Didn't add anything to the m0ar list because I was too lazy, give suggestions /cyb/ Movies: >The Machine (2013) >Johnny Mnemonic (1995) >The Matrix (1999) >Chappie (2015) >Elysium (2013) >Virtuosity (1995) >The Lawnmower Man (1992) >Lawnmower Man 2: Beyond Cyberspace (1996) >The Terminator (1984) >Blade Runner (1982) >TRON (1982) >TRON: Legacy (2010) >Escape from New York (1981) >Escape from L.A. (1996) >Rollerball (1975) >RoboCop (1987) >Nirvana (1997) >Transcendence (2014)
/sec/ Movies: >Sneakers (1992) >The Net (1995) >Takedown (2000) >The Fifth Estate (2013) >Blackhat (2015) >Enemy of the State (1998) >Hackers (1995) >WarGames (1983) >WarGames: The Dead Code (2008) >Swordfish (2001)
Jow Forums Movies: >Disconnect (2012) >Antitrust (2001) >Pirates of Silicon Valley (1999) >Office Space (1999) >Her (2013)
/cyb/ Documentaries: >The Cyberpunk Educator archive.org/details/cyberpunkeducator >The Internet's Own Boy: The Story of Aaron Swartz (2014) >RiP: A Remix Manifesto (2009) >TPB AFK: The Pirate Bay Away from Keyboard (2013) >The Net - The Unabomber, LSD and the Internet (2003)
/sec/ Documentaries: >Hackers: Wizards of the Electronic Age (1984) >Hackers Wanted aka Can You Hack It ( (2009) >New York City Hackers (2000) >We Steal Secrets: The Story of WikiLeaks (2013) >Citizenfour (2014) >Terms and Conditions May Apply (2013) >All Watched Over by Machines of Loving Grace (2011) >Snowden (2016) [Biopic?] >Zero Days (2016)
Jow Forums Documentaries: >The Code (2001) >Revolution OS (2001) >BBS: The Documentary (2005) >Get Lamp (2010) >From Bedrooms to Billions (2014)
Let me know what you think of this. I've only really worked on the /cyb/ section, but mostly because I started this last October/November and put it off for far too long. I figured I might as well release what I got, especially since one of the sections involves recommended cyberpunk media, and I'd like to save the trouble of reposting their list in every thread.
Just yell at me if you have any questions or concerns about what should be added or removed from any of the sections. In fact, I just noticed that there's a redundancy, and the IRC channels are listed twice across two pages. Whoops.
Logan Jones
>pastebin.com/8Hk5Ks7h There was another proposal a few threads ago with a little more formatting and reordering, did you check it out and compare?
Oliver Clark
No, I must have missed it. I'll go look for it and see what's up.
Joseph Nguyen
BTW some OPs have started the show by also including a collection of "=== News" from the previous thread. These news snippets are part of what makes this a different general from the rest.
Colton Martin
I'll keep that in mind, but for the most part I just wanted to make up an OP post that was both organized more neatly and could be updated over time to add or remove new sites and dead links. Something more fluid or flexible than the previous one, y'know?
David Jones
based nsa get
Asher Brooks
damn nice, based NSA
Adrian Baker
based thread based NSA
anyone here take the CCNA Security?
Jose Parker
The FAQ now has a more extensive list of manifestos, perhaps either refer to that section or extract those in a separate paste.
If someone has a pro subscription to pastebin they could upload a Markdown-version of the FAQ.
>last thread lasted like 6 days, let's see if we can beat it That will be hard given that we have so much contents in here and still reach bump limit.
this is great >*zipping and splitting intensifies* I'm making some progress with the KMS. At current state it's similar to dissenter, and looks like every site can become /b/. I could just codename "be-everywhere". Posting prototype is ok (fixes needed), next step is make it switch between public/private notes.
>What about DOP attacks? The pain will never end. The only solution for the foreseeable future is to use processors as simple as possible. I am looking forward to the 6502 renaissance.
However this oddity caught my eye on the same site: >Autistic individuals are less vulnerable to cyber phishing attacks than others medicalxpress.com/news/2018-12-autistic-individuals-vulnerable-cyber-phishing.html Good news for Jow Forums regulars? >Given the known gullibility and social vulnerability of users with autism, the research team had hypothesized that individuals with autism would be more prone to phishing attacks in comparison to the participants without autism. That was not nice. >Contrary to predictions, both participants with and without autism performed nearly as well in identifying the fake websites, with no statistically significant differences. However, participants with autism spent significantly longer on real websites than the fake websites. Both groups did slightly better in identifying fake websites when they were familiar to them.
Cameron Perez
Care to explain what any of this means? Why would changing user data be any different than current exploit techniques?
Lincoln Hill
"The danger of data-oriented attacks, including DOP and the newer block-oriented programming (BOP), is that they do not tamper with the control flow of a victim program," Yao explained. "Thus, it evades the popular control-flow integrity (CFI) detection. From an attack perspective, data-oriented attacks are far more advantageous than return-oriented programming (ROP), as the basic ROP attacks extensively violate control-flow integrity and can be easily detected by CFI solutions."
