arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options
File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######

File: 1556370791830.jpg (25.87 KB, 625x350, coaxcable.jpg)

 No.3908[Reply]

I have a problem going on for long now. Basically: my ISP is a bitch

my internet comes through a docsis 3.0 network through coaxial cable. (that isn't a problem)
the problem is: they gave a "connect box" that is basically an essential botnet manifested into phisical reality. It's a deep-chinese bullsoykaf modem+router+wifi-ap box, and it has zero options, no portforwarding, no configurable firewall, no nothing, the only setting is setting the wifi password. the "connect box" decides what ports and what packets are "safe" for me and closes other things, there's also no option to give fix IPs to my devices on LAN.

now this is soykaf in itself but: this device has been proved by several people to be very easy to exploit by anybody, but isp doesn't even need exploiting because it has several dedicated backdoors for them, and they even have a backdoor for "refreshing" and "modificating" (read as: injecting even more backdoors and malware and getting logs of everything, while eliminating more and more settings and options) the firmware, which they definitely do from time to time. i feel like i'm living in a gulag. also it's as big as a shoe box, consumes a soykafload of energy and warms as a motherfucker. it has to be rebooted quite often and every reboot is about 15 minutes.

Now the real question and subject of this thread: Post about secure and good cable modems. I tought there was openwrt compatible modems but now i see there's only "connect boxes" has openwrt for them. i want a discrete cable modem and an openwrt router. which are some secure and good modems? what are the most important properties i should look for?
3 posts omitted. Click reply to view.

 No.3913

>>3910

and 10gb wtf are you in shinjuku or something? 2gb is the best i've ever heard of in this country and i'm perfectly good with 200mb.

 No.3917

You could do everything over VPN and treat your network how you would treat a free WiFi hotspot.

 No.3921

>>3910
>comfy 10gb connection
OK, i officially hate the word comfy now.

 No.3922

>>3917
thank you for the advice.

how does someone decide if a VPN is to be trusted? is there a way of using i2p through a vpn?
what if a VPN logs all my traffic and makes reports about me? (nothing illegal happens in my traffic but there are things that are illegal in other countries and things that despite legal, makes authorities very butthurt)

 No.3924

>>3922
Host your own connection, don't trust any provider unless you really have to. Otherwise, Wireguard and Tunsafe should work fine, at least in my experience.


File: 1556478958798.jpg (58.9 KB, 541x297, i_cfad7fc51cee37f0_html_m2….jpg)

 No.3915[Reply]

ok so, pure hypotethical situation.

A group of attacker activists, whose actions are based on principles every good cyberpunker on this board would share, have to perform a sabotage.


At a certain time in a certain building, let's say a school or an office, oblivious people will enter in a computer room, then every person will take a computer and they will do stuff on the browser requiring an internet connection for an hour or so. A group of attackers composed by a dozen of individuals (of which one or two are in the computer room, supposingly doing stuff on the browser with the oblivious people, while the others are still in the building but outside the room) wants to stop them from doing those things on the browser. They know the wifi password, but the computers in the room are connected via LAN (even if with the same connection).
If they manage to sabotate the activity on the browser, the oblivious people will be happy or indifferent, and the room's tecnichan is very stupid so he won't probably be able to restore the connection if that's more troublesome than restarting the router (but even if he restores it, slowing down the operation with multiple disconnections would already be a victory).
The group of attackers would prefer to have the possibility to leave a message or a symbol, but if that's impossible with informatic methods it's not a big problem because they can still use meatspace-based methods for that.
There may be the possibility to access one of the computers in the room before the oblivious people enter, but the attackers don't have administration rights (Windows 10) and this is not something on which they can count 100%, so if possible the plan should work also without this eventuality.
Obviously if the attackers don't expose themselves too much it would be better.

How lain thinks the attackers should act in order to reach their objectives?

 No.3916

Bro if you are trying to get out of taking your final on the computers in the school computer lab just pull the fire alarm or call in a (not going to say it but you know what I mean). You are way overthinking whatever it is, number one rule of being /cyb/-activist is KISS. Keep it fucking simple stupid.

