Page 9 of 11 FirstFirst 1234567891011 LastLast
Results 161 to 180 of 205

Thread: Friday with Means - December 17th, 2010 - Incoming Holiday and Moving News

  1. #161
    Quote Originally Posted by Vurtuoso View Post
    All your phones are stupid, don't you know cordless is the way of the future. Just look at mine, it puts yours to shame.
    http://www.fiercewireless.com/files/...ra_talkman.jpg

    Nothing beats the Mobira Talkman, nothing.
    Technically, that does have a cord.
    Nice picture though.
    ::: My Tools & Stuff :::
    ::: Cratine Savagedheals Enfine Zoewrangle Demoder :: Solitron Demotionform :: IRC Demoder Savagedlight :::
    ::: AOItems :: Blog :: CIDB :: HelpBot :: ItemsBot :: PlanetMap Viewer :: Tower Wars :: Twitter :::

  2. #162

    Thumbs up

    Quote Originally Posted by Gunfytr View Post
    Found it, installed it. Up to the point it asked me for acct info to log in, it was goin well. No idea of thier security.../uninstall.
    So.. again, -how- did you expect to log into the AO chat without providing name and password? (o.O)

    Do you know how VHA-chat is handling security? do you know how the AO client is handling security? What about Facebook or that funny link you just followed.. (do you dare clicking them?)


    You will NEVER be sure about something being secure, unless you read through the sourcecode yourself and are a competent programmer.


    But at least expect to provide some kind of identification (username and password) to be able to log into a chatserver

    Kind Regards
    -Ariensky

    PS. You can always change the password..
    So you can launch the program.
    If it does not work, then change the password.
    If it does work, then it is someone dedicated enough to make an AO chat relay and likely not a thief.
    and if it is a thief, we will be able to backtrack it.
    Humankind can not gain anything, without first giving something in return.
    To obtain; something of equal value must be lost.
    That is the 1st law of equivalent exchange


    Rubi-Ka needs: a nickel statue of an astronaut pointing at the sky
    With the description / plate saying:
    When the stars burn out and I find I lack the strength to continue...one of YOU wil pick up the flag and carry it forward.
    This really isn't a corporate product anymore...it belongs to all of us. Where it goes it up to us.

  3. #163
    Quote Originally Posted by ArienSky View Post
    So.. again, -how- did you expect to log into the AO chat without providing name and password? (o.O)

    Do you know how VHA-chat is handling security? do you know how the AO client is handling security? What about Facebook or that funny link you just followed.. (do you dare clicking them?)


    You will NEVER be sure about something being secure, unless you read through the sourcecode yourself and are a competent programmer.


    But at least expect to provide some kind of identification (username and password) to be able to log into a chatserver

    Kind Regards
    -Ariensky

    PS. You can always change the password..
    So you can launch the program.
    If it does not work, then change the password.
    If it does work, then it is someone dedicated enough to make an AO chat relay and likely not a thief.
    and if it is a thief, we will be able to backtrack it.
    Actually not true, I am not exactly a competent programmer. However I can spot any form of malware a mile away. Executables and .Dll's are always the heads of the snake. Truth be told, I have not ran security on my computer in somewhere around 7 years and believe me, I have been to questionable websites that can test your metal to know what is secure and whats not. The only other secondary problem is not being aware of your plugin's such as applets. As far as anything else, like WPA2,GSM,802.11N's, and all other intercept frequencies/encryptions are all fail, anyone who wants to truly get you, will get you. Unless you built my theoretical security system, which has so many trip wires, load balancers, sandboxes, vm honeypots, darknets, and even other theoretically devised encrypted procedures that would slow the heck out of your network, but would turn an Elite into a woolly mammoth stuck in tar.

