fsebugoutzone.org:9999

       Post AcgK3RC7SlEWpTvpMu by bob_zim@infosec.exchange
 (DIR) More posts by bob_zim@infosec.exchange
 (DIR) Post #AcfwQdCKbQw7olYd04 by ktemkin@chaos.social
       2023-12-10T18:59:31Z
       
       17 likes, 17 repeats
       
       I swear, half the CVEs I hear about are “if your computer is connected to the internet and someone sends you a text message, they now have your power of attorney” and the other half is “if a trained thief were to sneak into your house and replace your hard drive with an identical copy, an attacker with an exact predictive model of that drive could interrogate the SSD wear leveling algorithm and reduce the search space for your bitlocker password by up to 12 bits _without you even noticing”
       
 (DIR) Post #AcgJspmXhtOdttucmu by timthelion@emacs.ch
       2023-12-10T19:44:58Z
       
       2 likes, 0 repeats
       
       @ktemkin You forgot the 30% of CVEs which are &#39;if you turn on these three flags that were deprecated in 2009 and point your program at a non trusred server the program would run slightly slower. LOOK ITS A DOS ATTACK CAN I PLEEZZ HAVE A CVE ON MY RESUME PLZZ!!!!&#39;
       
 (DIR) Post #AcgJwxW4tOKx2yB5fM by mcv@nerdica.net
       2023-12-10T22:27:11Z
       
       3 likes, 0 repeats
       
       I once had pen testers report that the data to our application could be compromised if hackers managed to get write access to the server it was on. I said if they had that access, compromised data was the least of our worries.
       
 (DIR) Post #AcgK3RC7SlEWpTvpMu by bob_zim@infosec.exchange
       2023-12-10T22:42:28Z
       
       1 likes, 0 repeats
       
       @mcv I had to fight that fight when Spectre/Meltdown were the shiny new flaws. “We need you to prove the firewalls and routers aren’t vulnerable to Spectre/Meltdown!”That whole class of flaw requires the ability to run code on the target system. If somebody who isn’t on my team can run *any* code on our firewalls and routers, we have much bigger problems.
       
 (DIR) Post #AcgK3S8xvyIxlzSp5k by dalias@hachyderm.io
       2023-12-10T23:19:06Z
       
       1 likes, 0 repeats
       
       @bob_zim @mcv Firewalls/routers also have no access to any data only minimal metadata, unless you&#39;re doing something horribly wrong. I would classify an attacker getting root on them as DoS or in the case of firewall, slightly more favorable ground to launch further attacks from, not critical.
       
 (DIR) Post #AcnaKf1AHPwnzulI0G by m0xEE@breloma.m0xee.net
       2023-12-14T11:30:23.344149Z
       
       0 likes, 0 repeats
       
       @ktemkin But they are exactly like that! :marseylaughwith: You can use unpatched Ubuntu 12.04 from a decade ago to host an Internet forum and now one would ever care to hack it, unless you are using the most standard dictionary passwords somewhere.At the same time, I think three letter agencies can get into your phone running up-to-date Graphene in a matter of minutes as there are low level vulnerabilities in Android all over the place.The only way to store your data securely is not to store it :marseyemojismilemouthcoldsweat: