asciilifeform: ( the last time i mentioned him on the air -- he actually showed up! in pm! to whine re how cruelly he is libelled, how he was Never A Stooge, etc. snoar. )
asciilifeform: in other strange, '4-year-old male white rhino who was slaughtered this week inside his enclosure at a zoo outside Paris. The rhino — discovered by his keeper at the Thoiry Zoological Park on Tuesday — now holds the ominous distinction of likely being the first rhino to be killed by poachers inside a zoo, experts said.'
asciilifeform: conflicting data re seekrit heathen pits, noose at 11
asciilifeform: they suure luvv anime bois tho. apparently.
asciilifeform: and , years later, ended up briefly labouring in a butugychag full of ex-nsa folx, who confirmed, they dun like ethnic untermenschen there
asciilifeform: briefly upstack: as i once described, many years ago asciilifeform actually tried to sign up for nsa! was , unsurprisingly, turned down ( you get a ream of paper even if turned down! )
asciilifeform: mircea_popescu: sweeping a floor for beloved comendante hasta y por la siempre, as gurl does, is quite different from sweeping floor for salary from hitler. even if same broom and same floor somehow.
asciilifeform: mircea_popescu: that's rather like to say that fucking same gurl vs fucking hole in a muddy tree trunk, 'is the same'
asciilifeform: commuting to and sitting in butugychag is a mega-difference
asciilifeform: in asciilifeform's mental calculus, it sure does
asciilifeform: 'IOC/ECG's Advanced Forensic Division (AFD) performed an analysis of Hive version 2.5 network communications to assess its likelihood of detection.The results of this analysis are found in document AFD-2012-0973-2. In summary, AFD was able to create signatures for DNS, ICMP, and TFTP triggers; found that the TCP and UDP triggers did not adhere to their respective protocol standards; and further found that the TCP and UDP triggers eac
asciilifeform: document also of slight interest in re discussion of ntp, and issues of time synchronization in general. apparently unsolved problem for usg just as well as for victims.
asciilifeform: or any matches. If a match is found the packet is assumed to be a TCP replay and is dropped.'
asciilifeform: sl/include/polarssl/ssl.h is extended to include the session _checksum, tool_id, use_custom, and xor_key. The data contained within this packet is constant with the exception of a time stamp taken from the real-time clock and a few bytes of random data. A CRC checksum is computed from the entire packet and is included with the HELLO packet. When Blot receives this packet, it checks the CRC searches a list of previously seen packets f
asciilifeform: 'Hive beacons were designed to work with the Blot proxy (developed by Xetron). Blot looks for a tool ID embedded in the HELLO packet of an SSL session initiation. If the ID is found, then it forwards the packet to the tool-handler, otherwise it is sent to the cover server. The tool ID is embedded in the HELLO packet using the embedData function defined in …/polarssl/library/loki_utils.c. The SSL data structure defined in …/polars
asciilifeform: hile she is listening to music, the tool will execute the survey and a prioritized file collection. All collected data will be stored to the root of the removable media it is executing from. When the asset next meets with the case officer, the thumbdrive is retrieved and the collection is processed. '
asciilifeform: 'RainMaker v1.0 is a survey and file collection tool built for a FINO QRC operation. IOC/FINO is looking to expand asset-assisted operations. The intended CONOPS involves using an asset to gain access to a target network. The asset has the ability to plug in a personal thumbdrive to the network. In this scenario, the asset will have "downloaded" the portable version of VLC player (2.1.5) and will listen to music during work hours. W
asciilifeform: actually nearing the bottom of this barrel
asciilifeform: ( from the docs of the active ios9+ browser driveby-with-arbitrary-payload. which hopefully surprises nobody )
asciilifeform: so added a couple of new members and changed some sizes in the struct scheme.These are fairly trivial to reverse but comparing each function in a disassembler with the Tiny Scheme source version. Apple uses Tiny Scheme to create a vector of sandbox rules that it then converts to a compiled sandbox profile....'
asciilifeform: 'Apple seems to have taken version 1.38 of the Tiny Scheme project (available online, google it or check workshop output) and modified it a little. Most modifications are fixes for the most obvious bugs in the program: changing sprintf to snprintf and adding some more size checks but they have not fixed everything. In fact, they haven't even bothered keeping up with the Tiny Scheme project, which is now on version 1.41. Apple have al
