Suspected Campaign from Russia on Reddit

zyxzevn · 2019-12-07T04:54:03+00:00

Seems like fake news.
The usual propaganda...

The Facebook report was fake. The Atlantic Council is just a propaganda board. Their agenda is now to blame Russia for anything bad. Because their existence would be in danger if everything was ok with Russia.
The "leaked documents" were about not much. The post talks about one unknown user.
Like most on Reddit is pushed by the US propagandists.

Reddit was very must against the exposing of the whistleblower/leaker, who in practice only spread rumours about Trump. This was against the narratives pushed by Reddit. They want to push out any pro-trump ideas.

Criticism against a pushed narrative is forbidden. That is why we don't read much about Assange. I think the Assange case shows how much a social forum is controlled by propaganda.

So what about media manipulation:

In many countries, not many people speak English so well. And to work effectively (in social manipulations) you need to be able to have a university level English. Ever went to France or Italy?

The worst media manipulations are by:
1. Military - US military, UK military, Israeli "zionists"
2. Paid mainstream media (must push propaganda)
3. Companies
- Big tech: google (alphabet), facebook, apple, microsoft and reddit
- Correct the record (H Clinton), Cambridge analytica
- Medicine industry,
- Oil
4. Non Government Organisations - Often created by people with power in the government.
- Soros, etc. 5. Activist reporters, activists. Often they only read the headline.

And, most importantly:
6. People that care and know about a certain subject.
This last group are often called "bots", because they are very active. Usually against the pushed narrative.

BOTS

There are real bots and these are a real problem. But they are not Russian. They are from everywhere. They are about promoting certain posts for whatever reason. Usually for clicks. Or small corporations.

They often have a similar structure: Almost no interesting comments (simple or copy/paste). Multiple posts to the same site. Many upvotes within a very short time. A post that does not get enough upvotes is deleted and posted again.

Because bots are not smart, I think they are easy to detect via comments.

Activists will also use bots to detect a certain post, and then they copy/paste a quick answer or upvote/downvote. Some are organized in groups.

zyxzevn · 2019-12-05T13:21:18+00:00

Could be propaganda against Iran. Arabia (and US/UK) is very eager to start a war. Seems similar to the babies-on-bayonets, WMDs, etc.

zyxzevn · 2019-12-03T16:40:28+00:00

First: Nuclear fallout and garbage are really bad

Nuclear disasters were terrible, but they are also still top-secret.
In East Europe many children died or got strange diseases due to the fallout.
In Japan the effect on Sea-life has been devastating.

And the only solution to 100,000 years of nuclear garbage is to put it underground.

Money and science can not solve these problems.

CO2 Global warming = mistake by only a few scientists

The 98% is cherry-picked from many different articles with different conclusions.

There is a lot of pollution, and deforestation, which is of course bad. That is why many scientists did not mind this idea being promoted and data to be false. They do not understand the consequences of these lies.

In reality: the temperature changes are mainly caused by the energy cycles of the sun.
We had "global warming" 100 years ago. And 50 years ago there was global cooling.
Check the news from that time at: http://realclimatescience.com

While the science is clear how the sun influences the global climate, the scientists are not settled on it. Because they use 100 year old models of the sun.

From oil to global taxes

When Ford made his first cars they could be filled with alcohol. Something that every farmer could make. But that became forbidden soon after, and the Rockenfellers (etc) started to sell their oil.

Their business is not the sale of oil, but to create global monopolies on resources and currencies. They are mainly big bankers.

Currently the oil income is dropping. Replacements are slowly coming. And the US currency is less stable. The wars about oil in the middle-east are about linking the US dollar to oil. But that is going to end sometime.

So to replace them, they want to replacing oil with a global currency.

So this is what the energy-tax / CO2 tax is about: a global currency and taxation.

Check the corbett report for information about this. https://www.corbettreport.com/what-did-exxonknew-and-when-did-they-knew-it-question-for-corbett-048/

zyxzevn · 2019-11-30T21:35:48+00:00

From information from newsbud: The CIA has been busy in Iran for a long time already. This is part of their plan. The war is still on a pause, so the country is now attacked from the inside. The US still must have their oil.

zyxzevn · 2019-11-30T21:32:13+00:00

In this video we go over the story of Polish Hero Lukasz in London who in the U.K used a narwhal tusk to do the right thing.

Luke explains the many controversies around the event: He was released from prison far too early. Terrorists are free to go into the country. Police often stand by and do nothing (except to kill).

zyxzevn · 2019-11-29T02:46:07+00:00

Not just bad news:
How my family stopped a chronic MRSA infection, when conventional medicine failed-Storm Clouds Gathering

zyxzevn · 2019-11-28T03:01:23+00:00

If only he was a bit more sceptical of his own beliefs. ;-)

zyxzevn · 2019-11-26T16:25:59+00:00

In the Evanescent Field the light disappears exponentially.
This is not really possible with photons, as photons would need to disappear into nothingness.
This is not what photons are supposed to do.

I think that this phenomenon can only be explained with waves, and is probably the best example of why photons do not exist.

This has been added later, and may be put back into a discussion at a later time.

zyxzevn · 2019-11-26T01:09:35+00:00

I want shiny gifs or java animations :-)
How else am I gonna get Nyan Cat running into the Saidit logo, which then explodes into burning pieces?

zyxzevn · 2019-11-25T23:26:03+00:00

The now forbidden links. Probably a lot more in the future.

http://vaccines.news

CDC top whistleblower scientist: we were ordered to cover up vaccine autism link.

http://fluoride.news

Fluoride is lowering the IQs of children.

Thimerosal (containing mercury), aluminum adjuvants, MSG, formaldehyde and other neurotoxins that are openly admitted by the CDC to be ingredients used in vaccines administered to children. link

The Association of American Physicians and Surgeons Statement on Federal Vaccine Mandates

Issues that Congress must consider:

Manufacturers are virtually immune from product liability, so the incentive to develop safer products is much diminished. Manufacturers may even refuse to make available a product believed to be safer, such as monovalent measles vaccine in preference to MMR (measles-mumps-rubella).

Consumer refusal is the only incentive to do better.

There are enormous conflicts of interest involving lucrative relationships with vaccine purveyors.

Research into possible vaccine adverse effects is being quashed, as is dissent by professionals.

There are many theoretical mechanisms for adverse effects from vaccines, especially in children with developing brains and immune systems. Note the devastating effects of Zika or rubella virus on developing humans, even though adults may have mild or asymptomatic infections. Many vaccines contain live viruses intended to cause a mild infection. Children’s brains are developing rapidly—any interference with the complex developmental symphony could be ruinous.

Vaccines are neither 100% safe nor 100% effective. Nor are they the only available means to control the spread of disease.

Vaccine Adverse Event Reporting System (might be controlled)
http://vaers.hhs.gov/

http://naturalnews.com (lot of news, not all accurate)

zyxzevn · 2019-11-25T19:06:17+00:00

More info at reddit: https://www.reddit.com/r/videos/comments/e1f81w/firstever_hd_footage_of_a_cell_moving_through_the/

zyxzevn · 2019-11-23T16:41:21+00:00

The US is a military and corporate dictatorship, hidden by the distracting loud circus of the two-party system.

None of the war-crimes were punished. None of the lost trillions is retrieved or even traced.
Anyone trying to stop the war machine is attacked by the fake media and could land in prison.
None of the tech monopolies were split up. The corporations even get major government funding and freedom.

zyxzevn · 2019-11-21T23:43:21+00:00

The reddit version of "thoughts and prayers".

zyxzevn · 2019-11-20T20:22:19+00:00

It has climate-change propaganda at the end, but it is still a nice video about astronomy-things that you can do at home.

zyxzevn · 2019-11-20T20:05:35+00:00

I did some of this work myself. Scanning for oil-slicks and calculating heights. Raw images are amazing to work with.

zyxzevn · 2019-11-20T16:52:00+00:00

Adding some science for your enjoyment:
Brand New Study Reveals WTC Building 7 Did Not Collapse From Fire

zyxzevn · 2019-11-20T16:50:22+00:00

The curation problem stops new creators and viewers to come to the platform. Having some kind of popular video section, separated in groups would make access to the platform easier.

The groups could be curated by users or creators as well (like subs).
Groups could be: tech/ politics/ aww/ fun/ health/ controversial.
There could also be a friendly/kidsafe section.

The shit that has no place elsewhere, has a place on bitchute. But now bitchute is mostly shit. It prevents creators like me to put anything on it. To lessen the shit, EEV thinks that front-page curation is needed.

I am personally against promoting violence. This is also the idea on Saidit. This means that I think that we should make war-promoting videos (like normal news-propaganda) and anti-race videos (like KKK) less visible.

zyxzevn · 2019-11-20T13:20:05+00:00

And who is this anti-trump gossip spreader?

Found it: Other posts show the name: Eric Ciaramella

zyxzevn · 2019-11-18T22:10:45+00:00

Shooting on cops like Rambo.

zyxzevn · 2019-11-17T01:44:59+00:00

Addition about ice and glaciers:
Ice Doesn't Lie - NASA Climate Scientists Do

It is clear that the NASA lies about Ice.

zyxzevn · 2019-11-16T02:33:40+00:00

GSM We Can Hear Everyone Now

The presentation demonstrates that the security of the A5/1 and A5/3 ciphers used to protect cellular calls are vulnerable to compromise leading to full decryption of GSM communications, using freely available open source solutions along with our tools we developed for this task.

The flaw being exploited lies in the heart of the design of GSM. In all implementations the standard requires GSM messages to first be error control encoded using a convolutional code and then encrypted. In the vast majority of implementations used today, encryption is performed using the A5/1 or A5/3 cipher. The convolutional code adds redundancy to the transmitted message, which can act like a fingerprint to identify the key used to encrypt the GSM message.

To exploit the vulnerability an attacker simply needs to capture a transmission and identify the GSM channel used. The standard defines the convolutional code and therefore how the redundancy may be interpreted to recover the encryption key.

This presentation considers passively capturing GSM traffic using A5/3 encryption and demonstrates a novel solution to cracking the key used without interacting with the mobile or network.

zyxzevn · 2019-11-16T02:32:11+00:00

HAKC THE POLICE

PULL OVER!

No, it is a cardigan, but thanks for noticing! After getting a nasty speeding ticket, OG SecKC HA/KC/ER hevnsnt decided enough was enough, and set out to fully understand police speed measurement devices, and develop homebrew countermeasures that are legal in some states (and some that are not). Come learn how police RF (X, K, KA) and Laser speed detection systems work and how to implement your own homebrew jamming countermeasures on the cheap, essentially making your vehicle invisible to law enforcement. HOP IN and BUCKLE UP, this talk is going to FUEL your hardware hacking desires! You better be able to think fast to keep up with this talk and prepare to get home in record time.

zyxzevn · 2019-11-16T02:29:55+00:00

MI CASA SU CASA My 19216811 is Your 19216811

Your browser thinks my 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination of redirects, Karma, JavaScript and caching we demonstrate that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool it’s possible to automate the exploitation of hundreds of interfaces at once. This presentation will introduce the attack vector and demonstration, but also the public release of the MICASA-SUCASA tool.

zyxzevn · 2019-11-16T02:26:42+00:00

Im In Your Cloud Pwning Your Azure Environment

After having compromised on-premise for many years, there is now also the cloud! Now your configuration mistakes can be accessed by anyone on the internet, without that fancy next-gen firewall saving you. With this talk I’ll share my current research on Azure privileges, vulnerabilities and what attackers can do once they gain access to your cloud, or how they can abuse your on-premise cloud components. We start with becoming Domain Admin by compromising Azure AD Sync, sync vulnerabilities that allow for Azure admin account takeover and insecure Single Sign On configurations. Up next is cloud roles and privileges, backdooring Azure AD with service accounts, escalating privileges as limited admin and getting past MFA without touching someone's phone. Then we finish with cloud integrations, also known as "how a developer can destroy your whole infrastructure with a single commit": Exploring Azure DevOps, backdooring build pipelines, dumping credentials and compromising Azure Resource Manager through connected services. Besides all the fun we'll also look into how this translates into the questions you should ask yourself before moving things to the cloud and how this differs from on-premise.

Note: Interesting due to the Pentagon "moving data" to Amazon's servers. Will it be open for hacking or planned modifications?

zyxzevn · 2019-11-16T02:24:11+00:00

Go NULL Yourself

Input sanitization issues will always exist, although it’s surprising at how we’re still seeing amateur mistakes being made on everyday applications and systems used by millions. After making some observations against automatic license plate recognition (ALPR) data requested via the freedom of information act (FOIA) while having reminiscent conversations about old hacker tales, it turned on the evil bit, leading to some interesting ideas. We’ll go over this adventure of poking at systems using totally valid user-controlled data that causes unexpected behavior in the real world. It’s always a strange thing when you can “exploit” unexpected attack surface, due to poor specification, especially in government systems.

Note: I find this interesting, because almost all government systems are open to hacking. People that report security problems can even be punished.

zyxzevn · 2019-11-16T02:17:55+00:00

EDR Is Coming Hide Yo Sh!t

There’s a new, largely unaddressed threat in the security industry today, Endpoint Detection and Response (EDR), which aims to stop threat actors in their tracks. The scenario plays out like this... At first your campaign is going well and your attacker objectives are being met. Then, your lovingly crafted payloads become analyst samples, you’re evicted from the environment and you lose your persistence. You and the analyst are now having a bad time. You may feel this is just fear mongering, but we assure you, the risk is real.Fortunately, we have a few new tricks up our sleeves to keep this nightmare scenario at bay. While many would have you believe that we live in a measured and signed boot Utopia on modern systems, we will show you the seedy underbelly of this Brave New World. By abusing early boot mechanisms and UEFI platform firmware, we are able to evade common detection. By showing up early to the fight, we sucker punch EDR, leaving it in a daze unable to see our malicious activities. We put a new twist on old code injection techniques and maintain persistence in UEFI firmware, making an effective invisibility cloak. By leveraging these two techniques, you and the analyst can have a happy and relaxing evening. From that point on - the good ol’ days are back again! Plunder away!

zyxzevn · 2019-11-16T02:15:51+00:00

Relaying Credentials Has Never Been Easier

Active Directory has always been a popular target for attackers, with a constant rise in attack tools attempting to compromise and abuse the main secrets storage of the organization. One of the weakest spots in Active Directory environments lies in the design of one of the oldest authentication protocols – NTLM, which is a constant source of newly discovered vulnerabilities. From CVE-2015-0005, to the recent LDAPS Relay vulnerability, it is clear why this protocol is one of the attackers’ favorites.

Although there are offered mitigations such as server signing, protecting the entire domain from NTLM relay is virtually impossible. If it weren’t bad enough already, we will present several new ways to abuse this infamous authentication protocol, including a new critical zero-day vulnerability we have discovered which enables to perform NTLM Relay and take over any machine in the domain, even with the strictest security configuration, while bypassing all of today's offered mitigations. Furthermore, we will present why the risks of this protocol are not limited to the boundaries of the on-premises environment and show another vulnerability which allows to bypass various AD-FS restrictions in order to take over cloud resources as well.

zyxzevn · 2019-11-16T02:12:40+00:00

Meticulously Modern Mobile Manipulations

Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring jailbroken/rooted devices. Back then, wresting the power to understand & modify apps on our devices from dystopian looking mega corps was our cause. As jailbreaks became infrequent, the hackers’ arsenal was left behind. While this is progress against dark uses of hacking, done to protect our freedom fighters, how can hackers still hold power to account? Can we still find flaws in apps/devices & live up to the protections the technology promises?

