Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


mine was working until about 20 minutes ago then suddenly popped up that it had disabled add-ons, so i'm guessing it does periodic checks.

using the debugging side-load method works

Adbot
ADBOT LOVES YOU

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


you can use about:debug and sideload your addons if you need to, the xpi files are stored in the profile folder.

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


pseudorandom name posted:

side-loading your add-ons will just gently caress them up when your installation fixes itself

how so? i just checked an i don't have the fix yet, and all attempts to install addons from the store fail, but i'd prefer not to run without ad blocking

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Pile Of Garbage posted:

from what i understand side-loading extensions with extension debugging enabled only affects the current browser session and doesn't persist when the browser is restarted. i was using the feature as a workaround prior to installing v66.0.4 and haven't experienced any issues.

it is single session only, you have to re-do it if you restart the browser, and there was no problem whatsoever re-installing the add-ons from the store after they pushed 66.0.4

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


fml. they have my credit card number for my mother's phone service.

welp. time for a new card.

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


javascript card skimming via merchant services analytics in the wild

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


i like that the exfiltration is just appending all the details to an image load request

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Volmarias posted:

The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do.

The new password will be SchoolnameMonthYear.

the old peel district school board netware configuration was set such that passwords would expire after 6 months. once the password expired any password would be accepted and allow you to set a new password for the account.

generally all the passwords on the system would expire within about a week of each other. comedy would ensue

oh, and we had board-wide federated authentication set up like this, meaning it was possible to take over global admin accounts if their passwords expired.

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Subjunctive posted:

they probably interviewed multiple people before selecting whoever made those choices

i've never met the cto for pdsb, probably for the best.

i wound up doing admin/tech work for the schools on and off for a while as a teen.

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Are y'all sure this isn't one of those NN generated papers?

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


flakeloaf posted:

https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114


:bang:

a good part of my job is spent standing at the front of teh room telling people not to do basically any of the things in this article

security is a process, and a big part of that process is you not being an absolute goddamned idiot just every second of every day

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Wiggly Wayne DDS posted:

been a while since the last pre-auth rdp rce

thank christ we've moved everyone off windows 7

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


:canada:

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


it is a joke

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


do people still use QQ? is that a thing anymore?

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


those bitcoin extortion messages are gender targeted (presumably based on the email address)

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


very clever, but it's exploits all the way down

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


funnily enough, some of those taxes probably help organize and operate the fdic

shame about that, really

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


haveblue posted:

the fdic is funded not by taxes but by charging premiums to participating banks so unfortunately there is less irony than there could have been

ah, my mistake

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Subjunctive posted:

thatís all bullshit left over from people getting cute with address parsing in the BSD inet4 utilities. itís not in a standard (afaik) and nothing should support it. no legitimate use case needs to express a v4 address as undifferentiated 32-bit integer syntax; its only useful for phishing and such. I tried to kill it from Firefox like 15 years ago because people also wanted to support the IE nonsense of http://531.202.330.721/, but nooooo.

0x0238f06a should be interpreted as a hostname!

that's been a thing since forever tho. i used that poo poo back in high school to bypass our web filtering. if you see a number in an address location you should assume it's a routable address

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


oh and also not run random poo poo off the web that pipes something arbitrarily into the shell

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


D. Ebdrup posted:

Heck, why not broaden the scope: "Don't pipe things into other things when you don't understand what they do"

yeah, this thing

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you



Wait, did someone suggest this was good design as opposed to just "the way it works"?

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Ur Getting Fatter posted:

I remember some stuff being posted here about certain laptop manufacturers hiding code in hidden partitions that would reinstall their poo poo even if you completely formatted the drive and reinstalled windows from a clean media install.

Edit: https://www.extremetech.com/computing/212074-lenovo-laptops-can-reinstall-bundled-crapware-even-if-you-load-a-retail-copy-of-windows

Of course it was Lenovo, although in theory this just affected Windows 7 and 8.

that was in efi, so replacing the hard drive wouldn't prevent it from pushing the app back into the install

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


assuming you can disable vpro/amt and any other remote asset management stuff in the bios then a wipe and reinstall from USB media should be good enough

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Subjunctive posted:

I think heís going to use it for work, which likely involves PII and credentials to valuable services. not likely a state target, but consequences to getting owned

maybe don't do that? or at least don't allow PII to touch anything outside of your own infrastructure and use 2fa for services and remote access

idk, you already know this stuff

e: by don't do that i mean don't buy used equipment for business use if this is a concern. that's probably easier than going all cloak and dagger on the system on the off chance it has some persistent malware or something

infernal machines fucked around with this message at 00:45 on Jun 6, 2019

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


worrying about it at all is going all cloak and dagger. if doing a wipe and reload is not sufficient for your security purposes, then you already have larger problems because you're trying to manage endpoint security on employee owned devices.

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


evil_bunnY posted:

Doesn't exfiltrate poo poo, windows will happily run it elevated

i'm p. sure that was a "badbios" reference

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


dehumanize yourself and face to PCI DSS

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


mystes posted:

It would actually work a lot better then tile because every iphone in the world would be looking for your keys, rather than just people running the tile app.

there has to be a shitload of overhead here though, no?

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


is that some ancient-rear end pci dss mode or did someone actually do a GPO to limit it like that on purpose?

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


i don't know how that guy isn't waking up with a horse's head in his bed every day

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


and ecc won't save you

https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


BangersInMyKnickers posted:

browsers mitigated by reducing the resolution on you can achieve with time sampling in javascript to the point that it wasn't possible to execute the attack. You need to be running outside the browser sandbox these days so you can go hog-wild with memory access. Or exploit the lovely JRE that a bunch of people still have installed

isn't oracle doing a thing where you can't use the newer versions of the jre for anything on pain of death, oh and btw every previous release ever has critical exploits

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


people: we want microsoft to be more responsive to security issues

also people: we want microsoft to stop blowing up our machines with half-baked updates

microsoft:

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


qa is just a subset of development, right? we already pay developers, so why would we pay for qa?

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Ur Getting Fatter posted:

it's me, im the sec fuckup that clicked the obvious One Drive phishing link from a clearly compromised client (i did not give credentials but lol if I didn't blindly click those links).

I should just not use the internet when I'm tired. or at all.

I really wish microsoft could figure out how to effectively filter those because they explicitly target o365 domains and it's a huge pain in the dick explaining to clients why they can't actually trust shared document links sent from people they know irl because there's a good chance it's one of these

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


lmao. literally just had a client in o365 almost certainly hit by one of these. whoever got their credentials used it to organize a wire transfer for like $30k $50k, which the bank happily processed entirely via email

fml

e: n/m they flagged it and it didn't go through, well good new there i guess

e2: they flagged it as suspicious, then the account manager violated policy and processed the transaction anyway.

lmao. someone is getting hosed for this.

infernal machines fucked around with this message at 22:12 on Jun 12, 2019

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


otoh the bug is in every secure channel thing in every version of windows, so wherever it's located it's exposed to a lot of stuff. possibly stuff that breaks in exciting ways if some specific stupid behaviour changes

Adbot
ADBOT LOVES YOU

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


Subjunctive posted:

I wonder how to do that in gsuite.

i think it goes something like this

https://www.youtube.com/watch?v=BpsMkLaEiOY

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply