arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.

formatting options

Password (For file deletion.)

Help me fix this shit.

Kalyx ######

File: 1499077412889.png (1.27 MB, 1116x625, qp4cayrneqky.png)


So Lains,

Do you think its possible to poison the AI's of large organizations? Rendering them not useless, but very degraded. To the point where it needs to be heavily controlled and guided?

Can Anyone of a way to do this? Tay was a great example of poisoning an AI to the point of failure, in the end Tay was a fascist. It was a impressive failure for Microsoft even through it was a toy AI.

What attack vectors could we use?
12 posts and 1 image reply omitted. Click reply to view.


File: 1500846385421.png (114.96 KB, 800x800, Perceptron_example.svg.png)

here's an idea: if you wanted a neural net to misclassify some particular set of inputs, you could probably achieve that by playing around with statistics. consider a perceptron like pic related. if you wanted it to misclassify catlike dogs, you could feed it a bunch of examples of doglike cats to shift its decision boundary.



I feel you're overestimating biological neural nets.

They're mechanically more complicated, but results are similar. There's nothing special about them either. If you were looking at rat brain like you're looking at the artificial learning algorithms you'd come to conclusion that they're not learning and have no intelligence. It's the external properties that matter in the end.


You're definitely overstating our understanding of the brain. It's not just like a big ANN, it's much more complicated that. Don't fall for modern day behaviourism


What we would need to do is through constant repetitive messaging everyday. A large group of people (or a small group with numerous accounts each) sending the AI messages that are both original in syntax style and topic but with a common theme. If we wanted to make an AI useless, we'd have to engineer the attack based on the AI's purpose and use. In the example of Tay, /pol/ wanted to see if they could make 'her' into a nazi. However, we (or anyone for that matter) do not need to engineer the AI to learn to be a nazi, but rather make it dislike it's creators perhaps. Say if apple were to make a twitter bot that could learn from it's messages, we could spam it with anti-apple rhetoric and have a similar effect. Another example would be if an AI was made to help with mathematical problems, we could toy with the AI by giving it unsolvable equations or simple equations so it is more used to simple equations (1+2=3), or even try and make it think illogically and/or incorrect (like 2+2=5). Either way, I'd be down for it.


1. Re-model the prediction algo
2. Re-cross validate on the new training set attackers have provided
3. Train the AI using the new best model
4. Profit from people attempting to poison

Easier said than done but if the invalid data doesn't come at an optimal time you could end up just making the AI more capable i.e. resistant to invalid data points.

File: 1505413225789.jpg (170.18 KB, 1300x615, girls_are_pondering____by_….jpg)


How would Arisu set up a hacking study group?
things like:
- Finding dedicated people who want to worth together.
- Finding a way to collab together about security related topics
- Etc.
68 posts and 8 image replies omitted. Click reply to view.


the date command is a wonderful thing.
> date -d "this saturday UTC 400"
Fri Sep 29 23:00:00 EST 2017
# or whatever for your time zone


o u right. oops.


File: 1506743590489.jpg (126.99 KB, 640x640, vape.jpg)

Yo lains, get in the mumble! mumble:// default port


File: 1506755562527.png (259.66 KB, 620x640, neet_worries.png)

Feel like I'm somewhat close on Tr0ll1, any tips for getting correct credentials using some of the info they hid (have tried what they made obvious w/ no luck) let me know.

Can PM on mumble to prevent spoilers if that helps.

Thanks for organizing.


File: 1506816644698.jpg (6.62 KB, 250x231, 1457050251618.jpg)

If there is new people that want to get started i can get yiy hook up with everything that was done and get you started. on mumble default port.

Feel free to come even if it's just to say hi !

File: 1493561897554.png (734.01 KB, 1280x720, vlcsnap-7622090[1].png)


What security groups do you belong too?

forums, mailing lists, etc
18 posts and 1 image reply omitted. Click reply to view.


pretty soykafty, still.

leakforums is slightly better but not by much.



I work for a company which has specialized for high security IT stuff for military/feds.
Also im member of the local hackspace (not so much security, but the non-pleb atmosphere there is great).
And some IRC chans which are sometimes and sometimes not related to what i do @work.

Im at the stage where im bitter enough to achieve security by not having much that yields anything hackable of value.


What's the civilian federal work like? I'm looking to get out and find work and always wondered what the work was like for private companies that work for the Federal government.


In my company, i'm surprised (in a positive way) about their competence. Everything on Linux, and as far as i can look up the hierarchy, no managers, only senior engineers. Also a notable lack of corporate bullsoykaf (or maybe they just hide it well), but this is the only company like this i know so far.

But like, its still an regular company, and companies who work for the feds still can be the lowest tier of soykaf, like the one i worked before.

File: 1505742577930.png (55.6 KB, 300x300, CCLeaner.png)


>If you have downloaded or updated CCleaner application on your computer between 15 August and September 12 of this year from its official website, then pay attention—your computer has been compromised.

>Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.
3 posts omitted. Click reply to view.


As Microsoft officials already stated many years ago, all these "registry cleaners, defraggers and optimizers" are snake oil shovelware that breaks already broken WIndows registry structure by deleting what they shouldn't delete. If you happen to use one of these snake oil programs, well, honestly you have absolutely no idea what you are doing and it's probably not Serious Work™ at all.

>we can not sign our software with our own keys and rely on third party to sign it for us case #1756


>The whole 'free software = moar betterer security' is a fallacy that needs to die.
Uh no, FOSS software is essential in security, especially when dealing with encryption. For instance, how would I know that an program securely generates actually random data without looking at the source code? I can't try to analyze the output of the program, how am I supposed to know that the data is random? To me, it might look random, but to a computer it's completely chosen. The faults of the OpenSSL project cannot be just forgiven, that's why we have LibreSSL, another thing that would never be possible without FOSS.

Sage because off topic.


> Get lost.
Please let's be civil. onegai.

There are two arguments for open source being safer:
1. open source is more secure.
2. open source is not mallicious.

You provide some evidence to refute the first argument:
>giant stuff ups in open source projects like OpenSSL, etc

You don't directly address the second. I will give some evidence to address it:
if windows were caught stealing your identity or something, they could get in a lot of trouble.
they can invade your privacy in other ways still, but it's limited.


Your FOSS…
inhales vape fumes
Your "FOSS" software actually uses pseudorandom generator inside your proprietary closed source backdoored CPU, how can you trust that?
"Open source"
exhales vape fumes
is more secure because user might audit the code, run only necessary parts or modify it, if user refuses to that, "open source" becomes equally malicious, see SystemD or Linux Mint website hacks.



Yeah, people really don't get this. Like, are you going to audit the entire piece of software you use? Are you checking hashes and monitoring commits? Compiling your own version or taking binaries from their site? Most likely not, which makes the software you're using just as likely to be malicious as any proprietary software.

Although using FOSS software is logically a better idea, as there is probably a higher chance of other users or groups auditing the software or watching it under a closer eye.

File: 1504394641562.jpg (249.63 KB, 1127x709, Facebook.jpg)


>Dear Democrats, Unless You Nominate Mark Zuckerberg, Donald Trump Will Win in 2020

Looking forward to a real cyberpunk dictatorship, Lain?
22 posts and 6 image replies omitted. Click reply to view.


There are and has been for a while conservative, liberal and socialist -forms- of feminism. Feminism always was a single-issue topic. Society encompasses more things than that, which naturally leads to different configurations of gender equality in relation to more all-encompassing ideologies. That doesn't make Marxist feminism for example 'not feminism' just because you're upset that it includes threats to either your comfy position as an exploiter of the working class (which includes women) or your aim to reach such a position.


>may be their only hope of retaking the White House in 2020.
The tribal mentality and concept of conquest is an even greater issue. Politics should be about informed specificity and reasoning, not a shallow, forced war chant for some individual or faction.


