#cybersecurity

!rule 5

So, there's a vulnerability in Pillow versions <7.1.0, and versions >7 only work in python 3. What should you do if you have a 2.7 project that can't be upgraded to python 3 anytime soon?

@thorn obsidian is there a way to backport the fix(es)?

@runic arrow Not sure. I've never done any backporting. How does it work?

Preferably you'd get the maintainers/developers to backport the fix, bringing whatever is necessary to secure the older versions by way of a hotfix.

Ahh. I may try opening an issue on their github.

@thorn obsidian Python 2 is already EOL. If you are concerned about security, you need to move to python 3

Does @anyone have previous work experience in cybersecurity?

!ask

I'm trying to understand some of the details of SSL/TLS better, I understand private/public key encryption conceptually.

So I have a file called myCompanysCA.pem which is the public key of my company's what? Certificate Authority? And why do I need to manually/semi-manually set that up but not any certificates for just general web browsing?#

also - a more practical question. Is there any specific place the CA.pem needs to live? Like, if I have a docker container that needs it, can I just track it in git and copy it over with sourcecode and have it live alongside sourcecode?

i created a bruteforce technique with while True

😂

but in the program u just have to type input and it uses bruteforce

users who have no idea about coding will think it's sh*t

im gueesing a public cert in vcs should be fine

@daring sedge personally I do a read-only bind mount of the server's certificate bundle into my containers, that way I never have to manage them.

But I've seen people often create an image FROM scratch and just place their certificate into that layer and then do multi-stage builds from there.

I don't understand the Docker side well enough. But right now what I'm doing is just building the dockerfile, copying the source over (and the cert alongside it) and manually verifying my outgoing requests against it

so it's literally COPY CACERTS.pem ./CACERTS.pem

and then verifying outgoing requests by pointing it to that absolute filepath - is that horribly insecure or anything?

@runic arrow

No, it's not insecure.

perfectly legitimate way to do ti

okay so

yeah

@pulsar crystal sorry for the ping but you guys might need to check this out

!modmail

@novel cedar Rick Postma #4202 (in this server) other people have gotten this message spammed

Ironically that site is broken

Python Help: Available

@thorn obsidian

What should you do if you have a 2.7 project that can't be upgraded to python 3 anytime soon?
You'd switch to Python 3, considering 2.7 is dead.

@dark hamlet PM Modmail about this

You think I haven't heard that? The other dude told me, too. The matter is out of my hands.

I'm not sure what you're wanting us to say, considering that's the only fix.

@dark hamlet Also, just @ing the Modmail does nothing ( as far as I know ), you'll need to actually DM it

@dark hamlet Can you DM @novel cedar l as Scott said, and we can try and sort it out

that guy was dealt with already, got mass reported. 👌

you guys work pretty quick <3

Oh nice, so quickly I didn't even see

Ah, I see now

Anyway, please contact @novel cedar in the future for that sort of stuff

@fast shore sorry man, didnt know :p

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10713 fun stuff

guess i'm switching to systemd-boot on prod systems today

I was wondering - many projects from untrusted sources have a checksum you can compare to validate the project is the right one. Is there any way to willingly create a project that generates the same checksum?

you could copy-paste their checksum, but it won't match your code ... and no ... if you are able to find collisions in those hashing alorythms, that means the algorythm is dead lol

see MD5/SHA-1 lol

there are a lot of projects that still offer an MD5 checksum though, so technically, you can bruteforce that, but it still sucks to do

and really, it would probably be easier to subvert the OS crypto system than it would be to somehow collide on a one-way hash fuction

Depends on how important the target is. If you have $100,000, I don't doubt you could find a collision in MD5.

what why would you need money to find a collision?

just brute, finding a collision in md5 is not that hard

given enough time and gpu driven software

Computing time = money

compute time is also why people may still use md5/sha1 for stuff

how do i start learning Cybersecurity for python

@primal ibex more like have extra computers at home, start one doing it and forget about it

Yea... that costs money.

Someone's paying for the power.

@thorn obsidian what do you mean for python?

power does not cost $100k

The important material and knowledge within cybersecurity is language agnostic

if you want to learn "cybersecurity for python" then you'll end up learning modules and libraries, rather than concepts

@spiral pivot If you're running multiple systems with multiple GPUs, and you're a nation state, power sure does cost $100K.

Like I said, depends on how important the target is.

i'm talking about doing it at home

There are a few updates to MD5 collisions. You could probably find quite a few resources, actually.

https://www.mscs.dal.ca/~selinger/md5collision/
**Published Feb 22, 2006. Last updated Oct 11, 2011. **

So yeah, they're very possible. $100K isn't even needed for a nation state, let alone a regular person.

that was discovered on 2005 hardware, with some gpu(s) and good code it shouldn't be any problems right

Exactly. I had completely forgot how far we'd got in regards to collisions when I threw out the $100K number

altough, sha256 is probably a different story

SHA256 has specialized hardware through ASICs because it's used for Bitcoin

i find it amusing to see "OH SOMEONE FOUND A COLLISION ON X! IT'S BROKEN NOW! PANIC! PANIC!"

and it turns out to be some 300 GPU cluster that took fucking 6 months to do or w/e

i would argue that is it still cause for concern

cause for concern, yes

but not cause to throw out the baby with the bathwater

if you want to learn "cybersecurity for python" then you'll end up learning modules and libraries, rather than concepts
@willow coral oh I see

@lusty flare Well, MD5 is trivially broken

Using it today for anything above "I made a program in 5 minutes" is heavily discouraged.

would you say using it to generate random passwords based off the current time / date and a salt is particularly bad?

not in the context of a password manager or anything

i'm just saying that as a tool it's not completely worthless because its use in a security context has failed.

a zip tie can still hold a gate closed if all you want is for the gate to stay closed, rather than the gate be secure.

i think my logic make sense, been a bit fuzzy in the brain pan the past week or so

Using it today for anything above "I made a program in 5 minutes" is heavily discouraged.
@thorn obsidian md5 is very fast and still the best option for hashes which are not relied on for security, ie checksumming file dumps, backed up files, etc

md5 is very fast and still the best option for hashes which are not relied on for security, ie checksumming file dumps, backed up files, etc
@thorn obsidian it is not Think cause as fast as it is formed it is cracked that fast too😐 so it is not the best option I think 😐

I have no idea what you said

collisions don't matter when you're using it for purposes unrelated to security, because in practicality collisions almost never happen accidentally

Lol leave it

I'm just saying that md5 is not the best option

you're wrong

there's a reason it's still popular

@thorn obsidian

you backing me up on this?

root@root:~$ echo gibberish >> date | md5sum```

if i need a long complex password i don't need to remember i just use that

¯_(ツ)_/¯

base64 /dev/urandom @lusty flare

i'd argue that's less random or secure than salting a time created md5

plus that means i'd have to use a cut -c -32 or something

i'm just saying it's a baby bath water scenario

so i'm 100% behind @thorn obsidian

they do have a seagull after all

Yea @lusty flare, you're probably right lol.

like kryptonite locks were pretty good

until people realised you can use a bic biro to brute force the tubular lock

my shed has a cheap ass padlock on it, it's called a boulder

threat models and usages

realistic security 👍

@lusty flare

would you say using it to generate random passwords based off the current time / date and a salt is particularly bad?
Yes, considering password databases exist.

