Re: You were lucky...
Err... so... what is a rubber button?
321 posts • joined 24 Feb 2008
"What about the other European armies?"
"Oh they're alright, on weekdays anyway."
"The Dutch, Danish and Belgian armies go home on the weekends."
"So if the Russians are going to invade we'd prefer them to do it between Monday and Friday. Is this widely known?"
"Well if I know it I'm sure the Russians do. The Kremlin always gets NATO defence secrets before they filter down to us at Number 10."
It was actually found weeks ago and spread around the Apple developer forums. By the time it went big yesterday it was already well known to a large group of people. This wasn't a case of a careless security researcher dropping a zero-day publicly because he didn't feel like reporting it, it was a developer who wasn't aware of the full impact of a bug complaining that Apple had not even acknowledged that it existed let alone discussed the possibility of a fix.
Was this the best way to handle the issue? Nah, not really. But is it "right" for one of the many people who discussed this issue publicly to be crucified for doing so, as you suggest? No, not that either.
Also if you read the technical details, the "root account without a password" already was eliminated from the auth DB and should have been completely inaccessible. The root of the problem was that the authentication code wrongly decided that it was time to enable the disabled account by creating it anew, with the (blank) password which had been provided by the user.
Sadly, things are never quite as simple as they look.
But the problem with that is, regular people aren't allowed access to that software unless they're a LEA or popular service like Facebook. (Which sucks, as I have a large anime artwork collection I'd love to sort through far more easily to remove duplicates.)
This isn't a BYOD solution. It doesnt solve the issues discussed (laptops, desktops, macbooks etc).
Did you read the article?
I thought you knew. The comments section switched to a Bring Your Own Article policy several months ago. It adds a little bit of administrative overhead and may have some minor impact on the coherency of comments, but we feel that it makes the users happier in the long run.
"So a "ding dong" is a warning signal of visitor, post, or circular. If followed by a Westminster chime then it means someone is ringing the bell."
And if it is followed closely by the sound of barking dogs and screaming then the bell has been rung by a door-to-door soul saver, utilities fraud team or a salesperson from Citrix.
"There is something a little off with this."
There sure is. I think you should look at changing the vendor you purchase domain names from, as it really shouldn't take "a few hours minimum" to sign in to a control panel, type or paste in a domain name, check the box that says "Yes please put this domain on the same domain name servers I always use" and then push a button to buy it. It's a five minute job at most, and that includes typing your password wrong four times and swearing a bit before you turn Caps Lock back off. And if you're concerned about the cost, which is less than the price of buying warm drinks for the entire team one time, you can typically 'return' the domain a few days later and end up paying nothing.
What you may be missing is that checking in with a mysteriously named domain is a fairly common technique for malware to use, and that it is not unusual to take control of expired, unregistered or cancelled domains to 'sinkhole' them, effectively shutting down an entire botnet by not only removing its central command and control facility but also redirecting the C&C traffic to a friendly site where you can keeps tabs on botnet infections and activity. The value isn't just in stopping a single infection on your local network, but also in seeing what every other infected host in the world is doing, so taking a few minutes to register a domain and point it to your existing sinkhole server is a reasonable thing to do.
This is exactly what MalwareTech described in his original write-up of WannaCrypt ( https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html ), and he includes some data he was able to collect on global and regional infection rates through the sinkholed domain.
It may seem odd if you're not familiar with modern botnet hunting, but what MalwareTech did wasn't that unusual.
What you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.
"There's never been a period that I've NOT heard SCSI pronounced that way."
When Larry Boucher invented SCSI he wanted it to be pronounced "Sek-see". Everyone else on the committee thought that sounded unprofessional and decided it should be "Scuh-zee" instead.
I'm pretty sure that this was the same group which later renamed the seventh planet to "Urectum" because its old name sounded impolite.
It's just that nobody in the White House understands how the phones work. Once they figure that out, they'll be in touch.
Now... It's pick up the receiver, then select a line... No wait, select a line, then press the speaker button, then dial '9' for an outside line? Or is it '6' for international calls, then '011'? No, use '9', but drop the '0' and dial --
Hello? Is someone there?
