#qi-hardware IRC log for Thursday, 2014-04-10

Action: whitequark has devised an interesting system for data storage02:23
whitequarkyou know dropbox, right?02:23
whitequarkwell, it will be sort-of dropbox clone, if you think about the interface it shows the user02:23
whitequarkbut internally, it has all-consuming maniacal paranoia02:23
whitequarkit doesn't trust: 1) network, over which you connect to server 2) the server itself 3) whatever storage mechanism server uses 4) other peers 02:24
whitequarktaking quite some inspiration from tahoe-lafs02:24
wpwrakfurthermore, it shall distrust: users, the CPU hardware, cryptography, causality06:26
whitequarkthat's not a bad idea in general, but no, not in this one :)11:38
wpwrakDocScrutinizer05: you wondered about web.de passwords. here you are: http://www.heise.de/newsticker/meldung/Heartbleed-Yahoo-und-Web-de-raten-zum-Passwortwechsel-2167630.html14:00
wpwrakeintopf: one issue with making at86rf23x start sending before all data is in the chip's buffer is that you have to be sure you don't get any unexpected delays between commanding the transmission and the and of the data transfer14:04
wpwrakeintopf: in linux, you usually can't guarantee this yet it may still work most of the time. you should therefore be prepared to handle a frame buffer underrun (access violation)14:07
wpwrak... aka TRX_UR interrupt14:08
DocScrutinizer05wpwrak: thanks and http://www.heise.de/security/artikel/Passwoerter-in-Gefahr-was-nun-2167584.html14:16
wpwrakyeah. so you still have to decide :)14:17
DocScrutinizer05I wonder if the passwords that bleeded were simple to associate to the *account data*14:17
wpwrakprobably yes14:17
wpwrakwell, the account name14:17
DocScrutinizer05I mean, I can share 5 passwords here: abcde  12345  qwerty password marry14:18
DocScrutinizer05those are not *my* passwords, so they are useless to you14:19
wpwrak(stuff about at86rf23x) oops, wrong channel :( don't type stuff before morning caffeine ...14:19
wpwrakDocScrutinizer05: the data they catch is most likely "DocScrutinizer05/IwantApony7". so they have full login information14:20
eintopfwpwrak: Yes I know that, there is a irq for frame buffer underrun (access violation)14:20
eintopfand the bad news14:20
eintopfthe irq occurs :)14:20
wpwrakeintopf: reposted on the right channel :)14:21
DocScrutinizer05hmmm14:21
DocScrutinizer05tok me an agonizing while to get to this screen  http://wstaw.org/m/2014/04/10/plasma-desktopcT1775.png14:21
DocScrutinizer05took14:21
DocScrutinizer05not the tiny "your password dosn't need to get changed"14:22
DocScrutinizer05note14:22
wpwrakdo they explain what they base the recommendation on ? does it even refer to heartbleed ?14:22
DocScrutinizer05no14:22
wpwrakif they have mandatory periodic password changes, it could be an indicator of that14:22
DocScrutinizer05it's incredibly difficult to even get to there14:23
DocScrutinizer05they don't14:23
wpwrakgetting security right is hard. you really have to use that heavy grey mass that normally only serves to balance the head14:24
wpwrakfor web.de, this may be a first ;-)14:24
DocScrutinizer05indeed14:24
DocScrutinizer05no matter what you do, they always kick you back from https:// to http://14:24
DocScrutinizer05great¡ >:-(14:25
DocScrutinizer05seems they somewhat partially stopped that habit though14:25
wpwrakthanks to snowden perhaps14:26
DocScrutinizer05yet without JS the site is rubbish/junk14:26
wpwrakand just when you thought you were safe if you didn't log in in the last few days: http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/14:26
DocScrutinizer05and the first time I logged in they instantly kicked me "for security reasons" and next time they complained that I didn't log out ;-P14:27
DocScrutinizer05well, that's been obvious14:27
DocScrutinizer05may nave been exploited since 2 years, I'd say14:28
DocScrutinizer05even worse: I learned they also might have attacked *my* PC when I connected to a https:// URL14:29
wpwraknaw, not obvious. we didn't know it have been independently discovered14:29
wpwrakwhat they're saying is that evidence for heartbleed attacks have been found in honeypot going back as far as november 201314:29
DocScrutinizer05ooooh14:29
DocScrutinizer05no surprise though14:30
DocScrutinizer05I had taken bets14:30
wpwrakseems that *someone* is reviewing that openssl code. it's just not the ones responsible ...14:30
DocScrutinizer05I'm just pondering a staeful packet inspection firewall that has a list of "hot terms"14:31
wpwraksome people may just record everything that goes to their honeypot. then, when something happens that makes them suspicious, they can examine the whole history of their traffic for clues14:32
DocScrutinizer05of course such firewall MUST be bomb proven by itself, otherwise it might make for a really worthy target14:33
wpwrakthe recording in such a honeypot could be completely passive14:33
DocScrutinizer05sure sure, honeypot. fine. but hardly feasible for your private PC to harden it14:34
wpwraka 1 TB disk would be enough for about a day of sustained 100 Mbps traffic. and a honeypot probably gets a lot less14:34
wpwraknaw, but for security firms. 1 disk per day is peanuts if it's part of your business14:34
DocScrutinizer05yep, I know a bit about how those companies work14:35
DocScrutinizer05most amazing thing is: how do they get all those IPs out of alien ranges14:35
DocScrutinizer05I mean, how would I set up a honeypot that has an IP that looks like it was in IBM offices India?14:36
DocScrutinizer05and they probably not only want the IP but also the traceroute look plausible14:37
wpwrakjust put your own content there ? e.g., who really knows who is behind pics.nase-bohren.de ? :)14:38
DocScrutinizer05OK, to a certain degree you can fake traceroute14:38
wpwrakmaybe fakebook is just one big honeypot and they record EVERYTHING ;)14:39
DocScrutinizer05that's been the basic idea when they invented it14:39
DocScrutinizer05but look e.g. here http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16104&view=map14:39
DocScrutinizer05those dudes need other service contracts with internet providers than any mere mortal14:41
wpwrakheh, nice one :)14:42
wpwrakmalaysia has some domestic issues :)14:43
DocScrutinizer05watch "the movie"!14:44
DocScrutinizer05dafaq! ~dec-1.  201314:45
DocScrutinizer05and mid of January14:45
DocScrutinizer05Feb 814:46
DocScrutinizer05USA nukes itself14:46
DocScrutinizer05and 5 days ago korea got pretty active14:48
sb0roh, is there a CNC mill at RFA?16:26
Web-aptosid876_what other mips pocket computers are there?17:03
Web-aptosid876_NN,GCW,Dingoo A320....17:04
zrafaRMS ultrabook stolen17:07
zrafa:)17:07
Web-aptosid876_again?17:10
dos1oh well...21:00
dos1https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-201321:00
dos1and someone posted this comment on facebook under that article: http://pastebin.com/1zYdCiSw21:02
Web-aptosid876_dos1: pastebin isn't friendly to tor users22:00
Web-aptosid876_try pastebay.com22:01
dos1it's pointing to http://cryptome.org/0001/nsa-ip-update14.htm and http://cryptome.org/2014/03/nsa-zologize.htm and noting that there's an entry "193.0.0.0 - 193.255.255.255 (subranges are NSA-affiliated and/or NSA fully-controlled)" which match IPs reported by EFF22:01
Web-aptosid876_thanks22:13
w3bspl0ithello23:52
--- Fri Apr 11 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!