|
Segmentation Fault posted:Does anyone use MoneyPak for anything remotely legitimate yeah, it's used a lot in "poo poo i've lost my wallet can you send me twenty quid to get a taxi" sort of situations of course by no means all of those are legitimate
|
# ¿ Jul 4, 2014 18:08 |
|
|
# ¿ Apr 28, 2024 21:26 |
|
churchill was a great fan of cocaine lozenges
|
# ¿ Jul 5, 2014 17:29 |
|
cryptome was pretty much the exact use case that inspired freenet but i don't think anyone's ever even bothered to look at moving it over there, ditto wikileaks mind you using freenet, even moreso than tor, requires even the slightest inconvenience to brave internet warriors so it was doomed from the start
|
# ¿ Jul 6, 2014 22:24 |
|
lol remember when i was saying about security is always sacrificed for usability? http://en.wikipedia.org/wiki/Playfair_cipher quote:It was rejected by the British Foreign Office when it was developed because of its perceived complexity. When Wheatstone offered to demonstrate that three out of four boys in a nearby school could learn to use it in 15 minutes, the Under Secretary of the Foreign Office responded, "That is very possible, but you could never teach it to attachés."
|
# ¿ Jul 7, 2014 23:41 |
|
i remember sniggering at a talk at infosec or something in about 2004 where they were saying the future was separate virtual machines for web browsing, games, w/e now i'm actually beginning to think it's a good idea, just literally sandbox the entire browser gently caress it why stop at a virtual machine, put it on a raspberry pi buried in the hardware and just have input in and video out
|
# ¿ Jul 10, 2014 00:12 |
|
uncurable mlady posted:hasn't this been a known thing for a while though, that someone else had leaked to der spiegel about the new toys and the targeting of TOR users? well yeah but the only things I've seen leaked are some scraps of fairly generic code which people have decided means that the nsa are going to kill them all for searching for tor
|
# ¿ Jul 10, 2014 10:29 |
|
Ploft-shell crab posted:I wondered about this, is there a reason this 'leak' gets so much credibility? it's possible that the paper has some other information to verify the source but given what i know about journalism it could just as likely be something some bored tosser put together in ten minutes and sold to a gullible journalist
|
# ¿ Jul 11, 2014 09:39 |
|
Rufus Ping posted:new greenwald article about gchq's frankly quite script kiddie tier skillz yeah like i'm gonna click a pdf in the security fuckup thread, nice try mate flakeloaf posted:more like GRCHQ
|
# ¿ Jul 14, 2014 21:43 |
|
OSI bean dip posted:reasonable person posted: the thing is this isn't even a theoretical attack - there's that bitcoin robin hood guy who has done exactly this with that stupid loving brain wallet system, pre-generating private keys with common phrases in multiple languages as well as song lyrics and famous quotes
|
# ¿ Jul 20, 2014 21:08 |
|
http://www.theregister.co.uk/2014/07/21/chinese_uni_students_pop_tesla_model_s/quote:Zhejiang University students have hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn - all while the car was driving along. future looking pretty hilarious
|
# ¿ Jul 21, 2014 15:51 |
|
i'm a problem drinker and know gently caress all about anything at all, that's close enough right?
|
# ¿ Jul 23, 2014 20:50 |
|
bobbilljim posted:When u get that many idiots agreeing with each other it really makes me question my sanity this but everything pop-culture-related since like 1999 i'm old
|
# ¿ Jul 24, 2014 16:16 |
|
quote:Yourmessageis771192characterslong.
