LAYERS OF ONION: Suggestions for new resources are welcome. The Gentoomen /sec/ community is looking for CTF team members, contact them at the IRC channel.
have we entered the skiddie dominance era? are nation states barely relevant to most while 14 year old loners pose huge threats to most people/businesses?
Blake Martinez
Ask him why he didn't name reserve_hap when the Intel AMT HTTP upload bug was publicly disclosed. If he says anything except "we didn't want to give away capability" then he's lying.
Owen King
Bumping
Jack Mitchell
the chosen bumper
Alexander Flores
your dick is more likely to bring success than your hacking
Asher Allen
Bumping with schway pics. Bitches love when I use the word schway
Nolan King
what should i name my lisp ripoff?
Robert Ward
Dont name it bakalisp, mine already has that name.
Kayden Bailey
i decided to name it cyb
Easton Hughes
kwl nme
Levi Rivera
In the pastebin for Firefox config changes, I notice there is a lot of options that aren't in about:config. Am I supposed to add them? There are other mistakes too like browser.rights.3.shown is supposed to be set to 3, but it's a bool.
Connor Wilson
Is AdNauseam cyberpunk?
Colton Stewart
Does cyber means not real now?
Benjamin Rogers
Why you say cyber terror is not real?
Julian Jones
Glad to see the general back at it's "old" state cyb + sec united.
Currently learning more shit about Big Data, Business Intelligence and Business Analytics and worming my way into security in this regard. Let's see if I can work out a role in my company for that.
Jack Hall
Exactly this.
Watch as this thread becomes all about LARPing cyb aesthetics and h4xx0r vibes.
No quality security posts yet. Sad!
Joseph Bailey
why don't you start with relevant topics then?
the last pure /sec/ threads were like "haha we showed /cyb/" "haha right" hardly technical relevant
Jeremiah Jackson
Cyberpunk has nothing to do with cyber security
Landon Brooks
Isn't cyber security or cyber warfare in general a big part of cyberpunk?
You mighth want to study this gentoo.org/news/2017/08/19/hardened-sources-removal.html >As you may know the core of sys-kernel/hardened-sources has been the grsecurity patches. Recently the grsecurity developers have decided to limit access to these patches. As a result, the Gentoo Hardened team is unable to ensure a regular patching schedule and therefore the security of the users of these kernel sources. Thus, we will be masking hardened-sources on the 27th of August and will proceed to remove them from the main ebuild repository by the end of September. We recommend to use sys-kernel/gentoo-sources instead. Userspace hardening and support for SELinux will of course remain in the Gentoo ebuild repository. Please see the full news item for additional information and links.
oh right forgot about this one. thanks for the reminder, user
Hudson Smith
sage goes in all fields
Ryder Perry
The file cy.7z" is now uploaded to the Cyberpunk directory of the FTP site It is the 700 MB collection of goodness from Jinteki which is not always available there.
Aiden Cox
>yo guys im looking for something cool to do this weekend >i will install some software and then im full cyberpunk secure
holy shit you faggots are literally braindead
Gavin Jones
Gentoo? Why stay with a cliche fest when you can up your game with OpenVMS? What kind of hardware are you going to commit to the task?
Dylan Clark
>let's use a dead commercial technology which uses a dead architecture with no software support
sounds like a great idea
Benjamin Parker
>Does not know that OpenVMS very much is alive >Does not realise it has an excellent security record >Has no appreciation of uptimes measured in years >the movie Good thing you are anonymous, otherwise your reputation would be shot to pieces.
Oh, and the last update was released 2 months ago.
Oliver Cook
=== /cyb/ and /sec/ News
BBC never disappoints, here they serve honey from pots:
>Catching the hackers in the act bbc.com/news/technology-40850174 >Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research. >The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day. >About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason. >Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.
Also interesting: >After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees Why this delay?
They very carefully didn't say where the attacks originated. Any suggestions what the most effective way is to block the whole of China and Russia?
Carter Richardson
oh my bad, i didn't know that itanium still was a relevant architecture, or alpha, or vax. wait ... no it's not, wew, and here i thought i was wrong for a minute.
you are probably also people that still like to buy ibm mainframes or sparc cpus.
if you haven't heard, the super computing market is ruled by x86_64 in over 90%. the platform is shit, the OS is irrelevant, the amount of people that you can find supporting this shit is none existent and you will end up like a cobol programmer hating to ever having touched this shitty platform.
for your own sake, ditch the platform and go for something modern where you can evolve your skills and actually earn money instead of being abused by whoever uses this bullshit in prod and self abuse that you go through by continuing to use this irrelevant garbage.
Nathaniel Howard
>go for something modern where you can evolve your skills Repeated rebooting is not a skill I an yearning for. I have work to do, not machines to tend to, and thus prefer year long uptimes.
