Conversation
Notices
-
Embed this notice
≠ (amerika@annihilation.social)'s status on Monday, 07-Oct-2024 02:17:34 JST 
≠
@threalist @sj_zero @p @cjd @h4890
I work with an infosec-related website and am looking for articles on why infosec, the internet, and "hacking" are bullshit these days to use in content for the site. Any ideas?-
Embed this notice
djsumdog (djsumdog@djsumdog.com)'s status on Monday, 07-Oct-2024 02:17:33 JST 
djsumdog
I wouldn't say infosec is "bullshit." I'd say a lot of people in those fields are NOT developers, and they lack a true understanding of what security techniques are actually versus beneficial versus those that tick a box on a checklist (CrowdStrike was always a garbage security nightmare from the moment I saw it; and I constantly raised concerns and no one cared because "compliance.")
SHIELD certification was talked about a lot ~2012 and a lot of people in the security sector were against any type of certification, because it's just so pointless. There was a panel discussion about SHEILD form 2012, but Ruxcon pulled the video for some reason. I'd put it on catbox, but it's 950Mb.
One of the most iconic images I remember for a security conference was [Travis Goodspeed's talk on packet-in-packet injection](https://www.youtube.com/watch?v=iQk0GHXs8NY), because of the following image titled "Encapsulation."
Software is built on layers, and even security is designed in layers that are intended to create isolation as well as redundancy. The trouble is that very few people can describe, in any reasonable level of detail, everything that happens in a single HTTP request.
Modern security exploits are often a single strap in these layers. No matter how much everything else is locked in, one bad link could cause everything to come crashing out on the motorway.✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 08:26:58 JST 
pistolero
@amerika @cjd @h4890 @sj_zero @threalist Oh, man, you should ask @ins0mniak , I bet he has a stack. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 13:57:40 JST 
ins0mniak
@p @amerika @h4890 @cjd @sj_zero @threalist
I mean not really any articles off the top of my head but I have several theories.
Mainly there are a lot of gatekeepers making money of certifications that at the end of the day install a false sense of knowledge and confidence to those who get them.
Garbage distros like kali or parrot have a lot of automated tools that people will use and not exactly understand, so it's a point and fire situation. I mean if you can't set up your own box that you're fucking useless. Like honestly, if you don't know what a fuzzer is doing don't use it. (not you, like people in genreal)
Most schools are diploma mills so people who go that route have an inflated sense of superiority. Enjoy the debt dummies.
Moar gatekeeping. Like, most places now want at least a 4 year computer science degree which is dumb, theres nothing a classroom will do if you cant learn it yourself. just check out any so called "hacking forum" its moron after moron that can't google "why is postgres not starting" or "what are some common ports?"
Basically it's filled to the brim with annoying dipshits who spend most of their time blabbing about women issues in tech and building communities rather than fixing shit.
Every clown on Earth these days is all "im gonna do cyber security!"
Cool.
Learn a scripting language at least, at least be able to read C, learn how things like linux and windows servers work...at the very least before even thinking about security.
I once met a fucker at the bar blabbing about his 6k security consulting job. I started kinda talking to him and it was all "i don't code, no I don't need any of that thats for developers"
I wanted to kick his stool out form under him.
I hate that industry I hate the dumb asses in it and I'm at the point where if people get owned by the Ruskies than that's just not my problem lol
Thanks for coming to my seminar.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
sj_zero (sj_zero@social.fbxl.net)'s status on Monday, 07-Oct-2024 14:00:04 JST 
sj_zero
We all remember the recent event where half the earth crashed because a security company sent an update, and there was an event earlier where solar winds had a bad cert that allowed bad actors to access dozens of companies carte Blanche.
Trusting an info sec company that can write to your network is bullshit. If these companies cared about security they wouldn't allow data to be sent back and forth like this.
Kaspersky antivirus just installed a while new antivirus to all their us customers without asking permission. This is all evidence that infosec is bullshit because it you get into infosec companies you get privileged access to tons of critical networks.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:08:38 JST 
Fish of Rage
@ins0mniak @amerika @p @h4890 @cjd @sj_zero @threalist I used to help build curriculum for a cybersecurity degree for a major university, people came in not even knowing how to install a vpn or use linux or a command line. I had to build a Windows image with all the tools installed because people hated Linux so much. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Monday, 07-Oct-2024 14:12:00 JST 
Fediverse Contractor
I'm surprised about this tbh -
Embed this notice
:blobcatflower: (methyltheobromine@netzsphaere.xyz)'s status on Monday, 07-Oct-2024 14:12:01 JST
:blobcatflower:
@sun @amerika @p @h4890 @ins0mniak @cjd @sj_zero @threalist they should have all failed the course. fucking pigeons -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:13:10 JST
Fish of Rage
@lucy @amerika @p @h4890 @ins0mniak @cjd @sj_zero @threalist what I learned is that universities are for moneymaking. They don't care if you can do the coursework, if there is a cool major they will add it and let people in it to collect more tuition. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:15:23 JST
Fish of Rage
@ins0mniak @amerika @p @h4890 @cjd @sj_zero @threalist I wish I could see the rate of people dropping out or dumping the major because as you go further you need those skills anyway. I guess their idea was you would learn it as you go along. My mindset is different. You shouldn't even attempt a cybersecurity major if you don't already have a set of requisite abilities. You realistically are not going to be any good if you come in knowing literally nothing. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 14:15:24 JST
ins0mniak
@sun @amerika @p @h4890 @cjd @sj_zero @threalist Oh I belive you. It's unreal.
