Brontoforumus Archive

Please login or register.

Login with username, password and session length
Advanced search  

News:


This board has been fossilized.
You are reading an archive of Brontoforumus, a.k.a. The Worst Forums Ever, from 2008 to early 2014.  Registration and posting (for most members) has been disabled here to discourage spambots from taking over.  Old members can still log in to view boards, PMs, etc.

The new message board is at http://brontoforum.us.

Pages: 1 ... 3 4 5 6 7 [8] 9 10 11

Author Topic: Computer security  (Read 26727 times)

0 Members and 3 Guests are viewing this topic.

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #140 on: June 07, 2012, 10:16:09 AM »

Meanwhile, at pretty much the opposite end of the spectrum from LinkedIn's too-stupid-to-salt-their-fucking-passwords embarrassment, Flame used a sophisticated-as-fuck collision attack to spoof a legit MS signing cert.  As in, the people who designed it are literally some of the best cryptographers in the world.

Course, the most obvious takeaway is that nobody should be using MD5 hashes for anything important, which we already knew a damn decade ago.  BAD MS.  BAD.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #141 on: June 07, 2012, 10:28:34 AM »

I used a bullshit password for LinkedIn that I only use for trashy accounts
So you're saying they have your brontoforumus password?

:glee:

...Actually no, because my bullshit throwaway password is fewer characters than the Brontoforums allows. LOL.
Logged

JDigital

  • Tested
  • Karma: 32
  • Posts: 2786
    • View Profile
Re: Computer security
« Reply #142 on: June 07, 2012, 11:09:12 AM »

At this point in the Internet, everyone should probably change their password for EVERYTHING.

Assuming that there's not already a keylogger on your PC by now. In which case, set up two-step authentication so you can at least get your accounts back when they're inevitably stolen.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #143 on: June 07, 2012, 11:19:07 AM »

Say, there's a few questions I've always had about keyloggers.

- How do they track mouse input?
- Can they track clipboard data (i.e. cut & paste)
- What about autosuggest entries in your browser? (for instance, I often just type "br" in the url bar to come here).

I try to keep this box clean clean (NoScript has saved me a couple times), but I've always wondered those things since I rarely input full information to navigate.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #144 on: June 07, 2012, 11:51:21 AM »

It's telling that the only service I use that utilizes a per-session external authentication key is a video game.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #145 on: June 13, 2012, 11:23:01 AM »

Flame code found in Stuxnet, confirming a common dev (which everybody pretty much already suspected).  Meaning that the wunderkinds who (apparently) broke MD5 are Our Guys, or Israel's.

Which I guess is something of a relief.  God knows I don't trust our government (or Israel's) and its various surveillance efforts, but it's moderately less alarming than if Russia or China were out there with this kind of malware.

I'm sure they will be soon, of course -- that's the other thing; shit like this creates an arms race.

I guess the good news is it's hammered home that MD5 is not secure.  Which, again, we've been aware of for most of this century, but what the hell, this should at least be a kick in the ass to the industry.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #146 on: June 25, 2012, 10:38:07 AM »

Scientists crack some RSA keyfobs.  Doesn't mean that RSA is broken or any sky-is-falling hyperbole like that; it's just one more step in the arms race and a signal that it's time for the next round of tweaks, patches, and upgrades.
Logged

McDohl

  • Pika-boo
  • Tested
  • Karma: 27
  • Posts: 4379
    • View Profile
Re: Computer security
« Reply #147 on: June 25, 2012, 02:33:24 PM »

That article cites the RSA 800, and I use an RSA 700.  I can only assume that the architecture is similar.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #148 on: July 30, 2012, 08:46:54 AM »

Ubisoft DRM even more horrible than previously thought, installs browser plugin that lets Ubi run arbitrary code but does not actually check to make sure it's really Ubi doing it.

Pirates, as always, are unaffected.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #149 on: July 30, 2012, 09:04:20 AM »

SO FUCKING RELIEVED that I decided to skip buying the Prince of Persia pack over DRM concerns.  Actually, let me see...

Yep yep Forgotten Sands has that shit in it holy fuck.  I feel like a bullet just struck the wall next to my head.  That is TERRIFYING.

T GAME INDUSTRY please beat up Ubisoft until I stop feeling like playing video games is like navigating a fucking minefield, thanks.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #150 on: July 30, 2012, 09:16:36 AM »

Ubi claims to have pushed a patch that fixes it.

If this is true, then we can at least applaud Ubi for putting out a fix REALLY, REALLY QUICKLY after discovery.

For some reason I am not inclined to trust Ubi on this one until it is verified by a third party.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #151 on: July 30, 2012, 09:35:15 AM »

Even if it is true, that opens up the question of "Did you guys really take less than ten hours to develop, test, and deploy a fix to a problem you were unaware of?"  Because I've done flaming hot fixes before and brother, that's a pretty tight schedule.

So the idea that they might have been perfectly ready for this to happen is not helping my feeling of complete horror.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #152 on: July 30, 2012, 09:41:51 AM »

The thought had crossed my mind, but if I'm to give them just a teensy bit of benefit of the doubt, a key exchange is not a difficult thing to implement.

Of course, giving them benefit of the doubt on how easy the fix was pretty much means pointing out how completely fucking stupid it was not to do it right in the first damn place.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #153 on: July 30, 2012, 09:46:59 AM »

I suppose it's much easier to hang them on what they definitely DID do wrong rather than what I am deeply suspicious of them doing.  Still and all, I feel nervous about letting that company continue to touch PCs at all.  It's not like a massive potential worm vector doesn't affect people who aren't infected with it.

Also the key exchange doesn't exactly solve the problem, it just makes it less trivial to capitalize on.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #154 on: July 30, 2012, 09:51:50 AM »

Well, yes, agreed on all counts.
Logged

Smiler

  • HOM NOM NOM NOM
  • Admin
  • Tested
  • Karma: 66
  • Posts: 3334
    • View Profile
Re: Computer security
« Reply #155 on: July 30, 2012, 10:02:24 AM »

I think the best part of this is that they didn't have the horrible rootkit drm on all of their games. Specifically, Rayman and Anno 2070 are both recent enough and updated, so I don't know why it wouldn't have it.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #156 on: July 30, 2012, 10:05:42 AM »

Ah hell, Rayman Origins is Ubi?  Guess I'll have to check out the Xbox version.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #157 on: August 01, 2012, 09:54:39 AM »

MS-CHAPv2 pretty much broken.

Quote
Researchers have devised an attack against a Microsoft-developed authentication scheme that makes it trivial to break the encryption used by hundreds of anonymity and security services, including the iPredator virtual private network offered to users of The Pirate Bay.

The attack, unveiled by Moxie Marlinspike and David Hulton, takes on average just 12 hours to recover the secret key that iPredator and more than 100 other VPN and wireless products use to encrypt sensitive data. The technique, which has been folded into Marlinspike's CloudCracker service, exploits weaknesses in version 2 of a Microsoft technology known as MS-CHAP, short for Microsoft challenge-handshake authentication protocol. It's widely used to log users into VPN and WPA2 networks and is built into a variety of operating systems, including Windows and Ubuntu.

"We hope that by making this service available, we can effectively end the use of MS-CHAPv2 on the Internet once and for all," the researchers wrote in a blog post published over the weekend.
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #158 on: August 01, 2012, 08:53:10 PM »

Chalk another one up for Moxie.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #159 on: August 05, 2012, 08:27:24 PM »

Logged
Pages: 1 ... 3 4 5 6 7 [8] 9 10 11