Name: Anonymous 2018-07-11 17:58
When a program has a glitch or a crash, you think it might be some sort of stack overflow 0-day or some shit
When someone sends you a word document, you wonder if it's got malicious macros or some shit and upload it to virustotal first, but then even when it says 0/56, you wonder if they're just using some packer or steganography or something to get around scanners
van eck phreaking and tempestSDR to see what you're doing, without even needing to have any malware on your computer
leaky radio waves from unshielded processors revealing every instruction being executed
google has more power than governments and their software is more malicious than most ``malware''
rowhammer and other weird physics-based shit instead of it all being code
accidentally going to a typo domain instead of the real one and then wondering if you got owned with something that is impossible to detect
process hooks and hidden windowstyle
people suggesting that people use browser add-ons like NoScript and shit, but be honest -- have you actually audited the source? do you run wireshark with it?
maybe you have APT-level malware that detects when it's being analyzed and then stays on the down low
undefined behavior
accidentallt security problem, or backdoor? you be the judge... only patched when publicized
CPU usage decreasing when you open a tool to see which processes are using your CPU -- coincidence, or clever malware?
``too big to be malicious'' -- if millions of people use this software, it must obviously be legit, right? not necessarily!
you could start wars by hacking twitter and making fake trump tweets -- there is a distinction between a person and their accounts, and what is posted isn't always from them
sites that check your user agent to deliver a payload specific to your OS and browser
what if you use an old program that tries to connect to a now-defunct server, and then the domain expires, and someone re-registers it, and then uses the fact that the program connects to that domain in order to own you?
water holing attacks: just because the owner of a site or app is non-malicious doesn't mean their accounts or software is nice too -- they can get hacked too
if someone who runs a big site gets hacked and a small number of their users are targeted with malware, would they publicly disclose it? no, that would fuck up their stock price, so they keep it a secret
wanna pwn security researchers? put some bullshit thing on github, but release precompiled binaries that are different from the source (the point of gentoo's security model -- interesting, but not fully-featured), and they'll eat that shit up just as long as it makes them look 1337 on twitter or in some conference about privacy or something
nanomachines in my butthole will end up on shodan in the near future -- thanks, silicon valley IoT bullshit capitalists
all IoT shit is based on Linux -- this is a monoculture which is harmful, considering how expensive these bullshit appliances are, and how most of them will never get security fixes, so they'll continue to be used (ad hacked) for years to come
stallman was right but nobody listened because he's got a huge beer belly and doesn't shave or get haircuts as often as he should -- appearance determines whether or not people will listen to you
webcam malware that is clever enough to not enable the light when it's recording
can you verify that software updates are authentic and not tampered with? see: flame, duqu
so much shit in the cloud is stored in an insecure manner
diversity hires in charge of securing production data
reverse shells and logic bombs, shit waiting dormant until a certain time, at which point it does something like exfiltrate all your important shit
do you know all of the packets that have gone out of your network? maybe all your files are already in china
part of a botnet, or maybe multiple botnets
VPNs and tor might be compromised
disgruntled employee fucking up your shit in a data center
when you use an open source tool and look at the source code and can't figure out what a subroutine does, you wonder if it's some sort of tricky backdoor shit that's really subtle, like the
maybe you can't trust certificate authorities
maybe the encryption algorithms we use are already broken
what are the worst cases of hacking that just haven't been discovered yet?
running wireshark and coming across traffic you don't understand, so you wonder if it's some sort of data exfiltration, or maybe just something legitimate that you don't know about
looking at all the processes in htop and wondering if they're malware in disguise
wondering if your checksum tool is backdoored to give incorrect checksum verifications to make you think things are unmodified when they actually are
people like developers or torrent uploaders building up trust for years before doing something sinister, like putting hidden spyware in the shit you download from them
minix runs inside your intel processor, but can you trust it?
driverless cars are cars controlled by hackable computers on the internet and that's terrifying
thinking dmesg and /var/log will save you, but have you checked their integrity?
what if your SIEM and IDS/IPS get owned too?
there's so much code in everything we use that nobody audits and everyone assumes that someone else does it
there are privilege levels even beyond ring 0
your phone might have an app that's listening to what you're doing
BIOS rooktits
maybe when you ask if something is malicious on a forum, the botnet owner replies with their sockpuppet accounts to tell you not to worry about it
keyloggers
RATs
0-day exploits
setoolkit
elections being rigged, politicians being blackmailed because of shit they did on a hacked computer -- hackers will rule the world
errything is hackable
everything has been hacked? maybe
the worst cases of hacking are the ones you'll never hear about because they're good at avoiding detection
computer science academia teaches useless shit like how to reimplement a binary tree or linked list or some bullshit that's been done a million times already but they treat security as if it's not that important
who fucking gives a shit about your lisp macros, we need to concentrate on security
everything's getting fucking hacked and nobody cares
When someone sends you a word document, you wonder if it's got malicious macros or some shit and upload it to virustotal first, but then even when it says 0/56, you wonder if they're just using some packer or steganography or something to get around scanners
van eck phreaking and tempestSDR to see what you're doing, without even needing to have any malware on your computer
leaky radio waves from unshielded processors revealing every instruction being executed
google has more power than governments and their software is more malicious than most ``malware''
rowhammer and other weird physics-based shit instead of it all being code
accidentally going to a typo domain instead of the real one and then wondering if you got owned with something that is impossible to detect
process hooks and hidden windowstyle
people suggesting that people use browser add-ons like NoScript and shit, but be honest -- have you actually audited the source? do you run wireshark with it?
