arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options
File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######

File: 1499077412889.png (1.27 MB, 1116x625, qp4cayrneqky.png)

 No.813[Reply]

So Lains,

Do you think its possible to poison the AI's of large organizations? Rendering them not useless, but very degraded. To the point where it needs to be heavily controlled and guided?

Can Anyone of a way to do this? Tay was a great example of poisoning an AI to the point of failure, in the end Tay was a fascist. It was a impressive failure for Microsoft even through it was a toy AI.

What attack vectors could we use?
12 posts and 1 image reply omitted. Click reply to view.

 No.1106

File: 1500846385421.png (114.96 KB, 800x800, Perceptron_example.svg.png)

here's an idea: if you wanted a neural net to misclassify some particular set of inputs, you could probably achieve that by playing around with statistics. consider a perceptron like pic related. if you wanted it to misclassify catlike dogs, you could feed it a bunch of examples of doglike cats to shift its decision boundary.

 No.1111

>>1104

I feel you're overestimating biological neural nets.

They're mechanically more complicated, but results are similar. There's nothing special about them either. If you were looking at rat brain like you're looking at the artificial learning algorithms you'd come to conclusion that they're not learning and have no intelligence. It's the external properties that matter in the end.

 No.1193

>>1111
You're definitely overstating our understanding of the brain. It's not just like a big ANN, it's much more complicated that. Don't fall for modern day behaviourism

 No.1698

>>813
What we would need to do is through constant repetitive messaging everyday. A large group of people (or a small group with numerous accounts each) sending the AI messages that are both original in syntax style and topic but with a common theme. If we wanted to make an AI useless, we'd have to engineer the attack based on the AI's purpose and use. In the example of Tay, /pol/ wanted to see if they could make 'her' into a nazi. However, we (or anyone for that matter) do not need to engineer the AI to learn to be a nazi, but rather make it dislike it's creators perhaps. Say if apple were to make a twitter bot that could learn from it's messages, we could spam it with anti-apple rhetoric and have a similar effect. Another example would be if an AI was made to help with mathematical problems, we could toy with the AI by giving it unsolvable equations or simple equations so it is more used to simple equations (1+2=3), or even try and make it think illogically and/or incorrect (like 2+2=5). Either way, I'd be down for it.

 No.1700

>>1106
1. Re-model the prediction algo
2. Re-cross validate on the new training set attackers have provided
3. Train the AI using the new best model
4. Profit from people attempting to poison

Easier said than done but if the invalid data doesn't come at an optimal time you could end up just making the AI more capable i.e. resistant to invalid data points.


File: 1505413225789.jpg (170.18 KB, 1300x615, girls_are_pondering____by_….jpg)

 No.1496[Reply]

How would Arisu set up a hacking study group?
things like:
- Finding dedicated people who want to worth together.
- Finding a way to collab together about security related topics
- Etc.
68 posts and 8 image replies omitted. Click reply to view.

 No.1693

>>1692
the date command is a wonderful thing.
> date -d "this saturday UTC 400"
Fri Sep 29 23:00:00 EST 2017
# or whatever for your time zone

 No.1694

>>1693
o u right. oops.

 No.1695

File: 1506743590489.jpg (126.99 KB, 640x640, vape.jpg)

Yo lains, get in the mumble! mumble://arisuchan.jp default port

 No.1697

File: 1506755562527.png (259.66 KB, 620x640, neet_worries.png)

Feel like I'm somewhat close on Tr0ll1, any tips for getting correct credentials using some of the info they hid (have tried what they made obvious w/ no luck) let me know.

Can PM on mumble to prevent spoilers if that helps.

Thanks for organizing.

 No.1699

File: 1506816644698.jpg (6.62 KB, 250x231, 1457050251618.jpg)

If there is new people that want to get started i can get yiy hook up with everything that was done and get you started.

arisuchan.jp on mumble default port.

Feel free to come even if it's just to say hi !


File: 1493561897554.png (734.01 KB, 1280x720, vlcsnap-7622090[1].png)

 No.181[Reply]

What security groups do you belong too?

forums, mailing lists, etc
18 posts and 1 image reply omitted. Click reply to view.

 No.1629

>>1628
pretty soykafty, still.

leakforums is slightly better but not by much.

 No.1634

Greysec.net

 No.1649

>>181
I work for a company which has specialized for high security IT stuff for military/feds.
Also im member of the local hackspace (not so much security, but the non-pleb atmosphere there is great).
And some IRC chans which are sometimes and sometimes not related to what i do @work.

Im at the stage where im bitter enough to achieve security by not having much that yields anything hackable of value.