I don't understand how someone can look at committing to something like that, paying money and having no foundational knowledge of the subject.
I see a lot, people want to do security or whatnot thinking they're going to be making 250k out the box -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:16:42 JST
Fish of Rage
@lucy @amerika @p @h4890 @ins0mniak @cjd @sj_zero @threalist The curriculum for this degree was actually very good, it was all stuff you NEED at a bare minimum to be competent at cybersecurity. You TOTALLY can learn it on your own without taking the courses but the courses put it all in one place and gave you a credential at the end. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
:blobcatflower: (methyltheobromine@netzsphaere.xyz)'s status on Monday, 07-Oct-2024 14:16:44 JST
:blobcatflower:
@sun @amerika @p @h4890 @ins0mniak @cjd @sj_zero @threalist real.
i don't have a degree that's why im so bad at making money. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 14:17:15 JST
ins0mniak
@sun @amerika @p @h4890 @lucy @cjd @sj_zero @threalist absolutely. Fish of Rage likes this. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:21:29 JST
Fish of Rage
@Tony @amerika @p @h4890 @ins0mniak @cjd @sj_zero @threalist one of the things we had was a shellcoding course where you learned how to execute common exploits against software, like take advantage of buffer overruns to inject arbitrary executable code on the machine. We also taught you how to open and inspect a virus using things like PE decoder and figure out what it is doing by reading assembler. How to use dozens of common programs used in cybersecurity. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Mr. Bacon (tony@clew.lol)'s status on Monday, 07-Oct-2024 14:21:30 JST 
Mr. Bacon
what skills would you need? -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 14:21:48 JST
ins0mniak
@sun @amerika @p @h4890 @cjd @sj_zero @threalist I think the way higher education works now is that people just kind of get shuffled through.
It's a weird thing but the reverence so many people have for college credentials is huge.Fish of Rage likes this. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:27:39 JST
Fish of Rage
@ins0mniak @amerika @Tony @p @h4890 @cjd @sj_zero @threalist
No Starch's "Practical Malware Analysis" was part of our curriculum. Some chapters are now outdated but overall the book is a must-have. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 14:27:40 JST
ins0mniak
@sun @amerika @Tony @p @h4890 @cjd @sj_zero @threalist There was a great no starch book back 20 years ago, hacking art of exploitation.
It's laid out like what you're describing. It was like the Bible to hardcore up and comers -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 14:30:55 JST
pistolero
@h4890 @sj_zero @amerika @cjd @threalist You can do it in software with just routing. Drop incoming UDP/ICMP/etc., drop incoming SYN packets, just drop everything *except* ACKSYN. Then on one side of the network, it cans end out whatever packets it wants, it can establish connections (but only send data down them, not receive any), and on the other side, the only message that can be sent is the second step of the TCP handshake. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 07-Oct-2024 14:30:55 JST 
Haelwenn /элвэн/ :triskell:
@p @amerika @h4890 @cjd @sj_zero @threalist ICMP probably shouldn't be entirely banned though, otherwise you'll get things like MTU issues and miss connection diagnosis (like the various distinctions of destination unreachable).
