Page 1 of 2 12 LastLast
Results 1 to 30 of 54

Thread: Vulnerability megathread

  1. #1
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696

    Default Vulnerability megathread

    http://www.arstechnica.com/security/...by-stuxnet.ars

    http://www.engadget.com/2011/08/04/g...day-scenarios/

    I think it's safe to say most of us have no idea how vulnerable our societies may be.

    Do these vulnerabilities have real and significant consequences or are they about as relevant as eg. the delicious American doomsday scenario about a feminist apocalypse?
    Last edited by Aimless; 08-06-2011 at 10:48 AM.
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  2. #2
    http://blogs.mcafee.com/mcafee-labs/...tion-shady-rat

    McAfee Inc. says it has uncovered an international hacking campaign, probably conducted by one government, that has spied on and committed cyber attacks against the networks of 72 other governments and corporations over the last five years.

    The Santa Clara-based tech security firm has dubbed the alleged hacking spree "Operation Shady RAT," and noted that 49 of the 72 victims it has identified were located in the U.S. -- making American organizations the main target.

    Among those McAfee says were infiltrated and attacked: the U.S. government, the United Nations, the Assn. of Southeast Asian Nations, the governments of Canada, India, Taiwan, South Korea and Vietnam, and a number of companies dealing with construction, energy production, technology, telecommunications, media, sports, economics, finance and real estate.
    http://latimesblogs.latimes.com/tech...companies.html
    "In a field where an overlooked bug could cost millions, you want people who will speak their minds, even if they’re sometimes obnoxious about it."

  3. #3
    Senior Member
    Join Date
    Jan 2010
    Posts
    1,915
    Olol. Really, these kinds of things just don't exist by accident.

    One of the most serious security holes is a six-letter hardcoded username and password—“Basisk”; “Basisk”—that Siemens engineers had left embedded in some versions of firmware on its S7-300 PLC model. The credentials are effectively a backdoor into the PLC that yield a command shell, allowing an attacker to dump the device’s memory—in order to map the entire control system and devices connected to it—and reprogram the unit at will.

  4. #4
    De Oppresso Liber CitizenCain's Avatar
    Join Date
    Apr 2010
    Location
    Bottom of a bottle, on top of a woman
    Posts
    3,423
    Pffft.

    The future of hacking is in medical implants. Next time I'm stuck behind some senior citizen trying to pay for $80 worth of groceries in loose change, I'll just open up my Driod and turn off his pacemaker.
    "I predict future happiness for Americans if they can prevent the government from wasting the labors of the people under the pretense of taking care of them."

    "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants."

    -- Thomas Jefferson: American Founding Father, clairvoyant and seditious traitor.

  5. #5
    I don't know, I think I'd have more fun taking control of their car. Directly killing people seems to much like Gene Generation.

    the Black Hat Technical Security Conference is offering up yet another slice of cringe-inducing hacker pie. A pair of pros from iSec Partners security firm was able to unlock and start the engine of a Subaru Outback using an Android phone and a process they call war texting. By setting up their own GSM network, they were able to snatch up password authentication messages being sent from server to car, allowing them the option to ride off in a brand new crossover. Apparently, your car isn't the only thing in danger of a war-texting takeover, however, as the team says there are a slew of devices and systems, accessible over telephone networks, that are vulnerable to similar attacks, including A-GPS tracking devices, 3G security cameras, SCADA sensors -- and thus the power grid and water supply -- home automation, and urban traffic control systems. Somehow this group of otherwise innocent looking New York texters appears a whole lot more sinister now.
    "In a field where an overlooked bug could cost millions, you want people who will speak their minds, even if they’re sometimes obnoxious about it."

  6. #6
    Let sleeping tigers lie Khendraja'aro's Avatar
    Join Date
    Jan 2010
    Location
    In the forests of the night
    Posts
    5,249
    Quote Originally Posted by CitizenCain View Post
    Pffft.

    The future of hacking is in medical implants. Next time I'm stuck behind some senior citizen trying to pay for $80 worth of groceries in loose change, I'll just open up my Driod and turn off his pacemaker.
    The heart will keep on beating happily, even if you turn off the pacemaker. That device is only there to correct arrythmias.
    When the stars threw down their spears
    And watered heaven with their tears:
    Did he smile his work to see?
    Did he who made the lamb make thee?

