Brontoforumus Archive

Please login or register.

Login with username, password and session length
Advanced search  

News:


This board has been fossilized.
You are reading an archive of Brontoforumus, a.k.a. The Worst Forums Ever, from 2008 to early 2014.  Registration and posting (for most members) has been disabled here to discourage spambots from taking over.  Old members can still log in to view boards, PMs, etc.

The new message board is at http://brontoforum.us.

Pages: 1 2 3 4 5 [6] 7 8 9 10 11

Author Topic: Computer security  (Read 24521 times)

0 Members and 1 Guest are viewing this topic.

Royal☭

  • Supreme Court Judge President
  • Tested
  • Karma: 88
  • Posts: 6301
    • View Profile
Re: Computer security
« Reply #100 on: December 01, 2011, 11:41:56 AM »

Good reason to switch carriers; can someone tell me which one is least certain to stoop to that level?

I think what you're looking for is which one is least likely to be caught doing it.

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #101 on: December 01, 2011, 11:54:43 AM »

More like "most afraid to be caught doing it" - that would have been T-Mobile before it was bought, and common sense says it would be Sprint now, so uh...

Fuck.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #102 on: December 01, 2011, 11:58:46 AM »

Er, T-Mobile didn't get bought.

Leastwas, not by AT&T.  Are you referring to a previous merger?  Or just figure this one's a foregone conclusion regardless of the hurdles so far?
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #103 on: December 01, 2011, 02:40:53 PM »

Al Franken is on the case.

Have I mentioned lately that I love Al Franken?
Logged

Burrito Al Pastor

  • Galatea is mai waifu
  • Tested
  • Karma: 10
  • Posts: 1067
    • View Profile
Re: Computer security
« Reply #104 on: December 02, 2011, 12:22:34 AM »

It's clear that all kinds of crazy shit can, and often is, logged via Carrier IQ's software; it's still opaque, and incredibly important, what is transmitted from within that data. (I don't have an issue with my carrier or phone manufacturer knowing how many characters I've typed into text messages, but I mind them knowing what those characters are, for example.) Carrier IQ says that the data recorded and sent is by specific request on a per-client basis, meaning that it can be and probably is different for every carrier, but the extraordinary speed at which so many companies (Sprint,  AT&T, Apple, RIM, HTC) are backpedaling from their relationship with Carrier IQ is probably a sign that something really bad was going on somewhere.

It's the most entertaining game of PR hot potato I've seen in a long time - especially because it's unclear how many of the potatoes are hot, and who knows which potatoes are the hot ones.

(All links via John Gruber.)
Logged
I'm a heartbreaker... My name... Charles.

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #105 on: December 08, 2011, 09:52:24 AM »

Zero-day exploit in Adobe Reader.

Seriously, what the fuck is wrong with Adobe?
Logged

Büge

  • won't give you fleaz
  • Tested
  • Karma: -65304
  • Posts: 10062
    • View Profile
Re: Computer security
« Reply #106 on: December 08, 2011, 11:58:39 AM »

Maybe if Photoshop was more reasonably priced, they wouldn't be in this mess.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #107 on: December 09, 2011, 09:45:30 AM »

The Reg: an exhaustive security audit shows, once again, that Chrome has leapfrogged its established competition but IE is way better than it used to be.  Only the (Windows versions of the) top 3 browsers were audited; no word on Opera, Safari, etc.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #108 on: December 16, 2011, 02:22:51 PM »

Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #109 on: December 21, 2011, 09:17:52 AM »

So here's a fucking idea: maybe don't put remote login software on POS machines.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #110 on: December 21, 2011, 01:58:45 PM »

The seven people using Safari for Windows 7 x64 are vulnerable to a zero-day vuln whereby an iframe tag with an excessive height attribute can cause a full-on BSoD, with the potential for kernel injection.

Quote
Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine.

In other words, a pretty good failure for both Apple and MS on this one.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #111 on: December 30, 2011, 10:48:07 AM »

Got an HP printer?  Update your firmware.

