| --- Log opened Thu Jul 27 00:00:39 2017 |
| 00:33 | | Jessikat [Jessica@Nightstar-bt5k4h.81.in-addr.arpa] has quit [Connection reset by peer] |
| 00:34 | | Jessikat [Jessikat@Nightstar-5ql8r6.dab.02.net] has joined #code |
| 00:52 | | celticminstrel [celticminst@Nightstar-4r2i8l.dsl.bell.ca] has joined #code |
| 00:52 | | mode/#code [+o celticminstrel] by ChanServ |
| 01:12 | | Degi [NSkiwiirc@Nightstar-fai.3fq.165.46.IP] has quit [[NS] Quit: http://www.kiwiirc.com/ - A hand crafted IRC client] |
| 01:14 | | Derakon[AFK] is now known as Derakon |
| 01:27 | | himi [sjjf@Nightstar-dm0.2ni.203.150.IP] has joined #code |
| 01:27 | | mode/#code [+o himi] by ChanServ |
| 01:34 | | NSGuest42850 [RchrdB@Nightstar-qe9.aug.187.81.IP] has quit [Operation timed out] |
| 01:55 | | VirusJTG [VirusJTG@Nightstar-6i5vf7.sta.comporium.net] has joined #code |
| 01:55 | | mode/#code [+ao VirusJTG VirusJTG] by ChanServ |
| 01:57 | | Degi_ [Degi@Nightstar-i23hsm.dyn.telefonica.de] has joined #code |
| 02:12 | | Degi_ [Degi@Nightstar-i23hsm.dyn.telefonica.de] has quit [Connection closed] |
| 02:14 | | Degi [Degi@Nightstar-i23hsm.dyn.telefonica.de] has joined #code |
| 02:50 | | Jessikat` [Jessikat@Nightstar-ebrld8.dab.02.net] has joined #code |
| 02:54 | | Jessikat [Jessikat@Nightstar-5ql8r6.dab.02.net] has quit [Ping timeout: 121 seconds] |
| 03:30 | | Degi [Degi@Nightstar-i23hsm.dyn.telefonica.de] has quit [[NS] Quit: Leaving] |
| 04:47 | | Jessikat` is now known as Jessikat |
| 05:05 | | Derakon is now known as Derakon[AFK] |
| 05:32 | | celticminstrel [celticminst@Nightstar-4r2i8l.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 07:16 | | Kindamoody[zZz] is now known as Kindamoody |
| 08:13 | | Kindamoody is now known as Kindamoody|afk |
| 08:28 | | himi [sjjf@Nightstar-dm0.2ni.203.150.IP] has quit [Ping timeout: 121 seconds] |
| 09:00 | | Kindamoody|afk [Kindamoody@Nightstar-5bqe3c.tbcn.telia.com] has quit [Connection reset by peer] |
| 09:00 | | Kindamoody|autojoin [Kindamoody@Nightstar-5bqe3c.tbcn.telia.com] has joined #code |
| 09:00 | | mode/#code [+o Kindamoody|autojoin] by ChanServ |
| 09:20 | | Jessikat` [Jessikat@Nightstar-9pq683.dab.02.net] has joined #code |
| 09:22 | | Jessikat [Jessikat@Nightstar-ebrld8.dab.02.net] has quit [Ping timeout: 121 seconds] |
| 10:40 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 10:43 | | You're now known as TheWatcher[d00m] |
| 12:02 | | himi [sjjf@Nightstar-v37cpe.internode.on.net] has joined #code |
| 12:02 | | mode/#code [+o himi] by ChanServ |
| 12:05 | | Degi [Degi@Nightstar-i23hsm.dyn.telefonica.de] has joined #code |
| 12:22 | | You're now known as TheWatcher |
| 13:07 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 13:27 | | celticminstrel [celticminst@Nightstar-4r2i8l.dsl.bell.ca] has joined #code |
| 13:27 | | mode/#code [+o celticminstrel] by ChanServ |
| 13:44 | < Jessikat`> | Oh hey, I found a wild and wonderful new way to get stack corruption in C++ |
| 13:44 | | Jessikat` is now known as Jessikat |
| 13:46 | <@TheWatcher> | Oho? |
| 13:49 | <&ToxicFrog> | Sweet. |
| 13:52 | < Jessikat> | It involves lambdas and decay semantics |
| 13:54 | <@celticminstrel> | I want to hear all about it, but don't have that much time... oh well. |
| 14:00 | < Jessikat> | I'll write a blog post |
| 14:01 | | celticminstrel [celticminst@Nightstar-4r2i8l.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 14:01 | < Jessikat> | Well, if I can replicate it with std::function anyway |
| 14:34 | | Degi [Degi@Nightstar-i23hsm.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 15:01 | <&ToxicFrog> | Well this is cool/scary: https://blog.exodusintel.com/2017/07/26/broadpwn/ |
| 15:03 | <&ToxicFrog> | tl;dr RCE with no user intervention by exploiting an overflow in the embedded!BCM43xx firmware; PoC uses this to implement a worm that spreads over wifi, runs entirely on the wifi processor, and redirects HTTP traffic, and more direct attacks against kernel memory are likely possible. |
| 15:03 | <@Tamber> | *wince* |
| 15:03 | <@Tamber> | Truly, we're living in that cyberpunk future that everyone daydreamed of. |
| 15:03 | <&ToxicFrog> | Released just in time for DEFCON too :D |
| 15:03 | <@Tamber> | But of course! |
| 15:05 | <&ToxicFrog> | Tamber: they note in that report that worms largely died out last decade due to DEP and ASLR making no-intervention remote exploits increasingly difficult, but with increasing attack surfaces on wifi and baseband chips, "those times may just be making a comeback!" |
| 15:05 | <@Tamber> | And, of course, the Internet of Things With No Security. |
| 15:06 | <&ToxicFrog> | Indeed, but that's a different sort of attack; compromising someone's lightbulbs gives you DDoS amplification but doesn't let you access their personal data. |
| 15:06 | <&ToxicFrog> | Or rather, it's the same sort on a technical level, but with different objectives and results. |
| 15:07 | <@Tamber> | But if you can use their wireless doorbell (for sake of argument) as your back door into their network... :p |
| 15:11 | < Jessikat> | Oh, sadness. My stack corruption was a bug in my std::function implementation |
| 15:12 | <&ToxicFrog> | Tamber: like, use this exploit to get code running on the doorbell's wifi processor, which associates with their home wifi network, and now you can send packets on that net without needing to be able to associate one of your devices with it? Hrm. |
| 15:12 | <&ToxicFrog> | Jessikat: aaw boo :( |
| 15:13 | < Jessikat> | And if anyone thinks I'm going to implement std::function they can get fucked |
| 15:13 | < Jessikat> | Ugh |
| 15:13 | < Jessikat> | std::decay |
| 15:13 | < Jessikat> | Dammit autocarrot |
| 15:14 | <@Tamber> | TF: See, that's the kind of pant-wettingly scary hypothetical* scenario that I like to hear~ |
| 15:14 | <&ToxicFrog> | Tamber: I mean, you still need RCE against other devices on that net to do anything with it |
| 15:15 | <@Tamber> | Well, yeah. |
| 15:15 | <@Tamber> | But who'd be looking for their freaking /doorbell/ to be attacking them~? |
| 15:16 | <@Tamber> | (And I'd suspect the kind of person who'd put a wireless doorbell onto their network, is probably either not the most technically savvy, or the most security minded.) |
| 15:17 | <@Tamber> | Relatedly: I am unsurprised, but a tiny bit saddened, to discover that WiFi doorbells are actually a thing. |
| 15:19 | | * Tamber wonders if they're just a one-button device; the doorbell is also the WPS button... |
| 15:24 | < Jessikat> | ._. |