If you are committed to this 'l33t haxor' mentality and you already have the password? Just go into the router settings, and find where the manual firmware upgrade settings are. Just look up like any generic tutorial on flashing a router with Openwrt or DDwrt firmware. Only difference is, at the stage of the process where you actually do the flashing, just upload some random garbage file in place of the actual firmware. There will be a section in the tutorials that say 'if you do this step wrong you will brick the router', if you upload random garbage onto them and then do exactly what it tells you not to do in that step for you specific model? boom, you bricked their router, sure as hell won't be able to fix that quickly.

 No.3918

already tought about the fire alarm, but sadly at this point it's such an overused thing that nobody evacuates when it starts.

Instead, thanks a lot for the tip about the router!

 No.3919

anyway, really, it's not about getting out during an exam. It's a serious thing, so the problem is also that if something of common use is broken permanently or for a long time that can anger the people against the activists, making the whole thing counter-productive, since the aim is agitprop.
Anyway i'm asking here mainly for technical consulence, the political part about the right way to claim the sabotage, make it suitable for long-term work on the territory, etc. is already clear enough in the minds of the activists.

 No.3920

>>3915
Do you know if the LAN is running IPV4, IPV6 or both? If it is at least running IPV4, and you have the wifi password, look into ARP spoofing, which can be used to spoof the default gateway to clients on a network. This can easily fuck up a network if you can get a computer on the network that can send the spoofed packets (ie connect your laptop to wifi)

ARP spoofing tricks clients on the network into resolving the LAN's gateway to another client instead of the actual gateway. All traffic destined out of the network is first sent to the gateway to send it out of the network, so ARP spoofing can be used to spy on a network and gain credentials (by having your computer stand in as the gateway and sniff all packets going to and from you and the outside server), or to stop all outbound traffic (spoofing the gateway to random addresses, so no packets reach the actual gateway)

If it is only running IPV6, ARP spoofing was mostly patched out (as the ARP protocol was superceded by IPV6's NDP (neighbor discovery protocol)) but it may still be possible for Alice to spoof. Look into NDP spoofing.

If you are on Windows on your attacking computer, use Netcut. If you are on linux, use Tuxcut.

TuxCut link: http://a-atalla.github.io/tuxcut/
NDP Wikipedia: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
ARP Wikipedia: https://en.wikipedia.org/wiki/Address_Resolution_Protocol

I don't know much about NDP spoofing. Sorry.


File: 1494030272709.jpg (841.88 KB, 1020x681, encrypted-messaging-apps.jpg)

 No.219[Reply]

lets talk about instant encrypted synchronous communication lain. what are some you use? which ones would you never use? should you trust your life on any of them? p2p or decentralized? how do "chat bots" fit into all of this? where do we draw the line between anonymity and convenience? how do we deal with metadata?
starting with a nice long list and some of their drawbacks

signal https://whispersystems.org/ - without a doubt first class in secure instant messaging clients at the moment.
centralized server, closed source
requires a phone number to register
only able to contact people through phone numbers
desktop client is a chrome app
file transfer and group calls aren't encrypted

wire https://wire.com/en/ - arguably just as good as signal, but doesn't have the backing of moxie
centralized server, closed source (soon to be open source)
requires either a phone number or email address to register (both if you want access to the desktop and mobile clients)
desktop client is an electron app

threema https://threema.ch/en/ - a closed source client that is still fairly popular (i haven't used this client so i can't say very much about it)
centralized server, closed source client & server (encryption protocol is open source)
paid

riot/matrix http://matrix.org/ - protocol of "the future" still in alpha and under active development
no e2e by default (being worked on currently)
alpha
riot is based on electron, mobile app leave much to be desired

XMPP + OTR https://xmpp.org/
encryption is just a plugin and isn't baked into the protocol (im not sure how much of a problem this is)

"Encrypted" messengers that you should avoid:
Telegram telegram.org
Encryption protocol is known to be broken, since it is home baked and not made by cryptographers. E2E is not enabled by default.

