(ℹ) Join us now at the IRC channel | ䷉ Find the plain text version at this address.
| *Techrights-sec has quit (Ping timeout: 2m30s) | Jul 04 00:00 | |
| *libertybox has quit (Ping timeout: 2m30s) | Jul 04 00:00 | |
| *Techrights-sec2 has quit (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.) | Jul 04 00:04 | |
| *Techrights-sec (~quassel@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 00:05 | |
| *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes | Jul 04 00:58 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 01:15 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 01:15 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 01:16 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 01:16 | |
| *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes | Jul 04 01:27 | |
| *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes | Jul 04 01:54 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 02:30 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 02:30 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 02:33 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 02:34 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 03:58 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 03:58 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 04:06 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 04:08 | |
| *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes | Jul 04 04:12 | |
| *DaemonFC has quit (Quit: Leaving) | Jul 04 07:20 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 08:24 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 08:25 | |
| schestowitz | x https://www.bleepingcomputer.com/forums/t/754269/hacked-via-linux/ | Jul 04 09:19 |
|---|---|---|
| -TechBytesBot/#techbytes-www.bleepingcomputer.com | Hacked via linux - Virus, Trojan, Spyware, and Malware Removal Help | Jul 04 09:19 | |
| schestowitz | # M$ site | Jul 04 09:19 |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 09:50 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 09:50 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 10:27 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 10:28 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 10:40 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 10:41 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 10:42 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 10:43 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 11:07 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 11:07 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 11:08 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 11:08 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 11:31 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 11:32 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 11:45 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 11:45 | |
| *psydroid_ (~psydroid@cqggrmwgu7gji.irc) has joined #techbytes | Jul 04 11:56 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 13:18 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 13:18 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 13:30 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 13:30 | |
| schestowitz | https://twitter.com/LeDave32/status/1411645735364399105 | Jul 04 13:48 |
| -TechBytesBot/#techbytes-@LeDave32: @schestowitz It is like suggesting MSIE7 as alternate browser 😂🤣😂🤣 | Jul 04 13:48 | |
| schestowitz | https://twitter.com/crystalshen6/status/1411470278073499652 | Jul 04 13:49 |
| -TechBytesBot/#techbytes-@crystalshen6: "As the first load of prisoners arrived at the new military prison camp at Guantanamo, Cuba, on January 11, 2002, h… https://t.co/2NnHArk7v4 | Jul 04 13:49 | |
| -TechBytesBot/#techbytes-@crystalshen6: "As the first load of prisoners arrived at the new military prison camp at Guantanamo, Cuba, on January 11, 2002, h… https://t.co/2NnHArk7v4 | Jul 04 13:49 | |
| schestowitz | ""As the first load of prisoners arrived at the new military prison camp at Guantanamo, Cuba, on January 11, 2002, he declared them “unlawful combatants” who “do not have any rights under the Geneva Convention.”" | Jul 04 13:49 |
| schestowitz | https://twitter.com/jrbrtson/status/1411457673011269634 | Jul 04 13:49 |
| -TechBytesBot/#techbytes-@jrbrtson: @schestowitz Who replaces Microsoft Windows? Microsoft has a strong cult following of tinkerers who don't touch the command line. | Jul 04 13:49 | |
| schestowitz | https://twitter.com/csolisr/status/1411379761658707969 | Jul 04 13:49 |
| -TechBytesBot/#techbytes-@csolisr: @schestowitz As somebody who programmed his phone to automatically upload all pictures to his NextCloud home server… https://t.co/uzzJUnO7Wk | Jul 04 13:49 | |
| -TechBytesBot/#techbytes-@csolisr: @schestowitz As somebody who programmed his phone to automatically upload all pictures to his NextCloud home server… https://t.co/uzzJUnO7Wk | Jul 04 13:49 | |
| schestowitz | "As somebody who programmed his phone to automatically upload all pictures to his NextCloud home server, it's a very viable alternative" | Jul 04 13:49 |
| schestowitz | https://twitter.com/Rex_Aletheia/status/1411353712656781319 | Jul 04 13:49 |
| -TechBytesBot/#techbytes-@Rex_Aletheia: @schestowitz fear campaign doesn't work. Unvaccinated people know what's up and stop listening to the hype. The mor… https://t.co/7jKRRdYF8Y | Jul 04 13:49 | |