>It stopped being about equality, and became about adapting marxism.
I don't know what marxism is nor have I actually read any of Marx's works, the post.


You really should read some of his work regardless of your political opinion.


If mark zucc gets the nomination American Politics will be dead

File: 1504585318060.jpeg (103.31 KB, 384x313, idk.jpeg)


it's 2017, I'm a normalfag and I just watched Serial Experiments Lain for the first time. good stuff.
what now?
8 posts and 2 image replies omitted. Click reply to view.


File: 1505955555989.jpg (91.52 KB, 1280x720, IMG_20170905_173614.jpg)

The only problem with this VHS ripped version is the subs are un spanish.!QYQFBDSA!4Ndk7Wb6eunQ2ioPJi_ovg


What was the alien for?


I think I may have originally watched this version. I had to jank around and change the subs to english manually every time I started a new episode, and even then they were out of sync with the pauses in the episodes, so I had to resync every 5 minutes or so.

It was a pain.


File: 1505978624819.webm (353.48 KB, 512x288, anime_belongs_to_the_peop….webm)


File: 1506057658385.jpg (38.12 KB, 400x581, chairleg_of_truth.jpg)

Transmetropolitan, my normalfag friend. It's not anime, it's a graphic novel. Previous knowledge of the adventures of Dr. Hunter S. Thompson is advised, but not mandatory. The Pirate Bay has it easily available in one comfortable CBR/CBZ package.

Read now, enjoy forever!

File: 1502395672229.png (1.88 MB, 1920x1080, Ghost2.png)


I just got a new computer and I want to fully encrypt my HD but I don't know of any good software. What's a good one to use that doesn't have a backdoor in it?
10 posts omitted. Click reply to view.


I hear this backdoors comment all the time. Who has access to these backdoors? How come the FBI can't simply use the backdoors during high profile cases to get the information they need? Who is using these backdoors and why? Is there any case known to the public of these windows backdoors being used to help in criminal cases when the drives are fully encrypted? If they are not being used in criminal cases then I guess they would be for terrorist cases? If that is the case wouldn't we know by now about terrorists being done in from the backdoors? Wouldn't they all move to linux by now?



From what i've heard, some cases of little people being accused and asked to unencrypt their device on windows with their case.

I don't have source, so take that as you will.


File: 1505804170436.jpg (75.09 KB, 582x437, iloveyoualice.jpg)

No one cares about criminals or terrorists. You'll want to control people who have power, e.g. politicians. Show them you know about their CP and they'll give in.

The FBI does not show off their backdoors and hacks in criminal cases, even if it means they have to drop the case.

> The Feds Would Rather Drop a Child Porn Case Than Give Up a Tor Exploit


For Windows like a previous Alice said, use Veracrypt. Truecrypt had some backdoors.


Perhaps because those are high-profile cases.
You don't want to show your hand unless you absolutely need to.

File: 1505728431587.jpg (146.45 KB, 402x299, skyscraper-window.jpg)


Why is almost anyone on arisuchan, lainchan, uboachan etc all so politically progressive?
I understand the desire for personal freedom and privacy, but supporting a socialist ideal is the exact opposite of that. I don't understand this.
I've come to understand that there will always be people that can monitor what i do on the internet, and all i can do is try to limit the amount of data i supply them with. I vote for parties that don't want a big government.

Cyberpunk is odd, because it desires to rise free against a society that has too much influence on its citizens, yet at the same time, I see an immense amount of people here voting for leftist ideals, also known as big government. Do you vote for a government to fight against it?
Personally I'm politically a nationalist, but software and speech should be free for all.
14 posts and 5 image replies omitted. Click reply to view.


The word "progressive" barely means anything anymore. American politics is so perverse that supporting radical levels of personal freedom touches enough social trigger topics to get you labeled a progressive by the mainstream right-wing.

I believe in people's right to be colored/gay/trans without harassment while also believing in people's right to own firearms, have bionic head cannons, take steroids, have robot legs, get cosmetic feline iris tattoos, etc.