And really, taking advice on a Tibetan pottery forum from someone who cannot work that shift key is not my plan either.
Zachary Williams
dont connect to the internet
Brandon Fisher
really, it boils down on my shift key instead of having a valid argument on technology itself? damn son, you are desperate. enjoy being out of a job and not having experience wand skill to work with modern technology.
i actually hope for you that this shit gets ported to x86 and it will be used on this platform, otherwise you are out of a job.
Dominic Gray
What passes for your arguments are so far out and ludicrous it is hard to know where to start. Why this obsession with x86? It just does not make any sense.
I am working and I use computers daily. The thing is, I use them to get work done and I do not spend my time fixing computers.
Also, you can run OpenVMS and VMScluster using an emulation layer on many computers including Raspberry Pi.
John Kelly
>What passes for your arguments are so far out and ludicrous it is hard to know where to start.
you can not answer a single one and therefore give such a lousy excuse, you are really pathetic. before you tried to damage control your ignorance with grammar, now this shit? nigga please
x86 has the monopoly on the super computing market since over 10 years now, the only recent super computer which wasn't x86 based was the "k super computer" in japan which was a joint venture of fujitsu and oracle. the operating system only works on 3 cpu architectures of which 2 (alpha and vax) are officially dead and itanium slowly but surely experiencing the same fate, having had the last chip release in 2012. itanic is and was never really relevant. oracle ditched it and there is basically 1 vendor that still sells this it in masses which is HP, nobody else does. and you want to emulate that shit in order to cut performance on different architecture? what the fuck is wrong with you, who hires people like you?
Blake Richardson
...
Jacob Allen
and to add an extra to it itanium is fucking expensive compared to any x86 on multiple points: hardware production due to low demand higher price (basic econmics) software development on exotic architecture hardware purchase. the starting price of a 4 core cpu is at ~1k and up. you can get a modern 12 core for the same price range that very likely outperforms the atanic by a shit ton
Adam Price
correction i just saw that 32nm kitten itanium was released this year after 5 years of nothing
Blake Phillips
>there is basically 1 vendor that still sells this it in masses which is HP And that is all it takes. Really, is it that hard to understand that they sell this because there is a demand?
>who hires people like you? Lots of people throughout the years. And as a consultant I am hired in by a lot of clients too.
Elijah Richardson
and you don't see the problem in this? 1 vendor, which has little to no market share on super. you probably just have to maintain legacy systems that people are to afraid to touch because you are working with niche crap which they thought back 20 years ago was a good way to go and now regret it. i know that visa and master card have legacy systems that they are afraid of, i know we have sparc systems that we are afraid of but still the majorty of systems are x86 because it's cheap, you find lots of software support, lots of experienced people which are a lot cheaper than hiring a consultants, etc
Luke Johnson
>and you don't see the problem in this? It is limited. There used to be a lot of noise about this and Gartner gushing about SOA but that is mostly dead. What is not dead are the machines, they just keep on going, and going and going. And they still sell such servers. Even the second hand market on Ebay is still going strong. I was looking at a Superdome recently and the price was still pretty hefty.
John Lee
to me it looks like loss on every aspect. what's the ROI on using this platform? they still produce 32nm which means they are less power efficient (more cost on power consumption), the above mentioned production which probably demands a different production line which increases price, increase in price due to low demand. i really do not see any benefit in using it. even if the platform would provide no outage, setup a second dc with dark fibre and you probably still have money left for staff
Hunter Hall
actually wanted to add the image to another post but forgot
William Roberts
The main reason for using big iron is reliability. I have mentioned uptime a few times but I am not sure you get the importance of it. The cost of going offline is immense. And it was during and the first few weeks after 911 that really drove home the importance of reliability. WTC also held a large telephone exchange and even computers not damaged in the terror attack were cut off.
You can charge enormous sums if you can demonstrate proven track record of reliability like they can. Also as mentioned in an earlier /cyb/ thread the vulnerability record is equally impressive. cvedetails.com/product/4990/HP-Openvms.html?vendor_id=10
So yes, they can continue this technology and their customers will pay willingly and happily. Gartner may whine but that is unimportant.
further proof that technology became shit after the mid 00s.
lol at Itanium, btw.
Tyler Bennett
official wsg sister thread
Charles Gomez
Uploading shway wallpaper for (yous)
Nolan Hughes
freedomhacker.net/latest-windows-7-8-81-update-spy-windows-10-4568/ Are there any other updates I need to avoid? Yes, I know Windows is proprietary and inherently insecure, but I built this PC specifically for my proprietary software needs and want to minimize insecurity.
Lincoln Scott
>hardened gentoo you did not read the news
Brandon Gonzalez
I'm trying to obfuscate a payload so it passes a malware scanner. Any tips? At the moment I have encoded it into hex and then encrypted it but it is getting picked up by most things on virustotal.