    However... Doom and gloom statement incoming. computer security classes should be mandatory in high school, I guess you would call it secondary school or something similar in Europe. There is a pretty insane menace of technological intellects out on the web, you can sight some of that to China. I personally think loosing the internet as we know it now is inevitable. There are those with the knowledge and resources to break through any technological lock that has ever been devised. It will eventually be a bad guy. I personally think its a joke that people are allowed to bank of their computers without knowing the security risk that go into doing it. All that it takes is some sort of Conficker botnet that works like a rootkit and instantly rebuilds itself through 95% of security defenses today. The internet will take a nose dive.

  4. #164
    Ps. Only run sophisticated security programs if you truly have something to lose. No real hacker would try to break into your computer to steal your Justin Beiber Mp3 collection.

  5. #165

  6. #166

    Thumbs up nice post Vurtuoso

    Quote Originally Posted by Vurtuoso View Post
    Actually not true, I am not exactly a competent programmer. However I can spot any form of malware a mile away. Executables and .Dll's are always the heads of the snake. Truth be told, I have not ran security on my computer in somewhere around 7 years and believe me, I have been to questionable websites that can test your metal to know what is secure and whats not. The only other secondary problem is not being aware of your plugin's such as applets. As far as anything else, like WPA2,GSM,802.11N's, and all other intercept frequencies/encryptions are all fail, anyone who wants to truly get you, will get you. Unless you built my theoretical security system, which has so many trip wires, load balancers, sandboxes, vm honeypots, darknets, and even other theoretically devised encrypted procedures that would slow the heck out of your network, but would turn an Elite into a woolly mammoth stuck in tar.

    However... Doom and gloom statement incoming. computer security classes should be mandatory in high school, I guess you would call it secondary school or something similar in Europe. There is a pretty insane menace of technological intellects out on the web, you can sight some of that to China. I personally think loosing the internet as we know it now is inevitable. There are those with the knowledge and resources to break through any technological lock that has ever been devised. It will eventually be a bad guy. I personally think its a joke that people are allowed to bank of their computers without knowing the security risk that go into doing it. All that it takes is some sort of Conficker botnet that works like a rootkit and instantly rebuilds itself through 95% of security defenses today. The internet will take a nose dive.
    Very well put
    But it requires knowledge to be able to do that.
    And having it as a mandatory class.. in the future maybe.
    I have problems getting engineers to take computer security classes, they are of the opinion that "some program" will take care of that..
    Even more people in highschool are not interested..

    In the end it comes down to trust:
    In the real world you trust a person sitting in a bank. You trust the company to not hire people that are bad and you know you can backtrack the person.

    In the digital world we have certificates for that.
    Most do not know what it is though.. (it is the same, a 3rd person you trust, verifying that a website/program is who/what it says it is.)


    A competent person can find holes in everything given enough time.
    The trick is to have such a huge timedelay that it is not worth it...
    Remember to look for cameras in your theoretical "safe-heaven", one of the easier ways to get passwords other than a hardware keylocker (though we would know how to avoid a USB keylogger)

    You seem competent in computer security, but you can hide a lot of things in obfuscated code.

    A paranoid person would check, but in day to day I, like you, can spot most malware, but I must admit that I can not spot the well made stuff.. again if something can steal the bank accounts of 30% of the population that is fine enough for the thiefs, then they do not need mine also.

    The easiest way still is to persuade people to give you money, if that is clicking a link and downloading, or sending people a letter claiming they owe you money.

    So why read through the first 196 pages of the WPA manual, when you can just do that

    But true, the governments probably have 0-day attacks like Stuxnet they keep to themselves, just as military projects have always been run.

    Where were we?
    oh yes: be careful of what you download.
    The interesting question is, how are you careful..
    it requires some training. Just like a firewall is no use, if you do not know how to use it..

    Kind Regards
    -Ariensky

    PS. Wouldn't encrypting the Justin Beiber Mp3 collection be that honey-pot you talked about?

    PSS. I know several engineers, even some software engineers, that, from what I can read from you, knows less about security than you do.. sad but true.. they know how to program, but not how vulnerable it is.

