Can we have a CVE discussion tread

I just want to have a laid back discussion about cyber security and it's future. CIAniggers and NSA shills are welcome to chip in.

I'm not in CS nor am I highly educated on cutting edge software but due to some recent events I've done a little research and went down a rabbit hole. I'm absolutely shocked at the level of ignorance of your common normie and even your general techie. Millions of people are being exposed every day and they don't even know it. Due to the lack of accesibility to the internal mechanisms of the majority of electronic comm. devices, malware can be injected into these systems and take complete control via privilege escalation. MILLIONS of people's devices are literally botnet slaves and it is becoming increasingly difficult for your average user to discover and intervene in these attacks. It has especially become a dangerous frontier with the "leaks" of the Eternal twins by the Shadow Brokers.

After reading about Eternal Silence (btw, Akamai is a mouthpiece for the NSA), I have come to the conclusion (possibly incorrect) that the internet is being weponized. I also believe that proxy software (especially TOR) is being utilized as a cyber superweapon.

Opinions?

Attached: ubDSi_rV.jpg (512x512, 25K)

Other urls found in this thread:

geek.com/news/researchers-demo-keystroke-logging-with-laser-pen-722661/
twitter.com/SFWRedditImages

nigga your thread is actually good but it's already on page 10 due to the current perpetual state of Jow Forums.
Have a bump, you never know it will kick back in.

bump

I wish we had more talks about topics like this

the internet is being weaponized by so many fronts it cancels out.
Furthermore, locking idiots out of source code/inner configs of software is a good thing, I don't want every dumb web admin to reconfigure Apache to allow it to serve viruses because they're incompetent

I agree but by keeping people in the dark is giving governments and CIAniggers the upper hand by controlling these idiots devices when they dont even know it. Again, millions of people devices are supplementing botnets whether they are locked out or not. I'd rather have the option to take action.

> OP is a brainlet

Nigga, the internet is a weapon by design, read a fucking computer networks book.

interesting

yeah, and while glowies have a lot of power over the internet, I dont think this problem is as big as OP is making it seem, I heavily doubt the CIA has a backdoor in my shit router, they'd just beat me if they wanted something out of me

That was not the original plan from what I understand.
>a stick is a weapon and tree's make them for that exact reason
C'mon man

it's not about having a backdoor
it's about having such shitty software coded by pajeets that leaves exploit behind
exploits that any h4x0rZg would love to use to remote control that device
and build a cyberweapon

learn2internet.org

agree with this user

any evil group would love to remote control many devices to attack some target
any fucking light bulb, tv, fridge have a SOC with something running on it.
every one of them is exploitable
this is your cyber weapon: the internet of things
bonus: it actually listens and respond when you scream at it!

I don't think that info is what they want, hear me out...

Do you remember reading about WWII and how the governments asked people to conserve their resources. Steel, gas, etc. so the war effort could continue. Well, in cyber warfare govs and glow niggers need bandwith. What if they were hijacking your router so they can use its power against their enemies?

this and also build a super awesome 5g network!

Exactly. The battlefield is in your home now. DDoS your fridge, food goes bad. Next your car, you cant get to the grocery store. Then your phone, you van call friends for a ride and so on. This is an invisible war.

you know this is a common thing, right? like this happens literally all the time, its only getting worse with smart devices

again, the govt isnt going to use your shit router to ddos china, they're just going to deny incoming traffic from beijing and proceed to bomb their interconnects to the stone age

You really think we are going to fight a conventional war with China? Or vice versa when they can just shut you car and fridge down? And no they wont shut down Beijing. Go read about UPnProxy. You'll never know where the attack is centered because it will be coming from everywhere.

do you think the united states with its entire economy, political system, and even some entertainment based around bombing the fuck out of people is NOT going to bomb the fuck out of the next nation we fight? idiot.

Checked. Look all I'm saying is just like the 9/11 attacks, you wont be able to pin it on a certain country when they are using services like TOR to mask activity. All the hijackers from Sept. 11th came from Saudi and Lebanon. Why didnt we bomb the fuck out of them? And I do think they care about your shitty router because it can be controlled by either the US Gov or the chinese or Russian or whatever gov.

I really want to know how much more advanced these CVE attacks will become and what can you do against these malware attacks when even your conventional antivirus can't dectect these scripts

CVE isn't a type of an attack. It is an organization that classifies known vulnerabilities.