  7. #7
    De Oppresso Liber CitizenCain's Avatar
    Join Date
    Apr 2010
    Location
    Bottom of a bottle, on top of a woman
    Posts
    3,423
    Thank you for that correction. To kill the guy I'd have to set the pacemaker to start sending out electrical pulses at a fantastic rate, then?

    Quote Originally Posted by Ominous Gamer View Post
    I don't know, I think I'd have more fun taking control of their car.
    Meh, that link's in my article as well, but... stealing a car? Hard to get excited about that, even if it's done in a cool way via SMS. On the other hand, killing someone who's in front of me in line, undetectably, is something I can't do with a rock and a screwdriver.
    "I predict future happiness for Americans if they can prevent the government from wasting the labors of the people under the pretense of taking care of them."

    "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants."

    -- Thomas Jefferson: American Founding Father, clairvoyant and seditious traitor.

  8. #8
    That's no moon. EyeKhan's Avatar
    Join Date
    Jan 2010
    Posts
    5,927
    I got a sense of how vulnerable civilization is with that huge power outage in 2003. I had no water, not lights, no gas, no radio, no phone, nothing . . . . How many days would it take before people were killing each other for food or survival gear? One problem with modern civilization is that 95% of everyone has no idea to live without a car, a grocery store, a kitchen full of appliances and/or McDonalds down the street. I know I don't --- I could get by for a while with my meager backpacking skills, but I've never so much as cleaned a fish.

    EDIT: Rumour has it a really big solar storm, which have occurred in the early days of electrification, could shut down the global electrical grid and fry all manner of senstive electronics. If not now, how long before an event like that results in the deaths of tens of millions?
    The Rules
    Copper- behave toward others to elicit treatment you would like (the manipulative rule)
    Gold- treat others how you would like them to treat you (the self regard rule)
    Platinum - treat others the way they would like to be treated (the PC rule)

  9. #9
    Uncolonizable Wraith's Avatar
    Join Date
    Jan 2010
    Posts
    4,356
    Quote Originally Posted by EyeKhan View Post
    I got a sense of how vulnerable civilization is with that huge power outage in 2003. I had no water, not lights, no gas, no radio, no phone, nothing . . . . How many days would it take before people were killing each other for food or survival gear? One problem with modern civilization is that 95% of everyone has no idea to live without a car, a grocery store, a kitchen full of appliances and/or McDonalds down the street. I know I don't --- I could get by for a while with my meager backpacking skills, but I've never so much as cleaned a fish.
    After a big earthquake in Guam, I went a bit over a month without power (and two more months with rolling blackouts). Two weeks without running water. Civilization didn't collapse then. There was one small ice riot I heard about, but that was about it. Not even very many deaths after the initial building collapsathon. I think we're more robust than you give us credit for.

  10. #10
    That's no moon. EyeKhan's Avatar
    Join Date
    Jan 2010
    Posts
    5,927
    Quote Originally Posted by Wraith View Post
    After a big earthquake in Guam, I went a bit over a month without power (and two more months with rolling blackouts). Two weeks without running water. Civilization didn't collapse then. There was one small ice riot I heard about, but that was about it. Not even very many deaths after the initial building collapsathon. I think we're more robust than you give us credit for.
    I assume the US government provided food, water and basic health care for everyone? There's a big ass Naval/Air base on Guam, no? It has a hospital, surely, and an independant source of power? Now, consider the entire world having a Big Ass power outage. No electricity to run water pumps and treatment plants, no electricity to pump natural gas and run fuel refineries, no internet after the back up fuel supplies run out, no food distribution so when the groceries run out in NYC, millions will be without food and water.... Guam is small and we can roll with that like we roll with localized hurricanes, volcanos and earquakes. But if the world's electric grids are heavily damaged, our electronics are fried, our communications shut down, all at once, then what?

    The truth about 2003 was there were no riots, no panics, nobody at each other's throats, and that's a good thing. But it was an eye opener of what is possible, too.
    The Rules
    Copper- behave toward others to elicit treatment you would like (the manipulative rule)
    Gold- treat others how you would like them to treat you (the self regard rule)
    Platinum - treat others the way they would like to be treated (the PC rule)

  11. #11
    Uncolonizable Wraith's Avatar
    Join Date
    Jan 2010
    Posts
    4,356
    Quote Originally Posted by EyeKhan View Post
    I assume the US government provided food, water and basic health care for everyone? There's a big ass Naval/Air base on Guam, no? It has a hospital, surely, and an independant source of power?
    All hospitals, everywhere in the west, have backup generators.

