tmsr - Search: a

162200+ entries in 1.169s

mircea_popescu: case exactly mirrored by freenode : about a year after they lost at least one server to what appeared like quite the nsa, and promising a full investigation, nothing's been released.

mircea_popescu: "More than two years after unknown hackers gained unfettered access over multiple computers used to maintain and distribute the Linux operating system kernel, officials still haven't released a promised autopsy about what happened."

mircea_popescu: cazalla shit i was doing a very old log lol.

assbot: Logged on 28-02-2015 01:55:22; cazalla: so i made a bitbet under the influence and couldn't fund it until later, i assume 0 conf address listed for it in /propositions/ is the address of which i need to fund?

mircea_popescu: was kinda slow/suffering for a while. seems ok now.

mircea_popescu: mats http://upload.wikimedia.org/wikipedia/commons/thumb/2/26/Girl_volunteers_of_the_People's_Self-Defense_Force_of_Kien_Dien%2C_a_hamlet_of_Ben_Cat_district_50_kilometers_north_of_Sai_-_NARA_-_541865.tif/lossy-page1-250px-Girl_volunteers_of_the_People's_Self-Defense_Force_of_Kien_Dien%2C_a_hamlet_of_Ben_Cat_district_50_kilometers_north_of_Sai_-_NARA_-_541865.tif.jpg << check out that grip.

mircea_popescu: http://upload.wikimedia.org/wikipedia/commons/7/73/South_Vietnam_Map.jpg << such a lulzy map.

LC^: mircea_popescu: thx for answering my questions so far. I have to jump on a call, but if I decide to go ahead with an article on this and have additional questions I'll look for you around here.

mircea_popescu: clicking on cat pics, and derping about what zoe whoever said about imaginary feminist issues is a waste of one's youth.

mircea_popescu: it's already underway. but, the more the merrier. this is the sort of thing where one can make a difference.

LC^: so do you expect your findings to inspire such a hunt?

mircea_popescu: adlai i would guess something between 50 and 100 BTC's worth of S.NSA engineer's time, and maybe a few months-box worth of hardware.

mircea_popescu: we might consider publishing the "harmless" keys, but for one thing i am not altogether convinced they're so harmless, and for another, much more interesting would be a hunt for diddled php implementations.

mircea_popescu: the case of hpa was exceptional because at the time the lightning struck (and understand just how unlikely the event we had on our hands this morning was), a call had to be made.

mircea_popescu: there's been a total of three pairs, so six total keys to date. i have little doubt that as the program progresses through the list, more will be found. generally, the idea is to discuss this with the owners and them only.

adlai thinks a better question could be, "just quite how little human and computer labor did this experiment take?"

LC^: how many keys have you found so far? do you plan to disclose the owners of the other keys that are similar to hpa's? it doesn't seem to be a big risk there for the owners

mircea_popescu: how often have you moved a file across the tubes ? how often did it have a magically changed byte ?

mircea_popescu: understand, opsec is extremely weak all over. including among supposedly experienced hackers. so, a simple scenario : guy with owned userland gpg sends secret info to hpa, it is magically encrypted to wrong key, email sniffed en route, secret is now known, but only to the people knowing what to look for. hpa responds with something like bad key, guy re-encrypts it and resends it.

mircea_popescu: especially amusingm, the "key was damaged in transit" one. people p2p HD movies all day, nobody's seen this. gpg data moves around as archives - try flipping a byte in an archive see if you can stil lget the content. etc.

mircea_popescu: this, of course, is not the only mechanism that would allow such a key to exist. nevertheless, alternative explanations border on the risible.

mircea_popescu: but it is a theory - until someone produces such a diddled implementation it stays a theory.

LC^: I see, so the key would serve as an exploit of sorts or a trigger

mircea_popescu: if however his pgp implementation is compromised in a specific way, the wrong key on the server may very well be the magic packet, causing it to behave in an unexpected - and not otherwise detectable - manner.

mircea_popescu: with a correctly working pgp implementation, the user connects ot a sks server, discards the wrong key and proceeds as expected.

mircea_popescu: one of the more interesting constructions as to the possible intended uses is, a tandem arrangement. it would work like so :

mircea_popescu: there is at least one key with a p over nine digits.

