• úvod
  • témata
  • události
  • tržiště
  • diskuze
  • nástěnka
  • přihlásit
    registrace
    ztracené heslo?
    LITTLEBOYAnonymita na internetu :: TOR - FREENET - FREEPROXY - ...
    ALWA
    ALWA --- ---
    čaute, věděl by někdo, dá se najít nějakej funkční freehosting na Toru? nebo su naivní? nic jsem nenašel... dík
    ALMAD
    ALMAD --- ---
    OVERDRIVE: OK, dik. Ja sem premejslel ze bych to narval povinne do firmy, ale jeste asi pockam, nez to uzraje.
    OVERDRIVE
    OVERDRIVE --- ---
    ALMAD: odkladam, kazdopadne Yubico s GPGCkem, ted se to zrovna docela resi na irc brmlab...
    v nejakych momentech se zda, ze to jeste neni single-config, out-of-the box...

    Ted si tam phyrexian hraje s tim co me vicemene zajima nejvic - fakticky to znamena presnest klice na kartu a pak vsude kde je chces pouzivat musis gpg poslat commad, ze ma hledat klice na karte... takze commandline reseni, zadna hruza, ale pro lamu blbe.

    Pry si treba GPG pamatuje nejaky uunikatni identifikator karty, takze kdyz je stejny klic na ruznych kartach, krej nejsou uplne zamenitelne a tak... under testing.
    Ja klic zatim nemam, takze papouskuju jen to, co jsem si precet. Kdyztak irc asi

    YubiKey NEO and OpenPGP
    https://www.yubico.com/2012/12/yubikey-neo-openpgp/
    Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard | Simon Josefsson's blog
    http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
    ALMAD
    ALMAD --- ---
    OVERDRIVE: Uz jste to nekdo zkousel?
    OVERDRIVE
    OVERDRIVE --- ---
    QWWERTY: to je fake schvalne ;]


    MMchodem, kdyz se me nekdo bude ptat, co chci letos k vanocum tak chci tohle:

    Yubico | Trust the Net with YubiKey Strong Two-Factor Authentication
    https://www.yubico.com/
    QWWERTY
    QWWERTY --- ---
    KIE: chapu ze jim lezi v zaludku ISP a takovy firmy jako treba Apple, ktery nedavno zahajil kampan, ve ktere se chlubi ze ani on sam nema pristup k datum ...zvlast kdyz nedavno probehlo tohle
    Apple can't give real time iMessage data to the FBI because texts are encrypted
    http://betanews.com/...ple-cant-give-real-time-imessage-data-to-the-fbi-because-texts-are-encrypted/

    akorat ja mel za to, ze pokud se bavime o skutecnym sifrovani, tak se vzdycky bavime o individualnim, nad kterym mam plnou lokalni kontrolu (s vyjimkou vadnych RNG a jinych sabotazi systemu), ale do samotnyho komunikacniho kanalu vstupuje zprava uz zasifrovana, takze i kdyby ji ISP prenasel v plaintextu, tak si ji krom prijemce nikdo neprecte
    QWWERTY
    QWWERTY --- ---
    KIE: z toho co jsem cetl jde akorat o zakaz, aby to nabizely velky firmy - tzn. nebylo to rozsireny mezi BFU
    "Companies such as Apple, Google and others will no longer be able to offer encryption "
    ale
    "Ministers have no plans to ban encryption services"
    takze budes moct siforvat klidne dal - v podani abclinuxu to bylo mnohem horsi, viz ta cast se zakazem steganografie

    jediny ceho bych se bal je tohle
    we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications
    place a duty on companies to be able to access their customer data in law

    imho jediny zpusob jak neco takovyho 100% zajistit na IOS/Android/Blackberry/Windows/OSX/Linux je sabotaz RNG
    ...pak uz to nebude bezpecny vubec pro nikoho - ale to neni ani ted, kdyz je mozny sabotovat RNG v procesoru tak, ze to nejde overit
    QWWERTY
    QWWERTY --- ---
    OVERDRIVE: fuj ... az po marnym googleni jmena a o ktery zakon melo jit mi doslo, ze je to fake
    OVERDRIVE
    OVERDRIVE --- ---
    Ach jaj, tohle nechces

    Rozhovor s předkladatelem zákona o regulaci šifrování
    https://www.abclinuxu.cz/blog/jenda/2012/4/rozhovor-s-predkladatelem-zakona-o-regulaci-sifrovani
    OVERDRIVE
    OVERDRIVE --- ---
    nove metody browser fingerprintingu, presentace

    https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf
    OVERDRIVE
    OVERDRIVE --- ---
    Intel x86 considered harmful
    Joanna Rutkowska
    October 2015