@thorn obsidian

still the best option for hashes which are not relied on for security
I really can't say I'd use or recommend MD5 for that.

@thorn obsidian
I really can't say I'd use or recommend MD5 for that.
@thorn obsidian and what do you propose instead?

Other than MD5, you mean?

Well, let's step back. How would you verify a file is legitimate in Linux, or anywhere else, outside of basic hashes?

( There's a point I'm making, just approaching it in a different way )

@thorn obsidian

Anyway,.. the answer is GPG keys. Tails does this, for example: https://tails.boum.org/install/expert/usb/index.en.html
Relying on hashes like MD5 is what Linux Mint did, and it didn't really matter when their server(s) were compromised, did it?

I'm expecting responses of "No one will use that, though". That isn't part of this for me, I'm just suggesting a better system, which signing with GPG is a better system.

hi!
I made a script using socket with a client and a server.
I can give instructions to the client via the server, like execute this program, or send me this document.
but to send me a document, the client has to use different resources than it uses to run an application. and since the names of applications and documents are variable, I can't do if command == ...
do you have an idea?
I had considered processing by extension (if the command contains ".txt", then send the document, if the command contains ".exe", then run the application, but I don't know if it's possible in a string

@thorn obsidian have u an idea?

@thorn obsidian If a user is uploading files to a server, I'd use Flask + Flask-WTF + Flask-Uploads

https://flask.palletsprojects.com/en/1.1.x/patterns/wtforms/ and https://flask-uploads.readthedocs.io/en/latest/

I had considered processing by extension (if the command contains ".txt", then send the document, if the command contains ".exe", then run the application
Why would you run random .exe files?

nope @thorn obsidian

nope what?

i print in the server "calc.exe" for exemple, and the client run it

So you want to make some kind of RAT?

just in LAN

@thorn obsidian

You don't have to ping me every time

ok, sorry

but i don't know how make a difference between run a program and send a file to server

What kind of application are you trying to create?

a backdoor

in LAN

in her options :
-run a program on the client
-send client's file to server
-and others

@leaden blaze an idea for make the client can make a difference between .exe files or .txt files? (if it's .exe, the client must run it, or if it's a .txt file, the client must send it to server)

Right, yeah, well, a backdoor is far too close to a malicious application like a trojan for me to be comfortable with on this server

yes.

and i want to be pentester, so i'm training for coding payloads and others programs running in local area

Well, let's step back. How would you verify a file is legitimate in Linux, or anywhere else, outside of basic hashes?
@thorn obsidian Not what I was saying

nor my point

I think if you're trying to verify a file, you'd use GPG like I said.

al right, it's good, i fixed my problem, thanks all

it's not really possible to fully verify something

because you have to verify the verification

etc

Hello. I'm planning to make a private api which my program can access. It will be a replacement for my client-server architecture. But I have a question - how can I make it private? What stops someone from getting the url throug some packet analyzer then use that api?

for example a post request to my api would be url.com/api/v1/add_user then some payload. I don't want to expose the url but it's in client side

Why not use authtokens?

wouldnt be safe to store it in the code

need a way to get it from server maybe but how

I think if you're trying to verify a file, you'd use GPG like I said.
@thorn obsidian

$ dd if=/dev/block/mapper/product_a of=dump
2711120+0 records in
2711120+0 records out
1388093440 bytes (1.2 G) copied, 4.919688 s, 269 M/s
$ dd if=/dev/block/mapper/product_a | md5sum
2711120+0 records in
2711120+0 records out
1388093440 bytes (1.2 G) copied, 7.566298 s, 175 M/s
9260f8f446368790716e2a823170c7fc  -
$ md5sum dump
9260f8f446368790716e2a823170c7fc  dump

this is the use case I'm talking about

verifying file integrity in a manner which does not depend on it being secure

esp. for large files

yeah, which was kind of the thing i was hitting at

i just don't know enough to speak with authority

@thorn obsidian That didn't seem like what you were hinting at, at all.

collisions don't matter when you're using it for purposes unrelated to security, because in practicality collisions almost never happen accidentally
@thorn obsidian
@thorn obsidian md5 is very fast and still the best option for hashes which are not relied on for security, ie checksumming file dumps, backed up files, etc
@thorn obsidian

which is literally what I demonstrated

¯_(ツ)_/¯

I was more focused on downloaded files. If you're looking for file integrity, sure, no doubt.

yeah, i think we all got our wires collided .

¬_¬

The streams were crossed

prob wrong channel, but can we ban @thorn obsidian hes soliciting people to buy discord accounts.

<@&267628507062992896> ^

use modmail @leaden sage

thanks, we'll look into it

thx

❤️

as Charli says, sending a DM to @novel cedar is preferable

kk

noted

hey how to learn about security

i am a newbie

wwwwwwhhhhatttttttttttttttttttt

dont make fun dude i want to learn about security

@meager coral Depends on specifics

ok

I have created antivirus on Python with working GUI, scan, full scan, quarantine and update

As well i have web protection on it.

Would it be possible to automaticly detect malware/viruses and quarantine them, like real-time protection.

Would it also be possible to create Ransomware Protection?

you could do ransomware protection by monitoring file system behaviour and then going

"oh... hang on... why is this guy encrypting a million miles an hour?"

How about the RTP then?

Also I think that's more behavior blocker, but its fine.

hmmm, i can't really speak to that sorry.

Alright.

our ransomware protection at work is to have incremental 5 minute backups

lolol

That's good method though.

then if dodgy encryption behaviour is noticed it just straight up halts the system and does a roll back

Rollback is useful.

"Malware actions rolled back."

Im also scripting that kind of stuff,

cool project

I maybe should add the ransomware protection to it as well.

lol yea

I have been working for long time..

is this for a linux based system or windows based?

or aimed at both?

Windows based.

currently

atleast

the ransomware product we use basically builds up a model of what resources processes use

and the moment a process starts doing anything out of line of that model

it just kills it and puts it in a bin for further inspection

or quarantine

thats like perfect behavior blocker

yeah, bin sounds more fun than quarantine right now ¬_¬

lol

disinfection

"oyyyy wots goin on eeerrreee den guv?!?!"