Enter runtime binary instrumentation with Frida. It’s possible to analyze apps in their final state when executed on real hardware running the latest iOS/Android with no jailbreaks. This fills a gap between source analysis & debuggers. But, simply enumerating app classes requires studying multiple blogs & a deep read of the docs. We created Objection to simplify this & hide the boilerplate so hackers could focus on unravelling apps. But, many people still rely on simple hacks & automation & rarely use new advanced techniques such as reflectively inspecting live heap objects, canary execution tracing, runtime memory edits and filesystem exploration.

We’ll show hackers, malware researchers & security engineers how to use these advanced mobile hacking techniques.

zyxzevn · 2019-11-16T02:11:25+00:00

Your Car is My Car

For many of us, our cars are one of the largest purchases we will ever make. In an always connected world it is natural that we would want to have the convenience of being able to remotely monitor our vehicles: to do everything from remind ourselves exactly where exactly we parked, verify we locked our vehicle, or even remote start it so it will be warmed up (or cooled down) when we get in. There are a variety of vendors offering aftermarket alarm systems that provide these conveniences and offer a peace of mind. But how much can we trust the vendors of these systems are protecting access to our cars in the digital domain? In this talk, Jmaxxz will tell the story of what he found when he looked into one such system.

zyxzevn · 2019-11-16T02:10:38+00:00

Hacking WebAssembly Games with Binary Instrumentation

WebAssembly is the newest way to play video games in your web browser. Both Unity3d and Unreal Engine now support WebAssembly, meaning the amount of WebAssembly games available is growing rapidly. Unfortunately the WebAssembly specification is missing some features game hackers might otherwise rely on. In this talk I will demonstrate adapting a number of game hacking techniques to WebAssembly while dealing with the limitations of the specification.

For if you really need to beat that game ;-)

zyxzevn · 2019-11-16T02:08:56+00:00

State of DNS Rebinding Attack & Prevention Techniques

Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention mechanisms, interactively browse the victim's internal network, and automate the whole process during your next red team exercise?

This talk will teach you how and give you an easy-to-use tool to do it.

First, we will cover in detail the subtleties that make DNS rebinding attacks more effective in practice, including techniques and operational conditions that make it faster and more reliable. We'll also explain how to bypass commonly recommended security controls, dispelling attack and defense misconceptions that have been disseminated in blogs and social media posts. This talk will include a number of demos using Singularity, our open source DNS rebinding attack framework that includes all the parts you need to get started pwning today, including: Remote code execution and exfiltration payloads for common dev tools and software Practical scanning and automation techniques to maximize the chance of controlling targeted services We'll also show an interesting post-exploitation technique that allows you to browse a victim browser network environment via the attacker's browser without the use of HTTP proxies.

You'll leave this talk with the knowledge and tools to immediately start finding and exploiting DNS rebinding bugs.

zyxzevn · 2019-11-16T02:07:33+00:00

Breaking Google Home Exploit It with SQLite

Over the past years, our team has used several new approaches to identify multiple critical vulnerabilities in SQLite and Curl, two of the most widely used basic software libraries. These two sets of vulnerabilities, which we named "Magellan" and "Dias" respectively, affect many devices and software. We exploited these vulnerabilities to break into some of the most popular Internet of things devices, such as Google Home with Chrome. We also exploited them on one of the most widely used Web server (Apache+PHP) and one of the most commonly used developer tool (Git).

In this presentation, we will share how we try to crack the Google Home from both hardware and software aspects, get and analyze the newest firmware, solve the problem, and introduce new methods to discover vulnerabilities in SQLite and Curl through Fuzz and manual auditing. Through these methods, we found "Magellan", a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite ( CVE-2018-20346, CVE-2018-20505 CVE-2018-20506 ) We also found "Dias", two remote memory leak and stack buffer overflow vulnerabilities in Curl ( CVE-2018-16890 and CVE-2019-3822 ). Considering the fact that these vulnerabilities affect many systems and software, we have issued a vulnerability alert to notify the vulnerable vendor to fix it.

We will disclose the details of "Magellan" and "Dias" for the first time and highlight some of our new vulnerability exploitation techniques. In the first part, we will introduce the results of our analysis on hardware, how to get the newest firmware from simulating an update request, and attack surface of Google Home. We will show how to use Magellan to complete the remote exploit of Google Home, we will also give a brefing talk about how to use Dias to complete the remote attack on Apache+PHP and Git. Finally, we will summarize our research and provide some security development advice to the basic software library developers.

zyxzevn · 2019-11-16T02:03:39+00:00

Behind the Scenes Industry of Social Media Manipulation

This talk is the grand finale of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media.