    What is more sad is when they work on government projects, spending your and my money on something that is crap, and/or take wrong desiccations in the design phase costing millions later.
    People that -know- they are right.. sadly reality comes later to show they were not..
    Humankind can not gain anything, without first giving something in return.
    To obtain; something of equal value must be lost.
    That is the 1st law of equivalent exchange


    Rubi-Ka needs: a nickel statue of an astronaut pointing at the sky
    With the description / plate saying:
    When the stars burn out and I find I lack the strength to continue...one of YOU wil pick up the flag and carry it forward.
    This really isn't a corporate product anymore...it belongs to all of us. Where it goes it up to us.

  7. #167
    Isn't it absolutely ironic though, Antivirus's are signature based detection. That means someone has to get infected first before a cure is developed, and by the time you patch for that cure, its kind of pointless, because the attacker has already escalated the attack vector through another source.

    I personally think my knowledge should become common knowledge, that is not to say I think people should be me, however they should defiantly become aware of the world around them.

    Example.
    http://hackedgadgets.com/2008/01/24/...polish-trains/
    A 14 year old kid derailed 4 trains by controlling them like model trains.

    When SCADA mass transit systems become vulnerable to 14 year old children then we have a problem that is a societal issue.

    http://voices.washingtonpost.com/sec...op_source.html
    Another SCADA report.

    For those who don't know.

    SCADA stands for supervisory control and data acquisition. It generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes

    That means mass transit systems, and more.

    The lions, the tigers and bears oh my...

  8. #168
    Oh and one piece of free software that I recommend, is the security task manager, it views every nook and cranny in your system down to the drivers that are running. However to view those, you gotta pay for the service, beyond that. It's an excellent piece of reconnaissance software to make sure your system is bug free. It comes with a Danger rating service as well, a file is flagged through multiple users who report differing degree's of danger, you can also check on vital code that is running inside of the processes too. It is just about the best tool in anyone's security arsenal you could possibly want.

  9. #169
    Quote Originally Posted by Vurtuoso View Post
    Isn't it absolutely ironic though, Antivirus's are signature based detection. That means someone has to get infected first before a cure is developed, and by the time you patch for that cure, its kind of pointless, because the attacker has already escalated the attack vector through another source..
    It is like the imunesystem: it needs to have a sample, to make a cure.
    secondly most attacks are due to unpatched software, in essence known vulnerabilities that have been fixed, but people have not updated or are unaware of it.

    Today with morphing software, Antivirus based on fingerprinting no longer works. It had it's time, but everyone knows how to circumvent it now..

    Security should always rely on principles, as simple as possible, not patch on patch. That article with the pacemaker hack is a good example.
    FDA has given a blanket approval for Bluetooth in medical devices before 2.1.. meaning we have medical equipment out there ready to hijack..

    The article gived some good ideas: "vibrate when establishing contact", "short range broadcast"(sound/vibrations.. Bluetooth can be picked up 2 km away with the yagi-uda antenna, it is -not- limited to 10 meters)

    You should think what security you need, and way to many people make bad choices, because they do not know the possibilities.
    Some still send encryption keys by secure currier, because they were/are unaware of the asymmetric key possibilities..

    I am not a fan of security by obscurity (that only leads to children controling trains with a TV-remote), but the whole world using the same WiFi, GSM and bluetooth technologies, for EVERYTHING, then 1 error found there would be catastrophic..

    So I like when I see a safety critical feature being developed by two independent teams, running each on their own OS/hardware setup and then the two systems have to agree, to authorise.. (EBI Lock 950, speaking of trains..)

    Expensive: yes sir, but reliable and hacker-resistant as -purgatory-


    I agree that everyone using their computer for banking should know the system and risks, but I also know that people are different, and to some fashion is of more importance.
    On the surface computer security is about trust.
    How you get it, is the technical part. And all that technical stuff should just make either a green or a red light shine..
    Trusted third party, Diffie-Hellman, SHA3.. people do not have to know all that, just what the green/red light means.