WhatsApp/Facebook
This is Facebook. e2e may be working, but your data is still being harvested and sold to advertisers and/or used by Facebook. They own the client. They can do whatever they want with the data once it's unencPost too long. Click here to view the full text.
46 posts and 10 image replies omitted. Click reply to view.

 No.3819

>>3817
If you are so confident that it is full of security holes, why not show us some proof of concept exploits?

 No.3833

I use Torchat. Someone needs to make a Torchat mobile app.

 No.3834

>Encryption protocol is known to be broken, since it is home baked and not made by cryptographers. E2E is not enabled by default.

those aren't the same thing. Homebrewing a protocol isn't that hard but theirs is needlessly complicated and I have seen a few amateur cryptanalyses that got too close to breaking it for comfort. Also the people who fund it are shady as fuck, and it's closed source.

 No.3870

>>458
If you're talking to careless people, no protocol in the world can help you.

 No.3907

>>219
I use a Whatsapp bot to redirect people to Signal whenever they send me a message. Sure, it's not the best service in the world, but at least it's somewhat better and userfriendly enough for normal people to figure out how it works.


File: 1554984906743.jpg (86.4 KB, 640x480, dbx.jpg)

 No.3855[Reply]

Please note that we have proceeded to the databank exchange.

https://www.youtube.com/watch?v=OjEZuOS9mmg
1 post omitted. Click reply to view.

 No.3863

>>3861
it's a video.
what more do yo uwant?

 No.3879

>>3861
It's very clearly an ARG you can't into
Neat post OP, I wish I had the time ;-;
I love these

 No.3880

>>3879
ARG, as in "Alternate Reality Game"? Should that be taken literally? If so, how do you play such a game? Are these some kind of steganography puzzles like Cicada 3301, or are these just art pieces to enjoy? The latter is what I have assumed so far.

 No.3903

>>3880
Check out his other videos. There are some that are really weird:

https://www.youtube.com/watch?v=TBURVBTr8sA
https://www.youtube.com/watch?v=ObHAzJtVRec
https://www.youtube.com/watch?v=VgNvbUx3PQ4

 No.3904

>>3903
The most recent one mentions "Runners", which I guess is synonym for network hackers/crackers. The whole thing's theme seems to be a something like "vaporwave meets cyberpunk" - first instance of proper vaporpunk metafiction maybe?


File: 1552432586181.png (201.47 KB, 320x360, 20190306_121956_8718090537….png)

 No.3759[Reply]

SSTV is an amateur technology that permits drawing images from sounds. [File is an example of SSTV.
Could SSTV - like systems be used to transfer or create files? It would be fun to experiment in making a file/network that is radio-based and independent from Internet. I always loved things like Meshnet and stuff but it wasnt entirely "out of the box" as I'd like to say. I know I sound "i wanna go against the world" but I'm really into alternatech.
Not sure to post in /tech/ or here since it's kind of both..
We're not talking about Security yet though.

 No.3760

Something similar happened before.

https://www.wired.com/story/air-gap-researcher-mordechai-guri/

 No.3862

>>3759
There's DsyncFS made by some HAMs in Belgium


File: 1510785843686.gif (54.79 KB, 847x513, champ.GIF)

 No.1906[Reply]

hello /cyb/,

I'm installing Windows 7 for a PC build, and am looking to harden it all the way down. I've already gotten the CIS benchmarks and seen a few guides, but one thing they didn't cover is the so-called "botnet updates" microsoft pushed to win7 making it supposedly as bad as win 10 in terms of call home-iness. Can anyone here confirm the existence of such updates, and preferably share info on what specific KB numbers to avoid?

on behalf of everyone else running win7, thanks in advance.
25 posts and 4 image replies omitted. Click reply to view.

 No.2191

>>2190

Well if i don't know soykaf on computer how about you enlighten me with your lantern and show me how wrong i am?

You took time to made a post insulting me and people from here saying that we don't know anything, yet without a single arguments. Can you even see us from your high horse?

Please be constructive if you don't agree with what i said, that's okay but don't insult, use arguments, we're not on /g/ here.