I would say that currently DOP attacks would be difficult to detect.
Jack Perry
how can it change the semantics of the program without changing its control flow?
Evan Brooks
I was asking more about how the implementation of the exploit works. Sure, a user can input data that triggers a segfault or overflow, but I don't see how that is any different than current exploit methods, what the article calls Return-Oriented.
Nicholas Stewart
Any security hazards that I should be aware of if I allow people to access a self host a website via port forwarding http ?
Levi Harris
>not my setup, I was just comfyposting at least make up a comfy back story
return oriented programming puts a chain of return addresses on the stack at and above the original saved return address, which can be defeated by a stack canary. if the stack canary has the same value as before the function frame ran, the values above it probably haven't been changed, and the original return address is above it.
a generalization of ROP is JOP, where execution returns to a block of addresses to instruction sequences ending in a jump to the block. stack canaries don't protect against JOP because you can overwrite a function pointer to instead point to your first JOP gadget, which starts the gadget chain.
both of these are defeated by CFI, which checks jump destination addresses are the same ones included in the original program by placing an ID before them and checking it (looking before you leap). that form of CFI has a high overhead and isn't used in the wild, though.
i still don't understand how this DOP can induce arbitrary computation on the program despite CFI. sent it to some guys i work with to see if they can explain it to me
Landon Young
I think it's a bunch of academic hooplah jumping on buzzwords. I've seen "data oriented programming" used elsewhere.
Justin Perry
i'm taking a course on OS security and we haven't talked about data oriented programming, so i want to assume it's not relevant for some reason, but it has a load of citations
Josiah Bennett
I don't see how programmers naturally don't orient on data when they write anything. Isn't that the whole point of programming and computers: to take in data, process them, and output the results?
Leo Phillips
i think in this case is refers to subverting a program's semantics to execute your own chosen program by corrupting data in the local variables of a stack frame. along the lines of return oriented programming and jump oriented programming
Thomas Peterson
lmao
Noah Sanders
Data oriented programming when googled points to data oriented design, which has nothing to do with DOP. Search the term "DOP attack" for better results.
There are multiple papers from different universities on this concept, so I assume it isn't a load of BS. It seems to be a fairly new type of exploit.
Gavin Miller
>need to reduce library size >try to use surgical precision to not lose quality >just removed some magazines that probably nobody is going to miss anyway >mfw found a way to reduce size without losing quality Also changing the compression to zip, is more common and comparing the average size is similar.
>If you get arrested, can the police force you to unlock your phone using your fingerprint or facial recognition technology? This is a case of first impression. A federal court ruled on the question of whether fingerprint or facial recognition technology is considered communication for the purposes of the fifth amendment to the US constitution.
Carter Kelly
bump
Justin Perry
So from some limited testing, I actually like Ghidra's decompilation better than Binary Ninja's. (I have never used the HexRays decompiler so I can't compare to that.)
Also the initial analysis phase takes a long time but it seems to be as good as Ida's, or better in some instances.
For the home hacker, this is a game changer. You no longer have to shell out $3,000+ for a high-quality, fully-featured static analysis tool. I hope Hex Rays slashes prices. And I hope Vector35 steps up their game, too.
Ryan Bell
>writing down passwords is considered bad security practice >using easy to remember passwords is considered bad security practice What about splitting it down the middle? Part of the password is written down (the hard part, e.g. random letters, numbers, symbols) and the other part is an easy to remember password. Examples: >d8#m1V@potato >12345Qm3P~! >23ojf*fuckit
Blake Murphy
I mean the easy part is never written down. So you just have a list of partial passwords written down. The user just remembers the easy part and puts them together for a password.
Zachary Kelly
I just finished Johnny Mnemonic. I enjoyed it, but jesus it was so stupid and melodramatic.
Benjamin Sanders
What was it, 80 TB? I remember back when the movie came out that it was an enormous amount of data, but by today's standards, it's doable even on a modest budget.
Nicholas Flores
Keanu had storage for 160GB and his payload was 320GB. Almost nothing by today's standards
Alexander Thompson
What's the best place to learn this stuff if I'm competent in webdev from the full stack side of things, but haven't done anything from the other side except use ncat to sniff sites?
I've been doing webdev for a few years now, and have been graduating to lower and lower levels of programming (self-teaching C is tough, I wish I had gone to school for CS). One thing I'm interested in is cybersecurity, but there isn't really any all-in-one-source places to learn it from.
Is being a sysadmin for 2-3 years a good previous step to getting into entry-level cybersec later? I started as sysadmin 2 months ago... For now it is mostly configure some apache, filter IPs, run commands like a monkey for the devs because they don't have sudo permissions in the machines (ie: laravel commands, git commands, etc), the most interesting thing so far was automating some of those tasks with Ansible so I felt less like a monkey editing the same line in 15 computers... I'm still hoping it will get more interesting over time. If it matters I have 1 yr experience as a webdev as well (in another company), I switched because I don't enjoy webdev much, but I'm bored as fuck now...