|
# ¿ Jul 25, 2014 09:27 |
|
Shinku ABOOKEN posted:why do some sites forbid using the same letter three times in a row???? presumably to stop people setting their password as aaaaaaaaaaa
|
# ¿ Jul 29, 2014 17:04 |
|
cheese-cube posted:im lazy so i like the way that qualys handle asswords: e-mail you your new password in the clear and dont enforce changing it at next login for some reason every usenet provider i've ever used also does this
|
# ¿ Jul 29, 2014 17:32 |
|
Broken Machine posted:The following is a hypothetical. Suppose you're . You contact HP / Intel, anyone who makes prebuilt computers. You request that they provide you with any and all bios source before they're released for public consumption. They then insert whatever code they want, compile the image and send it back to the company to be released. Do you suppose that happens? said OEM manufacturer then ships that source to china to be put on a chip. so no, that's not ever going to happen now the first bit (give us all your source) might possibly be true, and it's entirely possible these sort of things are built with that sort of assistance (if only to get round bios checksums &c) and even possible that arrange, through whatever means, to ensure a person of interest gets a "special" computer when it's shipped to them, but the idea that every pc out there comes pre-rooted is getting right down into the rabbithole
|
# ¿ Jul 31, 2014 19:12 |
|
Broken Machine posted:They're given the source from the company, and then they build a binary. They're not going to let the company or third parties see the modifications they made, and there's no reason why they would need to. is there actually a binary involved with bios? i'd have thought they were pure assembly or even straight up machine code. (i know very little about how big companies do this sort of low-level fab so i really don't know the answer)
|
# ¿ Jul 31, 2014 20:01 |
|
Sharktopus posted:both ways seemed to work pretty well lol a timely reminder that if you don't control your ports you don't have an airgapped network you just have a network with slightly less access to porn
|
# ¿ Jul 31, 2014 23:32 |
|
see also manning, snowden, every other loving leak in the last ten years
|
# ¿ Jul 31, 2014 23:33 |
|
raruler posted:what is the the method of data transfer in a legit air-gapped system, do you get reports printed out on a line printer and then re-key them into your other systems? depends on what the network's for - you can use network diodes if it's just unidirectional transfer, cd-roms or usb drives for bidirectional transfer or even yeah printers and scanners. the trick is controlling that access, you can go from using os-level control on what can and can't mount all the way to fully-audited systems on separate sheep-dip servers.
|
# ¿ Jul 31, 2014 23:47 |
|
Luigi Thirty posted:doesnt the NSA have special secure power systems for classified hardware because they can read what happens on a computer through power fluctuations in your wiring or was that a paranoid fantasy yes, it's part of TEMPEST considerations it is possible if you have control of the power system to work out what the equipment connected to it is doing by watching the power usage of it (according to peter wright it was one attack they used against soviet secure teletype machines in the cold war) i guess it's probably not as effective in these days given the very high clock speeds and tiny voltages they use, but some secure kit does still use massive chunky power supplies for this reason e: so for example imagine a simple binary stream being encrypted with a magic box that doesn't require any power - transmitting a 1 in plaintext causes the voltage to drop 1v, then transmitting a ciphertext 1 also takes a volt. if you're also intercepting the ciphertext you can say that the plaintext was a 1 because the voltage drop was 2v and you can account for 1v of that. obviously it's way, way, way more complex than that but it's by no means impossible wright also worked out a way of using an insecure phone line in the - i think egyptian - embassy cipher room to get plaintext from their teletypes by the noise the printers made. if you're interested in the 60s state of the art in this look out a copy of spy catcher - it is, in the words of a reviewer at the time, "page after page of who's a pretty boy then and practical wireless for the criminally insane", but there's shitloads of really clever technical stuff in there goddamnedtwisto fucked around with this message at 22:36 on Aug 3, 2014 |
# ¿ Aug 3, 2014 22:29 |
|
spankmeister posted:Europe has had chip & pin for a long while now and we've had magstrip & pin for aaaaages (we mostly use debit cards) and it's been absolutely fine. well it would do if we could just get rid of the magstripe once again, backwards compatibility is loving everything up
|
# ¿ Aug 4, 2014 07:36 |
|
spankmeister posted:oh well that doesn't work here i think it'd be nice if you could just say "i'm never going to use my card in china" or "never ever use the magstripe data" in some easy-to-use way (so you can also deselect it if you do choose to go to china) but instead we have to depend on algorithms that seem to have no problem with someone withdrawing all your cash in ulan bator but freak out if you buy two things online "too quickly". tbh it'd be nice if i could just drag a magnet across the magstripe and disable it, stopping skimming in it's tracks but most atms use it to ensure you've put the card in the right way
|
# ¿ Aug 4, 2014 10:53 |
|
Maluco Marinero posted:One of the people in my coworking space told me the password scheme for this card he had from overseas required you to enter 3 indexed letters from your password, ie 3rd, 7th, 9th, chosen at random. iirc the way these schemes work is when you set the password it randomly grabs a couple of thousand different three-letter combinations and salts them, so you only ever see requests for those which has reminded me of an argument i was having about something else entirely. those mechanical pushbutton locks that you see all over the place have a bit of a flaw, in that they a) can't have repeated numbers and b) allow you to enter the numbers in any order. now the argument i was having was that this meant the longer the combination got the less secure it was - but i wanted to work out what the actual most secure length would be. so does anyone know what the formula for working that out would be? i managed to work out that there were 10 possible 1-digit combinations and of course only one possible combination for 10 digits and 10 possiblities for 9-digits, then my brain started making a funny noise.