 No.1650

>>1649
What's the civilian federal work like? I'm looking to get out and find work and always wondered what the work was like for private companies that work for the Federal government.

 No.1663

>>1650
In my company, i'm surprised (in a positive way) about their competence. Everything on Linux, and as far as i can look up the hierarchy, no managers, only senior engineers. Also a notable lack of corporate bullsoykaf (or maybe they just hide it well), but this is the only company like this i know so far.

But like, its still an regular company, and companies who work for the feds still can be the lowest tier of soykaf, like the one i worked before.


File: 1505742577930.png (55.6 KB, 300x300, CCLeaner.png)

 No.1551[Reply]

http://archive.is/hddwi
http://thehackernews.com/2017/09/ccleaner-hacked-malware.html

>If you have downloaded or updated CCleaner application on your computer between 15 August and September 12 of this year from its official website, then pay attention—your computer has been compromised.

>Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.
3 posts omitted. Click reply to view.

 No.1607

>>1574
As Microsoft officials already stated many years ago, all these "registry cleaners, defraggers and optimizers" are snake oil shovelware that breaks already broken WIndows registry structure by deleting what they shouldn't delete. If you happen to use one of these snake oil programs, well, honestly you have absolutely no idea what you are doing and it's probably not Serious Work™ at all.

>we can not sign our software with our own keys and rely on third party to sign it for us case #1756

 No.1608

>>1574
>The whole 'free software = moar betterer security' is a fallacy that needs to die.
Uh no, FOSS software is essential in security, especially when dealing with encryption. For instance, how would I know that an program securely generates actually random data without looking at the source code? I can't try to analyze the output of the program, how am I supposed to know that the data is random? To me, it might look random, but to a computer it's completely chosen. The faults of the OpenSSL project cannot be just forgiven, that's why we have LibreSSL, another thing that would never be possible without FOSS.

Sage because off topic.

 No.1610

>>1574
> Get lost.
Please let's be civil. onegai.

There are two arguments for open source being safer:
1. open source is more secure.
2. open source is not mallicious.


You provide some evidence to refute the first argument:
>giant stuff ups in open source projects like OpenSSL, etc

You don't directly address the second. I will give some evidence to address it:
if windows were caught stealing your identity or something, they could get in a lot of trouble.
they can invade your privacy in other ways still, but it's limited.

 No.1651

>>1608
Your FOSS…
inhales vape fumes
Your "FOSS" software actually uses pseudorandom generator inside your proprietary closed source backdoored CPU, how can you trust that?
>>1610
"Open source"
exhales vape fumes
is more secure because user might audit the code, run only necessary parts or modify it, if user refuses to that, "open source" becomes equally malicious, see SystemD or Linux Mint website hacks.

 No.1652

>>1651

Yeah, people really don't get this. Like, are you going to audit the entire piece of software you use? Are you checking hashes and monitoring commits? Compiling your own version or taking binaries from their site? Most likely not, which makes the software you're using just as likely to be malicious as any proprietary software.

Although using FOSS software is logically a better idea, as there is probably a higher chance of other users or groups auditing the software or watching it under a closer eye.


File: 1504394641562.jpg (249.63 KB, 1127x709, Facebook.jpg)

 No.1374[Reply]

>Dear Democrats, Unless You Nominate Mark Zuckerberg, Donald Trump Will Win in 2020
http://archive.is/wqsnL

Looking forward to a real cyberpunk dictatorship, Lain?
22 posts and 6 image replies omitted. Click reply to view.

 No.1570

>>1560
There are and has been for a while conservative, liberal and socialist -forms- of feminism. Feminism always was a single-issue topic. Society encompasses more things than that, which naturally leads to different configurations of gender equality in relation to more all-encompassing ideologies. That doesn't make Marxist feminism for example 'not feminism' just because you're upset that it includes threats to either your comfy position as an exploiter of the working class (which includes women) or your aim to reach such a position.

 No.1579

>>1374
>may be their only hope of retaking the White House in 2020.
The tribal mentality and concept of conquest is an even greater issue. Politics should be about informed specificity and reasoning, not a shallow, forced war chant for some individual or faction.

 No.1615

>>1560
>It stopped being about equality, and became about adapting marxism.
I don't know what marxism is nor have I actually read any of Marx's works, the post.

 No.1616

>>1615
You really should read some of his work regardless of your political opinion.

 No.1637

>>1396
If mark zucc gets the nomination American Politics will be dead


File: 1504585318060.jpeg (103.31 KB, 384x313, idk.jpeg)

 No.1410[Reply]

it's 2017, I'm a normalfag and I just watched Serial Experiments Lain for the first time. good stuff.
what now?
8 posts and 2 image replies omitted. Click reply to view.

