The knockee PoC should also be straightforward, can use socat + udp-listen + fork with a script that checks that input matches `sha1sum(secret||num)||num` and `num>previously_seen_num`, and if so, adds an iptables rule.…
Don't have to do anything too complicated. Here's the knocker code in a short Bash script, produced by GPT4: ~ % gpt4 'write a very short bash script that takes the number stored in ~/.ssh/knock_seq, increments it by 1…
> At the point an attacker has remote code execution The attacker doesn't have remote code execution in the xz case unless they can speak to your port 22. Port knocking prevents them from doing so, provided they don't…
You're right, I guess it depends on what you choose A and B to be. For: A = OP supports Mozilla making money from address bar ads B = Mozilla is honest about making money from address bar ads "B -> A" (OP supports…
Except it's not used correctly here. "A iff B" means "A implies B and B implies A". "I'd be willing to entertain, or even support, this way of them making money iff they spelled out honestly what they're doing and why"…
> I don't even know how people can say this stuff with a straight face. It's not too difficult to do so, when there are examples of courts banning satirical poems of a foreign leader from being uttered:…
I thought I did? The condescending attitude is unnecessary. Happy to clarify my point if my initial comment was confusing: Websites such as http://panopticlick.eff.org/ showcase how fingerprinting works. They tell you…
Could you point what you believe to be the issues in the thread?
If nothing else, it significantly reduces the entropy of your IP when websites are fingerprinting you, especially if your ISP assigns you a static IP. Even if you don't have a static IP, I suspect the entropy of your…
There are plenty of homeless people in London.
Honestly, your comments are pretty much an r/wowthanksimcured meme.
> (Hint: go ahead and start interviewing and have semi-serious job leads before this talk) I think this bit of advice is at odds with OP's statement: "I don’t think I’d come across very well (or as sharp as I usually)…
Makes me think of the gradual increase of identity politics in mainstream media, politics and liberal circles, to the point it's driving me insane. Most people around me seem undisturbed by it though.
Not thinkpad x1 carbon
I committed the grave mistake of purchasing a laptop with only 8GB ram and I constantly run out of memory as a result. When it happens, I just repeatedly mash alt+sysrq+f until it kills off some chromium tabs and…
https://www.telegraph.co.uk/news/2016/04/07/german-comedian-...
The server would not be able to verify a changing hash without knowing the password
It's unclear to me how your random salt would work. From my understanding, you're suggesting smth like: register: send (username, user_salt, HMAC(user_salt, pwd)) login: send (username). retrieve user_salt. retrieve a…
But the password is only known to the client?
> meaning old hashes wouldn't be accepted and reducing hash "replay" possibilities How would the server even verify the hash, then?
I think one of the things I'd really miss is Google Maps. The directions are really good, and the web app is unusably slow
The last two employees would eat eachother's lunch. The issue is that the last employee has to have the moral integrity to fire himself.
So then all he needed to do is write his name in addition to his IP address in the comment?
It's happened before, with Microsoft, too. They've transitioned from an OS where you pay with cash (win7), to a spyware OS where you pay with cash and your data (win10).
> People living in the EU absolutely want control of the gathering of their PII. I know everyone here wishes this to be true, but what data are you basing this claim on?
The knockee PoC should also be straightforward, can use socat + udp-listen + fork with a script that checks that input matches `sha1sum(secret||num)||num` and `num>previously_seen_num`, and if so, adds an iptables rule.…
Don't have to do anything too complicated. Here's the knocker code in a short Bash script, produced by GPT4: ~ % gpt4 'write a very short bash script that takes the number stored in ~/.ssh/knock_seq, increments it by 1…
> At the point an attacker has remote code execution The attacker doesn't have remote code execution in the xz case unless they can speak to your port 22. Port knocking prevents them from doing so, provided they don't…
You're right, I guess it depends on what you choose A and B to be. For: A = OP supports Mozilla making money from address bar ads B = Mozilla is honest about making money from address bar ads "B -> A" (OP supports…
Except it's not used correctly here. "A iff B" means "A implies B and B implies A". "I'd be willing to entertain, or even support, this way of them making money iff they spelled out honestly what they're doing and why"…
> I don't even know how people can say this stuff with a straight face. It's not too difficult to do so, when there are examples of courts banning satirical poems of a foreign leader from being uttered:…
I thought I did? The condescending attitude is unnecessary. Happy to clarify my point if my initial comment was confusing: Websites such as http://panopticlick.eff.org/ showcase how fingerprinting works. They tell you…
Could you point what you believe to be the issues in the thread?
If nothing else, it significantly reduces the entropy of your IP when websites are fingerprinting you, especially if your ISP assigns you a static IP. Even if you don't have a static IP, I suspect the entropy of your…
There are plenty of homeless people in London.
Honestly, your comments are pretty much an r/wowthanksimcured meme.
> (Hint: go ahead and start interviewing and have semi-serious job leads before this talk) I think this bit of advice is at odds with OP's statement: "I don’t think I’d come across very well (or as sharp as I usually)…
Makes me think of the gradual increase of identity politics in mainstream media, politics and liberal circles, to the point it's driving me insane. Most people around me seem undisturbed by it though.
Not thinkpad x1 carbon
I committed the grave mistake of purchasing a laptop with only 8GB ram and I constantly run out of memory as a result. When it happens, I just repeatedly mash alt+sysrq+f until it kills off some chromium tabs and…
https://www.telegraph.co.uk/news/2016/04/07/german-comedian-...
The server would not be able to verify a changing hash without knowing the password
It's unclear to me how your random salt would work. From my understanding, you're suggesting smth like: register: send (username, user_salt, HMAC(user_salt, pwd)) login: send (username). retrieve user_salt. retrieve a…
But the password is only known to the client?
> meaning old hashes wouldn't be accepted and reducing hash "replay" possibilities How would the server even verify the hash, then?
I think one of the things I'd really miss is Google Maps. The directions are really good, and the web app is unusably slow
The last two employees would eat eachother's lunch. The issue is that the last employee has to have the moral integrity to fire himself.
So then all he needed to do is write his name in addition to his IP address in the comment?
It's happened before, with Microsoft, too. They've transitioned from an OS where you pay with cash (win7), to a spyware OS where you pay with cash and your data (win10).
> People living in the EU absolutely want control of the gathering of their PII. I know everyone here wishes this to be true, but what data are you basing this claim on?