I mean is it possible to delete files based on MD5?

using script

since the majority of infections relate to human error, there's only very little you can do after the fact.

just hash every file and if it matches your nasty drop it?

wdym

welp

the full scanner will detect it

i think so

36 million detections

and web protection could catch it also

atm in a couple of our larger businesses we're seeing a move to whitelisting for protection

whitelisting eww

no thx

well, for a business environment it makes sense.

true

there should only be a set number of executables running

mm

one we checked out we basically set up one user with a machine with this software on

it built a model of the computers resource usages

then we deployed that model

o_o

combined with whitelisting

lmao i think this would cause false positives

no more people playing peggle

but every file automaticly scanned

with virustotal

would cause a lot

of

false positives

well, these people are smarter than me and their solutions work

hey what is the difference between cracking and hacking

crack is mostly fake software

but im not sure if u mean

it

awkward question because they have different meanings

yea

could you pleace elucidate in detail about cracking and hacking

"hacking" isn't always a bad thing.

i know

yea

i took apart my hoover and replaced the bearings in it

so it worked better

i want to know about cracking

making malware isnt always a bad thing either

if u dont spread it

that's hacking my hoover

i used hacked client on minecraft

killaura

what is cracinfg

thats hacking

cracking

though

cracking is usually more about the breaking of encryption schemes

what is that

RSA

AES

like ransomware

what schemes
and what do u mean by encryption

cracking jigsaw

do you know ransomware

what it is

no

i dont know anything about cracking

oh man i need to send out my xx becon

it is malware what basically encodes ur files

thats why i am here

and asks you to pay

for key

lik

what unlocks

ur files

like

usually we want the key without paying

so we try to crack the software key

and open our files

it may be used to make decryption software as well

ohhhhh

and

like jigsaw decryptor

flytech found jigsaw's key

when he cracked it

on visual studio

and then made decryption software

who is flytech

one youtuber

@thorn obsidian to the rescue

or @thorn obsidian

oh yeah

h

@thorn obsidian is a penestration tester isnt he

he would know

hey @thorn obsidian

they're doing the cracking vs hacking thing

could u explain

crackiiing

i already did

explain

ransomware cracking

but what else?

u made it a little comlicated

software cracks?

oh m y

complicated

just read my all messages carefully

or google

just wait for xx to talk please.

true

wait

bypassing a software's license protection/drm/whatever OR brute forcing hashes = cracking in the most common use of the word

cracking is often done as a part of, well, hacking

but the two can be entirely separate as well

what do u mea n by software liscence drm

as with my hoover hack.

i tried download keygen

crack for malwarebytes

and ended up getting trojan

lol

!rule 5

nobody is doing that

just a reminder.

yes

i dont make malicious things

i investigate

softwares may require a license for you to use them. if you bypass that, you have cracked the software.

reminder that is

ok i have to admit

i made ransomware'

oh

lol

i though cracking was like cracking accounts

thats called hacking

mostly

it could be

or cracking

password

thats also

cracking passwords of account

cracking

yea

okay if you could talk slower

this would help

thats what i thought cracking was

well its not only

thats what i thought cracking was
cracking passwords of account

usually cracking password is hard

if the password is long

say you're a naughty person and you manage to get your hands on a big list of usernames and passwords, but unfortunately the person who made the database of user credentials hopefully encrypted them.

hashed

my bad

now you have the username, and no usable password.

so you'd have to crack the hash to get back the plain text password and use it

but didn't xx say that cracking was bypassing software liscence but is cracking passwords bypassing software liscence

??

its more like cracking key

like ransomware

then bypassing

the software license

https://tenor.com/view/vettel-in-wall-hit-the-wall-gif-11905373

using the key

i give up.

welp

oh

they're different types of cracking

they just unfortunately have the same name

they are ambiguous words.

but why do u keep on saying ransomwarre

i mainly know about cracking malware

so i talk alot

about malware

yeah I have no idea what randomware has anything to do with this discussion

ransom, even

as i said, i hacked my hoover by modifying some of its parts to perform at a higher rate.

alright i gotta go

it'll probably burn the motor out faster but it picks up hair off the carpet better.

need to review support tickets

so cya

oh i get it cracking is cracking key and then using the key to bypass software liscence

thx guys

uhh

ok

🤔

isnt it

or am i wrong

cracking is multiple things

that is one of the cracking things

multiple things like maybe some examples:??

maybe

no

cracking gmails and facebook account passwords are included in password cracking and
what is included in software cracking

bypassing the security checks in the software that check to see if it's a legitimate copy.

in the old old olden days you could just open the binary in hex and flip a 0 to a 1

OK!

hey

peoplpe

what is a dork

bisk

a kid said that "cracking means getting accs through dorks and dumping them"

dorking is using clever google queries to get datasets that really shouldn't be on google in the first place

recently an insurance company (i believe) had their entire customer sent in documents indexed by google

is the definition righ

right though

so using a well crafted google search, a dork, you could get links to those files

hey bisk is the defetionion tight

right

if kid said "cracking means googling for data dumps" the kid is wrong

@vital gyro bisk is the what?

LOL
the way u said it is halirious

xx is a professional security and has just explained a bunch of stuff

and it's almost as if you've got glue in your ears

i am sorry but i just have a lot of stupid question

and some people here, who have knowledge, have answered them.

yeah

thankyou

i am grateful

http://www.digitaljournal.com/tech-and-science/technology/cosmetics-firm-avon-leaks-19-million-customer-records/article/575553

woah

they got technical logs

they must've been in pretty deep

cracking uses brute force right
but then what does hacking use

Hollywood magic What do you mean?

@vital gyro Do you mean breaking into a system as hacking?

prob

i got my answer np

Alright, cheers 👍

yee

Anyone here?

hello!

Wanted to ask a clichéd lame question

Can I?

yes.

somebody know how i can use sockets in WAN?

i want make a connection with sockets between 2 computers

what's your intention?

like, the end goal?

xx is a professional security and has just explained a bunch of stuff
@lusty flare i am a professional security

Level 3 security

top class in the secure

yes

you're my personal professional security

What would be the most secure way of creating a username/password based login? Link me to any relative articles if you like

@south seal Depends on the framework(s) you're using, and what you consider secure

I am using flask for instance

I consider secure anything that can't be broken by the vast majority of the users

I'm going to head to sleep, but I'll ( try to ) ping you tomorrow about this when I'm not busy. If I haven't 20 hours from now, ping me please.

Alright thanks!

the owasp cheat sheets are great reads if you're going to be doing anything with auth/password storage

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

so there is a Matryoshka trojan called the xhelper or something for Chinese android my question isif someone is effected is he being attacked personally or is just a victim of a widespread virus

here is the link

https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/

by attacked personally i mean will there be a dude in black hoody literally watching the cam footage from his system or is it just another compromised] device in a list

antivirus scans .py?