    Problems arise when the green light is triggered by a SHA1 approved certificate..
    Why? well as MD5 (see funny link 3) and DES, they are not considered to be trustworthy; they are too easy to fake.. (padding, collisions rainbowtables)

    Then the industry should revoke all the old certificates.. but it did not.. again they will time out, so in the end the security risk will be dealt with.

    But false security is worse than no security, hence when you check a file you have downloaded's MD5 or SHA1 hash, you -should- know how easy it is to pad up a file to match it..
    Checking the two numbers will give a little extra security from people not knowing to fake a hash, but for those that do, which I assume is most malicious people, it means nothing..

    Kind Regards
    -Ariensky

    Thank you for the nice conversation Vurtuoso
    Humankind can not gain anything, without first giving something in return.
    To obtain; something of equal value must be lost.
    That is the 1st law of equivalent exchange


    Rubi-Ka needs: a nickel statue of an astronaut pointing at the sky
    With the description / plate saying:
    When the stars burn out and I find I lack the strength to continue...one of YOU wil pick up the flag and carry it forward.
    This really isn't a corporate product anymore...it belongs to all of us. Where it goes it up to us.

  10. #170
    Quote Originally Posted by ArienSky View Post
    It is like the imunesystem: it needs to have a sample, to make a cure.
    secondly most attacks are due to unpatched software, in essence known vulnerabilities that have been fixed, but people have not updated or are unaware of it.

    Today with morphing software, Antivirus based on fingerprinting no longer works. It had it's time, but everyone knows how to circumvent it now..

    Security should always rely on principles, as simple as possible, not patch on patch. That article with the pacemaker hack is a good example.
    FDA has given a blanket approval for Bluetooth in medical devices before 2.1.. meaning we have medical equipment out there ready to hijack..

    The article gived some good ideas: "vibrate when establishing contact", "short range broadcast"(sound/vibrations.. Bluetooth can be picked up 2 km away with the yagi-uda antenna, it is -not- limited to 10 meters)

    You should think what security you need, and way to many people make bad choices, because they do not know the possibilities.
    Some still send encryption keys by secure currier, because they were/are unaware of the asymmetric key possibilities..

    I am not a fan of security by obscurity (that only leads to children controling trains with a TV-remote), but the whole world using the same WiFi, GSM and bluetooth technologies, for EVERYTHING, then 1 error found there would be catastrophic..

    So I like when I see a safety critical feature being developed by two independent teams, running each on their own OS/hardware setup and then the two systems have to agree, to authorise.. (EBI Lock 950, speaking of trains..)

    Expensive: yes sir, but reliable and hacker-resistant as -purgatory-


    I agree that everyone using their computer for banking should know the system and risks, but I also know that people are different, and to some fashion is of more importance.
    On the surface computer security is about trust.
    How you get it, is the technical part. And all that technical stuff should just make either a green or a red light shine..
    Trusted third party, Diffie-Hellman, SHA3.. people do not have to know all that, just what the green/red light means.

    Problems arise when the green light is triggered by a SHA1 approved certificate..
    Why? well as MD5 (see funny link 3) and DES, they are not considered to be trustworthy; they are too easy to fake.. (padding, collisions rainbowtables)

    Then the industry should revoke all the old certificates.. but it did not.. again they will time out, so in the end the security risk will be dealt with.

    But false security is worse than no security, hence when you check a file you have downloaded's MD5 or SHA1 hash, you -should- know how easy it is to pad up a file to match it..
    Checking the two numbers will give a little extra security from people not knowing to fake a hash, but for those that do, which I assume is most malicious people, it means nothing..

