At 3/4/16 11:39 AM, egg82 wrote: This. Very much this. Just use OpenVPN's GUI and not MS's built-in.

The only vpn that I'm subscribed to right now is my uni's, which requires Cisco AnyConnect. Like, requires requires. I'm not sure I can vpn with my phone, and the Microsoft default doesn't work.

Cisco's installation required java... Speaking of which, I installed HaxeDevelop, which is the haxe-focused FlashDevelop, and all of a sudden I'm getting java-related debug errors in the output panel.

At 3/4/16 11:49 AM, MSGhero wrote: The only vpn that I'm subscribed to right now is my uni's, which requires Cisco AnyConnect. Like, requires requires.

Oh, one of those. I hear AnyConnect is okay as long as you keep on the updates. I just still don't recommend using your uni's VPN.

I'm not sure I can vpn with my phone, and the Microsoft default doesn't work.

You can. It's called EasyOpenVPN. You won't be able to use AnyConnect without the software, though. They might have it for mobile.

Cisco's installation required java...

I hate this. I have Java installed because I play the occasional Minecraft and I develop in Java every now and again. Stop forcing other people to use it, though. Nobody keeps on security updates and Java's one of the most exploitable things out there, next to Flash and anything else Oracle.

Speaking of which, I installed HaxeDevelop, which is the haxe-focused FlashDevelop, and all of a sudden I'm getting java-related debug errors in the output panel.

This sounds interesting. I might give it a look later.

At 3/4/16 12:47 PM, egg82 wrote:

At 3/4/16 11:49 AM, MSGhero wrote: The only vpn that I'm subscribed to right now is my uni's, which requires Cisco AnyConnect. Like, requires requires.

Oh, one of those. I hear AnyConnect is okay as long as you keep on the updates. I just still don't recommend using your uni's VPN.

I only use it for campus-specific stuff where I need to be "local" to access services and for accessing research papers. I forogt to log in once, and this really shitty paper was like $45. Fucking ridiculous.

pwned :D

How the hell did I wind up so deep into security?
I used to not even LIKE security.

It's like, one day I woke up and went "I want to learn to be a hacker" - Then I spent $1300 on training, got my pentesting certification, and now here I am planning a trip to Defcon 24.

The fuck happened to me?

At 3/9/16 08:51 PM, egg82 wrote: How the hell did I wind up so deep into security?
I used to not even LIKE security.

It's like, one day I woke up and went "I want to learn to be a hacker" - Then I spent $1300 on training, got my pentesting certification, and now here I am planning a trip to Defcon 24.

I'm jelly. How long did that take?

At 3/10/16 07:28 AM, Gimmick wrote: I'm jelly. How long did that take?

The certification? OSCP. Three months, two days exactly.

I still don't have a job, though

I made a thing that some of y'all might be interested in. I use Steam's web-based chat at work so I can talk to my friends on my breaks, but, for whatever reason, it doesn't automatically scroll down when new messages are posted. So I wrote a Greasemonkey script to take care of that.

Just add this to Greasemonkey to make the web-app not suck. The only requirement is for the scrollbar to be at the bottom, which is to prevent it from scrolling down if you're browsing up through old messages.

Technically you could add it to Tampermonkey with Chrome, but Chrome is a broken piece of shit and doesn't have a function to scroll DOM elements, and I don't ever use Chrome to begin with, so I'm not going to fart around making it work with it doing some hacky bullshit. Feel free to do that if you want to, though. But it works just fine in Firefox.

At 3/10/16 07:26 PM, Diki wrote:

Technically you could add it to Tampermonkey with Chrome, but Chrome is a broken piece of shit and doesn't have a function to scroll DOM elements, and I don't ever use Chrome to begin with, so I'm not going to fart around making it work with it doing some hacky bullshit. Feel free to do that if you want to, though. But it works just fine in Firefox.

I've never been able to put my dislike of Chrome into words. I use Edge because I like to live dangerously, unless I know for sure I'm prolly about to get malware. Even if the browsing experiences were the exact same, I feel like I would like Edge or Firefox better.

Someone said that iPhones feel like they're made with love, while Androids feel like they're made with analytics. Obviously they both are, but I guess my iPhone and Edge make me feel the former.

Chromebooks looks solid as fuck though, I won't knock those.

IE has vulnerabilities hemorrhaging from its metaphoric ass and Firefox STILL hasn't put in anything resembling a sandbox.
Opera actually has 100% ACID compatibility but support for it sucks and updates are infrequent.
I don't trust Microsoft not to fuck Edge up, so I'm waiting on that.

I'll stick with Chrome, thanks.

