Thanks for the help everyone! Ultimately I'm pretty sure I'd need to use ARP poisoning, which is definitely out of scope as this isn't a sanctioned exercise. Alternately from an insider threat perspective I could capture traffic on the insecure servers, but I'm gonna call that out of scope for now as well.
Pleasantly surprised to find the problem isn't quite as bad as I expected, but still not great.
Hey guys, what tools would you recommend for capturing credentials sent over http on a local network? I need to make a point at work
Bad idea! #Keeper , a password manager bundled with Windows has a security flaw. Security journalists reported on it. What did Keeper do? Sued the journalists.
Fuck Keeper.
DO NOT USE ETHERDELTA RIGHT NOW!!!!
https://twitter.com/etherdelta
SOMEONE REDIRECTED THEIR DNS
(please signal boost)
c/ @Miller_Geek
The new Portal is a bridge-building puzzle game, and it looks AMAZING https://boingboing.net/2017/12/20/bridge-constructor-portal.html #bridgeconstructor #youtube #glados #portal #videos #Video #Games
An "NSA backdoor" proposed TLS extension finally turns up inthe wild: in random Canon printers that fail to work with TLS 1.3...
https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/
As the blog post points out at length, gee this spy stuff can be super mundane.
I'm always amazed at when I discover (through other people's research or my own) vulnerabilities in core aspects of networking that harken back to the earliest days of networking.
Back then, we just needed things to work. Didn't realize how much we would depend upon the net and web for our daily lives.
If it works, that was enough. No mind for security built in.
Had a chance to talk to high schoolers and early vocational school students (information security tracks) about hacking and pentesting. Spoke to two groups and walked them through a tabletop of breaching a company.
A lot of enthusiastic folks. A lot of great back and forth! That was a blast.
@Miller_Geek @icefox there's a huge environmental component imo - it's one of the reasons that I try to be more vocal about how sparse my knowledge is on some of the things I work on, to try and help destigmatize not knowing now kinda
Baby Boomers being awful at the post office again (and racist!) Show more
https://www.fuckingrestech.com/
Public records can be creepy. I found the home phone number for the guy that owns the LLC that pays the taxes on an abandoned property near me.
death penalty, punishment, justice Show more
Oh Eris. Wow. Mudge posted a link to this. This is intense. I can’t download the python script linked in the post yet. If anyone grabs it, let me know:
So...I might be getting Gigabit internet. Any ideas for what to do with that much bandwidth?
Ive had a friend in NC loose their job today. It looks very likely they were fired so that their employer could stop carrying their autistic three year old on the corporate health insurance. A child who lost an eye to cancer and is now recovering from said cancer. Their shopping for legal advice. If anyone has resources please let me know.
pol, FCC, lawsuit Show more