    Kind Regards
    -Ariensky

    Thank you for the nice conversation Vurtuoso

    OMG, you win teh internets! I totally was going to talk about the defib machine before I remembered and saw you already brought it up, on a lighter note I listen to a security podcast and they were talking jokingly about bluetooth being used for dual prosthetic limbs, and the said appendage to be hacked to function the kick command to kick a husband or wife out of bed. ;P
    But yeah I am glad you understand, Rainbow tables, nice touch. Ever heard of a wifi pineapple? lol. http://www.youtube.com/watch?v=yr5upPHqhlA Free internet here! Seriously...It's nice to see someone who shares the same passion and understanding. I think general technology, people do not understand, or have not adapted to catch up with. The pursuit of faster and more convenient has provided no true boons overall, consistent upgrades required, instantly outdated processes, ADHD style programing for flashy graphics and lesser more secure efficient systems. Oh and yeah, good stuff on the CSRF stuff.

  11. #171

  12. #172
    Quote Originally Posted by -Klod- View Post
    Nokia 3310 ftw.
    It was last good phone from Nokia
    i R not spik engrish

  13. #173
    pffff, i still got a back up nokia 3210 :P

    hope FC and the rest of the players here had a good party
    Freedom or death!
    Anything then being an Omni Tek Corporate slave!

    Created 2005-11-16 (paid main that's all mine )
    Created 2005-02-03 (froobie)
    Created 2007-10-11 (second paid account because i wanted a freaking shade :P)

  14. #174
    Quote Originally Posted by SSK View Post
    It was last good phone from Nokia
    Why? Nokia 5000 is pretty decent device as well. Cheap, simple, durable, effective...
    Renowned jester of the double AS Tigress

    MP in sneak eNSDed me and did about 20k damage in 10-12 seconds

  15. #175
    Quote Originally Posted by -Klod- View Post
    Why? Nokia 5000 is pretty decent device as well. Cheap, simple, durable, effective...
    The nGage is the wave of the future.
    -= Make the new engine look even better. Don't forget to post a screenshot! =-

  16. #176
    Means, why hast thou forsaken us this week? We know your boxes are unpacked.

  17. #177
    Quote Originally Posted by jorricane View Post
    The nGage is the wave of the future.
    It doesn't fit in my jeans "zippo lighter" pocket.
    Renowned jester of the double AS Tigress

    MP in sneak eNSDed me and did about 20k damage in 10-12 seconds

  18. #178
    Quote Originally Posted by omegahealer View Post
    pffff, i still got a back up nokia 3210 :P

    hope FC and the rest of the players here had a good party
    A good party, Yes!

    A good morning, No!

    I even decided to skip the morning alltogether
    The key to happiness is self-delusion. Don't think of yourself as an organic pain collector racing toward oblivion. - Scott Adams

    Programmer n. - An ingenious device that turns caffeine into code

    Jesus paid for our sins - now let's get our money's worth

  19. #179
    Quote Originally Posted by -Klod- View Post
    It doesn't fit in my jeans "zippo lighter" pocket.
    It does if you take a buzz saw to it. You also get more entertainment value out of it that way.
    Last edited by jorricane; Jan 2nd, 2011 at 22:28:51. Reason: speeling
    -= Make the new engine look even better. Don't forget to post a screenshot! =-

  20. #180
    Quote Originally Posted by odds91 View Post
    For everyone who has an Android based device, search up the marketplace for "Anarchy Online," there's an excellent AORC-like chat app that lets you talk to all the same channels you have access to in-game, but on your mobile device! It's sick
    Yes, it's also advertised in the forum. Works fine, use it now and then.
    Thor Mastablasta Hammersmith - Level 220, AI 30, LE 70 Clan Atrox Nano Technician - Setup
    The Red Brotherhood

    I'm a Nano-Technician, don't ever expect me to fight unbuffed, alone or fair.

    Means: about f'ing time :P
    Satenia: heresy <3
    Znore: Mastablasta <3
    Kinkstaah: I have agro from many mobs ;(
    Madarab: we are aoe class, we are supose to use pistols
    Marxgorm: the NT toolset does not fit into my raiding tactics

Page 9 of 11 FirstFirst 1234567891011 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •