flat assembler
Message board for the users of flat assembler.

Index > Heap > must know backdoor exploits

Goto page Previous  1, 2, 3, 4, 5
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
idk, but i don't think internet is still insane for everybody to use.
I think you are mistakenly conflating the browser with the Internet. One is not the other. I can use the browser without the Internet. And I can use the Internet without a browser.
Post 16 Mar 2014, 04:39
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8966
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
well, half agree with you,
but majority of human on earth are using internet with their browser,
flash to view youtube, videos, games and etc.

3 billion users... for 2014, what percentage are using internet witout browser?

almost no securities if "someone who found exploits" could hack into everybody system through browser, add-on, third party plugin and etc.

i actually wanna highlight the seriousness of no security.
Post 16 Mar 2014, 05:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Some people think Google is the Internet.

But advocating for some sort of perfect security is not a good thing IMO. We would end up like North Korea. To "protect" us someone will control everything we do. No thanks, I don't want to live in a world like that.

Instead what we need is more understanding of the risks. And procedures to minimise and recover from damages.

Instead of FF removing the GUI option to disable JS what we should be doing is informing people about what can happen if JS is enabled. By removing the option FF made people less in control and more vulnerable by pretending that the option is not important.

We come here to program in assembly. That is programming without things like type safety, managed code, bans on gotos, etc. And without those "protections" we instead need to have understanding about what we are doing. And that is what is important: understanding gives us freedom and control, but also gives us risks to manage and judgements to make.
Post 16 Mar 2014, 06:28
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
sleepsleep wrote:
well, half agree with you,
but majority of human on earth are using internet with their browser,
flash to view youtube, videos, games and etc.

3 billion users... for 2014, what percentage are using internet witout browser?

almost no securities if "someone who found exploits" could hack into everybody system through browser, add-on, third party plugin and etc.

i actually wanna highlight the seriousness of no security.

Police and the military
Post 16 Mar 2014, 13:28
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8966
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i agree with the idea that user must be let in charge, whether to run javascript, flash or etc features, the issue that all those setting are hidden is not something that browser's users should find acceptable.

i don't have solution, but i found that, there are lots of security issues in current browser, the architecture,

maybe there should be re-architecture internet II.
Post 16 Mar 2014, 18:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
i don't have solution, but i found that, there are lots of security issues in current browser, the architecture,

maybe there should be re-architecture internet II.
Your last statement is not connected to the previous. What is the problem with the current Internet that you wish to solve?
Post 16 Mar 2014, 23:12
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8966
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
no centralized domain control,
focus more on anonymous approach, more privacy,

too bad, i guess idk much to create a difference,
Post 18 Mar 2014, 07:20
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
sleepsleep wrote:
no centralized domain control,
focus more on anonymous approach, more privacy,

too bad, i guess idk much to create a difference,


But if someone hacks financial institutions' databases and steals all your money that means they won't be able to find the assailant. Confused

But today you don't need to do than because you can hack some ATM machines that take cards with magnetic stripes.

Can be hacked using bus passes and library cards lol.
Post 19 Mar 2014, 04:49
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8966
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
http://phys.org/news/2014-03-wpa2-wireless.html

Quote:

"Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware."
Post 22 Mar 2014, 18:02
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8966
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/

Quote:

When researcher Joshua Drake published details in August about critical Android vulnerabilities in the Stagefright media playback engine, he promised there would be more issues that he and others would find and report to Google’s Android security team.

Today, Drake, vice president of platform research and exploitation at Zimperium, disclosed two more flaws in Stagefright, one that dates back to the first version of Android, and a second dependent vulnerability that was introduced in Android 5.0. The bugs affect more than one billion Android devices, essentially all of them in circulation.


means your android could get hacked by anyone.
Post 01 Oct 2015, 21:43
View user's profile Send private message Reply with quote
mbr_tsr



Joined: 03 Apr 2011
Posts: 4903
mbr_tsr
it would be amazing to be 101% anonymous like back when XP first came out with C++ you could spoof your ip, and ICMP packets could crash any ip, they made API wrong because they didn't know how to make a simple set of functions that did it all, some freak anti hackers did not want hackers with ultimate power, when really all along the hacker knows it should be easy to remove his virus, and his flooder will only be on for a few minutes, and his trojan is used by hundreds of other hackers yet what for is unknown. it would be more fun if hackers had a rainbow multi-client telnet server that did it all, and we could be sneaky and get C:\ at one time in history it was easy and browsers could run .com applications, sadly times changed, now most compilers don't work...if i had my say everyone would have an ip nuker, keylogger, and trojan.
Post 02 Oct 2015, 03:30
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.