And one thing that should also be filtered out is any connection that isn't for your address/subnet, specially broadcast (where the only exception might be DHCP and SLAAC for your own machines). -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Monday, 07-Oct-2024 14:30:56 JST
h4890
@sj_zero @amerika @p @cjd @threalist
This is a great business opportunity. If you can create such a thing, based only on european components, let me know, and I will introduce you to some people who pay a fortune for these devices today. Logically, they should then be willing to pay you half a fortune for it! ;)
-
Embed this notice
≠ (amerika@annihilation.social)'s status on Monday, 07-Oct-2024 14:30:57 JST
≠
@sj_zero @p @h4890 @cjd @threalist
Not to mention Antimalware Service Executable paralyzing half of the Windows machines on Earth half of the time they are running! -
Embed this notice
sj_zero (sj_zero@social.fbxl.net)'s status on Monday, 07-Oct-2024 14:30:57 JST
sj_zero
If you're trying to get data from a secure network to a less secure one, there's a device called a data diode which can't be hacked traditionally because it can only send signals outward and not inward. Think of a fiber optic cable where you only have a transmitter on one side and a receiver on the other, or an AM radio -- you can't hack the radio station no matter how you turn the dial on your am radio because the info only moves from the station to your radio. Contrast with a 2-way link into a secure network from a third party. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Monday, 07-Oct-2024 14:32:05 JST
Fish of Rage
@ins0mniak @amerika @Tony @p @h4890 @cjd @sj_zero @threalist It desperately needs a refresh because the entire windows kernel hacking chapter doesn't work after Windows XP, and several of the tools they recommend either are impossible to find now or you can only find copies of them on really sketchy websites. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 14:32:07 JST
ins0mniak
@sun @amerika @Tony @p @h4890 @cjd @sj_zero @threalist Oh hell yeah. I had that one too, I haven't checked out any of their newer stuff bit they had some bangers back years ago -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 14:36:01 JST
pistolero
@skylar @ins0mniak @amerika @cjd @h4890 @sj_zero @threalist
> pointless box-checking for insurance and regulatory compliance purposes,
whoahoahsinternally.jpg✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
skylar :confederateflag:??? :z: (skylar@misskey.yandere.love)'s status on Monday, 07-Oct-2024 14:36:02 JST 
skylar :confederateflag:??? :z:
@ins0mniak @amerika @p @h4890 @cjd @sj_zero @threalist i feel bad for all the folks who go into cybersecurity thinking they're gonna be doing sick nasty hacker man shit only to find out their job is pointless box-checking for insurance and regulatory compliance purposes, and arguing with boomers who think that MFA on their office 365 account is a personal attack against them Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 14:36:06 JST
ins0mniak
@sun @amerika @Tony @p @h4890 @cjd @sj_zero @threalist yeah those windows system internal books are a good start I think.
That's the other thing, some knowledge you get by initiative and exploring based on your foundations.
Which why that kind of thing so important.Fish of Rage likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 14:40:57 JST
pistolero
@sun @ins0mniak @amerika @cjd @h4890 @sj_zero @threalist
> I wish I could see the rate of people dropping out or dumping the major because as you go further you need those skills anyway.
That's accurate. I mean, when I was boxing, you could tell who was gonna be good at boxing this time next year and who wasn't: the people that complained were going to quit in three months, the people that dropped when the bell rang and dude yelled "PUSHUPS!" were putting in the work.
A person studying security that doesn't wanna touch Linux and complains when given a Linux is not going to be interested in putting in the work when it gets actually difficult. I wouldn't go as far as to say that they need to show up with it, but if they complained about the Linux CD you gave them, they're not interested in putting in the work they'll need to put in.Haelwenn /элвэн/ :triskell: and Fish of Rage like this. -
Embed this notice
WhiteExodite (bleedingphoenix@wolfgirl.bar)'s status on Monday, 07-Oct-2024 14:43:21 JST 
WhiteExodite
@ins0mniak @amerika @p @h4890 @cjd @sj_zero @threalist >i don't code, no I don't need any of that thats for developers
did he at least know any php? you kinda need to know some for xss attacksHaelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 07-Oct-2024 14:55:58 JST
Haelwenn /элвэн/ :triskell:
@p @amerika @h4890 @ins0mniak @cjd @sun @sj_zero @threalist Although I'd wonder if any would ever refuse the pre-made system specially if they're supposed to run it on their own machine and instead use/get their own copy, specially when uni would have a mirror.
At least that would probably be me where I'd probably ask beforehand what software we should already have installed, no way I'd run a random blob from a teacher. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 15:01:28 JST
pistolero
@skylar @ins0mniak @amerika @cjd @h4890 @sj_zero @threalist
> they'd have to be in the building at that person's desk to do so.
Until some boomer decides to increase the LAPD's social media presence and you put the password for the server holding scans and photos of evidence onto Youtube.✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
skylar :confederateflag:??? :z: (skylar@misskey.yandere.love)'s status on Monday, 07-Oct-2024 15:01:29 JST
skylar :confederateflag:??? :z:
@ins0mniak @amerika @p @h4890 @cjd @sj_zero @threalist honestly sticky notes and notepads in the desk drawer got an unfairly bad reputation
even if anyone can just go and read it, they'd have to be in the building at that person's desk to do so. if someone's got unsupervised access to their desk and the computer on it, they could just go and fiddle with it anyway to steal all the credentials from someone's password manager (or the passwords.xlsx file on the desktop cause the password manager was too hard to use). -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Monday, 07-Oct-2024 15:01:31 JST
ins0mniak
@skylar @amerika @p @h4890 @cjd @sj_zero @threalist 100. Ot the burnout that comes from just staring at nessus all day and trying to make boomers understand that putting their passwords on sticki notes is a bad idea -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 07-Oct-2024 15:53:27 JST
Haelwenn /элвэн/ :triskell:
@p @amerika @h4890 @cjd @sj_zero @threalist
> The idea is that no data comes in; what do you really care if you lose some of the distinctions?
Well MTU isn't really a distinction and AFAIK PPP doesn't fragments packets, that sounds more like something a proxy would do rather than basically network encapsulation.