Adrian Brown
>Some comics and magazines OK. And this was in addition to the manga that were removed earlier?
Just curious, what size were these?
Is anyone else feeling it is time for Christmas presents?? Woo!
>were removed earlier There was no announcement earlier
Dylan Cruz
>/cyb/ ftp: ftp://redacted/pub/ Cybersecurity General that cannot into a HTTPS A+ rated server and uses an unencrypted legacy protocol? Fucking scrubs that never will pull off anything ever in IT data security.
=== /sec/ News: >Security holes found in big brand car alarms bbc.com/news/technology-47485731 >The security researchers exploited the bugs to activate car alarms, unlock a vehicle's doors and start the engine via an insecure app.
>The research was carried out for the BBC's Click technology programme by security consultants Pen Test Partners, which has a long track record of uncovering software flaws.
>The firm focussed on two well-known firms that produce alarms that can be accessed and controlled via smartphone apps - Pandora and Clifford (known in the US as Viper).
>The research found that Pandora, which had advertised its system as "unhackable", allowed a user to reset account passwords for any account. Calling a system "unhackable" is in practice a Streissand grade invitation for people to try.
Tyler Watson
Do you scrub realize there is a maximum bend radius for twisted pair copper cables as well?
The way i do it is by using 4 or 5 random words (e.g. jogging, zebra, table, person) and put them together and add a number and symbol. (i.e. JoggingzebratablepersoN20&) It's long, easy to remember, and secure. Just make up a story or whatever to remember the 4 words and that's it. >also yes its from xkcd
Josiah Sanders
Probably from last thread but what you gonna torrent
Jack Sullivan
I'm gonna add this link as a proposal next thread so more anons can vote on it, also should I do that thing where I include previous === news? You can vote here too I guess pastebin.com/8Hk5Ks7h
Honestly, I've gotten sick of software development. I'm trying to switch careers and become a l33t h@x0r.
Has anyone used OWASP's Juice Shop? I've nearly found all star 1 vulnerabilities(pretty sure I've found all, but they're not showing up). This thing is simply amazing. It's a modern application, built with modern tech.
One thing that's pissing me off, though, is trying to get into Bender's account(Yes, bender from Futurama). Security question is: "Company you first worked for as an adult". I've tried all variations of "planet express", "bending", "factory", etc.
What the fuck was bender's first company?
Aaron Jones
20th Century Fox?
Aaron Jenkins
Doubt it's going to work, but true. I've fucking searched for the first company but cannot find it. Wikipedia just says "bending factory." I thought that security question was going to be super easy, "planet express", but no. WTF.
Luke Murphy
>Keanu had storage for 160GB and his payload was 320GB. Almost nothing by today's standards Lol. That is much lower than I remembered.
>Chappie (2015) I geniunly enjoyed this movie. I watched when it first came out then recently watched it again. That pajeet is a good ass actor. I could have swore he was straight from India after watching "The Man Who Knew Infinity", which isn't tech related, but I think everyone here would appreciate that movie.
Buuut, I thought it was hilarious that Chappie was built by one guy in his bedroom.
Sebastian Perez
First off FTP is all we have, the sFTP site has a file size limit we cannot get around. Secondly, have you checked the files there? An average newspaper has more controversial articles than that.
Aiden Morris
>First off FTP is all we have I could set you up a better HTTPS server than this shit. No extra software required if you are on Linux. No excuse for being a fucking brainlet.
Joseph Campbell
The please do. Really, it would be appreciated.
Mason Wood
"""Could""" set it up on a machine. I'm not some free webhoster using my IP or name for other peoples files. Sorry senpai.
Gabriel Butler
Not him but if you are going to sperg about it at least do so describing the alternative better than vague.
Jack Ross
Ignore him boys, I got a hunch hackerman is scared of us using the ftp site for the impending feast we are about to have with filesharing. Read his intentions.
Isaiah Campbell
Well Nginx and Let's encrypt for starters. If he has a linux box that can handle lots of connections and give decent download speeds this really isn't rocket science. I run an A+ rated server on a smelly SOC and get perfect speeds. My massive anger stems from this thread claiming to be "Cybersecurity". Guys please use crypto if you claim anything cyberpunk or even cypherpunk. It's not hard, but I don't see why I should write a tutorial here. The guy is obviously angry at me for smack talking his unencrypted FTP. It's just a sad fact that meta data collection is real and your ISP does know what you download. The collectivecomputers ftp even has torrented movies. Might as well neck oneself downloading from there and leave so many traces. I'll pass!
Chase Robinson
There is a point here though. I said something similar a year ago or so.
Still, an ftp is better than nothing and at this point is not like most here haven't been into "open directories" at some point.
Brandon Jackson
Typical pleb babble of a brainlet who is overwhelmed by setting up a certificate chain and rolling out TLS1.2 or even TLS1.3, I offer both on my server.
The best solution I see is setting IPFS over I2P so we can collectively support filesharing with no single person taking all the load and do so anonymously.
Ian Carter
I don't think the owner of the ftp is from /cyb/ but from another Jow Forumsentomen