Adopting a bottom-up approach, the thorough methodology undertook to study the botnet will be presented: from building honeypots, infecting them with malware and conducting a man-in-the-middle-attack on the honeypots’ traffic to access the decrypted HTTPS content between the C&Cs and social networks. Then, the various investigative paths taken to analyze this large data set, leading to the discovery of industry actors involved in the supply chain of social media manipulation, will be presented. These investigative paths include traffic analysis, various OSINT approaches to reveal and understand actors, reverse-engineering the software that automates the use and creation of fake accounts, forum investigations, and qualitative profiling. All actors involved in the industry will be mapped, from malware authors, to reseller panels, and customers of fake popularity.

The potential profitability of the industry will then be discussed, as well as the revenue division in the chain, demonstrating that the ones making the highest revenue per fake follower sold are not the malware authors, but rather those at the end of the chain.

Note: Might be interesting to use Honeypots to keep SaidIt clear of bots (and maybe clickfarms).

zyxzevn · 2019-11-16T01:51:37+00:00

Are you being followed by cars?

Surveillance Detection Scout Your Lookout on Autopilot

Surveillance detection routes are a daily occurrence for clandestine operatives and agents all over the world. These mentally taxing counter-surveillance measures often mean the difference between life and death. Surveillance Detection Scout hopes to ease that burden. Scout currently supports Tesla Models S, 3 and X, running license plate recognition on 3 camera feeds to alert you in real time if you're being followed. When you park, Scout remains vigilant, implementing familiar face detection as well. By combining timestamped vehicle location data & video, computer vision and an intuitive web interface, it becomes apparent that Scout has just as many offensive as defensive applications. Over time, SDS captures and reports on observed patterns of life, allowing you to quickly gain an overview of your surroundings (or your target) with minimal effort. Whether you're conducting or evading surveillance, Scout has got your 6.

Note: These models can be followed by NSA/CIA via the transmitters in these cars.

Preparation of a false flag?

Panel - Hacking Congress The Enemy Of My Enemy Is My Friend

A SIMULATED crisis is unfolding on a national scale, based loosely on the NotPetya attack of 2017. Triggered by a yet-unknown adversary, what started as a an isolated technical issue has quickly escalated into a society-wide event affecting millions of citizens, several industries, and spanning government jurisdictions. Who is in charge, how do they cooperate with others, and how do they make decisions? The Wilson Center, Hewlett Foundation and I Am The Calvary are teaming up to bring public policymakers together with security researchers and others to discover how our nation might respond to a wide-scale “cyber crisis”. Work in tandem with sitting Members of Congress to understand what levers of power Congress yields and how Members can address policy gaps in the future.

zyxzevn · 2019-11-16T01:44:44+00:00

Infiltrating Corporate Intranet Like NSA

Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities equities debate, IoT safety , data privacy, algorithmic security and fairness, critical infrastructure: these are all important public policy issues with a strong Internet security component. But while an understanding of the technology involved is fundamental to crafting good policy, there is little involvement of technologists in policy discussions. This is not sustainable. We need public-interest technologists: people from our fields helping craft policy, and working to provide security to agencies and groups working in the broader public interest. We need these people in government, at NGOs, teaching at universities, as part of the press, and inside private companies. This is increasingly critical to both public safety and overall social welfare. This talk both describes the current state of public-interest technology, and offers a way forward for us individually and collectively for our field. The defining policy question of the Internet age is this: How much of our lives should be governed by technology, and under what terms? We need to be involved in that debate.SSL VPNs protect corporate assets from Internet exposure, but what if SSL VPNs themselves are vulnerable? They’re exposed to the Internet, trusted to reliably guard the only way to intranet. However, we found pre-auth RCEs on multiple leading SSL VPNs, used by nearly half of the Fortune 500 companies and many government organizations. To make things worse, a “magic” backdoor was found to allow changing any user’s password with no credentials required! To show how bad things can go, we will demonstrate gaining root shell from the only exposed HTTPS port, covertly weaponizing the server against their owner, and abusing a hidden feature to take over all VPN clients!

In such complicated closed-source systems, gaining root shell from outside the box certainly ain’t easy. It takes advanced web and binary exploitation techniques to struggle for a way to root shell, which involves abusing defects in web architectures, hard-core Apache jemalloc exploitation and more. We will cover every detail of all the dirty tricks, crazy bug chains, and the built-in backdoor. After gaining root shell into the box, we then elaborate on post exploitation and how we hack back the clients. In addition, we will share the attack vectors against SSL VPNs to kick start researches on similar targets. On the other hand, from our previous experience, we derive general hardening actions that mitigate not only all the above attacks, but any other potential 0days.

In summary, we disclose practical attacks capable of compromising millions of targets, including tech giants and many industry leaders. These techniques and methodologies are published in the hope that it can inspire more security researchers to think out-of-the-box; enterprises can apply immediate mitigation, and realize that SSL VPN is not merely Virtual Private Network, but also a “Vulnerable Point of your Network”.