    Contents
    1 Introduction
    5
    Trusted, Trustworthy, Secure?
    . . . . . . . . . . . . . . . . . . . . . .
    6
    2 The BIOS and boot security
    8
    BIOS as the root of trust. For everything.
    . . . . . . . . . . . . . . .
    8
    Bad SMM vs. Tails
    . . . . . . . . . . . . . . . . . . . . . . . . . . .
    9
    How can the BIOS become malicious?
    . . . . . . . . . . . . . . . . .
    9
    Write-Protecting the flash chip
    . . . . . . . . . . . . . . . . . . . . .
    10
    Measuring the firmware: TPM and Static Root of Trust
    . . . . . . . .
    11
    A forgotten element: an immutable CRTM
    . . . . . . . . . . . . . . .
    12
    Intel Boot Guard
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    13
    Problems maintaining long chains of trust
    . . . . . . . . . . . . . . .
    14
    UEFI Secure Boot?
    . . . . . . . . . . . . . . . . . . . . . . . . . . .
    15
    Intel TXT to the rescue!
    . . . . . . . . . . . . . . . . . . . . . . . . .
    15
    The broken promise of Intel TXT
    . . . . . . . . . . . . . . . . . . . .
    16
    Rescuing TXT: SMM sandboxing with STM
    . . . . . . . . . . . . . .
    18
    The broken promise of an STM?
    . . . . . . . . . . . . . . . . . . . .
    19
    Intel SGX: a next generation TXT?
    . . . . . . . . . . . . . . . . . . .
    20
    Summary of x86 boot (in)security
    . . . . . . . . . . . . . . . . . . . .
    21
    2
    Intel x86 considered harmful Contents
    3 The peripherals
    23
    Networking devices & subsystem as attack vectors
    . . . . . . . . . . .
    23
    Networking devices as leaking apparatus
    . . . . . . . . . . . . . . . .
    24
    Sandboxing the networking devices
    . . . . . . . . . . . . . . . . . . .
    24
    Keeping networking devices outside of the TCB
    . . . . . . . . . . . .
    25
    Preventing networking from leaking out data
    . . . . . . . . . . . . . .
    25
    The USB as an attack vector
    . . . . . . . . . . . . . . . . . . . . . .
    26
    The graphics subsystem
    . . . . . . . . . . . . . . . . . . . . . . . . .
    29
    The disk controller and storage subsystem
    . . . . . . . . . . . . . . .
    30
    The audio card
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    31
    Microphones, speakers, and cameras
    . . . . . . . . . . . . . . . . . .
    31
    The Embedded Controller
    . . . . . . . . . . . . . . . . . . . . . . . .
    32
    The Intel Management Engine (ME)
    . . . . . . . . . . . . . . . . . .
    33
    Bottom line
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    33
    4 The Intel Management Engine
    34
    ME vs. AMT vs. vPro
    . . . . . . . . . . . . . . . . . . . . . . . . . .
    35
    Two problems with Intel ME
    . . . . . . . . . . . . . . . . . . . . . . .
    35
    Problem #1: zombification of general-purpose OSes?
    . . . . . . . . .
    36
    Problem #2: an ideal rootkiting infrastructure
    . . . . . . . . . . . . .
    37
    Disabling Intel ME?
    . . . . . . . . . . . . . . . . . . . . . . . . . . .
    37
    Auditing Intel ME?
    . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    38
    Summary of Intel ME
    . . . . . . . . . . . . . . . . . . . . . . . . . .
    39
    5 Other aspects
    40
    CPU backdoors
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    40
    Isolation technologies on Intel x86
    . . . . . . . . . . . . . . . . . . . .
    41
    Covert and side channel digression
    . . . . . . . . . . . . . . . . . . .
    42
    Summary
    44
    And what about AMD?
    . . . . . . . . . . . . . . . . . . . . . . . . .
    4

    http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
    OVERDRIVE
    OVERDRIVE --- ---
    nejhorsi je, ze tyhle device normalne existuji, a ty co uz byly prodany, asi nikdy nebudou patchnuty, nebo spis malo pravdepodobne...
    OVERDRIVE
    OVERDRIVE --- ---
    taky bych zkusil nezapomenout na to, ze pripojit si ke spatne zabezpecene wiifi spatne zabezpecenou televizi neni dobry napad ;]]]

    Hacking my smart TV - an old new thing - Hewlett Packard Enterprise Community
    http://h30499.www3.hp.com/...earch-Blog/Hacking-my-smart-TV-an-old-new-thing/ba-p/6645844#.VKHH9AIqA
    KOJA
    KOJA --- ---
    QWWERTY: Jj, taky uz se tesim jak budu za pet let po bazarech shanet mikrovlnku bez wifi nebo kuchat antenu z novy pracky.
    OVERDRIVE
    OVERDRIVE --- ---
    hmm, zeby konecne neco Keepas* co chodi i na jabku bez utrpeni typu sebekrizovani se monem a wine?

    KeepassC by raymontag aka lykaner aka GrayFox
    https://raymontag.github.io/keepassc/
    OVERDRIVE
    OVERDRIVE --- ---
    QWWERTY: tak ono, kdyz treba to ma v sobe kameru, a posila to data rovnou na pevne nastavenou IP.... nejaka dalsi security uz neni ani moc potreba... od samsungu si muzes koupit rovnou klice a API k cipu v jejich televizim, ktery to normalne delaji... a je to cip treti strany, takze jej v sobe nema jen Samsung.. mmchodem ma to v sobe inbuilt face recognition a tak... tolik k IoT s konektivitou

    ale videl jsem pekne zarizeni, co vidi kamary ;] [ne, ze by nestacilo laserove ukazovatko, zejo...]

    CypherConf 2015: Priestorové odpočúvanie
    https://www.youtube.com/watch?v=mCbszhOdGnI


    QWWERTY
    QWWERTY --- ---
    NYX: jeden z tech crosslinku me pobavil vic
    IoT security is RUBBISH says IoT vendor collective • The Register
    http://www.theregister.co.uk/2015/08/12/iot_security_is_rubbish_says_iot_vendor_collective/
    ...hlavne kdyz vidim, jaky otresny hype se okolo IoT rozjel a vsechny televize, lednicky a rychlovarny konvice musi mit konektivitu
    NYX
    NYX --- ---
    Ouch! :)
    Hacking Fitbit - Schneier on Security
    https://www.schneier.com/blog/archives/2015/10/hacking_fitbit.html
    OVERDRIVE
    OVERDRIVE --- ---
    Kliknutím sem můžete změnit nastavení reklam