    Guam is small and we can roll with that like we roll with localized hurricanes, volcanos and earquakes.
    No volcanoes there, and they're called typhoons in the Pacific. Guam is small, but it's also completely isolated. When the power went out on the East Coast, it was still possible to drive to and from places with power. No such thing in Guam, everybody and every thing within reach was just as screwed as you. Everybody ran out of gasoline pretty fast, before the end of the first week it was pretty much impossible to buy. There was no refrigeration, so most of the food supplies spoiled that first week too (there were a lot of hastily put together parties with food cooked by propane the first few days). It had every problem you listed, and was isolated enough that it couldn't get much outside help (I think some started arriving on week 3), and it survived without any serious problems. I don't think it'd be that much different with a larger scale problem in the US or elsewhere in the west. Whatever crazy solar storm knocks out the power grid, we can get things running again, and we'll survive alright in the meantime.

  12. #12
    Let sleeping tigers lie Khendraja'aro's Avatar
    Join Date
    Jan 2010
    Location
    In the forests of the night
    Posts
    5,249
    Quote Originally Posted by CitizenCain View Post
    Thank you for that correction. To kill the guy I'd have to set the pacemaker to start sending out electrical pulses at a fantastic rate, then?
    Actually, I've got no idea what a faulty pacemaker would do to a human heart. I think it would probably like a regular heart attack, thus not outright killing anyone.
    When the stars threw down their spears
    And watered heaven with their tears:
    Did he smile his work to see?
    Did he who made the lamb make thee?

  13. #13
    De Oppresso Liber CitizenCain's Avatar
    Join Date
    Apr 2010
    Location
    Bottom of a bottle, on top of a woman
    Posts
    3,423
    Quote Originally Posted by EyeKhan View Post
    One problem with modern civilization is that 95% of everyone has no idea to live without a car, a grocery store, a kitchen full of appliances and/or McDonalds down the street. I know I don't --- I could get by for a while with my meager backpacking skills, but I've never so much as cleaned a fish.
    The only reason you've never cleaned a fish is because you've never had to. It's remarkably easy on fish, in particular, to separate the edible parts from everything else, and it's not that much harder on other, more complex, animals either. If eating this week or not depended on it, I'm pretty sure you (and even most of the moronic masses) would be able to figure it out. And if you screw it up, well biting into a bone, or tasting a chunk of fish intestine is a powerful motivator to learn from your mistakes... not like those mistakes are fatal either, just unpleasant in the mouth-area.

    The actual problem you'd probably face is getting shot [at] by "survivalists" and/or militias and/or other territorial folk who know how to live off the land. I may not shoot to kill now when someone trespasses on my property (as tempting as those fucking kids make it), but you can bet that'll change in a hurry if civilization collapses, there's no one to stop me, and dumbfuck trespassers threaten my ability to kill and eat my next meal.

    Quote Originally Posted by Khendraja'aro View Post
    Actually, I've got no idea what a faulty pacemaker would do to a human heart. I think it would probably like a regular heart attack, thus not outright killing anyone.
    Well, shit. I guess field tests are in order, then. *grumble* Nothing in life is as easy as it should be... not even causing a faulty heart to give out. Stupid fucking reality.
    "I predict future happiness for Americans if they can prevent the government from wasting the labors of the people under the pretense of taking care of them."

    "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants."

    -- Thomas Jefferson: American Founding Father, clairvoyant and seditious traitor.

  14. #14
    Senior Member GGT's Avatar
    Join Date
    Jan 2010
    Posts
    17,947
    Wraith was in Guam? That sounds interesting....we should know more about that!

    Choobs, I can't believe you've never cleaned a fish! I thought you were into that rugged outdoorsy Michigan lake stuff. Anyhow, you don't need to do much more than spear the thing with a long sharp stick, and cook it over an open fire. The fish skin acts like its own skillet, keeping the meat together until you cut it open. Once it's cooked the bones pull away pretty easily, sometimes in one long piece (depending on the fish).