At 3/10/16 10:53 PM, MSGhero wrote: I've never been able to put my dislike of Chrome into words.

Yep. I do not like Chrome in any way shape or form, either. (Or even Google, period—Google can fuck off.) Most people seem to have a hard-on for Google, for whatever reason, and think that Google is their friend, rather than just as shitty a company as Apple and Microsoft.

At 3/11/16 02:00 AM, egg82 wrote: I don't trust Microsoft not to fuck Edge up, so I'm waiting on that.

I don't know why you would trust Google to not fuck up Chrome. They've fucked up plenty of other things, in the past; they're no better or worse than Microsoft or Apple or Oracle or Adobe or whatever when it comes to competency. (For the record, I don't trust Mozilla either, which is why I block all JavaScript and all third-party applications by default, and only whitelist ones I know I can trust.)

I like looking through my commit history. Sorta like nostalgia but only from up to a few months ago. HD is HaxeDevelop.

So I decided to try a new technique "wardriving" around Denver, since it's not illegal and kinda fun.
I gathered a small-ish sample of statistics and decided to do some rough approximations.

There's about 170,000 routers in Denver.
About 1,900 of them use WEP and about 11,000 are open (NOT xfinity).
About 37,000 of them are hidden.
Of the 37,000 hidden wireless, about 250 are WEP.
There are about 28,000 open "xfinity" APs.

Channels:
1: ~52,000
2: ~3,000
3: ~3,000
4: ~2,000
5: ~2,000
6: ~46,000
7: ~2,000
8: ~3,000
9: ~4,000
10: ~1,500
11: ~49,000

At 3/15/16 05:11 PM, egg82 wrote: 9: ~4,000

That's the channel I use for my 2.4GHz band. :3 I had to walk around my house using my phone to analyse all the wireless networks around me to find one that wasn't being used, and turned out 9 wasn't; it certainly helped fix the stability issues I was having with that band (didn't need to change my 5GHz from "auto," though, unsurprisingly).

At 3/15/16 06:15 PM, Diki wrote: That's the channel I use for my 2.4GHz band. :3 I had to walk around my house using my phone to analyse all the wireless networks around me to find one that wasn't being used, and turned out 9 wasn't; it certainly helped fix the stability issues I was having with that band (didn't need to change my 5GHz from "auto," though, unsurprisingly).

I was taking a look at the same, although the card I used doesn't support 5GHz bands so I'm definitely missing a few and my overall conclusions are incomplete.

I'm thinking channel 10 might be good, but I'll take a closer look later.

apt-get install *

"WHAT HAVE YOU DONE?!"

At 3/15/16 07:04 PM, egg82 wrote:

At 3/15/16 06:15 PM, Diki wrote: That's the channel I use for my 2.4GHz band. :3 I had to walk around my house using my phone to analyse all the wireless networks around me to find one that wasn't being used, and turned out 9 wasn't; it certainly helped fix the stability issues I was having with that band (didn't need to change my 5GHz from "auto," though, unsurprisingly).

I was taking a look at the same, although the card I used doesn't support 5GHz bands so I'm definitely missing a few and my overall conclusions are incomplete.

I'm thinking channel 10 might be good, but I'll take a closer look later.

There was some website that profiled each channel. 1 is obviously the worst, but several other channels are inherently slower, in that their signal "leaks" into the other channels and loses performance. I went with channel 9, it was the emptiest when I peeked at the signals from my computer. I didn't know you could do it from your phone, but that makes sense.

At 3/15/16 10:04 PM, MSGhero wrote: There was some website that profiled each channel. 1 is obviously the worst, but several other channels are inherently slower, in that their signal "leaks" into the other channels and loses performance

I am somewhat interested in this topic. If you find the website, tell me.

Also, if anyone was wondering what makes a review here on NG helpful, here's my comparison/advice:
http://prntscr.com/aftb4p
http://prntscr.com/aftbkk

At 3/15/16 10:25 PM, egg82 wrote:

At 3/15/16 10:04 PM, MSGhero wrote: There was some website that profiled each channel. 1 is obviously the worst, but several other channels are inherently slower, in that their signal "leaks" into the other channels and loses performance

I am somewhat interested in this topic. If you find the website, tell me.

http://www.howtogeek.com/howto/21132/change-your-wi-fi-router-channel-to-optimize-your-wireless-signal/

Channels within 5 of each other interfere, so 1, 6, and 11 are the "best." I used NirSoft WifiInfoView, and for me at least back then, those were also the most crowded. 9 had no one, so I went with that.

Also, if anyone was wondering what makes a review here on NG helpful, here's my comparison/advice:
http://prntscr.com/aftb4p
http://prntscr.com/aftbkk

Steam has helpful, not, and funny, which I feel is a better system. Github also put a reaction thing on comments so you don't have 30 comments +1ing.