 No.2213

>>2190
>this whole board is bullsoykaf kiddie larping
It's almost like by submitting content to the community, you improve it.

But you don't give a fuck about that.
You only care about your dream leetspace which will never fucking exist.

You're not some ubermench hacker. You're probably some garbo skid looking for a board full of "zomg here's my FUD RAT 0day."
Feel free to contribute, or stop bitching. You don't get to be complacent and complain with an audience that gives a soykaf.

The same fucking thing happened with
>lainchan

>you people
>>>8ch.net/baphomet/
you fucking null
go pop some honeypot, soykafter.

 No.3813

File: 1553659874141.jpg (9.65 KB, 244x250, 65BD14A5DE7B44729FD2B37A9F….jpg)

>>1926
Google Intel vPro, Intel ME
AMD has an equivalent. There's your backdoor

 No.3818

install gentoo

 No.3854

>>1906

Honestly, I'd just use Linux with KDE to make it feel like Windows. I'm not sure how much hardening you'll get out of a proprietary kernel. Do you have any software specific to Windows?

852eff0db84a65ddafb0e10b7bbdae58ede7b97b

9884


File: 1538347182985.jpg (172.89 KB, 1600x900, w6o3rusndh6zunt4xehl.jpg)

 No.3377[Reply]

Is the rapid advancement of technology responsible for significant social alienation? It seems that even as connections are seemingly strengthened through the internet we are more atomized than ever in spirit. The classes with most internet access have very damage psyches (middle and upper)
24 posts and 2 image replies omitted. Click reply to view.

 No.3827

>>3825
True but i believe it's people that are to blame for getting addicted to them, their flaw. Who doesn't use them like that and thinks for themselves, there are people like that.

 No.3830

capitalism

 No.3831

>>3827
I don't think it is fair to blame people for falling for something that was specifically designed to exploit their flaws. Maybe you might be able to convince yourself that you are somehow superior to them since you are not glued to your phone but it won't help you understand how and why they are glued to their phones.

What really needs to be addressed is the fact that despite all the efforts to bend the natural environment to the human will, all we ended up with is an artificial environment that is almost as hostile to human life as the original was.

 No.3832

>>3831
You are right. Really I was using it to say how it's about humans but not the technology but i just used it to justify myself when i too stare at a pc screen, maybe i wanted to just show this perspective but it won't help me to learn anything about these problems as you pointed out. Also your second point is really good. This is the point where some balance of urban and natural environment would be the best, since we today can spend time in nature comfortably and live in city, but city life only is not healthy physically nor mentally. I admit this way I only pretend I don't have the same problem. Thank you for helping me realise all this.

 No.3851

>>3379
Watching CGP Grey's video, I'm given the impression that another factor is that we can only process communication at some maximum rate, and this rate does not increase with the number of connections we have. Not that there aren't any issues arising from the way we conduct economics, but even ignoring that, the more technology allows you to easily connect with others, the more pressing the need to carefully parcel out the attention given to all those potential connections.

I'd say this also relates to people moving to smaller websites/secret clubs. If the average writing speed in a discussion is higher than your own reading speed, you can't say anything without taking the risk that you're just repeating what was already said. If social pressure exists to participate anyway, this can lead to a state much like the chatter of popular Twitch channels. Conversely, if this issue deters one from writing, then it makes activity self-limiting, and might even cause a community to burn out if people give up on being able to add to conversations.

https://ncase.me/crowds/ covers some related ideas, in that it explores the way having more connections within a group can prevent complex ideas from spreading between groups if we judge the state of the world by extrapolating from the set of people we directly interact with.

>>3716
>>3823
Also these. I guess fragmented attention and personal loneliness are intertwined but distinct problems to deal with?


File: 1553111398495.gif (58.8 KB, 220x186, 389ddcf1-56d2-483c-ac5a-86….gif)

 No.3775[Reply]

Each day we find ourselves creeping towards the corporate dystopia we fear.

https://www.itnews.com.au/news/telstra-and-vodafone-temporarily-block-websites-after-christchurch-attack-522232

What gets me is that terrorism in the past was fine, but suddenly this isn't. Arabs killing Arabs? 9/11? Arabs killing Europeans? Arabs killing Jews? All totally fine.