    And I'm surprised you're worried about losing electricity. What with all those trees and fresh water lakes and streams in Michigan, you could survive long enough with stuff from your house, kitchen pantry and garage---a good knife, a shovel, some matches. Make an earth berm fire, boil your water, dig a latrine.

    Cain has a point about guys with guns, though. Survivalists might warn (or just as well shoot) trespassers, but urban gangs could become marauders, looters and thieves. That's when you offer then whiskey or wine, I suppose. Didn't we already have this conversation in a zombie thread?

    <Some pacemakers function to replace a bad AV node, being the only electro-conductivity making the heart beat. So, in theory, you can still kill someone with a pacemaker by shutting it off or fritzing it out. >

  15. #15
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  16. #16
    De Oppresso Liber CitizenCain's Avatar
    Join Date
    Apr 2010
    Location
    Bottom of a bottle, on top of a woman
    Posts
    3,423
    I'll say. "Here's a bunch of exploits and a prepackaged way to use them, against, among other things, a widely used line of machinery that isn't being and won't be updated to address its laundry list of class A security flaws."

    Viva la revolucion, or something.
    "I predict future happiness for Americans if they can prevent the government from wasting the labors of the people under the pretense of taking care of them."

    "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants."

    -- Thomas Jefferson: American Founding Father, clairvoyant and seditious traitor.

  17. #17
    . Being's Avatar
    Join Date
    Jan 2010
    Location
    CA
    Posts
    3,264
    Yeah, more work for me...yay
    .

  18. #18
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  19. #19
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  20. #20
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    There have been a lot of these reports popping up over the past few months:

    http://xs-sniper.com/blog/2011/12/20...#disqus_thread


    I found one system in Sweden, had no idea who to notify.
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  21. #21
    Administrator Dreadnaught's Avatar
    Join Date
    Jan 2010
    Posts
    9,116
    When I clicked, I seriously thought this thread was going to be an ongoing summary of people talking about things making them feel vulnerable.

    EG, "What's making you feel vulnerable today."

  22. #22
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    Massive espionage malware targeting governments undetected for 5 years

    http://arstechnica.com/security/2013...bytes-of-data/


    I think I've seen this episode
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  23. #23
    I got one, how about the department of homeland security commenting that its going to take years before Oracle catches up patching all the already existing holes in javascript.
    http://www.guardian.co.uk/technology...ava?CMP=twt_gu
    "In a field where an overlooked bug could cost millions, you want people who will speak their minds, even if they’re sometimes obnoxious about it."

  24. #24
    Senior Member Enoch the Red's Avatar
    Join Date
    Dec 2010
    Posts
    2,068
    Quote Originally Posted by Ominous Gamer View Post
    I got one, how about the department of homeland security commenting that its going to take years before Oracle catches up patching all the already existing holes in javascript.
    http://www.guardian.co.uk/technology...ava?CMP=twt_gu
    Erm, Java != Javascript.

  25. #25
    lol, yep. article even says that. been a long day. combined /. articles in my head.
    "In a field where an overlooked bug could cost millions, you want people who will speak their minds, even if they’re sometimes obnoxious about it."

  26. #26
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    http://arstechnica.com/security/2013...-to-hijacking/

    The folks over at the NSA must love this
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  27. #27
    Administrator Dreadnaught's Avatar
    Join Date
    Jan 2010
    Posts
    9,116
    Interesting. Next time I see my phone inexplicably downloading a lot of background data, I will question whether it's an OTA update or my introduction to a $10,000 charge for phone sex in Belarus.

  28. #28
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    11,696
    The hits just keep on coming:

    http://arstechnica.com/security/2013...the-high-seas/

    Ninja GPS-spoofing
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  29. #29
    Senior Member Flixy's Avatar
    Join Date
    Jan 2010
    Location
    The Netherlands
    Posts
    5,703
    Didn't they do that in Tomorrow Never Dies (though in a more complex way)?
    Keep on keepin' the beat alive!

  30. #30
    Let sleeping tigers lie Khendraja'aro's Avatar
    Join Date
    Jan 2010
    Location
    In the forests of the night
    Posts
    5,249
    Yeah, but it would be slightly harder to do that to military GPS systems as military GPS contains security features explicitly designed against this type of spoofing - civilian systems lack that kind of proofing.
    When the stars threw down their spears
    And watered heaven with their tears:
    Did he smile his work to see?
    Did he who made the lamb make thee?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •