|
Combat Pretzel posted:I assume they only work properly with older Macbooks? The claim was that in the newest models, the LED is looped into the power supply of the camera, so when powering it up for use, the LED is forcibly going on. Even in the older Macbook they made that claim, and it was wrong. This time it's probably wrong too for reasons that people have yet to figure out. The only way to reliably prevent webcam hijacking is by obstructing the camera, period. This is Apple selling overpriced, fragile computers and then blaming users for problems, even though Apple positions itself as a privacy oriented company. It really tells you everything you need to know about them. A thinner laptop is more important than user security.
|
# ? Jul 12, 2020 12:41 |
|
|
# ? Apr 26, 2024 21:26 |
Combat Pretzel posted:What's so special about Apple's T2, that it's considered entirely uncrackable/unhackable? For anyone who doesn't care to read it, the basic idea is that it relies on public/private key cryptography, since there's a cryptographic hash burned into the hardware which is part of the key that the firmware is signed with, and that's used as the base for a chain of trust all the way up through the software layers. Something similar is being worked on for x86_64 (and ARM/PPC/RISC-V) servers (and probably phones and desktops/laptops, eventually), where UEFI will play a central role in loading signed PE32+ binaries for loading the OS; an practical existing example of this is in FreeBSD: The standard loader has been modified to include libbearssl and verified execution capabilities which goes hand in hand with the veriexec module for the MAC framework which uses a manifest file to check that files built on a server with a hash embedded into the binary as a string matches against the manifest file. I can't tell you how Apple has made it so that the camera can be accessed only if the green LED is turned on, but from a circuit logic point of view it's absolutely possible to set up such a circuit in several ways, so I would naively assume they've used one of those. Alternatively, if it's implemented in software, the MAC framework also exists in macOS (and iOS) so it's even easier that way, as long as their secure enclave remains. A sufficiently motivated nation state could probably defeat it, but it's likely there are much easier ways for a sufficiently motivated nation state to attack Apple if they want to, and ones that're less likely to be noticed.
|
|
# ? Jul 12, 2020 13:05 |
|
A "sufficiently motivated nation state" is needed for exactly as long as a flaw in the super secure T2 chip or some kind of workaround is found. Intel claimed that SGX and ME were super secure, that didn't turn out well, either. Marketing PDFs never tell the real story.
|
# ? Jul 12, 2020 13:59 |
|
The secure enclave is just a marketing term for what's effectively Intel ME. Not only is it certainly hella vuln, it creates a single point of failure.
|
# ? Jul 12, 2020 14:00 |
Saying "this is unbreakable" is basically painting a giant "Come get us" target on your back and you look loving stupid when it gets reverse engineered.
|
|
# ? Jul 12, 2020 14:03 |
|
From an infosec perspective, who would even give a gently caress what's on the webcam unless you're hoping to catch someone naked? For real world espionage, wouldn't screengrabs, network traffic interception, keyloggers and listening to the microphone to know what's going on in the room be much more valuable? If I want to know what you look like, I can look you up on social media.
|
# ? Jul 13, 2020 07:13 |
|
If you compromise the device and everything on it, all you get are things that people have chosen to put on that device. The webcam lets you get all sorts of other things that people have chosen to not put on that laptop. (Including, yes, nudie pictures for blackmail). Though this is a much bigger issue from an organisational perspective than an individual one - an organisation chooses how much it trusts a specific device to not be compromised, and limits that device's access to certain data appropriately. The idea that a compromised device could give an attacker access to higher-security data just by being in eyeshot of it is a Big Problem from that perspective.
|
# ? Jul 13, 2020 07:27 |
evobatman posted:From an infosec perspective, who would even give a gently caress what's on the webcam unless you're hoping to catch someone naked? For real world espionage, wouldn't screengrabs, network traffic interception, keyloggers and listening to the microphone to know what's going on in the room be much more valuable? If I want to know what you look like, I can look you up on social media. Most of the time it's for compromising photos. That's why you find a lot of these jacking scripts built into porn ads. Then they can try blackmail you or risk releasing the photos. But like someone else said..if they have jacked your webcam it's likely they have access to your system anyway Also beyond that. Someone just staring at me all day gives me the creeps.
|
|
# ? Jul 13, 2020 10:41 |
|
CyberPingu posted:That's why you find a lot of these jacking scripts built into porn ads. That definitely sounds like some kind of weird Christian urban legend.
|
# ? Jul 13, 2020 10:46 |
Fame Douglas posted:That definitely sounds like some kind of weird Christian urban legend. Nah, I meant the obvious malware ads linking to dodgy porn sites.
|
|
# ? Jul 13, 2020 10:47 |
|
CyberPingu posted:Nah, I meant the obvious malware ads linking to dodgy porn sites. Ah, I see. Well, you can't stop me from installing Dancing_Lady.exe! I want her on my desktop.
|
# ? Jul 13, 2020 10:49 |
Fame Douglas posted:Ah, I see. Lmao not just generic Brazzers ads. Nah like the "This obviously hot single wants to gently caress you and lives 2 miles away from your secluded barn house in the middle of nowhere. Click here now....like now ... Now now...do it now."