LC^: or are there indications that they've been generated by a broken generator

LC^: I'm a journalist. I shared my identity via privmsg.

asciilifeform: mircea_popescu: it's a screenshot image, linked in a trilema article

mircea_popescu: worth a test.

mircea_popescu: hmm, anyone has a ready link to the discussion of the reddit deleting the blockchain thing because they had so much fucking consensus it ended up imploding under their feet ?

asciilifeform: they must employ the residents of a home for the profoundly retarded

mircea_popescu: asciilifeform notice that idiots are doing their pressing. "If I wanted to poison HPA with a fake key, why would I create a degenerate one? A fake key with strong factors would have gone unnoticed, at least by this analysis"

asciilifeform: the mis-spellings are a deliberate trollage, or what.

asciilifeform: 'During that time, attackers were able to monitor the activities of anyone using the kernel.org servers known as Hera and Odin1, as well as personal computers belonging to senior Linux developer H. Peter Anvin. The self-injecting rootkit known as Phalanx had access to a wealth of sensitive data, possibly including private keys used to sign and decrypt e-mails and remotely log in to servers. A follow-up advisory a few weeks lat

asciilifeform: barbaric but reasonably resilient (herder would hardcode several boxes to act as irc servers, several controlled by himself normally and a few reasonably lax public irctrons)

asciilifeform: 256 clients all with just a number as name... << SOP. one (at least formerly common) botkit which did this was 'athena.' many others likewise.

assbot: Logged on 18-05-2015 01:35:23; justJanne: Sometimes when I get DDoSd I run nmap against the attacking servers, one time I found a small IRC server with only one channel, in which were 256 clients all with just a number as name, and one other client sending specific commands every few minutes

assbot: Logged on 12-05-2015 22:05:41; mircea_popescu: "here i sit in a prefab vinyl siding plebhousing unit, burning a 50 dollar bill" ?

mircea_popescu: http://log.bitcoin-assets.com/?date=18-05-2015#1135769 << what, pray tell, is a ticky tacky. ☝︎

assbot: Logged on 18-05-2015 00:14:21; ben_vulpes: trying out a new fried chicken joint

mircea_popescu: it all stems from a very funamental confusion as to what things are andwhat technology can do. the idea being that technology = magic, and so it can change the nature of things. take marketplaces, which are by nature centralizing, and magic them into being decentralising. meanwhile irl, technology works to increase quantitatively, not to alter qualitatively.

mircea_popescu: having a central (marketplace = central) for it is about as stupid as fire extinguishers loaded with gasoline.

mircea_popescu: i have my doubts if you could get a decent definition of the notion of number from one in ten us graduates.

mircea_popescu: yeah, but you went to a good school.

mircea_popescu: you gotta appreciate, a compsci student in the us is a guy that's too autistic to deal drugs.

justJanne: A CompSci student.

mircea_popescu: <justJanne> BingoBoingo: Yes — remember, I use no Google services, and modified half of the apps on my phone myself. << o.O what are you, like a hacker ???

mircea_popescu: cazalla the masochist and the terrorist. should be a book.

williamdunne: I'll eventually create another key offline which I'll use as a master or summin

assbot: Request successful, get your OTP: http://w.b-a.link/otp/5844d86bdf7b9395

williamdunne: Yes, I'm a peasant that does that

danielpbarron: there is no "auth with assbot" and all actions come with a OTP

assbot: Logged on 18-05-2015 03:27:04; assbot: Request successful, get your OTP: http://w.b-a.link/otp/90180887373ba656

mats: fwiw i use a smartphone too, the point being rammed here is that you don't really have an expectation of security.

justJanne: The ISP I'm using was started by a few people from the CCC, so from that side not too high of a risk.

decimation: yeah how is something 'encrypted' on a website that isn't under your control?

assbot: Request successful, get your OTP: http://w.b-a.link/otp/90180887373ba656 ☟︎

decimation: btcg: sure, just make a new one

danielpbarron: >> My aim is to fight mass surveillance. I write code to fight for our human right to privacy. I want to create a cloud service which is so easy to use and so secure that it locks out all the spies. We really deserve it. << lol

btcg: now i need a vote?

assbot: Searching pgp.mit.edu for key with fingerprint: F4DE6DF4EB8BA2DAAD8D14A5B0045BC902AC1559. This may take a few moments.

assbot: That does not seem to be a valid fingerprint.

