|
Hello friends.
|
# ¿ Jan 5, 2017 16:46 |
|
|
# ¿ Apr 27, 2024 20:15 |
|
Migishu posted:Security Fuckup Megathread - v13.0.1 - looks like them secfuck boys are at it again
|
# ¿ Jan 5, 2017 16:46 |
|
ymgve posted:what, you don't have files valuable enough to pay $200k for a small chance to get them back? nah. the current idea is that it's not "real" ransomware but instead meant to cover the tracks of a targeted attack
|
# ¿ Jan 5, 2017 20:44 |
|
apseudonym posted:That was me, and I'm gonna stand by that with skill its not impossible to catch using things like timing and sizes and such signals, I worked with people who built tools for this kind of stuff (and sold them to lovely human being ) and I hosed a lot of lovely tor stealth projects that tried to mask as other things. Yeah but can you do all that on a national scale?
|
# ¿ Jan 6, 2017 08:39 |
|
Winkle-Daddy posted:Hey sec fuckup thread! I know I've seen some awesome posts about what cipher suites should be enabled...does anyone have a config or can link to an ideal nginx SSL config? Specifically for ssl_protocols and ssl_ciphers? Here u go: https://wiki.mozilla.org/Security/Server_Side_TLS e: might be worth putting this in the OP e2: the config generator: https://mozilla.github.io/server-side-tls/ssl-config-generator/ spankmeister fucked around with this message at 17:54 on Jan 6, 2017 |
# ¿ Jan 6, 2017 17:47 |
|
ate all the Oreos posted:check out sslscan which does most of the things ssl labs does but you can run it locally. Yeah I janitored my own bespoke artisanal cipher suite, but the mozilla one is a very good starting point and you wouldn't be bad off at all if you left it.
|
# ¿ Jan 6, 2017 18:56 |
|
SpaceClown posted:Hey sec boys how would SWIM go about haxx0ring all the un1337 n00bzz? don't sign your posts
|
# ¿ Jan 6, 2017 23:11 |
|
I preferred the previous thread title tbh
|
# ¿ Jan 7, 2017 14:40 |
|
A drug crazed cybersecurity executive with a personal army of cyber hackers.
|
# ¿ Jan 7, 2017 21:43 |
|
negromancer posted:YES! it's stored in ~/.ssh/authorized_keys I thought? you can use ssh-keygen -lf ~/.ssh/authorized_keys or known_hosts to dump the hashes. use the -E md5 switch if u need md5 bring back lf
|
# ¿ Jan 9, 2017 15:30 |
|
Westie posted:just got owned via plesk, i'd like to sha- This one is really common so I lol every time I see it.
|
# ¿ Jan 9, 2017 16:46 |
|
Ya at some point the guy added adware himself too.
|
# ¿ Jan 9, 2017 17:28 |
|
Migishu posted:wasn't there some thing about the filezilla guy being an absolute rear end in a top hat for not patching known, ancient, bugs or some poo poo about him being stupidly arrogant? at some point he removed support for a deprecated protocol thing that a significant portion of the servers still needed. His answer was "The servers should just follow spec". He could have just made a configuration option, but no.
|
# ¿ Jan 10, 2017 00:57 |
|
OSI bean dip posted:this is getting interesting I distinctly remember something about SA keeping around CC information as a unique identifier to make sure people wouldn't be able to get around permabans.
|
# ¿ Jan 10, 2017 21:30 |
|
Subjunctive posted:you don't have to keep usable CC info for that I know that. My rebuttal would be: but radium But it's probably just a rumor.
|
# ¿ Jan 10, 2017 21:58 |
|
Aquarium of Lies posted:lol a company I'm interviewing at had an unsecured mongo instance get ransomewared very recently They got what was coming to them imo
|
# ¿ Jan 11, 2017 08:10 |
|
An acquaintance of mine took a sabattical and scanned the internet for unsecured mongos for 15 hrs a day for a year. He found thousands and did hundreds of disclosures to whomever owned the databases. About half were fixed I think. I'm not 100% sure but still fairly certain he would have found the same db and disclosed it to the owners.
|
# ¿ Jan 11, 2017 09:04 |
|
pr0zac posted:In other news, back a while I referenced fears that Russia had access to Telegram, but didn't have much more than speculation to back it up, one thing hidden in the trumppissgate docs is confirmation that yes, Russia has access to Telegram Care to elaborate?
|
# ¿ Jan 11, 2017 17:28 |
|
It's a very effective distraction, true or not, from his very real conflicts of interest.
|
# ¿ Jan 11, 2017 17:49 |
|
pr0zac posted:Sorry, I'm on phone waiting for my wife's car to be fixed thus lack of details. Thanks.