At 3/16/16 12:05 AM, MSGhero wrote: Channels within 5 of each other interfere, so 1, 6, and 11 are the "best." I used NirSoft WifiInfoView

Here I am booting into NetHunter and using airodump-ng
#pro #iFuckingHateSoftKeyboards

Steam has helpful, not, and funny, which I feel is a better system. Github also put a reaction thing on comments so you don't have 30 comments +1ing.

I think I'm more of a fan of reactions. Facebook recently changed their "like" system to reactions as well.

I've recently been thinking about making a YouTube video on breaking into wireless and mitm credit card information sent over HTTPS (sslstrip v2, which keeps the green lock) using just my phone. Should be fun, if I can figure out how to do it without exposing information or getting into trouble.

Edit: I think I have a spare router somewhere I can configure with WEP, and I don't even need to push CC info through. Just a normal Facebook login should do.

At 3/15/16 10:04 PM, MSGhero wrote: I didn't know you could do it from your phone, but that makes sense.

Yeah, it's pretty straight-forward. I used this app to do it.

Seeing lots of GDCers on my commute to work this week. :)

CC of an e-mail I recently sent:

Two recent events happened you might not be aware of, but individually would be catastrophic to a company.

One, recently scammers have been e-mailing companies' accounting depts. pretending to be IRS or gov't and asking for tax forms (SSNs, etc) in lieu of tax season. Major corporations have been hit. If an e-mail or phone call seems suspicious, report it first- before doing anything else.

---

Second and more importantly, ransomware has taken a foothold. This malware encrypts your personal files and demands payment (usually one bitcoin or ~$400 USD) for the decryption key before time expires and the key is deleted (usually a few days)

This type of malware is catastrophic because simply deleting the malware does not solve the issue. Only payment will allow access to your now-heavily-encrypted files.

The problem comes in the form of advertisements. Large ad companies are serving this type of malware, and you don't need to download anything yourself for it to run. It will simply exploit browser plugins or the browser itself when shown. The ad gets loaded onto the page, and you're infected.

The "large ad networks" is also a problem since they host websites like Facebook, Google, Twitter, Amazon, eBay, and the like. Browse Facebook, get your files encrypted, pay $400 per device infected. No download required. This affects both Windows and Macintosh.

Updates, AdBlock Plus, and EMET will help solve this.

---

Protect yourself beforehand. Once either of these slip by your defenses IT WILL BE TOO LATE. There's nothing you can do at that point.

At 3/18/16 12:38 AM, egg82 wrote: AdBlock Plus

Cool kids use uBlock Origin. >:]

At 3/18/16 07:53 AM, Diki wrote:

At 3/18/16 12:38 AM, egg82 wrote: AdBlock Plus

Cool kids use uBlock Origin. >:]

I still have no idea how EMET works or what it does. You can't use it with browsers for the same reason antiviruses make you less secure when they manage browser security over the browser itself. Edge has some kind of built-in EMET. I believe I have EMET set to opt-out where possible, so every process is a few layers secure. I think.

At 3/15/16 10:25 PM, egg82 wrote: Also, if anyone was wondering what makes a review here on NG helpful, here's my comparison/advice:
http://prntscr.com/aftb4p
http://prntscr.com/aftbkk

I actually think you're second review IS more helpful than the other. In the first one, you don't specifically say what parts you liked or didn't. As someone deciding whether to play this game, your review did not affect my decision. On the second one, it's clear that this game has bad instructions, which is helpful.

At 3/20/16 04:53 PM, GeoKureli wrote: On the second one, it's clear that this game has bad instructions, which is helpful.

You do know that that second review is a meme, right?

At 3/20/16 05:57 PM, Diki wrote: You do know that that second review is a meme, right?

Yeah, the movie was silly and I don't do movie reviews so I put a meme down.

Also, just got back from a three-day vacation, yay!
And I'm heading to Defcon this year. Already got the hotel booked. If anyone else is going I might see you there.

http://prntscr.com/aiddd5

Yeep..

.. Yeeeeepp.

Sounds about right.

I wonder how many projects here are full of exploit code? Seems like a good website to drop malware into, but I don't seem to find any here.

At 3/22/16 02:35 AM, egg82 wrote: http://prntscr.com/aiddd5

Yeep..

.. Yeeeeepp.

Sounds about right.

I wonder how many projects here are full of exploit code? Seems like a good website to drop malware into, but I don't seem to find any here.

Presumably, those graphs are explained somewhere in the text, but as shown, they are devoid of essential information. What are the scales? Are these relative or absolute rates?