And yeah for near-air-gap where a bit of connectivity issue wouldn't be much of a problem it's okay. That said at that level I'd use a filtering proxy, or even see if anything can be pushed to a machine with read-only storage with maybe some queries to the machine you want to isolate.
> Like, in general, right?
Yup. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 15:53:28 JST
pistolero
@lanodan @amerika @cjd @h4890 @sj_zero @threalist
> ICMP probably shouldn't be entirely banned though, otherwise you'll get things like MTU issues and miss connection diagnosis (like the various distinctions of destination unreachable).
The idea is that no data comes in; what do you really care if you lose some of the distinctions? Presumably it'd be one point-to-point bridge between the secure broadcast-only network and the external internet.
> And one thing that should also be filtered out is any connection that isn't for your address/subnet,
Like, in general, right? This is about a special case where you want some machines that are not quite air-gapped but you don't want machines outside the network to be able to influence their behavior. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 15:54:03 JST
pistolero
@lanodan @amerika @cjd @h4890 @ins0mniak @sj_zero @sun @threalist I don't know, I mean, :moon: says they just hated Linux and they accepted the Windows CDs he made. I wasn't there. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:03:08 JST
pistolero
@Tony @sapphire @amerika @h4890 @ins0mniak @skylar @cjd @sj_zero @threalist That's my point: you spot shady shit by looking for something unusual. Something happens all of the time and you don't notice. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Mr. Bacon (tony@clew.lol)'s status on Monday, 07-Oct-2024 16:03:09 JST
Mr. Bacon
that's my thinking, the odds of someone conspiring as opposed to just being bored at work, are really low -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:03:10 JST
pistolero
@Tony @amerika @h4890 @ins0mniak @skylar @cjd @sapphire @sj_zero @threalist
> i think gross incompetence is more likely tbh.
Sure, but something happens a few dozen times, right, and the more likely it is that people assume it's just incompetence, the likelier that someone will realize they can use the assumption of incompetence as a cover. -
Embed this notice
sapphire (sapphire@shortstacksran.ch)'s status on Monday, 07-Oct-2024 16:03:10 JST 
sapphire
@p @amerika @Tony @h4890 @ins0mniak @skylar @cjd @sj_zero @threalist there are far more retards in the world than conspirators, even amongst the plutocracy -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:03:11 JST
pistolero
@sapphire @skylar @amerika @cjd @h4890 @ins0mniak @sj_zero @threalist You think it's gross incompetence or money-laundering?
I mean, devil's advocate, right, they compensate you for fraud, that comes out of their FDIC insurance. So you want to pull a $current_year Iran-Contra, you help the people you want to fund perpetrate a massive fraud, FBI issues a warning blaming someone convenient, banks don't give a shit as long as they get their money. -
Embed this notice
Mr. Bacon (tony@clew.lol)'s status on Monday, 07-Oct-2024 16:03:11 JST
Mr. Bacon
i think gross incompetence is more likely tbh.
especially when it comes to computers. boomers gonna boom -
Embed this notice
sapphire (sapphire@shortstacksran.ch)'s status on Monday, 07-Oct-2024 16:03:12 JST
sapphire
@skylar @amerika @p @h4890 @ins0mniak @cjd @sj_zero @threalist meanwhile payment processors are starting to allow 1FA but with SMS and this is supposedly ok -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:03:55 JST
pistolero
@lanodan @amerika @cjd @h4890 @sj_zero @threalist Yeah, that's what was interesting, it's a pathological network topology. So how do you stop a machine outside the network from influencing anything happening inside it? And this solution is this weird topology, so I was thinking how you might do it without specialized hardware like mentioned in https://social.fbxl.net/objects/f67daf44-29c4-487a-9d82-419562ea9c87 :
> there's a device called a data diode which can't be hacked traditionally because it can only send signals outward and not inward. Think of a fiber optic cable where you only have a transmitter on one side and a receiver on the other, or an AM radio -- you can't hack the radio station no matter how you turn the dial on your am radio because the info only moves from the station to your radio.
That's kind of interesting. So you don't *want* the outside network to do anything to your MTU size. Zero incoming information.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 07-Oct-2024 16:11:04 JST
Haelwenn /элвэн/ :triskell:
@p @amerika @h4890 @cjd @sj_zero @threalist Well if you don't trust the MTU part, why would you then trust TCP which had known exploits?