midnightmagic: mircea_popescu: Mediocrity is a natural result of psychopathic and sociopathic inroads. The moment upper management ceases to directly observe their employees, the result is the most convincing-sounding people's voices become the most relied-on. Convincing-sounding is not the same as accurate/informed.

williamdunne: So someone on the send section here: http://w.b-a.link/user/assbot

williamdunne: To get perma voice you need to be in assbots L2 - so you need a rating from a lord

mircea_popescu: adlai i suspec assbot is a little tired.

justJanne: A local server you can put in your own data center. It can operate even separate from the web.

assbot: Logged on 17-05-2015 23:07:10; trinque: DreadKnight: doing the ad-supported thing is a loss leader at best; you have to be able to burn money until your audience is large enough to merit being paid for the # of eyeballs

justJanne: As a large company you can get Google Apps as a box.

adlai: (a reporter writing about 'accidentally' carrying a multiple-inch blade onto an airplane damages airplane security far, far less than the security practices that let it through)

assbot: Logged on 17-05-2015 23:00:52; decimation: there are clearly people on hacker news who are enemies of #b-a

mircea_popescu: http://log.bitcoin-assets.com/?date=17-05-2015#1135608 << everywhere someone hopes to get something for nothing and figures govt's the answer to that quandry there's an enemy of b-a. amusingly, this boils down to really very few people and traceably so. ☝︎

justJanne: Actual security is sadly a thing that doesn't exist in critical places.

mircea_popescu: "[1] He's been scraping the profiles of young women (specifically) and posting links, names, and hometowns on his blog. Yes, as technologists, we know that this kind of indexing is trivial. That's no reason, as a decent human being, to terrorize innocent people."

justJanne: Read the report on OpenSEL by the OpenBSD guys. It's a whole new level of WTF

justJanne: With a very bad RNG, it would tell you 2 is prime.

justJanne: decimation: that's true. RSA keygens use a probabilistic prime test.

assbot: Logged on 17-05-2015 22:57:59; DreadKnight: we have a saying around, going something like "you drawn like the gypsy near the shore", meaning overall that you failed in the last few steps

decimation: it's in the comments of that article that replaced yours on hacker news https://blog.hboeck.de/archives/872-About-the-supposed-factoring-of-a-4096-bit-RSA-key.html

decimation: heh yeah lemme find a link

mircea_popescu: jeez how the world changes in a coupla hours based on what's said in b-a log, you'd think we're talking to gavin-the-handpuppet & co.

williamdunne: justJanne: I'm pretty sure a 55 yo Pittsburgh steel mill worker would have the connections to get one of those there fancy emails

assbot: Successfully added a rating of 1 for justJanne with note: 55 yo Pittsburgh steel mill worker posing as 19 yo girl on the interwebs.

assbot: Request successful, get your OTP: http://w.b-a.link/otp/3ce24e592e5d8bcf

williamdunne: You need a lord to do that

justJanne: Meh, too lazy to copy it from my other PC, I’ll just make a new one and sign it with my old key later

decimation: justJanne: Someone compiled a list of ips that originate dos'er

decimation: justJanne: no problem, make a new subkey or extend the date

justJanne: but yeah, I was kinda surprised, would have assumed they’d put the control for the botnet on a different system

williamdunne: Guessing for some reason they thought it would be a swell idea to use the IRC server for additional DDoS power?

assbot: Logged on 06-01-2015 01:32:50; asciilifeform: svetlana: i got a massive packet dump, and so has kakobrekla

assbot: Logged on 08-12-2014 17:59:30; asciilifeform: incidentally, if anyone bothered to read the packet dump i posted a while ago, they should know that the ddos bot uses misconfigured consumer routers (upnp reflection)

justJanne: Sometimes when I get DDoSd I run nmap against the attacking servers, one time I found a small IRC server with only one channel, in which were 256 clients all with just a number as name, and one other client sending specific commands every few minutes ☟︎

assbot: 7 results for 'from:fuddos' : http://s.b-a.link/?q=from%3Afuddos

assbot: 204 results for 'fivezerotwo' : http://s.b-a.link/?q=fivezerotwo

adlai: is it an altcoin? is it a bubble? no, it's driveby moderation: http://hnrankings.info/9560790/

BingoBoingo: justJanne: Yeah, just anyone without a freenode cloak who joins when their spybot is online here to pull the trigger

mats: he's doing us a favor.