I'm trying to test the Python code snippets that control Zumi's self-driving AI program-control and find code vulnerabilities by generating insecure code scenarios.
Most of their code modules are pretty straight forward and nothing much complicated. I would appreciate it if anyone can create and manipulate a security vulnerability in the below code. Is there a way we can tweak the code and make the robot to malfunction?

from zumi.zumi import Zumi
import time

zumi = Zumi()

for i in range(1000):
ir_readings = zumi.get_all_IR_data()
front_right_ir = ir_readings[0]
front_left_ir = ir_readings[5]
back_right_ir = ir_readings[2]
back_left_ir = ir_readings[4]

if front_right_ir < 100 or front_left_ir < 100:
zumi.reverse(duration=0.5)
elif back_right_ir < 100 or back_left_ir < 100:
zumi.forward(duration=0.5)

I need help on this please. If anyone can help I will appreciate. Thank you!

@rose pewter #cybersecurity is not a meme dump. nor are the off-topic channels.

!warn 173823631376252928 We aren't a meme server.

:incoming_envelope: :ok_hand: applied warning to @rose pewter.

@south seal Alright, were you able to get your question answered?

There's quite a few things, such as
https://flask-security-too.readthedocs.io/ - Security
https://flask.palletsprojects.com/en/1.1.x/patterns/wtforms/ - Forms!
https://werkzeug.palletsprojects.com/en/1.0.x/middleware/proxy_fix/ - Ensuring proper IP is sent to Flask
https://flask-login.readthedocs.io/ - Logins, logouts, etc
as well as knowing that Jinja templates only sanitize by default, certain extensions:

autoescaping is enabled for all templates ending in .html, .htm, .xml as well as .xhtml when using render_template().
from https://flask.palletsprojects.com/en/1.1.x/templating/

Probably missing something here too 😄

https://docs.google.com/document/d/1oxFkQfxSh5rnb6oGS2ufsZw0U0Lf7c8RTeESuhPK8pI/edit?usp=sharing Any thoughs or flaws?

Its a group based end to end encryption method for sending data between members

@thorn obsidian Can you post it here rather than a Google Doc?

Oh hello elliot. lol

Pretty Good Privacy Protocol
email.hunter.jager@gmail.com


1. Introduction


Currently on the internet free speech is closing due to censorship. This document will contain a full set of instructions to bypass this censorship. In no ways do I support any criminal activity caused by this protocol.


2. Verification


This segment will detail how a user can verify themself. In order for a user to verify themselves they must submit a decrypted message to the server in the form of a token. First the user sends a request to the server wanting to join.


After this the server will send the user a token that is PGP encrypted along with the PGP keys. In order to decrypt this message they must use the private key and the passphrase to decrypt the message. The passphrase is sort of a group-wide password. A certain group or server has this password and sends it out to members in person or other secure means. If the user sends the server the token in clear text then the server can verify the user is a part of the group and is assigned a UUID.


3. Sending and Receiving 


To send data to the group or a specific UUID it must be encrypted and decrypted by the sender and receiver. Using the keys that were used during verification the sender encrypts their data or message and sends it to the receiver. The receiver decrypts the message by using the keys that were used in verification and the passphrase that the key is connected to.


4. Possibly Vulnerabilities


 There are possible vulnerabilities with this protocol. The user is a weakness because if they expose the passphrase and or leak it this can compromise your server. However this can be avoided by changing your keys and passphrase often or trusting your members. The other possible vulnerability is the passphrase getting brute forced. This can be solved by blocking the attackers IP address or using a strong password to prevent brute force attacks.```

I will add more meat in my file compiled version

But first I want some recommendations or any flaws notified

Currently on the internet free speech is closing due to censorship. This document will contain a full set of instructions to bypass this censorship.
and not once did you mention Tor

eh

its more for communications

I'm curious of the usecase(s)

Instant Messaging

Data Sharing

Is this for protests or for larger distances?

No.

I mean, which one is it?

I just got banned a few months ago from discord for sharing my political thoughs

It's either shorter distances like protests, or for larger distances, like across town/etc

It can be scaled to any degree

Notibly for smaller groups

First the user sends a request to the server wanting to join.

After this the server will send the user a token that is PGP encrypted along with the PGP keys.
So, the server provides the PGP keys?

Yea

Not something I'd use. You need to generate keys on user devices.

I suppose

Signal is something I'd suggest using. They're also working on moving away from phone numbers. Have you looked into them already?

Hm

No

Let me see

https://signal.org

Oh nice

Right now I just created it

https://signal.org/bigbrother/eastern-virginia-grand-jury/ They've also been subpoenaed in the past

I am looking twards morphing this into a decentralized peer to peer model

Damn

You might like Briar too

https://briarproject.org/

I trust Briar considerably less than Signal though, just a heads up.

Is iOS more secure than android?

Out of box

That's a rather loaded question

How do you define secure?

It also depends on which device you're talking about

@thorn obsidian

Like outside hacker or from physical access both

Like if they want to access my phone and data

Is it more costly on which platform?

Alright, which device are we talking about here?

iPhone vs OnePlus

iPhone what? OnePlus what?

iPhone 2? OnePlus 3?

iPhone 11 vs new OnePlus

So you want to know how latest iPhone stacks up against the latest OnePlus?

Yes 😬

Considering I haven't touched either, I can't give too much of an in-depth analysis.
But iPhone-wise, you don't (yet?) have to worry about the issue that came out that effects older iPhones.
Not sure on latest OnePlus. Bootloader issues could exist, and OnePlus is pretty good when it comes to support.

So you could run a custom recovery without needing to flash anything pretty easily

Just boot recovery <recovery.img>, like TWRP for example

So the answer is: "We can't know for sure in regards to devices this new."

I see ok fair point. But generally speaking like from what you hear is one more secure or no?

Outside of personal preference? No

Like so many times we hear iPhone is not cracked by police

Like I am no criminal 😆

Just curious

You don't need to be a criminal to encrypt your systems. My computer(s) always have full disk encryption on them.

Yeah I just like privacy

But no, I don't have evidence/proof that suggest one or the other is better

But in recently I have gave up little on privacy because it’s impossible and very hard for usability

How so?

For example Netflix, is better, google maps is better, YouTube is good, WhatsApp is everyone using. I download signal but no one is joining from friends

Like most alternatives are better for not so privacy friendly

Well, you say Google Maps, so I figure you have an Android device?

iOS

Ah, one sec

But is better than Apple maps

Google maps is better than Apple maps, agreed.

https://apps.apple.com/app/apple-store/id934850257 Check this out

I will have to try because where I live google maps is very accurate

It's what I suggest for maps. Uses OpenStreetMap and it's all offline

OSM is great

You download the maps to your system

@primal ibex Yeah, OSM is fantastic 😄

Oh I never heard of it I will have look

Honestly I actually prefer OSM maps to default Google maps most of the time

And When people are trying to crack phone what is makes the process so expensive?

I don't use anything else anymore, so, ¯_(ツ)_/¯

@thorn obsidian crack phones?

Are you mostly Google free? ^^

@primal ibex I didn't install GApps, if that's what you mean

I meant in general, do you avoid Google

I try to limit attack surface

@thorn obsidian crack phones?
@thorn obsidian like when police pay so much money to crack phones. Companies like elcomsoft (Israeli company) charge so much

Having extra stuff is just unnecessary

@thorn obsidian Because it's specialized stuff. Cellebrite comes to mind as well.

This is one of the issues with the NSA, for example. These companies keep these bugs to themselves and don't get them patched

So it causes everyone issues

Ah i see so they don’t tell anyone

Yep, because if their bugs get patched, they see it as losing money. They don't care about you or I

What is best way to reduce attack surface? Install as little as possible?

And to block ads?

Well, that.. that requires some detailed answers.

Really depends on your threat model

Who're you defending against? What're you defending? What happens if what you're defending gets out?

( I mean, I don't need to know your threat model, but it's something to keep in mind )

I wouldn’t say government because this is very difficult with a smartphone, especially when I hear about stuff like SS7 attacks. But this is very targeted you can say.

I would say I just want to protect my data as best as I can. Not from government but if possible with minimal impact on usability then yes, because it’s my data.

SS7 attacks are less of an issue if you don't rely on regular calls/texts

The normal people I meet don’t know anything to do with IT so it’s not people around me I fear

Signal actually approaches SS7 attacks in a highly intelligent way

As long as you've connected to them within the last 7 days, you can't re-register that number through Signal

So as long as you don't specifically go into Signal and disable Signal messages, you're good.

😄

Nice I didn’t know this, and on WhatsApp I have the 2FA as well which maybe helps

I don't use WhatsApp, since it's a Facebook company.

So not something I can comment on

Yeah but I have no choice in my country

So currently I have Freedome VPN
DNS Adblock for iOS (Adguard) - Russian company but is open source
I have Touch ID, 9 digit passcode.
Reset phone after 10 attempts.
USB accessories can’t be connected to phone if not unlocked.
iMessage, FaceTime, and only WhatsApp is Facebook app I have.
No backups to cloud for anything.

Is this good level you think?

Give me about 30-45 minutes, having to deal with an issue

Yes ok whenever you are free, i am always here 😄

Sorry, that took longer than I would have liked

A lot of what you have is iOS, whereas I use Android.

hey where can i get a list of hashes and passwords

anyone know

i tried searching it in github

but i couldnt find it

for what purpose?

there is rockyou.txt

should probably cover most usecases

yea

but like my pc cant open it cause it too slow

fo

for what purpose?
@spiral pivot for educational puropose

alright, you dont need to open a wordlist though

they are used to brute stuff usually

well i do need password list and hash list don't I a person told me to make my own but i dont know how

why would you need that

and hashes in what schedule?

Are you looking for a rainbow table?

what do u mean why would i need that

i a trying to convert a hah into its og format

so i would need hash list and pass list

would i

and what is a rainbow table

yes you are trying to decrypt hashes

ok

md5?

yep

a rainbow table is a precomputed lookuptable

using

python

are you using windows?

also this is not #cybersecurity

yes it is

and yes i am using windows

what do u mean by rainbow table could u elucidate

do you know what a dict is?

and no making a lookuptable for hashes is unrelated to security

its basically just a python project with hashcat/john

well what is a dict

and isnt cracking related to security

a = {
  'wow cool': 'yes',
  'not so cool': 'well idk'
}

print(a['wow cool'])

that i knew

but how is this related to dict attack

so basically what a rainbow table is, you have the hash as an entry and the key as the, well in this case probably password

and yeah sure cracking is, but cracking is a very broad subject

you can do cracking trough reverse engineering and exploiting bad software

or patching binaries, etc

well i am talking about password cracking which i think is related to secutity

Do you have a specific security challenge that you're working on?

kinda but not really i am just trying to convert hashes into password form

https://crackstation.net/

that takes the most stuff

also i dont see how this is educational

why not

because what do you gain?

i mean if you actually implement md5 from scratch etc then i say absolutely, great

knowledge

hey @spiral pivot u are also in JHD discord

uh yeah i might be idk

im in pretty much all ctf discords

i ca check mutual servers thats why

u arent in try hack me

whats that?

server

for pentesting and stuff

oh, yeah i dont do pentesting i guess. I'm a pwner

oh

Gusys, did any of u recieved an invite from a disc bot called free nitro, be carefull, ITS AN SCAM! Srry for non appropiate server!

😂

Shot in the dark but does anyone know how EwsIds are generated?

Ewslds?

ew, salads /s

Exchange Web Service Ids

so im doing a bit of programming for someone and i dont really want to send him the source code so can anyone link me some simple and easy to use obfuscators ?

you could compile it to byte code

https://docs.python.org/3/library/py_compile.html

that'll produce a .pyo which will run like your script without containing python code, but it can still be reversed

Bytecode can be reversed to identical source code

Well you can start with making everything a function

Make addition a lambda etc

And change all names to some random chineese character

general point is: no, you can't "protect" your python code

:D

well you can

the guys not going to know how to reverse it

just simple obfuscation would solve it all

well just use https://liftoff.github.io/pyminifier/

in that case

or you can make it into bytecode and then add code that is never reached that makes the decompilers stop working

https://www.wsj.com/articles/nsa-warns-cellphone-location-data-could-pose-national-security-threat-11596563156

I’m surprised why they are just now issuing this warning to their staff.

there have already been multiple cases of military personnel getting their information jacked through 3rd party apps

like finding out the outlines of a secret military base because someone was recording the GPS data of their daily jog

I remember that, it was actually a couple people IIRC

@lusty flare Wasn't that Strava?

https://www.theregister.com/2018/01/29/strava_heatmap_military_base_locations/ Sure was 😄

does obscuring the salt in a database help against bruteforce attacks?
more specifically put them in a format like {beginning of the salt}{the hashed password}{end of salt}
in a way only the program (and the one who coded it) knows where the salt ends and the hashed password starts

That's security by obfuscation, not a great idea. If someone just took a look at the program they could easily figure out how it was reading the db in, I imagine.

the point is someone can't use a precomputed rainbow table to brute force the hash

@opal copper look into pyarmor

i was but it wasny working for some reason

well pyarmor is probably your best bet if you can get past the problems. you can also compile your program and sent it as an exe so they don't need python / dependencies

@buoyant bison Obscuring a salt doesn't do too much, no.
You want to use different salts for each password.
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html handles that for you

@thorn obsidian @primal ibex @woven robin thanks for the responses but you see, my goal is to not only protect the password from rainbow tables, lookup tables. but to also protect it from dictionary attacks. I thought if I could obscure the key but wcshamblin has a good point it would be easy for them to crack if they know how the program works

Argon2 is designed for passwords, so even dictionary attacks would be slower.

As opposed to something like SHA256, or MD5, or something equally as bad.

I'd suggest reading into Argon2

I see. thanks. I will

How can I tell if the code I have running on my computer has a keylogger, leaks or anything that would allow someone to know what I'm doing within the code or in my computer?

Are you talking about a python program or just executable in general

A python program

@eternal veldt

Well you would need to be able to understand the code. If you can't understand the code there's really know way to know it's not malicious.

Good point. I'm two months into learning programming/python which makes it very hard for me to trust opening python programs on my computer.

I don't understand most of what I find.

Are there any key things I can keep an eye out for? Or is this something that can be really well hidden?

look for external network requests in the code

Well viewing code poses no risk to you, even if it is malicious. Just don't run it. But if you don't have much experience it can be very hard to know what to look out for. So if it's just some code you found online think twice before running it. But generally speaking big projects on github will usually be safe to use.

@echo herald Does that mean things like API?

@eternal veldt Yeah that's a good rule of thumb. Unfortunately the area I'm venturing into in python has very little stuff out there which makes everything seem untrustworthy since I can't understand most of it.

I'm a trader looking to back test my strategies.. Specifically options strategies. Some experienced developers have expressed interest in sharing their code so that I may test my strategies.

Which makes me doubt whether or not by testing my strategies on their code will allow them to see what my strategies are.

These are rather large python programs with hundreds of lines of code.

If you are worried it will do something bad on your computer, you could always go through the trouble of running it within a VM

But if you're worried about them seeing your own strategies, then that might not matter as much. If you really wanted to run their code you can either trust them, try to understand the program, or get someone else to check it out first.

@eternal veldt Solid advice. I'm going to spend some time analyzing the code as that itself should also help me get better at programming. If after doing that for a few hours/days I find there are still things that confuse me, I'll ask someone to check it out.

It could be naive of me or maybe not but I feel this code which is hundreds of lines of code, almost 1000, could be done in substantially fewer lines of code, around 100 to 200. Perhaps it is not too out of reach for me to make my own back tester with some effort.

Yeah definitely. At the very least it might could you in the right direction

Yeah you're right. I closed my eyes a few minutes ago and just tried to process how I would put the pieces together and it doesn't seem too complex. At least, for the sake of the simplicity of my strategies, I don't think I need a huge program. I can make something smaller that will do what I need and as I learn more I can add more functions to it

@eternal veldt

My main issue right now is that I haven't built anything class based which seems to be the typical format for programs of this nature. I'll either learn how to work with classes and make a simple version with classes or instead make it functional and at least have a working solution until I learn to make it class based.

That's alright. There's nothing wrong with only using functions. Like you said, you can always convert it to object-oriented down the road.

@eternal veldt Thanks. I guess that's what I'll do. Since at my level I feel much more comfortable with functions. All the small things I've done such as calculators have been functions. 🙂

good luck with it!

https://www.dealabs.com/bons-plans/udemy-ceh-1944000 100 % free

English?

yes is in english .
It only lasts 35 min.It is not very extensive but it can be interesting for people

I asked because the description looks to be in French

I highly recommend zSecurity, or Zaid Sabih on ethical hacking courses on Udemy. He's really good

what i remember of the CEH was that it was a lot more about staying out of jail than anything of worth lol.... OSCP was better about actually having to learn things

certifications are all about legality

not sure I follow exactly, but the CEH does fit that description

but certified teachers does put boundries on what you get to learn

hiya folks I was just wandering if you know a simple way to create a password hashing script in python. I am building a site and would like to know a way to hash passwords. Thanks!

Are you using a web framework to build the site?

django/flask/etc?

flask

flask for hosting

html css ect for the pages them selfs

@thorn obsidian https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html

hello

whats better to start getting into coding? powershell or python?

Powershell isn't really coding

It's scripting

But hugely useful in IT work

If you want to code, python would be a better introduction

thank you!

im trying to get in to IT as career any advice would be greatly appreciated. just trying to get my foot in the door

As the Cat said before, if you're getting into IT, Shell and basic CMD would be the way to go first off

Then you can begin integrating js and py in to code logs and stuff like that

I would google for like help desk/technical support jobs and see what they are asking for

and then focus on those areas

or noc jobs or whatever you specifically are interested in

Consulting can also be a good way to get started

1st line tech support is a good way into IT, providing you can meet the insane requirements of having 2 years experience in the job.

make an inventory of your computer skills, just a big ol' list, like can you use linux? done any active directory stuff? can you do hardware stuff? etc etc

and if you have a hard time getting the full time roles, don't miss a part-time or short term temp job

i built up the experience to have my CV taken more seriously by doing temp contracts. like ~3 months a time each one. also gives you a bunch of exposure to different IT systems and their workings.

I got a tech support job with just an AAS and an A+ cert, and 4 years of food service experience

i had spent my entire life using / working with / fixing problems with computers

hosting servers, reselling website space, that sort of shit since i was a kid

but your word vs something that goes on a CV, big difference to some people

could someone try to help me with my encryption software. it is supposed to encrypt any text of your choice. but i am stuck on making it encrypt spaces and decrypt correctly.

Post your code

What library are you using

Sounds like bad encryption lol

Or really good, not sure which lol

Could be a padding problem for like AES?

Hello all. Any suggestions for a book/course for cyber security with python for beginners?

@grand current there are some good ones at https://www.cybrary.com

Thank you.

#discord-bots

Just being lazy? @thorn obsidian

could someone try to help me with my encryption software. it is supposed to encrypt any text of your choice. but i am stuck on making it encrypt spaces and decrypt correctly.
@static thunder wait i am confused, why does it sound like veracrypt/bitlocker does everything you want your program to do..?

What if they want to immediately send the encrypted data over a socket

And also what if they just want to learn how to do it

How do I use a key generated by argon2 to encrypt or decrypt using fernet? it gives an error 'Fernet key must be 32 url-safe base64-encoded bytes.'

I think maybe increase the digest size to 32 and use it as a key?

I think maybe increase the digest size to 32 and use it as a key?
yeah I'll try that

Hi guys

is it dangerous sharing your uuid with someone else?

UUID for what?

your Discord UUID?

@dull geyser Depends what the UUID is

the one that appears using wmic csproduct get uuid command on cmd

I have no idea what that is lolol

What?

https://www.reddit.com/r/netsec/comments/i80uki/theymozilla_killed_entire_threat_management_team/
sigh

👎

Does anyone know if there's a specific reason for this?

https://blog.mozilla.org/blog/2020/08/11/changing-world-changing-mozilla/

is this stuff with mozilla good for privacy or no?

i left chrome long ago but idk maybe go back?

i know chrome is not good for privacy but with the security is good

It's a matter of waiting and seeing

My english is little bad to understand the text, but they are saying that they want to move away from keeping data private? correct?