Also for me the equivalent to a data diode is something like an UART link where you do not connect RX and put an actual diode on TX and ground (or even some galvanic isolation, which fiber gives you for free). -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:13:37 JST
pistolero
@sapphire @Tony @amerika @cjd @h4890 @ins0mniak @sj_zero @skylar @threalist I say "Iran-Contra" because of the scale ($2 billion per year, in 1980s dollars) and the perpetrators (the federal government). I don't know why the hell you are rambling about laundromats or saying "I'm skeptical of your claims" when I say doing computer shit for work has not dampened my enthusiasm for doing it in my spare time. I ain't pissed in anyone's breakfast cereal so I'm not the guy that pissed in yours, dude. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:13:38 JST
pistolero
@sapphire @Tony @amerika @cjd @h4890 @ins0mniak @sj_zero @skylar @threalist Sure; that is why I said "a few dozen times". Fewer things hold for something that happens a hundred times than something that happens ten times. As n→∞, what happens to your confidence that this is *never* used as a cover for a money-laundering operation? -
Embed this notice
sapphire (sapphire@shortstacksran.ch)'s status on Monday, 07-Oct-2024 16:13:38 JST
sapphire
@p @amerika @Tony @h4890 @ins0mniak @skylar @cjd @sj_zero @threalist why would you need to use fucking PayPal to money launder when every nigger in niggersville is aready opening car washes, laundromats, and defense contractors -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 16:20:07 JST
pistolero
@Tony @sapphire @amerika @h4890 @ins0mniak @skylar @cjd @sj_zero @threalist
> People are much dumber
I know people are stupid. Iran-Contra wasn't done by idiots, though. The CIA tries *really* hard not to hire idiots. The more idiots there are, the easier it is to blend in with the idiots.
You want to go absolutely anywhere in most cities, you get a dirty jumpsuit and a baseball cap and fill up a shitty truck with landscaping equipment or janitorial supplies. It's not because most janitors are CIA assets, it's because they almost never are.
Interns are almost never there from the military to keep tabs on your organization, so they are usually barely vetted. Sometimes they are there from the military to keep tabs on your organization, though: https://www.theguardian.com/world/2000/apr/12/julianborger .Haelwenn /элвэн/ :triskell: and ✙ dcc :pedomustdie: :phear_slackware: like this. -
Embed this notice
Mr. Bacon (tony@clew.lol)'s status on Monday, 07-Oct-2024 16:20:09 JST
Mr. Bacon
hut you’re taking the smart person approach to this. People are much dumber and think much less critcally than youre giving them credit for -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 07-Oct-2024 16:22:45 JST
Haelwenn /элвэн/ :triskell:
@p @amerika @cjd @h4890 @sj_zero @threalist Or interestingly for once something based on UDP and asserting it one-way with a firewall could be interesting in terms of security, but of course it only works for data you regularly send (like sensor data, logs, …). -
Embed this notice
la creatura (m1ss4ndry@pl.absolutelyproprietary.org)'s status on Monday, 07-Oct-2024 17:14:16 JST 
la creatura
@sun I knew people like this is CS undergrad too, Junior year. Fish of Rage likes this. -
Embed this notice
cjd (cjd@pkteerium.xyz)'s status on Monday, 07-Oct-2024 19:29:33 JST 
cjd
ERROR CORRECTION KILLED THE ANALOGUE STAR 🎵 ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 19:29:34 JST
pistolero
@h4890 @amerika @cjd @sj_zero @threalist Oh, if you're trying to make sure the *receiver* can be confident the data arrived, Hamming did a lot of work on this specific problem. -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Monday, 07-Oct-2024 19:29:35 JST
h4890
@p @amerika @cjd @sj_zero @threalist
I'm sure someone more knowledgeable than me has an answer, but the best I could think of is some kind of statistical approach.
You send the data N times, checksum on the receiving end, and then choose the set with the most matching checksums.
That's still not foolproof though.
In terms of transfer itself, I wonder if choosing some specific technology such as a laser would increase the certainty somewhat over others technologies (without taking
-
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 19:29:36 JST
pistolero
@h4890 @amerika @cjd @sj_zero @threalist I mean, I don't think you can guarantee 100%; whatever mechanism you use would need two-way communication. I mean, you could have it periodically get something through the side-channel. Accept a hash of received packets in sequence, retransmit otherwise through an extremely narrow channel. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 19:29:37 JST
pistolero
@h4890 @amerika @cjd @sj_zero @threalist Yeah, I mean, you just cut the input to do it in hardware. It's just interesting to think about ways to do this because it's such a weird case. -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Monday, 07-Oct-2024 19:29:37 JST
h4890
@p @amerika @cjd @sj_zero @threalist
Yes! Imagine having to send data, one direction only, and making sure with 100% certainty, that all the data got there. You cannot send back any ack or checksums. Another challenge in that situation.
-
Embed this notice
h4890 (h4890@liberdon.com)'s status on Monday, 07-Oct-2024 19:29:38 JST
h4890
@p @amerika @cjd @sj_zero @threalist
Sorry, for this customer, software is not even close to secure enough. =/
-
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Tuesday, 08-Oct-2024 13:30:07 JST
pistolero
@ins0mniak @amerika @cjd @h4890 @sj_zero @skylar @threalist The cloud isn't a physical place.
kamala_cloud.mp4✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Tuesday, 08-Oct-2024 13:30:09 JST
pistolero
@ins0mniak @amerika @cjd @h4890 @sj_zero @skylar @threalist Yeah, LAPD's done it at least twice. Just one global password for the entire dang fileserver still.