 No.1587

File: 1505955555989.jpg (91.52 KB, 1280x720, IMG_20170905_173614.jpg)

>>1428
The only problem with this VHS ripped version is the subs are un spanish.

https://mega.nz/#F!QYQFBDSA!4Ndk7Wb6eunQ2ioPJi_ovg

 No.1593

>>1428
What was the alien for?

 No.1594

>>1587
I think I may have originally watched this version. I had to jank around and change the subs to english manually every time I started a new episode, and even then they were out of sync with the pauses in the episodes, so I had to resync every 5 minutes or so.

It was a pain.

 No.1595

File: 1505978624819.webm (353.48 KB, 512x288, anime_belongs_to_the_peop….webm)

>>1587

 No.1603

File: 1506057658385.jpg (38.12 KB, 400x581, chairleg_of_truth.jpg)

Transmetropolitan, my normalfag friend. It's not anime, it's a graphic novel. Previous knowledge of the adventures of Dr. Hunter S. Thompson is advised, but not mandatory. The Pirate Bay has it easily available in one comfortable CBR/CBZ package.

Read now, enjoy forever!


File: 1502395672229.png (1.88 MB, 1920x1080, Ghost2.png)

 No.1257[Reply]

I just got a new computer and I want to fully encrypt my HD but I don't know of any good software. What's a good one to use that doesn't have a backdoor in it?
10 posts omitted. Click reply to view.

 No.1564

>>1258
I hear this backdoors comment all the time. Who has access to these backdoors? How come the FBI can't simply use the backdoors during high profile cases to get the information they need? Who is using these backdoors and why? Is there any case known to the public of these windows backdoors being used to help in criminal cases when the drives are fully encrypted? If they are not being used in criminal cases then I guess they would be for terrorist cases? If that is the case wouldn't we know by now about terrorists being done in from the backdoors? Wouldn't they all move to linux by now?

 No.1565

>>1564

From what i've heard, some cases of little people being accused and asked to unencrypt their device on windows with their case.

I don't have source, so take that as you will.

 No.1567

File: 1505804170436.jpg (75.09 KB, 582x437, iloveyoualice.jpg)

>>1564
No one cares about criminals or terrorists. You'll want to control people who have power, e.g. politicians. Show them you know about their CP and they'll give in.

The FBI does not show off their backdoors and hacks in criminal cases, even if it means they have to drop the case.

> The Feds Would Rather Drop a Child Porn Case Than Give Up a Tor Exploit
https://www.wired.com/2017/03/feds-rather-drop-child-porn-case-give-exploit/

 No.1568

For Windows like a previous Alice said, use Veracrypt. Truecrypt had some backdoors.

 No.1571

>>1564
Perhaps because those are high-profile cases.
You don't want to show your hand unless you absolutely need to.


File: 1505728431587.jpg (146.45 KB, 402x299, skyscraper-window.jpg)

 No.1541[Reply]

Why is almost anyone on arisuchan, lainchan, uboachan etc all so politically progressive?
I understand the desire for personal freedom and privacy, but supporting a socialist ideal is the exact opposite of that. I don't understand this.
I've come to understand that there will always be people that can monitor what i do on the internet, and all i can do is try to limit the amount of data i supply them with. I vote for parties that don't want a big government.

Cyberpunk is odd, because it desires to rise free against a society that has too much influence on its citizens, yet at the same time, I see an immense amount of people here voting for leftist ideals, also known as big government. Do you vote for a government to fight against it?
Personally I'm politically a nationalist, but software and speech should be free for all.
14 posts and 5 image replies omitted. Click reply to view.

 No.1599

The word "progressive" barely means anything anymore. American politics is so perverse that supporting radical levels of personal freedom touches enough social trigger topics to get you labeled a progressive by the mainstream right-wing.

I believe in people's right to be colored/gay/trans without harassment while also believing in people's right to own firearms, have bionic head cannons, take steroids, have robot legs, get cosmetic feline iris tattoos, etc.

Frankly we're just a bunch of Lains, Lain.

 No.1648

The only thing anarchists appear to ever do is go around saying that anarchism isn't this or that and people need to educate themselves. I really have not seen or heard of them do anything besides this.

 No.1719

>>1548
This is the correct answer, and it really doesn't need to be more than this. This is not a political board. Everyone knows that the existence of the wired would flip politics and the rest of the world over.

