flat assembler
Message board for the users of flat assembler.

Index > Heap > must know backdoor exploits

Goto page Previous  1, 2, 3, 4, 5  Next
Author
Thread Post new topic Reply to topic
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 19:09; edited 1 time in total
Post 09 Nov 2013, 21:47
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
does letting them know about others help them to realize that we and them are no different in some sense? idk, unless NSA is not operated by human.

or, does knowing the preferences of a human equal to understand a human?

and how is, don't even talk approach gonna help to solve, (in any sense, problems that we encountered and will encounter in future) ?
Post 09 Nov 2013, 22:05
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 19:08; edited 1 time in total
Post 09 Nov 2013, 22:16
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
HaHaAnonymous wrote:

I just want my account and IP address PERMANENTLY SUSPENDED within 24 hours or I will have to do things to force this action.

i don't get it,
Post 09 Nov 2013, 22:21
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 19:08; edited 1 time in total
Post 09 Nov 2013, 22:27
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
but why?
you don't enjoy being here? knowing and sharing with others?
Post 09 Nov 2013, 22:43
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
how secure are we as a end users?

http://www.cvedetails.com/product-list/product_type-o/vendor_id-0/firstchar-W/Operating-Systems.html
WINDOWS 7
Image

WINDOWS 8
Image

LINUX
Image

FREEBSD
Image

OPENBSD
Image
Post 08 Jan 2014, 16:54
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
it is not like having antivirus, secure all account with longer and special chars password,
keep update to latest available downloadable patches and etc,

this whole thing is a crafted scenario,
like how they bribe RSA to weaken the algo.

and how people are marketed to comfortably use such OS is totally beyond anybody sane mind.

it seems that most people are pushed into this trap, except a few,
Post 08 Jan 2014, 17:05
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 18:34; edited 1 time in total
Post 08 Jan 2014, 23:29
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
pkg audit -F
Vulnxml file up-to-date.
libXfont-1.4.6,1 is vulnerable:
libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont
CVE: CVE-2013-6462
WWW: http://portaudit.FreeBSD.org/28c575fa-784e-11e3-8249-001cc0380077.html
Post 12 Jan 2014, 23:28
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
your JAVA,

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA

Quote:
This Critical Patch Update contains 36 new security fixes for Oracle Java SE. 34 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Post 14 Jan 2014, 22:26
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17348
Location: In your JS exploiting you and your system
revolution
Does anyone still use Java for anything? Note: Java is not JS
Post 14 Jan 2014, 22:41
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
revolution wrote:

Does anyone still use Java for anything? Note: Java is not JS

a lot,
in fact, i would say, maybe 50% of banking application somehow associated with JAVA,
usually i see share trading apps,
and government official document submitting apps in my country, imagine that, users are forced to install JAVA in order to get the work done.

and all the JAVA inside smartphone, (i bet somehow they will get affected too)
Post 15 Jan 2014, 00:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17348
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
in fact, i would say, maybe 50% of banking application somehow associated with JAVA, ...
I can't be the only one to see the irony here that banks require you to lower your security in order to access them.

But I am keen to know where your 50% figure comes from? Is that 50% of banks or 50% of users of banks? And, yes, there is a difference, a very large difference.
Post 15 Jan 2014, 00:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
50% came from what i observed here (in my country) i just made observation into number, no real stats, sorry

i think there is one Singapore bank that doing share trading compulsory made you install JAVA in order to get those info,

btw, here the BAD news, really BAD one.

http://volatility-labs.blogspot.com/2014/01/truecrypt-master-key-extraction-and.html
TrueCrypt Master Key Extraction And Volume Identification
Post 16 Jan 2014, 00:39
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17348
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
btw, here the BAD news, really BAD one.

http://volatility-labs.blogspot.com/2014/01/truecrypt-master-key-extraction-and.html
TrueCrypt Master Key Extraction And Volume Identification
Actually this is not bad news for truecrypt (or any other encryption software), it is bad news for anyone that already has their system compromised. Once your system is compromised all bets are off and you are screwed no matter how strong your encryption is.
Post 16 Jan 2014, 00:48
View user's profile Send private message Visit poster's website Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 18:30; edited 1 time in total
Post 16 Jan 2014, 01:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17348
Location: In your JS exploiting you and your system
revolution
HaHaAnonymous wrote:
This is one more reason for you to study hard and make your own encryption tools.
No. That won't help against a compromised computer. And using something you made yourself will likely be weaker than the proven methods and tools already out there.
HaHaAnonymous wrote:
And protect it, hide it from anyone. Be extremely paranoid.
Security by obscurity is not a solution and only works against your grandmother.
HaHaAnonymous wrote:
NSA and your local police will not forgive you, make things as impossible as possible (haha). And most important, don't tell how to decrypt your data if you are tortured by them (yes, torture is very common anywhere in the world). Otherwise, all your work was in vain.
There are methods available where you never know the key and thus cannot reveal it to others even if you wanted to.

These problems have already been solved in sensible ways. Your suggestions here are not very good ones.
Post 16 Jan 2014, 02:20
View user's profile Send private message Visit poster's website Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 18:30; edited 1 time in total
Post 16 Jan 2014, 02:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17348
Location: In your JS exploiting you and your system
revolution
HaHaAnonymous wrote:
Ok, can you tell me the contents of the following encrypted file (and that's a great help already): http://www.sendspace.com/file/ps7gvn
I didn't even look but let's assume that I can't. What does that prove? Nothing. Often it is the process rather than the outcome that is compromised (read about side channel attacks). But regardless, you have no assurance that it cannot be "broken", and you might never know if I did break it but just decided not to tell you.
HaHaAnonymous wrote:
Is it impossible? Nothing is impossible. Is it easy? According to you, yes.
You would never know. You have no assurance that I didn't break it. Perhaps I did break it and lied by saying I couldn't. That way you keep using your flawed method and I get to keep reading your "protected" data.
Post 16 Jan 2014, 03:10
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.