Australian killing Arabs? HOLD THE FUCKING PHONE SHUT IT DOWN. SHUT IT ALL DOWN NO TIME TO DISCUSS.

“We understand this may inconvenience some legitimate users of these sites, but these are extreme circumstances and we feel this is the right thing to do.”

A lot of people use these sites as support groups, LGBTQ groups for example, it's a safe place for them. But here we go, let's not understand what this is and just ban it because we are corporate and fuck you.

"The right thing to do" is to ignore fuckers like this, but peoples self righteous indignation won't let them, and he fucking wins.

Good job corpo dipsoykafs. You show we live in a boring as fuck dystopia.
35 posts and 3 image replies omitted. Click reply to view.

 No.3846

File: 1554653961172.jpg (38.61 KB, 400x300, DngpD0EZgjaJstjI_36LexupXN….jpg)

>>3845
You would still have hospitals/safety, though. The only difference is that everything would become a service. Cops would still exist, but they would most likely become a subscription service. Either that, or you'd move into a private neighborhood that features private cops (if you're really that paranoid).
Committing a crime wouldn't really be as easy as people think. Most people would have guns, so anyone stupid enough to commit a crime will have to face bullets in their heads.
And as for roads, well, same thing, the roads would be managed by corporations. Where I live, the roads on the mountains are maintained by the government, and they fucking suck! They're dirty and full of holes! Meanwhile, the highway roads are maintained by a company and, those roads are squeaky clean! Of course, you have to pay to use those roads, but that money is used to maintain the roads and is what makes them superior to the public roads! My country may be soykafty, but at least its a great example of public vs private.

 No.3847

>>3846
What would break up monopolies? Would would stop companies from essentially replacing the government with their own weaponry? If it's advantageous, a company will do it. There's nothing to stop price raising, overworking employees, etc. Competition? I'll either buy them out blow their brains out. Who would stop me? Civilians? With their pea shooters against my tanks and tear gas? Speaking of money, what would give it value? The gold standard? Where are you going to get enough gold? What if gold stops being valuable?

 No.3848

>>3847
None of this is to say governments are perfect. Corruption is inevitable in any system, but some systems propagate it faster and lack effective methods to remove it. Governments should maintain the physcial safety of people and give land sovereignty, and companies should generate capital. Meanwhile, people should be allowed to say whatever they feel like without either interfering.

 No.3849

>>3847
Monopolies can only happen with government payouts (you can see this especially with garbage companies like Coca-cola and Mcdonalds). Competition WOULD indeed stop monopolies, as every company will always do something to one-up each other, meaning the prices will always be as low as possible and the service they provide will also try to be better than the competition! The only way that monopolies happen is if a company pays the government to control a certain product/service (see Martin Skhreli and his pill which he raised to $700 overnight because he copyrighted the pill to make sure no one else can sell the pill!)
That thing you said about companies using weaponry to overthrow the government, control the people, ect. That could literally happen now, even with a government! There's literally nothing stopping Mcdonalds from illegally buying a bunch of nukes and starting a war. But, they don't do it because they'd have to be completely out of their minds! What would they gain from that? International hatred by every single human being? HOW would that give them an advantage?
And as for money, it'd probably turn into something like the cryptocurrency wars. There'd be a lot of currencies popping in and out of existence, and only the most valuable currencies will be accepted by most people. It doesn't need to be physical currency. For all we know, bitcoins could actually just replace physical money.

 No.3850

>>3849
>Monopolies can only happen with government payouts
I don't buy it. Companies have more things in their tool box than that. AT&T didn't need government payouts as far as I know.
>every company will always do something to one-up each other
This is definitely wrong. You can see it on a small scale with supermarket prices. Companies are always testing the limits of how high they can raise prices before people get fed up with it. Supermarkets will all do this together without any one of them lowering prices. It's not a sure-fire mathematical certainty that one of them will lower their prices.