LASD, last time I saw, was still logging into their shit using a 5250 terminal emulator. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Tuesday, 08-Oct-2024 13:30:09 JST
ins0mniak
@p @amerika @h4890 @skylar @cjd @sj_zero @threalist Oh that's awsome.
The police department in Michigan where my parents live got hacked, certainly for something just as stupid.
Guy all on the news going "I want to move everything to the cloud, it's safer, everyone is doing it and we won't have to worry about security"
Which tacks on to my effort post about how dumb infosec is lol -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Tuesday, 08-Oct-2024 13:30:10 JST
ins0mniak
@p @amerika @h4890 @skylar @cjd @sj_zero @threalist Is that related to that leak of all those heads hots or whatever it was? -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Tuesday, 08-Oct-2024 20:47:13 JST
pistolero
@amerika @sapphire @Tony @cjd @h4890 @ins0mniak @sj_zero @skylar @threalist
:hst: "You Samoans are all the same. You have no faith in the basic decency of the white man's culture."
Anyway, I'm not so much in the "blank slate" category as you:
> People are computers. Program them with lies like equality and you get paradoxical output but pathologically so.
This is self-contradictory, at least as state. If people were an empty box you could dump culture into, you'd lose your argument against diversity, wouldn't you? I don't think equality's a lie, depending on which you mean. Equality under the law, that the law should be "no respecter of persons" (cough), is reasonable: if it weren't the case, we'd have things like people getting arrested for coke possession while finding baggies of cocaine in the Oval Office, we'd have all kinds of fruity shit going on like presidents and their sons banging kids on islands or groping them on TV. People would be up in arms. The Harrison Bergeron version of "equality" isn't reasonable.
hunterbiden.jpg -
Embed this notice
≠ (amerika@annihilation.social)'s status on Tuesday, 08-Oct-2024 20:47:14 JST
≠
@sapphire @Tony @p @h4890 @ins0mniak @skylar @cjd @sj_zero @threalist
People are computers. Program them with lies like equality and you get paradoxical output but pathologically so.BowserNoodle ☦️ repeated this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Tuesday, 08-Oct-2024 23:37:04 JST
pistolero
@Tony @0 @amerika @h4890 @ins0mniak @skylar @cjd @sapphire @sj_zero @threalist
> usher my family to safety
There is nowhere your family is safe.
teabagging.jpgFish of Rage likes this. -
Embed this notice
Mr. Bacon (tony@clew.lol)'s status on Tuesday, 08-Oct-2024 23:37:05 JST
Mr. Bacon
> be in public
> crazy girl randomly shouts
> something about NPCs and code and people running code
> get nervous
> usher my family to safety -
Embed this notice
≠ (amerika@annihilation.social)'s status on Tuesday, 08-Oct-2024 23:37:06 JST
≠
@p @Tony @h4890 @ins0mniak @skylar @cjd @sapphire @sj_zero @threalist
> The Harrison Bergeron version of "equality" isn't reasonable.
True but all egalitarian thought always devolves to that
> Equality under the law, that the law should be "no respecter of persons" (cough), is reasonable
Except that now the law gets to determine what is "equal."
> If people were an empty box you could dump culture into, you'd lose your argument against diversity, wouldn't you?
I never said they were blank slates, simply that they can be programmed with crazy ideas. Shouting "fire" in a crowded theater is the best example. -
Embed this notice
0 (https://pl.absolutelyproprietary.org/users/0)'s status on Tuesday, 08-Oct-2024 23:37:06 JST 
0
@amerika @Tony @p @h4890 @ins0mniak @skylar @cjd @sapphire @sj_zero @threalist
"If people are just NPCs, why aren't they running your code."
I've shouted this when I figured it out. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 09-Oct-2024 01:45:02 JST 
Phantasm
@ins0mniak @amerika @p @h4890 @cjd @sj_zero @threalist
>Garbage distros like kali or parrot have a lot of automated tools that people will use and not exactly understand, so it's a point and fire situation. I mean if you can't set up your own box that you're fucking useless.
Can confirm. Kali/Parrot are only useful when you want to check your own setup for some common vulns. The tools included are too noisy in a production environment if you don't know what you are doing. And it's utterly unusable for red team purposes as Metasploit and similar will get instantly flagged by any AV that barely does it's job.
I once had to deal with a security auditor that the management contracted for some penetration testing. Gave him a list of IPs and hostnames to check. Not even 10 minutes later he decided it would be a great idea to launch a port scan on multiple IPs.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
djsumdog (djsumdog@djsumdog.com)'s status on Thursday, 10-Oct-2024 02:25:49 JST
djsumdog
It's a double edge sword. Not having good food regulations and labeling leads to the situation in China. I had a Chinese roommate when I lived in Australia who said a lot of meat had filler or was injected with water so it looked fresh when it wasn't. Look up Chinese "Gutter oil" too.