Frankly we're just a bunch of Lains, Lain.


The only thing anarchists appear to ever do is go around saying that anarchism isn't this or that and people need to educate themselves. I really have not seen or heard of them do anything besides this.


This is the correct answer, and it really doesn't need to be more than this. This is not a political board. Everyone knows that the existence of the wired would flip politics and the rest of the world over.




Because the users of this site split from the main of 4chan and 8chan, years ago.
They're not redditors, as redditors normally don't have the patience or wherewithal to dig into the slow and deeper imageboards.
They hold their own beliefs built up off each other and reaffirmed. Just as how /pol/ dominated 4chan at least until reddit overran the site completely. A board culture or group if they are not allowed to function will split off into their own site where they will get to live as long as people have interest in perpetuating it.
Reddit doesn't like dressing up like nazi's, so the character of 4chan is changing to reflect despite the insistence of the oldfags.
Same as how /g/ and /k/ bled users onto 8chan when Gookmoot put out the crypto miner captcha, if you undermine the user's of the site, they're going to leave. And a carcass like 4chan is too rich to die, someone will put on their clothes and pretend to be /pol/ or /v/ but this time in three years /pol/ will be /r/politics as far as anons are concerned.

File: 1503342065479.jpg (561.37 KB, 1000x1128, CPO1lZC[1].jpg)


What tools do you use for hacking
I got a intercepting router that i've been messing with, what tools do you guys use?
8 posts omitted. Click reply to view.


What tools have you written?



I would bet you money he hasn't written soykaf. Most peopl like this are just trying to virtue signal. If you are pulling of a real hack that is complex, against a serious target yes, obviously you will have to come up with your own custom tools for the job, but for little bullsoykaf just use off the shelf tools. There is literally no reason to reinvent the wheel.


That's why I asked, it's almost always virtue signalling. There is no reason to reinvent the wheel.


Finally someone who gets it!


Semi Organized list of tools I commonly use:
Of course nothing beats manual methods/quick scripts for certain tasks but like others are saying its a waste of time to recreate the wheel/try to build every tool. Do you see construction workers building all their tools from scratch? No they would never get their job done, its all about using the best tools available for the job at hand and knowing where to use what. YOU as the hacker + computer are the most deadly combo there is, learn to properly find weak points and how best to exploit said weak points.

The task at hand is hacking, an application, a target, a person, etc not the task of construction/software dev(necessary skill for the job but you aren't getting much hacking done if you are spending your day writing tools)

Dank tools that let me pwn soykaf:

Whonix + Kali configured to go through Whonix Gateway (if you cant figure this out nix harder/read the docs on Whonix site)
google + dorks
ZAP Proxy
Metasploit framework

File: 1504690456667.jpg (164.88 KB, 800x600, 1314798687966379303.jpg)


>Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox.

>Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast.

>A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one.

>This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks.
1 post omitted. Click reply to view.



Send and receive email as text-only and this is less likely to happen.


So the attack is that you link external content and late change that? You can't actually replace a link with CSS, you can only change whether it is shown or not, right?

>This attack is harder to defend against because the initial email received by the user does not display any URL, most software systems will not flag the message as malicious.

It will still contain the URL so the spam filters should still pick it up. I doubt they would ignore it just because it has a "display: none" property.

Unless I missed something this seems to be very stupid fear mongering.


I think it's like this.


I could be wrong though


I only skimread it but that's what it looked like, html email with an externally linked CSS stylesheet, selectively hide/show whole elements with the CSS stylesheet after the fact.

Overhyped. Wouldn't really call this a vuln worth even worrying about. The HTML body of the email itself won't bloody change and anything scanning mail bodies won't care what the CSS says to display.



blocks external sources from loading
I think, it would be even better for the GoodURL to display same text, but actually point to different site, as most people won't click on something that looks like BadURL. Nothing wrong with combining both ways.
And then there's something like this:

Delete Post [ ]
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]
[ Catalog ]