No, that's not what they're saying

oh

I use Brave for the time being ...

I'm sorry to hear that

Quite unfortunate

Hold on. I looked up Brave's controversy with affiliate link injection, and I saw this

https://latesthackingnews.com/2020/06/14/brave-browser-lands-in-hot-waters-for-mistakenly-redirecting-users-to-affiliate-links/

Mistakenly?!

You can see the fucking commit in which they put it in

"Oops, didn't mean to commit that, or get it verified, or get it pushed out to the final release. Our bad!"

Common slipup, I can see why

I vaguely remember Firefox doing that once too

Something along those lines

Can't find anything about it though

If you're talking about the add-ons, that's entirely different

DuckDuckGo : )

DDG is great, but sometimes it just.... doesn't work? Like, the results aren't even close

And their crawlers are quite slow to index new sites

I meant something regarding adding (undisclosed?) advertising somewhere that got removed after backlash. Maybe it was related to add-ons;I don't really remember anymore.

The Mr. Robot thing?

@primal ibex not really. I was searching for a video of a national park and the first result was like 5 hours old. Not even from a major publication, just a guy on YouTube with 7 views being exactly wear I was looking.

https://www.theregister.com/2020/08/13/pentest_networks_fail/

The crews found that bugs in web apps for which patches exist yet were not applied were a particularly easy way to break into networks. In 77 per cent of the cases, web app vulnerabilities and configuration flaws allowed the red teamers to crack a company's defenses

PATCH YOUR SHIT

What's more, in most of the cases, an attacker did not need to do much, beyond gaining an initial foothold, to command full internal network access: in 68 per cent of the trials, the infiltrators only needed to take one or two steps to have the entire organization

smh my head

What's the example of Avalibility breach in CIA Traid?
does DDoS count?

that sounds like a homework question - one which you would probably benefit from figuring out yourself

yes it is. haha

so i have read so far. Availability is unauthorized block of access or deletion of data

if im not wrong

so im just wanna make sure it's DDoS, before i look into real-world case study

Yes you can read into DDOS

Can someone teach me ethical hacking?

the best teacher is yourself

Right @spiral pivot

is there a way to by pass this voting system? https://superseed2.gobi.vc/championship-standings/?utm_source=Alfred.&utm_campaign=a27484e3a6-EMAIL_CAMPAIGN_2020_08_13_10_16&utm_medium=email&utm_term=0_0a7b9a6642-a27484e3a6-410958577

it requieres an sms verification

You want to rig the vote for something you received in your email?

Pretty sure that's not allowed here

@tribal vault

Is there a way to bypass this voting system
That's not something we'd entertain here

I was installing some stuff on my router the other day, and nmap'ed it realising that the firewall opened 2 ports. It seems a bit odd to me. Could this be a security issue?

@main sequoia What'd you install on your router? What are the ports?

It was from the entware package, but the open ports were localized as "blackice". I read that they quit a long time ago

And they run on port 8400 something, I don't have the scan available atm

What router is this? Did you have DDWRT, OpenWRT, Lede, or something else installed to it?

Asus RT-AX88U

And I'm running the Merlin software

Did you try seeing what connecting to those ports returns?

No I didn't. And also I can't even see them as open anymore (no settings changed).. My net is no good..

The modem got hijacked a while back, and my ISP refuses to change it's admin password. to allow me on.. So I need this Asus one to at least be as safe as possible

what was the actual nmap result?

are they actually open?

are you running it against the public IP address?

what is your network topology? are you still using the ISP router but double NAT'ing with a 2nd router?

i think we'd need more information before we can discuss this in a productive manner is what i'm saying.

Yes, I am using the ISP modem (not router) in NAT because it does not support bridge.
The nmap scan was from local IP, but I can try the public one too.
One thing I know for sure is the modem is hijacked and its password is leaked, and I have been messaged about that. Resetting the modem doesn't return it to default admin/root password, so I do not have access to all services.
The Asus is running on merlin version 384.18_0

Hey @main sequoia!

I'll sent the nmap scan in parts:

▶ nmap -T4 -A -v 192.168.50.1
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-13 23:10 CEST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 23:10
Completed NSE at 23:10, 0.00s elapsed
Initiating NSE at 23:10
Completed NSE at 23:10, 0.00s elapsed
Initiating NSE at 23:10
Completed NSE at 23:10, 0.00s elapsed
Initiating Ping Scan at 23:10
Scanning 192.168.50.1 [2 ports]
Completed Ping Scan at 23:10, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:10
Completed Parallel DNS resolution of 1 host. at 23:10, 0.04s elapsed
Initiating Connect Scan at 23:10
Scanning RT-AX88U-5E28 (192.168.50.1) [1000 ports]
Discovered open port 443/tcp on 192.168.50.1
Discovered open port 53/tcp on 192.168.50.1
Discovered open port 445/tcp on 192.168.50.1
Discovered open port 139/tcp on 192.168.50.1
Discovered open port 80/tcp on 192.168.50.1
Connect Scan Timing: About 47.40% done; ETC: 23:11 (0:00:34 remaining)
Discovered open port 8081/tcp on 192.168.50.1
Connect Scan Timing: About 78.30% done; ETC: 23:12 (0:00:30 remaining)
Completed Connect Scan at 23:13, 208.00s elapsed (1000 total ports)
Initiating Service scan at 23:13
Scanning 6 services on RT-AX88U-5E28 (192.168.50.1)
Completed Service scan at 23:14, 22.05s elapsed (6 services on 1 host)
NSE: Script scanning 192.168.50.1.
Initiating NSE at 23:14
Completed NSE at 23:14, 8.60s elapsed
Initiating NSE at 23:14
Completed NSE at 23:14, 0.05s elapsed
Initiating NSE at 23:14
Completed NSE at 23:14, 0.00s elapsed
Nmap scan report for RT-AX88U-5E28 (192.168.50.1)
Host is up (1.0s latency).

right, that looks like a local side nmap scan

I'll try to nmap my pub ip

This one is long too...

!haste

!paste

so i had a look through those results

while there seem to be some services open on your public IP, i'm not sure they're publicly accessible.

For example the ssh part is the modem, not sure how much I like that

is the ISP modem an actual modem? single port in, single port out, direct connection to the internet?

or is it just a router?

It's a 2in1 router and modem.. I think it's an inteno DG400 running on Iopsys system

okay, so if you're double NAT'ing, none of the stuff you see on your public IP matters to the 2nd NAT state

since you've got another router/firewall in the middle that can accept / reject traffic as it pleases

by pushing the ISP router LAN -> WAN of another router, you get another layer of abstraction which gives you more control

over your bit.

e.g. anything out the ISP router -> your router, you have control over now

as opposed to just directly connecting a switch to the ISP router

I may be a bit paranoid, but I've tried to monitor the network with wireshark in between as well, showing some kind of ARP. I think what I'm mostly scared of is MITM on the ISP modem

hmmm... little you can do but to remove the ISP's router from the equation then.

PPPOE.. They don't own the network, so I can't get the info

or set up a VPN and tunnel through it

It helps a bit tho with the info, so thanks a lot! At least the emails about stolen accounts stopped after I set up the asus

that's really the only way to handle untrusted networks, btw

VPN through them

yeah, not sure about the stolen accounts email stuff, but glad i was of some help.

btw "double NAT'ing" is usually called "Carrier Grade NAT" if you wanted to look up more about your network topology, but this is drifting into networking channel talk ¬_¬

your isp modem requires nat?

I'll have a look at it 😛 Can probably read the documentation for it

Yes it requires nat, at least with the access I have to it

i feel router / modem talk can easily get confused due to the combined nature of the device now.

yeah if it implements NAT its both a modem and a router

or just a router.

This one is both, but yeah it's easy to mix

yeah, my fibre line has a dedicated modem that i could configure to and directly expose a PC to the world on that public IP

the only way you can do that through most combined router / modems is through a DMZ or some such

I've been thinking of another solution to it, but I don't know if I'm even allowed to ask for advice on how here

or 1:1 NAT forwarding

yeah, we can't discuss breaking into your ISP's router.

:3

😛

That's fine tho, but it would for sure fix the problem

have you tried asking your isp

hah

a generic hah, but a hah nonetheless

@main sequoia

The modem got hijacked a while back, and my ISP refuses to change it's admin password.
How do you know the modem was hijacked?

If you have a compromised upstream modem, it doesn't matter what else you use on the network.

great question about a point i completely missed.

You still have a compromised device on the network

Wireshark (ARP), received mail about it, getting a warning whenever I log on, and I've seen weird connections besides that in my network both from iptables logs and using "my little snitch" to monitor connections on my mac

I've also been going through a lot of the SSL keys checking whether they are valid and not, and while more are, there's quite a lot which are not

a device from the local side can only report on local traffic.

Well another router would at least create a different network, offering some protection, right? @thorn obsidian

double NAT'ing would be more like abstraction than real security

I'm taking logs from both the Inteno, the Asus and multiple devices at home

if the ISP router was compromised having another router/firewall between it and your LAN somewhat protects you

http traffic could still be intercepted, anything unencrypted

@analog jacinth If you have two devices, and the one is compromised, you still have a compromised device

DNS requests, etc

since they have to be forwarded to the upstream router (/modem)

With it being an ISP-provided device, it's probably locked down too. Do you know for a fact these connections are not being siphoned off to some third-party? No.

ISP's often fill their little white label boxes with holes so when you call for support they can jump in

still not sure why TR-069 isn't the standard choice for that but oh well

I called them asking for help either to connect to it or help connecting to their PPPOE, both refused saying that if they give me that information, they may as well give me the information of their other customers

i mean, they might not be wrong depending on their network topology and protections

a friend in rural America was on a WiFi beacon sort of platform

or it was a cheap excuse of "Yeah that's not gonna happen"

so you'd have a central tower in your area and you'd beam from your dish to that

she connected directly with a computer rather than ISP modem once and got a DHCP address in a private (LAN) range

ran an nmap scan and saw all the other modems (routers) in the area light up on it

¯_(ツ)_/¯

that was a carrier grade NAT scenario though, and probably poorly thought through

Generally speaking, I'm also still on the copper net, so I bet the chances are they didn't really think it too through

nah, ADSL / Copper infra is better thought through than some of the modern solutions. we've had like 3 decades of ADSL.

at the end of the day, if you can't trust your ISP you can either ditch them or be paranoid while using the internet and being mad at them

There is no other ISP in the area.. So I'm only left with one choice lol

well, that sucks.

i assume they're a reasonably large ISP too?

Actually no, they've just taken over the ADSL network after the company that owns it stopped supporting it

Can't you just buy your own modem and use that instead?

would need the PPPoE details, which they wont give out

not uncommon. SKY started doing that in the UK a lot

Name and shame, then.

but people figured out that the PPPoE password was related to modem / router MAC address

so you could just run a script against the MAC and get your PPPoE pass

great

Lol I wish I could do that here.. Maybe

If you know your modem is compromised and can prove it, let others know, publicly.

I have the mac address of the Inteno anyway tho, maybe I could set up the Asus to copy it somehow

know carries a lot of weight there. at the very least you could figure out a better line of questioning with your ISP

Copying a MAC address != PPPoE credentials

"why are these ports open on my router?"

@lusty flare There's plenty of ISPs that have ports open on routers

That's not news

oh sure, but asking them why can lead to some interesting results

But to know and prove it's compromised, totally different story.

Not necessarily

I assisted someone years ago with just that. The ISP didn't care.

I should have some logs laying around. But I've tried to talk to them about it and they don't give a fuck

i mean i think trying to nail down the ISP's response to your questions is important

gives you an idea of what their behaviour is like

i guess if you know what sort of response you expect

@main sequoia What country/state is this?

Norway

Huh. Not the response I expected at all.

Yeah I know.. I've not really dealt with many companies like this

Oh, I certainly have 😄

Where are you from?

U.S.

I bet there are a few more over there 😛

Quite a decent amount, that's for sure.

I can only give you my opinion on this, not a lawyer and all that.

i can see no reason to doubt a major norwegian ISP

But yeah, I'd be trying to get a new modem ASAP

then again, i only know one man who has worked for a norwegian ISP

smash it with a hammer and tell them you need a new one

¬_¬

If it's truly compromised, and you can prove it's compromised, get a new one yesterday

@lusty flare and then pay the $500~ for destroying their property, sure.

They did offer to send a new modem, but still won't give admin, so I don't see the point

I believe it's one of their admin passwords being breached as well

Eeeeehhhhh....

Can I PM you for some details?

Yeah of course

i know what it's like in the US Scott, and i don't know what it's like in Norway, but those routers are gifted out like trash here

and often, on ADSL lines, just get the PPPoE info off the ISP and use your own hardware.

if i was using a BT Home Hub or w/e and it "broke" (yes a hammer is excessive) they'd just replace it

the cost of the router is included in monthly payments so unless you're breaking a shit load a month you're still making them money

wtf does one of those zyxel shitboxes cost wholesale anyway?

US ISPs seem much more insane in their profit extraction over set-top-box rental and the likes

because of the whole monopolistic market and that

Zyxel routers are given out here too as the trash they are..
The people on the support line for my ISP doesn't even know what PPPOE is...

@main sequoia So, I'm not going to link it.. but I've found evidence to suggest that the specific make/model you have has an RCE in it.