As part of his presentation, he performed two demonstrations: in the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet; in the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall (I got shivers).
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #112 on: January 04, 2012, 12:23:39 PM »

Ars: Hands-on: hacking WiFi Protected Setup with Reaver

Quote
Last week, security researchers revealed a vulnerability in WiFi Protected Setup, an optional device configuration protocol for wireless access points. WPS lets users enter a personal identification number that is hard-coded into the access point in order to quickly connect a computer or other wireless device to the network. The structure of the WPS PIN number and a flaw in the protocol's response to invalid requests make attacking WPS relatively simple compared to cracking a WiFi Protected Access (WPA or WPA2) password. On December 28, Craig Heffner of Tactical Network Solutions released an open-source version of an attack tool, named Reaver, that exploits the vulnerability.

To find out just how big the hole was, I downloaded and compiled Reaver for a bit of New Years geek fun. As it turns out, it's a pretty big one—even with WPS allegedly turned off on a target router, I was able to get it to cough up the SSID and password. The only way to block the attack was to turn on Media Access Control (MAC) address filtering to block unwanted hardware.

Always use the strongest encryption available AND a whitelist.

Not that that's going to protect you against a dedicated attacker:

Quote
While turning on MAC address filtering will prevent Reaver from associating with the router, that's "easily circumvented," he said. All an attacker has to do is use a network monitoring tool to detect the MAC address of a system that has an existing connection to the router, and set that as the address of their attack platform.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #113 on: January 24, 2012, 08:48:17 AM »

...so you know the old conspiracy theory that malware is actually created by security companies to drum up business?

Well, the Kelihos botnet was allegedly created by an employee at a security company.

Doesn't appear to be any evidence that he was doing it to drum up business for his company; it's likelier that, as a security researcher, he just had more specialized knowledge that lent itself to malware design.

Or maybe he wasn't the sharpest tool in the shed.  He was found out because the malware source had debug code to download files from a domain registered in his name.  That's either really sloppy, or a deliberate Riddler-style clue.
Logged

JDigital

  • Tested
  • Karma: 32
  • Posts: 2786
    • View Profile
Re: Computer security
« Reply #114 on: January 24, 2012, 12:44:22 PM »

Dreamhost's been hacked. Anyone on Dreamhost might want to change their password.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #115 on: January 24, 2012, 01:08:27 PM »

Yeah, I got the email. I only have a couple of dormant domains registered with them, and the credit card they had on file was expired so I think my exposure is pretty limited there (good thing I was lazy about updating the CC, even though my domains are up for renewal shortly).
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #116 on: January 24, 2012, 07:31:39 PM »

Dreamhost's been hacked. Anyone on Dreamhost might want to change their password.
They reset all the shell/FTP passwords.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #117 on: February 07, 2012, 08:57:49 AM »

Adobe releases beta code for sandboxing Flash in Firefox.

Quote
Adobe used elements of the sandboxing technology Google had built into Chrome for its Reader code, after a string of attacks against the popular Flash platform. The technology was released on November 2010 – and promptly broken less than two months later by a Google engineer, although Adobe said this didn't count as it couldn't be done remotely. The code has also been added to Chrome, and Adobe promised other browsers would get similar protections.

Win6.x only, which is a pity because XP needs it most.

Course, it's all a stopgap until we can finally be rid of Flash once and for all.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #118 on: February 09, 2012, 09:03:35 AM »

Critics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn't own.

The so-called subordinate root certificate allowed the customer to issue SSL credentials that Internet Explorer and other major browsers would accept as valid for any server on the Internet.

...oh good.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #119 on: February 13, 2012, 08:45:36 AM »

Latest high-profile site to get compromised and turn out to have passwords stored in cleartext: MS Store, India.

If MS is smart, they're auditing all their other sites right now, internationally.

If MS is smart, they already did this a few months ago during the Sony kerfuffle.  But that's no reason not to do it again.
Logged
Pages: 1 2 3 4 5 [6] 7 8 9 10 11