You know about key scraping with laser pointer backscatter interferometry?

geek.com/news/researchers-demo-keystroke-logging-with-laser-pen-722661/

That was 10 years ago, and just two lonely researchers. Things have come a long, long way in 10 years.

The problem is this. All computers can roughly be viewed as a giant array of 2^n bits of state. Some of those states show your email. Some of them rm -rf / --no-preserve-root. The challenge is some of those states have allowed transitions into other states, and others should not be allowed. A non-privileged user shouldn't be able to dd /dev/null over the entire filesystem like spilled spaghetti. But, and this is the big one, the N choose K set of possible state transitions between those 2^n bits is so absolutely gigantic, it's nearly impossible in polynomial time to ensure software that exists covers all possible scenarios and state transitions, much less the collective of human minds that designs these systems.

A buffer overflow of some TCP stack to get root is a state transition. A privilege ring escalation using some shell exploit is a state transition. A bobby drop tables on an unsecured unpassword protected 3306 is a state transition. That's what I mean. As complexity increases and the "number of possible things" continues to go up and up and up, the attack surface area will forever and always continue to grow.

meanwhile your average Jow Forums user is larping because he gas 1837 days of uptime with NSA already backdoored into their pcs because of some critical CVE which needed to be fixed into the kernel or daemon

Fucking checked. Like I said I'm not in CS so I'm trying to keep up. Are you saying these computer systems are so complex that its impossible to determine where a attack could come from? I think it's interesting that these guys at CVE have catalogued all of these avenues of attacks and have observed them. What do you think about the future of computer security?

I bet that if i could post some weird script here, i'd probably gain few bots due pajeet coded Jow Forums(nel) dataminers

Another tbing I read about was bow they knew about UPnProxy almost 20 years ago. Now it's lead to ransomware and people are just niw taking notice. Windows programmers made a terrible mistake by allowing that to be accesed by the internet supposedly. How did they not see it becoming such a problem?

lots of shit was fucked 20, even 10 years ago. We update standards and technologies to fix things, but old devices dont get updated. Its a problem that'll fix itself eventually

> Are you saying these computer systems are so complex that its impossible to determine where a attack could come from?

No. I'm saying that computer software at the tiniest timeslice is just a fixed representation of bits, 1's and 0's. A 4Ghz processor can run an operation every 1/4,000,000,000 of a second; during each time slice, the CPU would perform an operation. Maybe a jump. Maybe an add. Maybe a swap. For the next second, another 4,000,000,000 of these operations may or may not happen, at which point the system could have potentially transitioned through another 4,000,000,000 different states. Furthermore, the additional co-processors, ASICs, FPGAs, and assorted other PLCs on the board are all doing various other flipping of bits over DMA busses, etc.

Now take the aggregate of two systems. 10 systems. 1000 systems. The potential set of state transitions just went up exponentially. Computers are just state machines transitioning through states, and software exploits are just instances where somebody has found the correct sequence of events to get a system, or even a set of systems, to transition through the magic set of states to the desired state they want.

Attack sources can be active, passive, or human & socially engineered. A flash drive with a zero day exploit left by a whitehat penetration tester dressed pizza delivery man, compared to a MITM attack by a network endpoint, compared to a random sandbox escape in a VM, these all rely on a few core foundational principles; software is complex, and if the right starts align, state transitions can be made to happen.

Infosec is fun user. I highly recommend a career in white-hat corporate security working for the good guys. There is a very large community of corporate customers willing and able to pay for bright, security focused engineers looking to defend against the never ending stream of BS the internet spews at them.

>t. i'm getting too old for this forum

Attached: ghidra-decompiler.png (896x489, 98K)

I was just a kid 20 years ago but I still remember the dial up days. Idk things didn't seem as volatile as they do now. I've seen people reccomend the Shieldsup! Website and it's from the early 2000's

That's badass. That's one thing that I got from my research is that secops is very lucrative and there are all kinds of businesses that are looking to pay big money to people who can keep thier clients information and communications secure. The amount to information is overwhelming. Even my ISP are idiots, when they tell me that my "wires were crossed" or my router just needed an update when I'm getting pinged by hundreds of up addresses from all around the world I know they are just lying to me because they probably dint even really know whats going on. It's insane to me that this tech has proliferated and very few truly understand it.

The /cyb/ /sec/ generals cover this and tends to stay around a little longer.

>I also believe that proxy software (especially TOR) is being utilized as a cyber superweapon.
glownigger fuck off

bump

i wish Jow Forums had more threads like this instead of glorified /v/ discussions

this thread is just people calling OP an idiot, which he is