But you're right, regulations are also use to squash out competition. It also keeps people who want to buy questionable things, like raw milk products, from being able to accept the risks and doing so. At the same time, fat retard law-tuber Barnes is defending Amos Miller, an Amish farmer whose raw milk has gotten people sick. The state has even tried to work with the guy to decontaminate his tanks, but he just ignores them and keeps selling.
And in the US, the food industry has lobbied against labeling GMO food. So unlike many places in Europe, you can't tell if a food comes from genetically modified crops by the packaging. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Thursday, 10-Oct-2024 02:25:51 JST
≠
@toiletpaper @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
I find regulations really destructive, generally, since they are a shield against legal liability and therefore take over management thinking. -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Thursday, 10-Oct-2024 02:25:51 JST
h4890
@amerika @djsumdog @p @cjd @Leyonhjelm @toiletpaper @sj_zero @threalist
I find that most regulations today is to either increase government power, or, it is used by corporations in teh form of regulatory capture in order to block new entrants from the market.
That's why deregulation is to abhored by politicians. It weakens them. But when it is tried, usually in a country that has tried everything else first, the results are amazing, and quickly hushed up by the rest of the world.
-
Embed this notice
≠ (amerika@annihilation.social)'s status on Thursday, 10-Oct-2024 02:25:52 JST
≠
@toiletpaper @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
Interesting. To me it seems simply to be a jobs program at this point. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 02:25:52 JST 
⚡Lord of Misrule⚡
@amerika @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
Possibly. It used to be that anyone concerned with Infosec or Appsec would quickly find their job being downsized just for mentioning it. I had that issue at more than one employer where their code was as secure as a wet paper bag and I got anything from a condescending head-pat to a swift boot in the ass for opening my mouth. It was more rare for any execs to give a shit whatsoever unless they had to demonstrate compliance with HIPPA, PIPEDA or such. Even then, it was typically the bare minimum. At least there are nominally infosec jobs/budgets which exist now. Whether most of the amount to anything is another question. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Thursday, 10-Oct-2024 02:25:53 JST
≠
@h4890 @p @cjd @sj_zero @threalist
@djsumdog
@Leyonhjelm
It's a non-profit site on infosec topics, not designed to make money, but needs an infusion of energy. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 02:25:53 JST
⚡Lord of Misrule⚡
@amerika @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
First thing that comes to mind is "caveat emptor" given arguably the majority of projects related to infosec these days are actually just honeypots created with fed money to con privacy/anonymity oriented people into giving up both in exchange for a supposed free lunch. Either that or security theatre designed to part fools from their money. Plus everyone I've heard from in the pen-testing community tends to agree that security auditing is just a way to check a box on the marketing hype, and 9 times out of 10 the same problems are cited year after year with jack squat ever done to resolve them. $0.02 -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Thursday, 10-Oct-2024 02:25:54 JST
h4890
@amerika @p @cjd @sj_zero @threalist
Interesting. Are you coming at it from a marketing perspective? What is the audience of the text, and the purpose of the website?
I think if you could provide a bit more detail, perhaps it would be easier to come up with some ideas.
-
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 02:33:14 JST
⚡Lord of Misrule⚡
@amerika @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
> With info security, we have to assume attackers both foreign and criminal.
Of that I have zero doubts. I'm not an infosec professional (at least not on paper), but I do routinely get both a chuckle and a shudder when I review my server logs on a daily basis. -
Embed this notice
djsumdog (djsumdog@djsumdog.com)'s status on Thursday, 10-Oct-2024 02:33:14 JST
djsumdog
You probably know more than most "professionals" ... I've turned down two infosec jobs in the past. For one they waited 2 months to get back to me and I had already taken another offer as a dev, and with another it was an internal position I didn't even want, but they convinced me to apply just because I posted something in Slack about going to Defcon. (The position looked bad; they had no security developers and desperately needed one to script a lot of their manual log analysis .. paid less than my dev role at the same company. Hard pass).
I got drafted into one security team at a consulting company, for only one day a week (priorities right?) and it ended up being mostly scripting update tools and checklists.
Ever security team at other companies I've worked with were always borderline incompetent. Because of that, their relationship to developers was almost always adversarial. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 02:33:15 JST
⚡Lord of Misrule⚡
@h4890 @amerika @djsumdog @p @cjd @Leyonhjelm @sj_zero @threalist
In economic terms that seems to be true, but I wouldn't let the modern right-wing off the hook or characterise them as any more "educated". If anything it's the reverse. The left are stupid because their relative over-education gives them undue conceit in the correctness of their opinions/indoctrination.
Speaking from personal experience, most of the right-wingers I've spoken to are out to lunch. They can't claim to have critical thinking skills while grovelling towards a character from a 2,000 year old pseudohistorical fantasy novel, and constantly knob gobbling zionist cock. But at least they don't buy into the commie shit. They have that much going for them.