| 15:24 | < Jessikat> | People are ridiculous |
| 15:24 | <@Tamber> | Personally, I think I'll stick to the old-school hard-wired electric bell. |
| 15:24 | < Jessikat> | Then again, the party mode lights that were up in our friends' house were quite neat |
| 15:24 | <@Tamber> | :) |
| 15:25 | <@Tamber> | That stuff /is/ neat, but I don't trust the manufacturers to do it right. |
| 15:25 | < Jessikat> | I don't trust them to do anything right |
| 15:26 | <@Tamber> | Indeed. |
| 15:26 | <@Tamber> | (I mean, the track record so far... ¬¬) |
| 15:30 | <&ToxicFrog> | Remember, the 'S' in 'IoT' stands for Security! |
| 15:31 | < Jessikat> | Tangential, but I like that KMFDM'greatest hits album is called Greatest Shit |
| 15:50 | | Jessikat` [Jessikat@Nightstar-1v4l39.dab.02.net] has joined #code |
| 15:52 | | Jessikat [Jessikat@Nightstar-9pq683.dab.02.net] has quit [Ping timeout: 121 seconds] |
| 16:29 | | Jessikat` is now known as Jessikat |
| 17:59 | | Jessikat` [Jessica@Nightstar-bt5k4h.81.in-addr.arpa] has joined #code |
| 18:23 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 18:23 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 20:27 | | Degi [Degi@Nightstar-i23hsm.dyn.telefonica.de] has joined #code |
| 20:47 | | NSGuest42850 [RchrdB@Nightstar-qe9.aug.187.81.IP] has joined #code |
| 20:56 | <@gnolam> | Huh. I had missed this bit of news from a month ago (since I know we've discussed Ethereum in here): http://www.cnbc.com/2017/06/22/ethereum-price-crash-10-cents-gdax-exchange-after -multimillion-dollar-trade.html |
| 20:58 | <@Tamber> | 's almost like this "economy" thing is hard~ |
| 21:36 | <&ToxicFrog> | There is a recent book about Etherium and Bitcoin called "Attack of the 50 Foot Blockchain" that I think I need to pick up. |
| 21:37 | | NSGuest42850 [RchrdB@Nightstar-qe9.aug.187.81.IP] has quit [Ping timeout: 121 seconds] |
| 21:39 | <&McMartin> | re: party mode lights: raspberry pi, wired ethernet terminal, GPIO. Disable the wireless on it, done |
| 21:47 | <&McMartin> | https://www.mcsweeneys.net/articles/welcome-to-our-startup-where-everyone-is-23- years-old-because-we-believe-old-people-are-visually-displeasing-and-out-of-idea s |
| 22:11 | <@gnolam> | The worst part is that you can't actually be sure it's satire from the title alone. >_> |
| 22:11 | <&McMartin> | Though you can from the URL~ |
| 22:12 | <@gnolam> | What, I thought that was just an ancient clan, like the Hong, Tang, Fang and Sung? |
| 22:12 | <&McMartin> | It is, but that ancient clan now runs a humor website in this day and age. |
| 22:20 | <~Vornicus> | fin fang foom? |
| 22:20 | | Jessikat`` [Jessikat@Nightstar-bum2kg.dab.02.net] has joined #code |
| 22:21 | <&McMartin> | It Is A Pratchett Reference |
| 22:23 | | Jessikat [Jessikat@Nightstar-1v4l39.dab.02.net] has quit [Ping timeout: 121 seconds] |
| 22:30 | <@gnolam> | "Interesting Times", which takes place in Discworld's !China. Which has five families vying for power: Hong, Tang, Fang, Sung and McSweeney ("very old established family"). |
| 22:39 | <~Vornicus> | https://www.youtube.com/watch?v=jQLoUGj2888 |
| 22:45 | | Kindamoody|autojoin is now known as Kindamoody |
| 23:20 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| --- Log closed Fri Jul 28 00:00:40 2017 |