| -TechBytesBot/#techbytes-@Rex_Aletheia: @schestowitz fear campaign doesn't work. Unvaccinated people know what's up and stop listening to the hype. The mor… https://t.co/7jKRRdYF8Y | Jul 04 13:49 | |
| schestowitz | "fear campaign doesn't work. Unvaccinated people know what's up and stop listening to the hype. The more variants we have the more we know its bullshit." | Jul 04 13:49 |
| schestowitz | https://twitter.com/glynmoody/status/1411330192644218885 | Jul 04 13:50 |
| -TechBytesBot/#techbytes-@glynmoody: what a callous, evil person he is https://t.co/SQkp1EzS2i | Jul 04 13:50 | |
| -TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #TruthOut ☞ #McConnell Wields a Cruelly Narrow Definition of Infrastructure Like a Bludgeon https://t.co/8GtGHxmElV | Jul 04 13:50 | |
| schestowitz | https://twitter.com/jvantill/status/1411324040581681152 | Jul 04 13:50 |
| -TechBytesBot/#techbytes-@jvantill: @schestowitz Just like in NL ! | Jul 04 13:50 | |
| schestowitz | https://twitter.com/ianrobo1/status/1411298110832365568 | Jul 04 13:50 |
| -TechBytesBot/#techbytes-@ianrobo1: How can this be right other than allows certain companies (yes you Apple) to seek rip off service contracts https://t.co/aY4yPdQXvP | Jul 04 13:50 | |
| -TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #9to5Mac #Hardware ☞ British right to repair law comes into force today, but excludes smartphones and comp… https://t.co/qL8asnF6h6 | Jul 04 13:50 | |
| schestowitz | "How can this be right other than allows certain companies (yes you Apple) to seek rip off service contracts" | Jul 04 13:50 |
| schestowitz | https://twitter.com/xolve/status/1411266292124815361 | Jul 04 13:52 |
| -TechBytesBot/#techbytes-@xolve: Should be all governement software all around the world. https://t.co/EjMmJJpVUk | Jul 04 13:52 | |
| -TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #Joinup #Licensing ☞ New Estonian law requires administration to make state-owned software publicly availa… https://t.co/PTDfTcfEFo | Jul 04 13:52 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 14:28 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 14:28 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 14:30 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 14:32 | |
| schestowitz | http://ipkitten.blogspot.com/2021/07/when-movie-is-derived-from-literary.html?showComment=1625235399706#c2244879325842589574 | Jul 04 14:54 |
| -TechBytesBot/#techbytes-ipkitten.blogspot.com | When the movie is derived from a literary classic—are you an “All-In”, or a “Well, Maybe”, viewer? - The IPKat | Jul 04 14:54 | |
| schestowitz | "As a member of the All-In" class, it was not my cup of "Emma tea". But as a form of movie take-off, I thought it was quite clever." | Jul 04 14:54 |
| schestowitz | http://ipkitten.blogspot.com/2021/07/when-movie-is-derived-from-literary.html?showComment=1625233449857#c976518856166256952 | Jul 04 14:54 |
| -TechBytesBot/#techbytes-ipkitten.blogspot.com | When the movie is derived from a literary classic—are you an “All-In”, or a “Well, Maybe”, viewer? - The IPKat | Jul 04 14:54 | |
| schestowitz | "Where do Mr. & Mrs. Kat stand on the 1995 film "Clueless", which some pundits have argued is the best Emma adaptation of them all?" | Jul 04 14:54 |
| schestowitz | http://ipkitten.blogspot.com/2021/07/russia-adopts-law-that-shakes-cognac.html?showComment=1625387429079#c1125721314044172895 | Jul 04 14:57 |
| -TechBytesBot/#techbytes-ipkitten.blogspot.com | Russia adopts law that shakes Cognac and Champagne importers - The IPKat | Jul 04 14:57 | |
| schestowitz | " | Jul 04 14:57 |
| schestowitz | if the West was not so dependent on Russia for its energy, it would certainly be easier to boycott Russian products. | Jul 04 14:57 |
| schestowitz | It might be difficult to export those Russian beverages in countries accepting DOP. | Jul 04 14:57 |
| schestowitz | " | Jul 04 14:57 |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 15:26 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 15:26 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 15:27 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 15:27 | |
| *rianne_ has quit (Ping timeout: 2m30s) | Jul 04 16:35 | |
| *liberty_box has quit (Ping timeout: 2m30s) | Jul 04 16:35 | |
| *rianne_ (~rianne@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 16:40 | |
| *liberty_box (~liberty@22e8m8t4gqjin.irc) has joined #techbytes | Jul 04 16:41 | |
| *DaemonFC (~daemonfc@c3u36vcnrkska.irc) has joined #techbytes | Jul 04 19:33 | |
| schestowitz | > Hi Roy, | Jul 04 23:06 |
| schestowitz | > | Jul 04 23:06 |
| schestowitz | > I know it's been quite a while since you published the piece on the | Jul 04 23:06 |
| schestowitz | > vulnerability I disclosed in 2019 | Jul 04 23:06 |
| schestowitz | > (http://techrights.org/2019/12/07/fake-linux-news-and-clickbait/), I | Jul 04 23:06 |
| -TechBytesBot/#techbytes-techrights.org | From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899) | Techrights | Jul 04 23:06 | |
| schestowitz | > just wanted to follow up with you since I enjoy the site and our | Jul 04 23:06 |
| schestowitz | > development has continued since then. | Jul 04 23:06 |
| schestowitz | > | Jul 04 23:06 |
| schestowitz | > I appreciate that you acknowledged our disclosure was "calm and | Jul 04 23:06 |