maybe you have APT-level malware that detects when it's being analyzed and then stays on the down low
undefined behavior
accidentallt security problem, or backdoor? you be the judge... only patched when publicized
CPU usage decreasing when you open a tool to see which processes are using your CPU -- coincidence, or clever malware?
``too big to be malicious'' -- if millions of people use this software, it must obviously be legit, right? not necessarily!
you could start wars by hacking twitter and making fake trump tweets -- there is a distinction between a person and their accounts, and what is posted isn't always from them
sites that check your user agent to deliver a payload specific to your OS and browser
what if you use an old program that tries to connect to a now-defunct server, and then the domain expires, and someone re-registers it, and then uses the fact that the program connects to that domain in order to own you?
water holing attacks: just because the owner of a site or app is non-malicious doesn't mean their accounts or software is nice too -- they can get hacked too
if someone who runs a big site gets hacked and a small number of their users are targeted with malware, would they publicly disclose it? no, that would fuck up their stock price, so they keep it a secret
wanna pwn security researchers? put some bullshit thing on github, but release precompiled binaries that are different from the source (the point of gentoo's security model -- interesting, but not fully-featured), and they'll eat that shit up just as long as it makes them look 1337 on twitter or in some conference about privacy or something
nanomachines in my butthole will end up on shodan in the near future -- thanks, silicon valley IoT bullshit capitalists
all IoT shit is based on Linux -- this is a monoculture which is harmful, considering how expensive these bullshit appliances are, and how most of them will never get security fixes, so they'll continue to be used (ad hacked) for years to come
stallman was right but nobody listened because he's got a huge beer belly and doesn't shave or get haircuts as often as he should -- appearance determines whether or not people will listen to you
webcam malware that is clever enough to not enable the light when it's recording
can you verify that software updates are authentic and not tampered with? see: flame, duqu
so much shit in the cloud is stored in an insecure manner
diversity hires in charge of securing production data
reverse shells and logic bombs, shit waiting dormant until a certain time, at which point it does something like exfiltrate all your important shit
do you know all of the packets that have gone out of your network? maybe all your files are already in china
part of a botnet, or maybe multiple botnets
VPNs and tor might be compromised
disgruntled employee fucking up your shit in a data center
when you use an open source tool and look at the source code and can't figure out what a subroutine does, you wonder if it's some sort of tricky backdoor shit that's really subtle, like the
goto fail; shit maybe you can't trust certificate authorities
maybe the encryption algorithms we use are already broken
what are the worst cases of hacking that just haven't been discovered yet?
running wireshark and coming across traffic you don't understand, so you wonder if it's some sort of data exfiltration, or maybe just something legitimate that you don't know about
looking at all the processes in htop and wondering if they're malware in disguise
wondering if your checksum tool is backdoored to give incorrect checksum verifications to make you think things are unmodified when they actually are
people like developers or torrent uploaders building up trust for years before doing something sinister, like putting hidden spyware in the shit you download from them
minix runs inside your intel processor, but can you trust it?
driverless cars are cars controlled by hackable computers on the internet and that's terrifying
thinking dmesg and /var/log will save you, but have you checked their integrity?
what if your SIEM and IDS/IPS get owned too?
there's so much code in everything we use that nobody audits and everyone assumes that someone else does it
there are privilege levels even beyond ring 0
your phone might have an app that's listening to what you're doing
BIOS rooktits
maybe when you ask if something is malicious on a forum, the botnet owner replies with their sockpuppet accounts to tell you not to worry about it
keyloggers
RATs
0-day exploits
setoolkit
elections being rigged, politicians being blackmailed because of shit they did on a hacked computer -- hackers will rule the world
errything is hackable
everything has been hacked? maybe
the worst cases of hacking are the ones you'll never hear about because they're good at avoiding detection
computer science academia teaches useless shit like how to reimplement a binary tree or linked list or some bullshit that's been done a million times already but they treat security as if it's not that important
who fucking gives a shit about your lisp macros, we need to concentrate on security
everything's getting fucking hacked and nobody cares