Orange Tsai Cheng-Da Tsai, also as known as Orange Tsai, is the principal security research of DEVCORE and the member of CHROOT security group from Taiwan. He has spoken at conferences such as Black Hat USA/ASIA, DEF CON, HITCON, HITB, Hack.lu and CODEBLUE. He participates in numerous Capture-the-Flags (CTF), and also the team captain of HITCON, which won 2nd place in DEF CON 22/25. Currently, he is focusing on application security and 0day research. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo, Netflix and Imgur.

zyxzevn · 2019-11-16T01:42:52+00:00

All the 4G modules could be hacked

Nowadays more and more 4G modules are built into IoT devices around the world, such as vending machines, car entertainment systems, laptops, advertising screens, and urban cameras etc. But no one has conducted a comprehensive security research on the 4G modules. We carried out this initiative and tested all the major brand 4G modules in the market (more than 15 different types). The results show all of them have similar vulnerabilities, including remote access with weak passwords, command injection of AT Command/listening services, OTA upgrade spoofing, command injection by SMS, and web vulnerability. Through these vulnerabilities we were able to get to the shell of these devices. In addition to using wifi to exploit these vulnerabilities, we created a new way to attack through fake base station system, triggered by accessing the intranet of cellular network, and successfully run remote command execution without any requisites. In this talk, we will first give an overview on the hardware structure of these modules. Then we will present the specific methods we use in vulnerability probe. In the final section we will demonstrate how to use these vulnerabilities to attack car entertainment systems of various brands and get remote control of cars.

zyxzevn · 2019-11-13T05:58:53+00:00

The cartoon is a plane that is killing civilians and destroying their homes. That clearly military. I think it is related to Vietnam war. But could also be Iraq war with the B-52.

Killing is always violence. Even if it was "justified" it leaves a mark in the soul in a way. Just talk to some vets that are no psychopaths. Even self-defence can break a man. I don't think that a soldier who killed someone needs punishment, but that he needs a way to pay back his guilt.

Indeed most of the time soldiers are just shooting air, guarding, transporting, or dropping bombs at empty places.

But even exercises can be oppressive. Like fake attacks on Russia or fake attacks on China. What does that do to such a country other than incite hostility. In the EU we had good relationships with Russia, like music, trade and work. Now it is more cold due to the election hoax.

Soldiers often need to guard a "strategic place". But what are they guarding? Resources and infrastructures that are property of the people themselves. Like the oil in Syria is property of Syria. According to some news-reports, it is a war-crime to claim the oil, in this fake war.

The soldiers are also guarding Al Nusra (former Al Qaeda) or supporting the Saudi Arabia soldiers in killing civilians in Yemen. Most of the actions of the US military are totally fucked up. They bombed soldiers attacking ISIS. ISIS who were killing civilians. They are also guarding the Israeli bombing attacks in Syria, by switching out responder codes and other fucked up tricks.

Supporting a war is still an act of war. If you give weapons to a crime lord or terrorist, or even train them, you are a part of the war. And you are supporting the crimes that they commit. Saudi Arabia is one of the worst dictatorships, but a good friend of the US. This shows that this is not about humanity.

The reason there is a war is for Oil or Lithium or Poppies. This is what the US is there for. Not for any humanitarian reason. "War is a Racket" - also explains what the wars really are for.

It is sad that the soldiers are so brainwashed that they don't see that. I think the whole US is brainwashed towards war. In the EU most of us are brainwashed in accepting migrants and carbon-taxes. So that is why it is very good for different cultures and continents to communicate with each other. That way we can, via reason, learn what our propaganda is doing to ourselves.

There are soldiers that want to change things in a good way. And like Charles/Chelsey Manning, they get punished severely. The same is with journalists.

zyxzevn · 2019-11-12T22:57:11+00:00

Probably someone can make it racial.

zyxzevn · 2019-11-12T22:54:21+00:00

Should be named Bitch-Good

zyxzevn · 2019-11-12T15:49:25+00:00

Bitchute is already blocked in New Sealand and Australia. Because the media tells everyone that Bitchute is for extremists.

zyxzevn · 2019-11-12T15:46:59+00:00

I respect them as human beings, but they still supported the war machine.

If someone kills another humans, or only threatens them, they are acting in a violent way. We should like any violent action, consider each action whether these are criminal or not.

Vets have killed innocent people in Vietnam, often out of anger. Sometimes by command. If they have any soul left, they can often not live with themselves any more.

It does not help them to thank them for a crime. Instead we should guide them in a way to pay back what they did. Soldiers should be helping countries to rebuild infrastructure and become friends with the people there again. They need to be able to forgive themselves and maybe other need the people to forgive them. Otherwise they will fight an eternal battle in their minds.

If you look at the Roman empire, you can see that they build infrastructures in the conquered areas. They allowed normal markets to grow. And they were helping citizens more like a police, with people from the area.

The US empire just destroys things and build factories and mines for the US rich. They also help local criminal bands (or terrorists) to be stronger. They are the inverse of the police. The CIA creates a market for weapons, drugs and slaves.

zyxzevn · 2019-11-11T22:08:31+00:00

Also info on:
US-Backed Coup In Bolivia Forces President Evo Morales To Resign Under Threats Of Violence - The Last American Vagabond
https://www.bitchute.com/video/d-iFtxE7NTg/

zyxzevn · 2019-11-11T03:37:22+00:00

Blackmail and weapons trade like Epstein.
Or drugs trade.

zyxzevn · 2019-11-11T03:34:10+00:00

That is what your mom said!

zyxzevn · 2019-11-11T03:32:57+00:00

Same with Google/Alphabet. They did that with the help of the US government and military. That is how they got huge amounts of money to invest to obtain their monopolies.