| schestowitz | > rational" - many other bloggers and podcasters called us "alarmists" and | Jul 04 23:06 |
| schestowitz | > "so-called researchers" (Steve Gibson), likely because they reported on | Jul 04 23:06 |
| schestowitz | > the reporting of our disclosure and didn't bother to read it. The | Jul 04 23:06 |
| schestowitz | > discovery of the vulnerability was in no way an attack on Linux and | Jul 04 23:06 |
| schestowitz | > Unix, quite the opposite. The reasons we didn't examine was 1. because | Jul 04 23:06 |
| schestowitz | > we didn't care about Windows enough to bother with it at the time, and | Jul 04 23:06 |
| schestowitz | > 2. it isn't open source. Nevertheless, it seems that our report was used | Jul 04 23:06 |
| schestowitz | > as ammunition against Linux by a great number of tech boomers on the | Jul 04 23:06 |
| schestowitz | > internet. | Jul 04 23:06 |
| schestowitz | > | Jul 04 23:06 |
| schestowitz | > Since our disclosure, we have created a way to exploit the vulnerability | Jul 04 23:06 |
| schestowitz | > server-side, i.e. from any router in-path between the user and the VPN | Jul 04 23:06 |
| schestowitz | > server. This attack, we can confirm, does affect Windows, as well as | Jul 04 23:06 |
| schestowitz | > Android, Apple, and every Linux and BSD we tested. | Jul 04 23:06 |
| schestowitz | > | Jul 04 23:06 |
| schestowitz | > We produced a paper on this vulnerability, which will appear in Usenix | Jul 04 23:07 |
| schestowitz | > '21, and included an artifact with demos, PCAPs, and a virtual | Jul 04 23:07 |
| schestowitz | > environment to test the attack, if you are interested: | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > https://breakpointingbad.com/papers/Blind-in-path-attacks-VPN-USENIX21.pdf | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > https://git.breakpointingbad.com/Breakpointing-Bad-Public/vpn-attacks | Jul 04 23:07 |
| -TechBytesBot/#techbytes-git.breakpointingbad.com | Breakpointing-Bad-Public/vpn-attacks - vpn-attacks - Gitea: Git with a cup of tea | Jul 04 23:07 | |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > I think in your initial analysis, you may have been too quick to shrug | Jul 04 23:07 |
| schestowitz | > this off as a small issue and hope that I can convince you otherwise. | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > The main point is that while this was an easy fix for Linux and BSD | Jul 04 23:07 |
| schestowitz | > users, this was not a fix that Android or Apple users could make to | Jul 04 23:07 |
| schestowitz | > their devices, leaving them to wait until a patch was released. This | Jul 04 23:07 |
| schestowitz | > took Apple until July 2020 to patch | Jul 04 23:07 |
| schestowitz | > (https://support.apple.com/en-us/HT211288), while it was reported in | Jul 04 23:07 |
| -TechBytesBot/#techbytes-support.apple.com | About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support | Jul 04 23:07 | |
| schestowitz | > November 2018. Android was reported on the same day, and issued a patch | Jul 04 23:07 |
| schestowitz | > earlier, yet after testing last night, it appears they haven't fixed it. | Jul 04 23:07 |
| schestowitz | > I haven't tested iOS again, but I'm not optimistic. | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > To the severity of the attack, there are a few things to consider. For | Jul 04 23:07 |
| schestowitz | > your average person in the West using a VPN to hide their torrenting and | Jul 04 23:07 |
| schestowitz | > pornography habits, the risks are minimal, but for the vulnerable | Jul 04 23:07 |
| schestowitz | > populations we are concerned about for our research and outreach | Jul 04 23:07 |
| schestowitz | > projects, it can be devastating. Testing to see if a user has an active | Jul 04 23:07 |
| schestowitz | > connection to an entire list of banned websites takes seconds and can be | Jul 04 23:07 |
| schestowitz | > performed in parellel, and in some nations with especially egregious | Jul 04 23:07 |
| schestowitz | > surveillance and censorship information controls, this alone is a crime. | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > The initial attack required the attack to control a malicious access | Jul 04 23:07 |
| schestowitz | > point, such as a coffee shop or perhaps an ISP with control of your | Jul 04 23:07 |
| schestowitz | > modem/router. The server-side attack attack covers any hop after this. | Jul 04 23:07 |
| schestowitz | > The key difference in the new attack is that the packets are | Jul 04 23:07 |
| schestowitz | > indistinguishable from legitimate traffic, so there is no apparent | Jul 04 23:07 |
| schestowitz | > mitigation. | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > Thanks again for acknowledging the FUD created by all those bullshit | Jul 04 23:07 |
| schestowitz | > websites. This was my first disclosure and really did not anticipate the | Jul 04 23:07 |
| schestowitz | > response we got to what people thought we said. What a mess. | Jul 04 23:07 |
| schestowitz | > | Jul 04 23:07 |
| schestowitz | > Take care, | Jul 04 23:08 |
| schestowitz | > | Jul 04 23:08 |
| schestowitz | > Wm. | Jul 04 23:08 |
| schestowitz | Thanks, I shall take a look. | Jul 04 23:08 |
| *psydroid_ has quit (connection closed) | Jul 04 23:35 | |
Generated by irclog2html.py 2.6 | ䷉ find the plain text version at this address.