tmsr - Search: " T"

422100+ entries in 0.268s

phf: i think that's the biggest advantage NSA has incidentally, because they can print money, they can probably just spin up a team for every single "core dump on a funny input" and bring it to a point where it'll successfully eat a shellcode. older salaried reversers simply don't have time or desire for that sort of stuff. that's in software world anyway. ☟︎

mats: just shrinking the attack surface a bit.

mats: there is no systematic solution to be had ☟︎

assbot: Fuck Everything, We're Doing Five Blades - The Onion - America's Finest News Source ... ( http://bit.ly/1IKQ5Er )

phf: i dunno, i think people sit on a lot of denial of service, but developing that to a working exploit takes time and unhealthy level of juvenile ocd.

asciilifeform: a simple calculation shows that - unless one is extraordinarily lucky - the effort which goes into finding a typical vuln, vs the typical 'bug bounty' offered by, e.g., microshit, works out to approximately u.s. minimum wage.

asciilifeform: and/or do not want to give aid and comfort to usg.

asciilifeform: because they are not 19

asciilifeform: the point i was trying to make is that: i hypothesize that the '0day market' consists very largely of folks who are sitting on 0day and not 'marketing' at all ☟︎

asciilifeform: it is virtually always the same kind of thing.

asciilifeform: but occasionally read the slides, at the instigation of colleagues and various other folks

asciilifeform: for the record, i have never attended such an event

phf: c solutions that address problems at the core

phf: when was that exactly? because i stopped following infosec in 2003 (i think last toorcon i've been to was 2005) and looking at it now not much has changed. the releases are definitely a lot less interesting, because of the 0day market, but when i ragequit it was the same shit. weak releases by pushy guys in faux military gear as a norm, occasional interesting stuff from the usual suspects and practically negative desire to come up with systemati ☟︎

asciilifeform: BingoBoingo: the way it presently works is that the seller is at the total mercy of the buyer. disposable 19y.o. puts up with this because he is fucked in the head. a grown man - typically - does not

asciilifeform: also fewer 'eiffel towers built of matchsticks' - elaborately labyrinthine 'rube goldberg' machines, like the last third of that slide deck, which ultimately sum to 'i read a 486 manual taken from a dumpster'

asciilifeform: phf: there was, at one time, considerably less flavour of scammitude and in-your-face lying

phf: i think you have higher expectation of what should be coming out of security conferences. toorcon, schmoocon, defcon, blackhat (though i always though bh is like a grownup version) always seemed like a poc||gtfo in a face-to-face with beer format

asciilifeform: it isn't even because i expect to meet up with folks who pay the 'fair price' at some future time,

asciilifeform: where plenty of folks just sit on the goods, 'because fuck you'

asciilifeform: but what they have really succeeded in is creating a 'fuck-you market'

asciilifeform: while giving the goods away for almost nothing

asciilifeform: where thousands of disposable 19-year-olds fight for a chance to publicly measure their cocks

asciilifeform: vendors want the 0day market to be a 'tournament market' ☟︎

BingoBoingo: <asciilifeform> BingoBoingo: ... if you find it you can sell it. << not quite. i, for instance, can't sell it << You have well founded suspicions of what happens to the unannoited who sell

asciilifeform: phf: except that my fucking ~~~486~~~ reference manual describes smm

BingoBoingo: Seems people finally got the memo that if you find it you can sell it.

phf: asciilifeform: i think that's a standard blackhat fair. i think the useful part is another cubbyhole to put rootkit fallback hooks, but it's presented like an earth shattering revelation, because

asciilifeform: BingoBoingo: one reason for this change is that ~actual~ exploits are (or are at least now thought to be) worth money.

BingoBoingo has a feeling asciilifeform could be the entire speaker slate at blackhat with things known since time immemorial. A few years ago I thought things being presented were novel. Now I look at the program and see loads of snore.

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1237135 << so, i read the slides. 1) 20MB powerpoint pdf turd?!!! wtf, people. 2) the picture which implies priv escalation is disingenuous. there is, just as i said earlier, no esclation. you gotta be in ring0 to move the apic window. NONE OF THIS SHIT WAS SECRET, how did they even get a talking slot at 'blackhat' ? ☝︎

pete_dushenski: and with that, i'm off to have my weary joints and hulking muscles massaged good and proper. adieu !

assbot: Borat's Guide to Britain - YouTube ... ( http://bit.ly/1NsRT69 )

asciilifeform: anyone still remains who tried to build rotor, but could not ?

pete_dushenski: haha thanks :D

assbot: Logged on 13-08-2015 14:44:54; pete_dushenski: shinohai: wonder of wonder, miracle of miracles, i took rotor by the hand, turned him around and - miracle of miracles - led him to the promised land !

assbot: Intel doubles its bounty for women and ethnic minorities • The Register ... ( http://bit.ly/1NsR4u7 )

asciilifeform: where the cpu needs to do a certain brief chore in an os-agnostic way

phf: seems reminiscent of bios virii from back then. "if you boot this floopy..! well, no shit"

asciilifeform: pete_dushenski: the typical application for smm is items like the screen brightness keys found on laptops

asciilifeform: the apic thing is also a snore, in the sense of NO SHIT anything that sits on the bus can read from arbitrary physical ram

pete_dushenski: "So Domas looked through Intel's sample SMM code, which is provided to firmware vendors to bake into motherboards. It turns out that pretty much all vendors use Intel's template SMM code."

asciilifeform: (ring0 code can still trigger smi by writing particular vendor-specific magic to the southbridge, but this is in no sense a vuln)

asciilifeform: likewise you can turn off all sources of smi (system managament interrupt) that put the machine in smm handler to begin with

asciilifeform: if you run coreboot (aka linuxbios) you get to put whatever the fuck you want in smram ☟︎

pete_dushenski: asciilifeform: so amd is no cure for this nonsense ? and i'm guessing ppc is in the same boat ?

pete_dushenski: "When the Pentium Pro (a P6 family chip) arrived in 1995, Intel allowed kernel-level developers to reprogram the local APIC so that it would appear elsewhere in physical memory. This was handy for moving the local APIC out of the way of low-level software that expected to use that high 0xFEE00000 address for something else."

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1237119 << howling idiocy. smm has been in the official docs, from intel and amd both, since 486. ☝︎

pete_dushenski: "old intel products like all old computing hardware is unsafe at any speed. please to upgrade to latest blackbox for maximal safety and suckoority"

pete_dushenski: "The good news is that Intel spotted the howler in its processor blueprints, and corrected the issue: chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected. " << highly suspicious

pete_dushenski: if this doesn't have you hunting the local classifieds for amd opterons and fxes, i dunno what will

assbot: Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it • The Register ... ( http://bit.ly/1NsN0tX )

punkman: where;s that from

pete_dushenski: "Thanks for your support! Please drive to E.Bumfuck, Ontario on Tuesday between 2 and 3 pm to make a donation, where we accept Disneyland Tickets or Hershey Park rain-date vouchers."

pete_dushenski: "Imagine for a second that you see a great street juggler. He deserves a token of your appreciation. However instead of putting a hat out, he puts a sign up:"

thestringpuller: did anything come of this? http://log.bitcoin-assets.com/?date=08-01-2015#969761 ☝︎

pete_dushenski: !up thestringpuller

pete_dushenski: it may go back to the 2-3 per week it was in its first ~6 months before it ramped up to the current 4-5 per week

pete_dushenski: funkenstein_: i imagine that contravex posts will either become shorter or slightly less frequent, but we shall see

pete_dushenski: ;;later tell williamdunne can we see about having frass.woodcoin.org to scoopy's roster ? please and thanks

assbot: Jazz Jennings - Wikipedia, the free encyclopedia ... ( http://bit.ly/1NsKh3u )

funkenstein_: frass.woodcoin.org <-- another place I display my ignorance from time to time

funkenstein_: I am hoping you will still be able to contravex us regulary even with new arrivals :)

assbot: Logged on 01-08-2015 15:05:18; scoopbot_revived: Short Term Update: headed to $255 https://btctrading.wordpress.com/2015/08/01/short-term-update-headed-to-255/

pete_dushenski: from what i recall of it, i'd much rather read funkenstein_'s writings than this junk http://log.bitcoin-assets.com//?date=01-08-2015#1220877. as prophetic as this bit of ta was ☝︎

funkenstein_: I've been busy but got several pieces started and torn up ;)

pete_dushenski: we never had it added to scoopbot_revived it seems.