Nicholas Ward
There's no more Grsec patches right? Pretty sure even Hardened Gentoo got hosed by the decision to go full payment.
Also I sort of agree with it, fuck the mainline devs for not adopting a single one of the Grsec patches and creating that horrible Kernel Protection project run by Jewggle that imploded recently.
Rewrite the binary to produce the payload after it is scanned, this is typical adware behavior you pass installation check then go about producing your payload
Levi Torres
I'm pretty new to this so i'm just guessing but would something like a static variable that gets incremement each time it run help with this? Just make sure it has been run once (the scan) and then produce the payload on the second run?
Or is there a way to do this by checking if the program is running on a sandbox? Maybe some call to a function that a sandbox would be missing?
Cooper Williams
It doesen't block ads as well as UBO does for me.
Anthony Russell
...
Thomas Rodriguez
Really? I thought AdNauseum was a clone of UBO with stuff added on.
Connor Howard
the OP reminds of when i opened up a terminal and my friend asked me if i was a hacker
Benjamin Adams
such a shame about grsec. it was next level stuff for linux kernels and with selinux/apparmor you could really harden a system. rip
Kayden Cruz
what does cyberpunk have to do with infosec?
William Robinson
Lainchan is shway as fuaaark. Cyberpunk is duck. Sup Forums is soykaf.
Gabriel Morgan
wut
Michael Nguyen
nackt
Ian Thomas
Page 10 bump
Jackson Roberts
Had good success using a phony bogosort to time out sandbox av tests, better than sleep calls
Alexander Rodriguez
I think the options are for old versions of Firefox.
Bentley Fisher
>nackt Where is she now? Haven't seen any activity for ages.
>Page 10 bump Thanks.
Dylan Garcia
Should it be updated then?
Joshua Clark
I though /sec/ demerged. I don't think if it is good or bad.
Aaron King
>pic
holy shit, that is a thing? does it work for non-bild persons aswell? I'm thinking of AR
for those too lazy to look it up BrainPort is a technology whereby sensory information can be sent to one's brain through an electrode array which sits atop the tongue. ... It has also been developed for use as a visual aid, demonstrating its ability to allow a blind person to see his or her surroundings in polygonal and pixel form. In this scenario, a camera picks up the image of the surrounding, the information is processed by a chip which converts it into impulses which are sent through an electrode array, via the tongue, to the person's brain. The human brain is able to interpret these impulses as visual signals and they are then redirected to the visual cortex, allowing the person to "see." This is similar in part to how a cochlear implant works, in that it transmits electrical stimuli to a receiving device in the body.
Joseph Garcia
what is your best /sec/ laptop ?
Josiah Collins
It's a .jp covert op to promote their chan through Sup Forums with a daily general thread. The infosec portion of the thread is to give it some substance for being alive since cyberpunk discussions are played out by now.
Ayden White
Sun people at Oracle are being kicked out. Linux is now 26 years old Stagnation abounds.
I hope Redox-OS will bring about a new spring of daring innovations. Linux cannot. It is too old and the infighting is too intense. There are tons of APIs that are deprecated but cannot be killed and, quite tellingly, nobody wants to call a flag day on Linux 5.0
Also clib is full of stuff that should be taken out and shot. Who thought "strfry" was a good idea!? Again, a flag day is way overdue.
Cameron Gray
>holy shit, that is a thing? Sure. It has been around for years, strangely under the radar. That is why I brought it up a few times.
>does it work for non-bild persons aswell? Sure. Just like most people can learn to read Braille even if not blind.
The idea is to use this for vision replacement. For non-blind people the idea was to use it for divers and fire fighters by using a sonar generated image "projected" on the tongue piece, so that they can see in the depths of the oceans or smoke and fire filled rooms.
Personally I would like to experiment with augmented vision, like overlaying infrared data on the tongue while still seeing normal light. Or use the tongue to "see" behind me. There are so many opportunities and I think the people working on this are rather conservative.
Oliver Gutierrez
So, nothing about future wear? Functional fabrics with embedded high tech, for humans and bots?
Where are the /sec/ bros? I will try to start some /sec/ topic despite the fact I'm completely noob at this.
What should be must have /sec/ measures at basic and intermediate level on your personal taste?
William Richardson
cyberpunk attire = cringe
Angel Reyes
a pen and paper
Carter Taylor
which paper ? Seriously do you think x230 is a good idea ?
Nicholas Stewart
>cyberpunk attire = cringe Yeah, most is really, really bad. And there is zero functionality at all.
To take one example: there is technology underway to embed conductive fibres in clothing, fibres that can be used as antennas for greatly improved cell phone coverage. And being embedded it is simply invisible. Also these fibres can be embedded in a nice white business shirt or in more fancy wear.