|
# ¿ Jan 11, 2017 17:50 |
|
Wildcart certs are indicative of bad design hth
|
# ¿ Jan 11, 2017 19:23 |
|
Rooney McNibnug posted:Yeah, this is a really good talk and Theo owns. Theowns. Theo is annoying
|
# ¿ Jan 13, 2017 00:20 |
|
OSI bean dip posted:i threw an egg at his house once I reported a vulnerability in openssh once it went as well as you would expect
|
# ¿ Jan 13, 2017 00:42 |
|
These are useless too because what happens is is that the message comes up that somebody changed their key, next message is "i switched phones" or "i had to reinstall whatsapp" and everybody is like "ok".
|
# ¿ Jan 13, 2017 22:37 |
|
lol if u dont set yuore combination lock to a combination of 420 and 69 i set my date locks to april 20, 1969
|
# ¿ Jan 14, 2017 16:05 |
|
219 is also acceptable
|
# ¿ Jan 14, 2017 16:07 |
|
Kazinsal posted:they charge you fifteen bucks to wrap your bag with a pound of cling wrap I only ever see those in lovely airports
|
# ¿ Jan 15, 2017 00:47 |
|
hackbunny posted:just my luck, I get out of kitty jail just in time for the thread to be disappeared <> Great stuff! Keep us posted because I haven't seen this pop up in the infosec media anywhere yet.
|
# ¿ Jan 16, 2017 23:39 |
|
flosofl posted:Cool post, and keep us updated. This seems bizarrely inept. Well, from what I've heard freemasons in the US are fairly benign but it Europe they are more like an old boys network where elites meet to do backhanded deals and politics or w/e idk. Much more elite and secretive in any case. I suppose not much more sinister than any exclusive club like a country club or something but you get the idea. Now, in Italy there was a big scandal about a lodge called Propaganda Due where a lot of rich and powerful were members. The lodge was far right and actively undermining the state by ordering assassinations and causing banks to collapse and whatnot. They basically wanted to overthrow the government. After a few scandals where they were implicated they got kicked out of the masons but kept operating independently. Finally in the 80's they were disbanded. Read the wikipedia page if you want to learn more. Silvio Berlusconi was a member btw.. So yeah, Italy has some history with the masons.
|
# ¿ Jan 17, 2017 00:11 |
|
Did you try de4dot? (and then ilspy)
|
# ¿ Jan 17, 2017 07:54 |
|
crazysim posted:i should add there's a de4dot integrated/engine replacement of ilspy called dnspy cool, good 2 know.
|
# ¿ Jan 17, 2017 10:02 |
|
Boiled Water posted:i look forward to living in a country where power outages are rare because infrastructure is maintained I live in such a country, but we had a power outage in Amsterdam today, and it royally hosed up our train network because it's so interconnected.
|
# ¿ Jan 17, 2017 12:58 |
|
Cyka BlIoT
|
# ¿ Jan 17, 2017 14:46 |
|
Wiggly Wayne DDS posted:you mean it's time to switch to a 2017 browser when OpenOpera releases p sure the SSL settings already break opera 12
|
# ¿ Jan 17, 2017 18:20 |
|
Well I can see it's usefulness when we move to the "smart grid" and start buying and selling power at spot prices. You might want to delay that spin cycle until the spot price drops.
|
# ¿ Jan 17, 2017 19:35 |
|
Loving Africa Chaps posted:Epic troll of Assange Barry O, good job Yesss. Reminder: https://twitter.com/wikileaks/status/819630102787059713 Well mr assflange, time to put your money where your flange is. e:f;b
|
# ¿ Jan 17, 2017 23:15 |
|
i got a question a while ago if we would certify or recommend a precompiled openssl for windows. lol nope
|
# ¿ Jan 18, 2017 17:22 |
|
BangersInMyKnickers posted:hey windows comes with the best and easiest to configure crypto stack baked in to the os but lets gently caress that all up with some linux garbage It doesn't do PKI and lol it's not easy to configure at all you gotta be messing with the registry
|
# ¿ Jan 18, 2017 17:48 |
|
The correct answer is to have them request certificates from your internal CA.
|
# ¿ Jan 18, 2017 17:52 |
|
|
# ¿ Apr 27, 2024 20:15 |
|
I fixed my washing machine the other day. The magnetic inlet valve had failed. I temporarily rerouted the main wash water intake thru the pre wash until my $25 part came in, and replaced the part yesterday. It was easy to diagnose and fix because it doesn't have a computer inside. ok thanks for reading bye
|
# ¿ Jan 18, 2017 18:21 |