It costs money to be installed on every computer or every smart-phone. And it costs money to get the lawyers to IP-attack/crush any possible competition. And it costs money to bribe the politicians that could stop them.

Oracle (Java), Apple and Amazon are also monopolizing the markets.

zyxzevn · 2019-11-09T17:03:10+00:00

Youtube and Facebook (and Reddit?) are directly controlling comments on US politics.

The information was already public available, and it shows that the "witness" is actually part of the corruption.

Here is another good video by Tim Pool:
Leaked Emails EXPOSE Impeachment And Joe Biden, Trump May Have RIGHT About Corruption The Whole Time

It seems to me that the DNC tries to cover up a big corruption problem by attacking Trump instead. They choose a offence that sounds similar, so that they can say: "If trump is allowed, why can't we.". This tactic seems for someone who wants to cover up a crime after evidence is shown.

IF they really want to bring down Trump, they could do so with the Funding of the Saudi Arabia, or with the bombing of Syria after a false flag. But since those are in line with the war-pushers in the DNC.

zyxzevn · 2019-11-09T16:11:35+00:00

What was he banned for exactly?
Did he offend a trans or post a funny video?
Was he angry at people of certain culture or colour?
Or did he help in killing people via drones?
Oh wait, the latter is OK.

zyxzevn · 2019-11-06T04:38:49+00:00

I have been following Rust for a while, and it looks like a failure due to overcomplexity and community. The language was clearly designed by PhDs with no practical experience.

The community is anti-object-oriented so much, that it makes it very hard to make normal or complex graphs. Which is common in business software and games. This is why we have a doom and all kinds of games in Javascript, but not really in Rust. I had some discussions with Rust-community about this and was explained that the only solution was to make an array, and replace all references with indices. It does not clean up the references of course. So in practice, if you want to make it work for a long time, in Rust you have to make your own indexed database. Stuff like this is no problem in C or many other languages.

If we look at the actual problems with OO we see that they are due to C++ madness, and Java enterprise business. They invented all kinds of fixes to overcome problems of the languages and failed dramatically. But we see that in Scala or Smalltalk the problem is a lot less. Here if there are problems with OO, they are caused by mixing different strategies and bad designs.

But if you are looking for the purfect programming language,
get your hands on C@ (reddit link).

zyxzevn · 2019-11-06T04:01:49+00:00

Stephan Molyneux explains how bad the media situation is:
https://www.bitchute.com/video/kWWWNcxeDBo/

zyxzevn · 2019-11-05T16:29:47+00:00

It found that the heliopause - the barrier where the solar and interstellar winds meet - was much more defined than scientists anticipated.

Not predicted, but kind of expected with plasma cosmology.

zyxzevn · 2019-11-05T15:39:05+00:00

One-sided, but very good watchdog journalism.
Exposed some criminal activities in previous election, that no-one else reported about. Like organizing and initiating violence during Trump gatherings.

zyxzevn · 2019-11-01T22:00:56+00:00

Yes there is a lot of interest in the paranormal by the CIA. The KGB also had very interesting research.

It is sad that there is a lot of false scepticism on the subject. It is so overdone, that it is clear for me that the opposition is on purpose. Especially after encountering some paranormal stuff myself. The cause of much of the resistance might the strong fear of the paranormal.

A lot of remote viewing on the New Thinking Allowed channel on Youtube:
1. Controlled Remote Viewing with Lyn Buchanan
2. Remote Viewing with Stephan A. Schwartz
3. Archeological Remote Viewing in Japan with Joseph McMoneagle
4. Becoming a Professional Remote Viewer with Lori Williams

The channel has a lot of weird stuff and is hosted by a scientist in parapsychology.
Have fun with it.

zyxzevn · 2019-11-01T20:20:41+00:00

I like this kind of stuff, but why on /politics?
Seems more at home at /s/paranormal sub.

zyxzevn · 2019-10-31T22:02:00+00:00

Global Warming is part of this crisis. The bonds related to oil have dropped dramatically. Main European bank, Deutche Bank has no more money. All "solutions" are also destructive, like CO2-tax. Now we are burning our own forests (CO2-neural) as a pretend solution for a fake crisis.

Soros is also sponsoring and pushing immigration in to Europe and the US. I don't know what crisis it wants to create with that. Big countries in Europe are really breaking down. The far left has become violent crazies.

The man who saved Europe
https://www.bitchute.com/video/VjPC-tnw7Ik/
Blackpilled about a movie about the Rothchilds.

zyxzevn · 2019-10-31T03:52:48+00:00

It is about a huge amount of money. No psyops is too expensive.
My question is: Where is the money?

zyxzevn · 2019-10-30T19:31:32+00:00

Jason Bermas has a good analysis of the interview and case

Addition: Analysis with Dr Kevin Wacasey by Stefan Molyneux

zyxzevn · 2019-10-30T14:40:22+00:00

Image: https://i.redd.it/z0waigcp5mv31.jpg

Might get much more thorough research than the Redditor that copy/pasted Snopes.
Snopes itself copy/paste from FBI and pseudo-skeptics, without any research.

zyxzevn · 2019-10-30T02:10:22+00:00

Adding some links to related topics to discuss later:
Evanescent field
Aharonov–Bohm effect
Super fluidity
Bose–Einstein condensate
Delayed-choice quantum eraser
Casimir effect

zyxzevn · 2019-10-29T13:59:43+00:00

Vortex pinning? I have seen articles explaining it, but it smells like pseudo-science.

zyxzevn · 2019-10-29T13:49:20+00:00

For clarity, the Loader theory replaces the photo-electric effect. It gives statistically the same results. Most of the time.