 No.1724

>>1546
this

 No.2560

Because the users of this site split from the main of 4chan and 8chan, years ago.
They're not redditors, as redditors normally don't have the patience or wherewithal to dig into the slow and deeper imageboards.
They hold their own beliefs built up off each other and reaffirmed. Just as how /pol/ dominated 4chan at least until reddit overran the site completely. A board culture or group if they are not allowed to function will split off into their own site where they will get to live as long as people have interest in perpetuating it.
Reddit doesn't like dressing up like nazi's, so the character of 4chan is changing to reflect despite the insistence of the oldfags.
Same as how /g/ and /k/ bled users onto 8chan when Gookmoot put out the crypto miner captcha, if you undermine the user's of the site, they're going to leave. And a carcass like 4chan is too rich to die, someone will put on their clothes and pretend to be /pol/ or /v/ but this time in three years /pol/ will be /r/politics as far as anons are concerned.


File: 1503342065479.jpg (561.37 KB, 1000x1128, CPO1lZC[1].jpg)

 No.1307[Reply]

What tools do you use for hacking
I got a intercepting router that i've been messing with, what tools do you guys use?
8 posts omitted. Click reply to view.

 No.1508

>>1368
What tools have you written?

 No.1509

>>1508

I would bet you money he hasn't written soykaf. Most peopl like this are just trying to virtue signal. If you are pulling of a real hack that is complex, against a serious target yes, obviously you will have to come up with your own custom tools for the job, but for little bullsoykaf just use off the shelf tools. There is literally no reason to reinvent the wheel.

 No.1511

>>1509
That's why I asked, it's almost always virtue signalling. There is no reason to reinvent the wheel.

 No.1512

>>1509
>>1511
Finally someone who gets it!

 No.1523

Semi Organized list of tools I commonly use:
Of course nothing beats manual methods/quick scripts for certain tasks but like others are saying its a waste of time to recreate the wheel/try to build every tool. Do you see construction workers building all their tools from scratch? No they would never get their job done, its all about using the best tools available for the job at hand and knowing where to use what. YOU as the hacker + computer are the most deadly combo there is, learn to properly find weak points and how best to exploit said weak points.

The task at hand is hacking, an application, a target, a person, etc not the task of construction/software dev(necessary skill for the job but you aren't getting much hacking done if you are spending your day writing tools)

Dank tools that let me pwn soykaf:

Tor
Whonix + Kali configured to go through Whonix Gateway (if you cant figure this out nix harder/read the docs on Whonix site)
Proxychains
google + dorks
shodan
punkspider
recon-ng
fierce
scanless
shodan
masscan
nmap
netcat
grabthemall
eyewitness
wpscan
arachni
wafpass
nikto
wappalyzer
ZAP Proxy
dirb
sqlmap
xsstrike
tplmap
commix
responder
net-creds
tcpdump
ettercap
subterfuge
aircrack-ng
Metasploit framework
ocl-hashcat
Nishang
liffy
phpsploit
weevley
veil


File: 1504690456667.jpg (164.88 KB, 800x600, 1314798687966379303.jpg)

 No.1437[Reply]

http://archive.is/DmQvU

>Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox.

>Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast.

>A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one.

>This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks.
1 post omitted. Click reply to view.

 No.1442

Agreed.

Send and receive email as text-only and this is less likely to happen.

 No.1443

So the attack is that you link external content and late change that? You can't actually replace a link with CSS, you can only change whether it is shown or not, right?

>This attack is harder to defend against because the initial email received by the user does not display any URL, most software systems will not flag the message as malicious.
It will still contain the URL so the spam filters should still pick it up. I doubt they would ignore it just because it has a "display: none" property.

Unless I missed something this seems to be very stupid fear mongering.

 No.1445

>>1443
I think it's like this.

<hidden>M</hidden>
<shown>S</shown>
<h>a</h>
<s>a</s>
<h>l</h>
<s>f</s>
<h>w</h>
<s>e</s>
<h>a</h>
<h>r</h>
<h>e</h>

I could be wrong though

 No.1448

>>1443
I only skimread it but that's what it looked like, html email with an externally linked CSS stylesheet, selectively hide/show whole elements with the CSS stylesheet after the fact.

Overhyped. Wouldn't really call this a vuln worth even worrying about. The HTML body of the email itself won't bloody change and anything scanning mail bodies won't care what the CSS says to display.

TAGGED WONTFIX

 No.1519

>>1437
blocks external sources from loading
I think, it would be even better for the GoodURL to display same text, but actually point to different site, as most people won't click on something that looks like BadURL. Nothing wrong with combining both ways.
And then there's something like this:
https://thejh.net/misc/website-terminal-copy-paste


Delete Post [ ]
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]
[ Catalog ]