Companies can also work together to collectively screw people over. They can establish turfs and learn from example. A song and dance of competition isn't always better than just doing the same thing and forcing it on customers. Starting a new business to contend with giants isn't something most people could do and succeed at, or even be willing to try. A new business crops up with way lower prices and by chance they get more business, the giant could lower their prices for just long enough to get the new guy out of business.
>That could literally happen now
Highly doubt it given governmental regulations. It's not advantageous now either because they have the government to compete with. With no government there's a power vacuum.
>cryptocurrency wars
That sounds awful and destabilising. China could swoop into a country with no government and take over. Companies may even prefer that arrangement. The whole world would have to collectively become anarchist for it to work for even a short while.


File: 1552925298268.png (251.71 KB, 497x371, Screenshot 2019-03-18 at 1….png)

 No.3771[Reply]

So today I was walking laps around my school when I hear a sound from our security, it was reading off a mac address. I pulled out my phone and it started to read an IP address. what should I do with this? should I do a pen test or scan it for open ports?

 No.3816

Sounds like someone's already installed Kismet on it or something.


File: 1540764471143-0.jpg (23.91 KB, 340x340, look1-md.jpg)

File: 1540764471143-1.jpg (34.09 KB, 340x340, look2-md.jpg)

File: 1540764471143-2.jpg (26.12 KB, 340x340, look4-md.jpg)

 No.3462[Reply]

Facial recognition is being employed by the government and soon to commercial use as a means to keeping tabs on everyone doing everything. Storing that data for legal uses, selling, and enforcing law.

Taking up our own means of fighting against this menace to our privacy should be talked about. I believe the war against this type of surveillance is already lost, but we should make the effort to protect ourselves against it.
7 posts and 3 image replies omitted. Click reply to view.

 No.3510

>>3468
imagine this level of roleplaying.
>Asset: ???
>Threat: ???
>Security Posture: Migitation
>Dress as old man everywhere you go to avoid be recognized by family and friends
>Somehow this constitutes protection against something
For deep cover, I suggest you go to church, and deploy on a mission. You could create the deepest cover of all time. Spend years doing charity work in Africa while preaching the gospel. Imagine, you could spend your whole life without one genuine moment - no one would know who you are - least of all you! It would be great!

 No.3512

File: 1541679217897.jpeg (73.85 KB, 1390x741, watrix.jpeg)

>>3510
>imagine this level of roleplaying.

Yeah. And latest news has it that China can now identify people by the way they walk:
https://techcrunch.com/2018/11/07/china-can-apparently-now-identify-citizens-based-on-the-way-they-walk/?guccounter=1

There goes your old man disguise. Couple more years and they will have a complete reading of your mind from the way you digest.

 No.3514

>>3512
The point of the post wasn't that the disguise wouldn't work, its that it almost certain had no purpose. I am for avoiding passive surveillance where possible but not at all costs. I am not willing to sacrifice living my life to go free of passive surveillance. Unless your Osama Bin Laden, the costs of walking through the street free of costume is low. And Bin Laden didn't need to leave the house. Comparing people walking without advanced disguise through ordinary streets routinely as 'dead' is absurd. Supposing a perfect national government facial recognition software, at worst, a collection of locations was collected. This is undesirable, by hardly dead for the average person. If you are Neo from the matrix, or Bin Laden, agents might appear. But, a regular individual isn't protecting their life, they are protecting their privacy, and privacy is desirable, but is it worth forgoing all aspects of your life over?

Also, more reliable than face cams is definetely license plate cams, and cell tower data, which we know is being collected.

 No.3515

I had some interesting stuff to say, typed out like 15 lines of it, then realized saying those things would be hypocritical. Those words should be lost like tears in rain instead. Fuck tears.

 No.3770

>>3514

I think that you might feel that way but in the very near future I highly doubt that I will be comfortable going outside without a significant prosthetic over my face at any time. It just isn't worth it to risk the government coming after you.


Delete Post [ ]
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]
[ Catalog ]