When it comes to the OP (infosec) however, they're usually first to jump on the bandwagon of reducing data security if the subject get's linked to "criminalz" or "wutabout the childrens" or some other laughable but tried and true transparent manipulation used by political hacks to erode basic human rights. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Thursday, 10-Oct-2024 02:33:15 JST
≠
@toiletpaper @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
With info security, we have to assume attackers both foreign and criminal. -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Thursday, 10-Oct-2024 02:33:16 JST
h4890
@toiletpaper @amerika @djsumdog @p @cjd @Leyonhjelm @sj_zero @threalist
Yes, this is the truth. The left always fear well educated people with critical thinking skills.
The reason is that their ideology and politics have been disproven numerous times by science and history.
Only if people are kept from educating themselves, will they allow themselves to be tricked by the left again and again and again.
-
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 02:33:17 JST
⚡Lord of Misrule⚡
@h4890 @amerika @djsumdog @p @cjd @Leyonhjelm @sj_zero @threalist
> That's why deregulation is to abhored by politicians.
Also why the left loves having the commie agenda pushed in schools, since anything involving deregulation is automatically smeared as "capitalist". Because useful idiots are useful. -
Embed this notice
djsumdog (djsumdog@djsumdog.com)'s status on Thursday, 10-Oct-2024 02:35:37 JST
djsumdog
I am for smaller government: no EU .. people say smaller nations can't scale. I think they'd scale more slowly, and when they do so, it will require more open standards and interoperability (not just with tech, but laws, procedures, etc.)
I think you'd eventually still get confederations across small countries for things like food safely and regulation, and would see corruption grow there, but it would still be an improvement over mega-states. -
Embed this notice
cjd (cjd@pkteerium.xyz)'s status on Thursday, 10-Oct-2024 02:35:38 JST
cjd
Let the states handle it. The smart ones will set an example and the dumb ones will eventually copy it. -
Embed this notice
?? Humpleupagus ?? (humpleupagus@eveningzoo.club)'s status on Thursday, 10-Oct-2024 18:26:18 JST 
?? Humpleupagus ??
It's the state. If you can't agree, it will decide for you. 🤷♂️ -
Embed this notice
≠ (amerika@annihilation.social)'s status on Thursday, 10-Oct-2024 18:26:19 JST
≠
@toiletpaper @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
"Like every family operates on a communal basis with shared property and so on."
Does it? Here's what I've learned about shared property: as soon as there's a disagreement, you will find out who really owns it. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Thursday, 10-Oct-2024 18:26:20 JST
≠
@toiletpaper @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
https://www.garretthardinsociety.org/articles/art_tragedy_of_the_commons.html
Just FYI
Big point is that things which are not owned get exploited too
IMHO exploitation of resources is held in check by the following:
* Culture
* Aristocrats
And lack of ownership results in Communism and equal poverty. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 18:26:20 JST
⚡Lord of Misrule⚡
@amerika @djsumdog @p @h4890 @cjd @Leyonhjelm @sj_zero @threalist
I think you're right to cite "culture", but I'm not so sure about "aristocrats". Seems Platonic. Communism on it's own isn't really a problem for me. Like every family operates on a communal basis with shared property and so on. On a small scale, not only does it work, but it's the status quo from time immemorial. It's only when it expands to the level of a state government and is forced on people that it tends to go sideways. My personal favoured theory follows on the ideas expressed by Elinor Ostom in "Governing the Commons". That has a basis in reality that demonstrably works and has worked in some cases for millennia, without falling into the trap of the black & white capitalism vs socialism false dichotomy. -
Embed this notice
⚡Lord of Misrule⚡ (toiletpaper@shitposter.world)'s status on Thursday, 10-Oct-2024 18:26:21 JST
⚡Lord of Misrule⚡
@h4890 @djsumdog @amerika @p @cjd @Leyonhjelm @sj_zero @threalist
I was thinking yesterday about how "the market" also succumbs to a "tragedy of the commons". The classic prototype is a public field shared by a bunch of cattle ranchers who have incentive to put as many cattle of their own on the field as possible to maximise profit, lest their competitors do so instead. Ultimately the field can no longer sustain the herds and the whole system collapses.
But this is functionally identical to corporations which try to maximise profit by screwing everyone over for the smallest margin. The end result is the externalisation and destruction of the planet at the expense of everyone but the executive class and shareholders. Ultimately it's unsustainable, the market collapses, and everyone loses.
So in effect, the argument for the current form of market capitalism suffers the exact same problem that capitalists like to point the finger at socialism/communism for. I'm not sure what the solution is, but just lobbing another libertarian market utopia at it doesn't strike me as a viable option. At least not unless it can address that demonstrable reality. -
Embed this notice
h4890 (h4890@liberdon.com)'s status on Thursday, 10-Oct-2024 18:26:22 JST
h4890
@djsumdog @amerika @p @cjd @Leyonhjelm @toiletpaper @sj_zero @threalist
The market can also handle food regulations, because poisoning and cheating your customers is extremely bad business practice.
Over time, the market would produce better quality food, not worse, when the cheaters and poisoners would be found out and boycotted.
-
Embed this notice
All GNU social JP content and data are available under the 