|
# ¿ Aug 4, 2014 11:05 |
|
Broken Machine posted:There are more secure versions of those locks as well; the symbols adjacent to the buttons and the buttons themselves rotate around as you push them, so not only can you reuse the same number but someone watching you can't watch your movements to figure it out since it changes. tbh any use for those that's beyond "stop punters getting into the cleaning cupboard" really needs something much better than a mechanical pushbutton lock, given how trivial they are to bypass we use them in my office basically as a "don't come in here unless you really need to" indicator for people who already have access - the actual exterior door is some horrendously complicated deadlock system (and electronic swipe cards to get as far as that door) perfect, thanks very much
|
# ¿ Aug 4, 2014 12:23 |
|
Forums Terrorist posted:Overnight nothing, you could do that by hand while the homeowner's out at work or you could break a loving window. my house is pretty much the definition of a security fuckup. the front door is pretty impressive, some kind of hardwood sandwiched in steel, with a hinge running the entire height of the door and a three-point lock secured with a dual-layer 2d key (basically unpickable), the whole lot opening outwards. it could probably withstand any attack short of outright explosives for a good hour or two. six inches to the left of the lock is a window that while double-glazed could still be broken in thirty seconds allowing you to reach through and unlock the door from the inside. tbh i think this might be deliberate because i don't live in a great area and the door is supplied by the council who own the block, who were probably told "there's no loving way you're giving anyone doors we can't break down" by the police or maybe even the fire brigade.
|
# ¿ Aug 4, 2014 14:10 |
|
Erwin posted:lol if you think even that door is going to keep out the fire department, regardless of the windows. i live in a country where we actually build homes out of brick, not random twigs we find lying around i'm not afraid of the big bad wolf
|
# ¿ Aug 5, 2014 17:23 |
|
anthonypants posted:you can do this with a laser and it's probably way easier also with a properly-shaped bit of metal and a microwave (yet another spy catcher reference but one of peter wrights many little achievements was working out how the soviets were bugging the us ambassador in moscow's office - turns out that a large carved seal of the united states, presented to him by the russian boy scouts, was carved to be a good acoustic conductor and the metal bracket holding it up could be read from across the street using a microwave beam)
|
# ¿ Aug 5, 2014 23:03 |
|
CISADMIN PRIVILEGE posted:actually sonicwall is pretty decent for the smb sphere. it's a long, long time since i used a sonicwall but aren't they one of the worst offenders for "really easy to use ui" paired with "really, really easy to completely gently caress things up"?
|
# ¿ Aug 6, 2014 19:17 |
|
ultramiraculous posted:someone demonstrated this at some point, maybe even at defcon. i donno if lte is better at all, but you can definitely mitm gsm traffic if you can convince the phone to pick your "tower". if the phone is connecting and communicating, it's probably not a huge jump to capture the phone number and send a "you been phreaked bitch *hello.jpg*" message. it's fairly trivial with gsm (you used to be able to buy the kit to do it off the shelf, it only needed a couple of pretty standard pcs and, intriguingly, a very particular old nokia) - i can't remember the exact details but istr it had to do with having a big old bunch of rainbow tables to be able to complete the challenge-response handshake that a handset uses when moving onto a new cell. i do remember you did need to know at least the number of the phone you wanted to intercept and either call it while it was in range of the intercept gear or spend a long time building those rainbow tables for that particular phone, but once you had it you could continue to intercept all traffic to and from it for as long as it was in range. as far as i know it's possible but very very hard on 3g and up which have specific protections against mitm attacks because of those attacks. e: however if you can jam the non-gsm signals, most phones will give up and try gsm so the attack is still relevant today, but you'd need a lot of juice to selectively jam all those bands and would be putting a big "kick me" sign on your back if the networks happen to be looking goddamnedtwisto fucked around with this message at 08:39 on Aug 8, 2014 |
# ¿ Aug 8, 2014 08:36 |
|
|
# ¿ Apr 28, 2024 21:26 |
|
Heresiarch posted:doesn't this completely wreck your battery life, especially when you're using wifi it might murder it if you're in an area with poor >gsm coverage and the phone's desperately trying to connect to a 3g tower 15 miles away and ignoring a gsm tower you're right next to, i suppose, but i can't see any other mechanism that would kill your battery life by disabling one protocol over another (mind you i stopped giving a poo poo about mobile technology around 2005 so i could be entirely wrong)
|
# ¿ Aug 8, 2014 13:20 |