|
|
# ? Jul 13, 2020 10:50 |
|
prepare to LMBO, again https://twitter.com/gossithedog/status/1232368620270911488?s=21
|
# ? Jul 13, 2020 12:54 |
|
Maybe I'm missing something, but that seems to be from February.
|
# ? Jul 13, 2020 15:40 |
|
Yeah, that's been fixed from early February too: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
|
# ? Jul 13, 2020 16:51 |
CLAM DOWN posted:Yeah, that's been fixed from early February too: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 Ah so only 70% of systems are still vulnerable to it.
|
|
# ? Jul 13, 2020 17:21 |
|
Sorry for the mixup. I should have remembered from Feb, but corona brain happened.CyberPingu posted:Ah so only 70% of systems are still vulnerable to it.
|
# ? Jul 13, 2020 22:57 |
|
https://twitter.com/kikta/status/1283067988544032770 https://twitter.com/cissp_googling/status/1283102822289092608
|
# ? Jul 14, 2020 19:19 |
|
Shut it all down.
|
# ? Jul 14, 2020 19:27 |
https://thehackernews.com/2020/07/windows-dns-server-hacking.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
|
|
# ? Jul 14, 2020 19:46 |
|
Its DNS. Its always DNS.
|
# ? Jul 14, 2020 20:05 |
|
|
# ? Jul 14, 2020 20:06 |
|
I went ahead and applied the workaround to our DNS servers (only 4 of them) and bounced the DNS Server service until I can install the updates. Doesn't seem to have broken anything. But then again I can't imagine we have many... or any at all... DNS requests/responses that would not fit inside 65,280 bytes.
|
# ? Jul 14, 2020 20:12 |
|
I'm just happy it's only DNS servers and it is something that can be patched in the middle of the day.
|
# ? Jul 14, 2020 21:06 |
|
I just went to Google's account management page of my main account, and it says 2FA is disabled. What in the gently caress? --edit: Where in the gently caress is the old 2FA TOTP stuff? gently caress you, Google.
Combat Pretzel fucked around with this message at 22:07 on Jul 14, 2020 |
# ? Jul 14, 2020 22:03 |
|
Can we just slap a CVSS 10 on the year 2020
|
# ? Jul 15, 2020 12:26 |
|
Martytoof posted:Can we just slap a CVSS 10 on the year 2020 PATCH IMMEDIATELY
|
# ? Jul 15, 2020 17:41 |
|
Martytoof posted:Can we just slap a CVSS 10 on the year 2020 This bad boy can fit so many critical vulnerabilities
|
# ? Jul 15, 2020 17:57 |
|
I mean, when you get right down to it, a virus is basically a human RCE exploit.
|
# ? Jul 15, 2020 17:59 |
|
Martytoof posted:Can we just slap a CVSS 10 on the year 2020 The USA clearly marked it WONTFIX
|
# ? Jul 15, 2020 18:05 |
|
Kassad posted:The USA clearly marked it WONTFIX The US reverted several patches so that it wouldn't be able to detect the vulnerability.
|
# ? Jul 15, 2020 18:14 |
|
Twitter's been compromised, there's a bunch of bitcoin scams popping up from blue checkmarked accounts, all going to the same wallet. https://twitter.com/carljackmiller/status/1283509664605515787?s=20
|
# ? Jul 15, 2020 22:13 |
Looks like someone got access to an internal employee dashboard.
|
|
# ? Jul 15, 2020 22:30 |
|
CyberPingu posted:Looks like someone got access to an internal employee dashboard. Yup, he got like 106k+ so far, guys already shifting wallets so I suspect he's running out of time.
|
# ? Jul 15, 2020 22:32 |
|
https://twitter.com/SwiftOnSecurity/status/1283520274055475201?s=19
|
# ? Jul 15, 2020 23:14 |
|
This is going to be a *chef kiss* of an RCA
|
# ? Jul 15, 2020 23:31 |
|
Martytoof posted:This is going to be a *chef kiss* of an RCA I am ridiculously excited to find out more about this because the TTM is so high and the mitigation so far is so bizarre. Verified accounts can't tweet?? This is either going to be a story of heroics on a very weird exploit chain or an interview question on how Not To Do Things and I don't see a middle ground.
|
# ? Jul 15, 2020 23:52 |
|
Here's my hot take. The Twitter API that they tweeted about ominously, has one or both of these problems: - It allows changing the email_address field for users unintentionally - It allows updating a user by traversing from another record where that wouldn't normally be expected These would be similar to Homakov's attack on Github; the traversal is just based on my intuition working on lots of bug bounties. The API might have been shown to hackers first (bug bounties often do this) or exposed by accident. Bug bounty hunters look for the bugs I mentioned because they are so common. But reporting this through Twitter's bug bounty might have been worth 25k-50k (just based on memory) and not need to involve poo poo coin and criminal money laundering. xtal fucked around with this message at 00:13 on Jul 16, 2020 |
# ? Jul 16, 2020 00:08 |
|
We should bet on the outcome. Send your stake to the pool at bxysksjcjwwngodbauxivneoeidm
|
# ? Jul 16, 2020 00:19 |
|
|
# ? Apr 26, 2024 21:26 |
|
Sounds like its an internal tool that got taken rogue: https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos
|
# ? Jul 16, 2020 00:28 |