops.uni-oldenburg.de/1407/1/main.pdf google cache
and the presentation: http://www.inf.ufpr.br/summerschool2011/PDF/schneider-2011-03-15%20GSM%20Overview.pdf

Varkk
Apr 17, 2004

Cross posting from NZ politics thread

http://www.joshbrodie.co.nz/2014/08/08/conservative-party-web-security.html

quote:

The username and password were already typed in when I arrived at the page. This is not so good.

The username is 'colin' and the password was (this has been changed since) 'colin' followed by three numbers. This is all quite bad.

With these credentials prepopulated, a user can only assume that this part of the website is NOT restricted and continue forth!

This allows any random visitor to the website to modify all of the website's content. This is not the least secure part of the website.

I am having a very hard time understanding how you can get a website so staggeringly wrong.

Forums Terrorist
Dec 8, 2011

rip the forums

Wiggly Wayne DDS
Sep 11, 2010



so who's making the new thread

spankmeister
Jun 15, 2008






Heresiarch posted:

doesn't this completely wreck your battery life, especially when you're using wifi

or am i misunderstanding what you're doing

no i set my phone to LTE, WCDMA which translates to 3G and 4G only.
this means that it doesn't do gprs or edge

Heresiarch
Oct 6, 2005

Literature is not exhaustible, for the sufficient and simple reason that no single book is. A book is not an isolated being: it is a relationship, an axis of innumerable relationships.

Varkk posted:

Cross posting from NZ politics thread

http://www.joshbrodie.co.nz/2014/08/08/conservative-party-web-security.html


I am having a very hard time understanding how you can get a website so staggeringly wrong.

nepotism

goddamnedtwisto
Dec 31, 2004

If you ask me about the mole people in the London Underground, I WILL be forced to kill you
Fun Shoe

Heresiarch posted:

doesn't this completely wreck your battery life, especially when you're using wifi

or am i misunderstanding what you're doing

it might murder it if you're in an area with poor >gsm coverage and the phone's desperately trying to connect to a 3g tower 15 miles away and ignoring a gsm tower you're right next to, i suppose, but i can't see any other mechanism that would kill your battery life by disabling one protocol over another

(mind you i stopped giving a poo poo about mobile technology around 2005 so i could be entirely wrong)

Forums Terrorist
Dec 8, 2011

goddamnedtwisto posted:

it might murder it if you're in an area with poor >gsm coverage and the phone's desperately trying to connect to a 3g tower 15 miles away and ignoring a gsm tower you're right next to, i suppose, but i can't see any other mechanism that would kill your battery life by disabling one protocol over another

(mind you i stopped giving a poo poo about mobile technology around 2005 so i could be entirely wrong)

This sounds right, but 3g is pretty much ubiquitous by now even in the third world so idk when this is ever going to come up

Westie
May 30, 2013



Baboon Simulator

Wiggly Wayne DDS posted:

so who's making the new thread

before the thread gets locked, /etc/passwd

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

Westie posted:

before the thread gets locked, /etc/passwd

MODS!!!!

Westie
May 30, 2013



Baboon Simulator

Varkk posted:

I am having a very hard time understanding how you can get a website so staggeringly wrong.

the more important a website is the less likely it is to be secure

computer toucher
Jan 8, 2012

omg rip thread :.(

flakeloaf
Feb 26, 2003

Still better than android clock

Varkk posted:

Cross posting from NZ politics thread

http://www.joshbrodie.co.nz/2014/08/08/conservative-party-web-security.html


I am having a very hard time understanding how you can get a website so staggeringly wrong.

well you see imgur

thanks imgurshack

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
here's the new thread:
http://forums.somethingawful.com/showthread.php?threadid=3656445

Adbot
ADBOT LOVES YOU

Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano
http://forums.somethingawful.com/showthread.php?threadid=3656445

new thread

  • Locked thread