Y'know, there is a bug report which explains all of these things. It's even linked from the article.
Here, I'll read it for you. Cryptkeeper calls encfs to create an encrypted filesystem interactively and feeds it answers through stdin. The code is even included in the bug report:
execlp ("encfs", "encfs", "-S", crypt_dir, mount_dir, NULL);
// paranoid default setup mode
//write (fd, "y\n", 2);
//write (fd, "y\n", 2);
write (fd, "p\n", 2);
write (fd, password, strlen (password));
write (fd, "\n", 1);
Not only does it answer "p" to the "Paranoid or eXpert mode?" prompt, it also used to answer "y" twice before that, presumably to answer questions about creating the filesystem and mount point specified in crypt_dir and mount_dir. The man page for encfs even specifically warns about that possibility:
Read password from standard input, without prompting. This may be useful for scripting encfs mounts.
Note that you should make sure the filesystem and mount points exist first. Otherwise encfs will prompt for the filesystem creation options, which may interfere with your script.
The end result of this is that Cryptkeeper will ignore the user supplied passphrase and create an encrypted filesystem with the password "p". Since the error was restricted to the creation code, any further attempts to mount the newly created filesystem with the correct password would fail.
While the real source of this error is the sloppy use of an interactive session with encfs in Cryptkeeper, the trigger was a recent fix made to encfs which removed the "paranoid?" prompt. Since this fix was committed on December 12th, when Cryptkeeper was no longer maintained, it was not caught until the next time a Debian testing user tried to create a new encrypted filesystem and found that it didn't work.
The linked writeup goes into some depth about this, but here's an overly brief summary which probably misses several important details:
1) End user downloads a copy of a popular search app or free wifi app onto their phone and installs it, presumably by sideloading.
2) The trojan app then runs, checks to see if it has connected to a new wifi network and then phones home for instructions.
3) The app then uses a range of super-secret military grade encrypted ciphers such as "admin/admin" and "admin/123456" to log in as an administrator to the wifi access point it just connected to.
4) Once it has admin access to the AP the trojan will then reconfigure it to use a rogue DNS server for itself and for all DHCP clients which connect to it from then on. According to the article it seems to only understand the web interface for common TP-LINK routers
5) The trojan-infected phone can then be switched off, wiped clean, fed into a wood chipper and then have its ashes launched into the sun, but the damage to the WIFI AP will still remain.
So the initial infection is done by sideloading an app, but once the AP has been owned every user of that WiFi network who uses the provided DNS addresses will be affected.
Most humans in competitions _do_ use speed cubes, which are designed to avoid unfortunate accidents like popping or corner cutting and then disassembled, lubricated, adjusted and reassembled at least twenty times during the lead-up to a competition. The first adjustment ensures that all of the cube's parts will be turning at top speed with exactly the amount of friction required while the next nineteen or so are just to give the cube's owner something to do with their hands while waiting.
I can understand the screen. It's a 3:2 aspect, big enough to display two pages side by side at something around 200 dpi, so it's great for doing print work.
It's touch and has a fancy pen so that you can draw right on it. The Soar Knob does the job of a mouse wheel and give you something to do with your left hand while you're drawing that won't get you arrested.
The screen can tilt from vertical down to almost flat so that it can act like a traditional desktop or a drafting table, and the whole thing is counterweighted to make the transition as smooth as possible.
There's a ridiculously high resolution camera built into the top bezel so that you can share all of your conversations with Skype and that the botnet owners can watch your expression right after you realize that all of your files have just been encrypted with unbreakable triple-ROT13.
That all makes sense.
Why does a desktop computer, designed to be placed with its back against a wall or tilted so that its back goes down to the desk, have both front _and_ back mounted cameras?
The sixth and final explosion—frame 313—starts on the Falcon 9 in the oxygen tank near the front. This is the big one. The Falcon 9 going back to its left. The explosion came from the front and right. Totally inconsistent with a routine filling operation. Again... back and to the left… back and to the left… back and to the left… back and to the left.
Biting the hand that feeds IT © 1998–2019