In the Loader-model / threshold-model, the "detection of a particle" takes place when the electromagnetic energy reaches a threshold. The electron-sphere then moves to a different level.

In most quantum-mechanics models, a whole packet of energy (photon) is transferred at once. But it due to quantum-magic it is also on all places at once. And by measuring, the packet suddenly becomes visible. This is where the magic interpretations come from. This leads to the questions: Where is the energy when it is not measured? What is measurement?

Following your pilot-wave model, the EM-field guides a packet of energy towards the detector at a fixed place. So the EM-field transfers no energy to the detector, but the photon causes a sudden transfer of energy (or momentum) to the atoms in the detector.

I would love to see tests on these different ideas. Feel free to post articles about such experiments.

zyxzevn · 2019-10-28T23:30:49+00:00

Who needs a fork, when you have good telekinesis?

zyxzevn · 2019-10-28T23:29:50+00:00

It's the electromagnetic field.

Then you don't need photons to carry forces. Which was the premise of my writing. ;-)

I think there are a lot of dumb interpretations of quantum physics that hopefully die off after the more quality and testable hypotheses are tested.

Fully agree. The Loader theory can be tested very well.

The pilot-wave is visual very interesting, and can be tested thoroughly. But we need some model of what the waves are. And if it is the EM-field what it separates from the photon.

I wanted to build a simulator for quantum mechanics, but found it very hard. Until I found the Loading theory. And it makes everything much much simpler. Now I can just have hidden variables in the detector instead of having to go through all possibilities.

Regarding the best and worst prediction of science:
The Loading theory and pilot-wave theory (as you describe it), define forces as fields. This means that we do not have virtual particles everywhere, unlike QED and QFT. And this means that the worst prediction in science (>10¹⁰⁰⁾ to a much better prediction.

But following the "progress" in science, it seems that they never want to look back. A reason I started the Null-Hypothesis series. Much more to come!

zyxzevn · 2019-10-28T20:37:52+00:00

Thanks for reply.

As I understand it, the Pilot Wave assumes that there is some kind of substance that carries those waves. That is a magic substance, because we do not know what it is. And you think there are waves without substance, you have undetectable magic waves.

The results of the pilot wave theory are also slightly different from the experiments. In some cases the path that pilot-wave-particles should take, are not possible in certain experiments. That is what I read. I think that such paths can even be blocked, but I don't know an example.

But if you just forget about the substance and use the electromagnetic field as the carrier of the photon-wave, you can just forget about the particles. You get exactly the Loading theory.

The problem with quantum mechanics comes pure from the particles. In optics scientists often fall back to electromagnetic fields instead of photons. No particles, no problem. That is why I think it is the simplest explanation. Not necessarily the correct one, but one that should be thoroughly tested.

zyxzevn · 2019-10-28T15:14:16+00:00

Google for your ass!
Star fucks!
Pizza huh?
Googirls.. :S
Special man will save you wearing his iPhones!

I install Michaelsoft Bindows and drink a Johnnie Worker Red Labial

We need these as memes. And I would proudly wear some of these.

zyxzevn · 2019-10-28T03:36:33+00:00

Sorry, you are a bit too deep in this everything-is-fake stuff for my liking.

zyxzevn · 2019-10-27T13:15:23+00:00

Jim Sterling - Call Of Duty: Modern Warfare - Shock & Bore

zyxzevn · 2019-10-26T18:58:35+00:00

They do not want to be reminded of themselves, because they hate themselves.

zyxzevn · 2019-10-26T16:46:59+00:00

Posted in /SaidIt because I think everyone should understand the logical fallacies. It helps in discussions and works well against propaganda.

During the video the speakers give some good examples.

zyxzevn · 2019-10-25T22:56:44+00:00

Looks a bit like the Paris attack where people were taken hostage by Isis fighters.

The story-line is a bit correct in the idea that the terrorists are monitored, but not stopped. This is what we see almost every attack. In the US, the FBI even arms potential terrorists. For the eternal war. It is like arsonist firefighters.

Oh yes, the US and UK armed Isis. This is known by the serial numbers of their weapons. The US and UK also give them some protection. Their people are evacuated by black helicopters before the bombings start. Probably leaving the hostages. There are some camps even in the US that trained these fighters.

I read somewhere that the game sees the White Helmets as good, while they are in fact a terrorist organisation. Just called White Helmets to make us feel good, and allow support. Like Al-Qaeda (under different name) even get full military support.

It was all setup to destabilize Syria and the region. Part of the well-known plan to conquer the middle east.

The game probably trains new kids to become good soldiers and accept the propaganda. And some people may even think that this is predictive programming, to prepare us for future terrorist attacks.

zyxzevn · 2019-10-25T20:56:11+00:00

I just saw a "multi" to categorize my subscriptions.
It does not show in the main page, but it is really nice!

zyxzevn

MODERATOR OF