funkenstein_: perhaps in some way similar to simply passing around a massive virtual machine file (yes I'm fishing for a correction on this) ☟︎

pete_dushenski: funkenstein_ speaking of nothing, are you still blogging much ? and what was the name of your site again ?

funkenstein_: I must say the rotor is a software release like no other I have seen, yes very deterministic

funkenstein_: wow that looks like a mega-review, consistent with his recommendation for book reviewers linked earlier :)

pete_dushenski: cool. i'm currently wandering through 'inside the whale'

funkenstein_: from the orwel series

pete_dushenski: funkenstein_: who's the author of this quote ?

pete_dushenski: ;;later tell mod6 'tevye' the debian 7 rotor lives !

pete_dushenski: funkenstein_: lol cheers. i'm sorta surprised i didn't need more help than i did

funkenstein_: The man has a great point, but, where did this thing start that humans are not animals, and in what crib do I find it to strangle it? ☟︎

shinohai: I liked this morning article as well. You may have noticed I fumbled the syntax.

funkenstein_: "For man only stays human by preserving large patches of simplicity in his life, while the tendency of many modern inventions-in particular the film, the radio and the aeroplane-is to weaken his consciousness, dull his curiosity, and, in general, drive him nearer to the animals."

pete_dushenski: shinohai: wonder of wonder, miracle of miracles, i took rotor by the hand, turned him around and - miracle of miracles - led him to the promised land ! ☟︎

asciilifeform: then we can go full circle to the old days when there was no such thing as a car you couldn't start by hand

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1236984 << can't wait for these to come with a cranked dynamo (preferably in the cab proper, perhaps somewhere under dashboard?) ☝︎

assbot: Logged on 13-08-2015 05:01:16; wilbns: ducktales, gummy bears and talespin over here.

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1236842 << all three of these were translated (the traditional ru single-voice crappy dub) and i saw'em as a boy ☝︎

shinohai: ;;later tell pete_dushenski pm me and I'll get you past http://dpaste.com/3VCV3R8.txt

asciilifeform: funny how these things get recycled forever.

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1236937 << i read some variant of this claptrap on usenet, in, when, '96 ? ☝︎

asciilifeform: i am not a clairvoyant, cannot read your hard disk ! gotta give me something to work with. ☟︎

asciilifeform: from this point on, this applies to anyone who wants help in building the thing

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1236905 << please post your rotor directory tree. ☝︎

assbot: Logged on 13-08-2015 04:55:16; mircea_popescu: <phf> i thought Thompson was mostly a polemicist, are there any articles of his where he successfully "blows a lid" off something? << no.

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1236826 << tried to read several works of mr t. utter garbage. ☝︎

asciilifeform: smoke screen is the only rational explanation i can think of thus far.

asciilifeform: wtf is the point. ☟︎

assbot: Logged on 13-08-2015 04:55:04; mircea_popescu: asciilifeform linked cryptome article badly stitched together effort of random derp to get his name out there ?

asciilifeform: http://log.bitcoin-assets.com/?date=13-08-2015#1236825 << looks like. there is this standard pattern of 'mentions interesting people/events, but no apparent contribution to the subject' ☝︎

asciilifeform: ^ reads like an atrociously bad translation ?

gribble: Bitfinex BTCUSD ticker | Best bid: 263.44, Best ask: 263.45, Bid-ask spread: 0.01000, Last trade: 263.45, 24 hour volume: 13872.40075161, 24 hour low: 263.33, 24 hour high: 270.09, 24 hour vwap: None

assbot: Logged on 13-08-2015 06:38:31; *: BingoBoingo contemplates selling BTCTalk account and entering a deed of sold in the bot, but...

shinohai: Here in the Southern US you can identify the real deal easily. The have crude signs that advertise their produce with the most horrific spelling possible. ☟︎