• 1 Post
  • 15 Comments
Joined 1 year ago
Cake day: October 4th, 2023
  • tal@lemmy.todaytoProgrammer Humor@lemmy.mlHacking in 1980 vs Hacking in 2024
    1·
    11 months ago

    I mean, when you give them a number on the phone, the guy at the other end is just going to be putting the number in the same place the website does.

    When you pay in-store with a credit card, probably same thing.

    EDIT: Well, unless, for the last case, one’s using a cryptographic-signature-based mechanism, like the smartcard chip or wireless authentication. But if it’s a magstrip or someone punching numbers in…

  • tal@lemmy.todaytoProgrammer Humor@lemmy.mlHacking in 1980 vs Hacking in 2024
    19·
    11 months ago

    It’s hunter2

    For the uninitiated, this was a purported IRC conversation on bash.org (which apparently is down now, sadly):

    https://web.archive.org/web/20040604194346/http://bash.org/?244321

      Cthon98: hey, if you type in your pw, it will show as stars
  Cthon98: ********* see!
  AzureDiamond: hunter2
  AzureDiamond: doesnt look like stars to me
  Cthon98: *******
  Cthon98: thats what I see
  AzureDiamond: oh, really?
  Cthon98: Absolutely
  AzureDiamond: you can go hunter2 my hunter2-ing hunter2
  AzureDiamond: haha, does that look funny to you?
  Cthon98: lol, yes. See, when YOU type hunter2, it shows to us as *******
  AzureDiamond: thats neat, I didnt know IRC did that
  Cthon98: yep, no matter how many times you type hunter2, it will show to us as *******
  AzureDiamond: awesome!
  AzureDiamond: wait, how do you know my pw?
  Cthon98: er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
  AzureDiamond: oh, ok.

    I’ll add that I’m a little suspicious that the event is apocryphal. Cliff Stoll’s The Cuckoo’s Egg described a (true) story of a West German hacker, Markus Hess, working for the KGB during the Cold War to try to break into US industrial systems (e.g. chip design, OS source code) and military systems (various military bases and defense projects). Hess had broken into a system at the University of California at Berkeley, where Stoll was studying astrophysics and working as a sysadmin. Stoll discovered the breakin, and decided to leave the hacker alone, to use the system as a honeypot, and try to figure out what systems the hacker was attacking so that he could warn them, so he had a pretty extensive writeup on what was going on. Stoll had been providing updates to the FBI, CIA, NSA, Army and Air Force computer security personnel, and a few others.

    Stoll was trying to figure out who the hacker was, as the hacker was only touching his system via other systems that he’d broken into, like a US defense contractor; he didn’t know that the hacker was German.

    Hess used “hunter” or a variant, like “jaeger”, German for “hunter”, as a password on many of the systems that he broke into; this was one of several elements that led Stoll to guess that he might be German; that sounds very suspiciously similar to the password in the above conversation.

    I’d add that the whole story is a pretty interesting read. Eventually, Stoll – who was having trouble getting interest from various US security agencies, which were not really geared up to deal with network espionage at the time, made up a fake computer system at UC Berkeley that claimed it contained information related to Strategic Defense Initiative, part of a major US ballistic missile defense project, and indicated that a physical letter had to be sent to get access. Hess noticed it, handed the information off to his KGB handlers, and a bit later, a Bulgarian spy in Pittsburgh tried sending said letter to get access to the system. When Stoll handed that tidbit off, that got a lot of attention, because the FBI was definitely geared up for catching spies in the US trying to compromise US military systems, and exposing domestic spy rings was right up their alley. The FBI finally put a bunch of people on it, Stoll got to give a presentation at the CIA, etc.

  • tal@lemmy.todaytoProgrammer Humor@lemmy.mlHacking in 1980 vs Hacking in 2024
    4·
    11 months ago

    LAN Manager passwords were hashed

    Looks like it was worse than I remember.

    Pretty sure that you’re thinking of an additional, unrelated security hole. I recall that there were attacks against NTLM hashed passwords too – IIRC, one could sniff login attempts against Windows fileservers on the same network, extract hashed passwords going by on the network, and then run dictionary attacks against them, which sounds like the exploit being described at your link. That was actually worse in that it also affected the (more-widely-used in production in businesses for serious things) Windows NT servers.

    The hole I was attacking was specific to the fileserver in the 9x line, and it wasn’t a weak hash or unsalted hash, but a lack of hashing – it was specifically a case where the passwords were not stored in a hashed form. That was fundamentally a requirement for the attack to be be appearing in this way; if they had had any form of hashing, even with the length verification bug, you would have had to extract the entire hash, then do a local brute-force attack against the hash to reverse the hash, and gotten the whole password at once rather than having it show up a digit at a time.

    Windows had a lot of security problems around that time.

    EDIT: Regarding your hole, it sounds like NTLM authentication still is prone to problems:

    https://www.csoonline.com/article/571263/ntlm-relay-attacks-explained-and-why-petitpotam-is-the-most-dangerous.html

    2021

    Attackers can intercept legitimate Active Directory authentication requests to gain access to systems. A PetitPotam attack could allow takeover of entire Windows domains.

    EDIT2: Oh, if you mean “worse than I remember” talking about the case reduction, then never mind – I thought that you were saying that the length check bug made your hole worse.

  • tal@lemmy.todaytoProgrammer Humor@lemmy.mlHacking in 1980 vs Hacking in 2024
    69·
    11 months ago

    They didn’t put the text in, but if you remember the original movie, the two situations are pretty close, actually. The AI, Joshua, was being told by David Lightman – incorrectly – that he was Professor Falken.

    https://www.youtube.com/watch?v=7R0mD3uWk5c

    Joshua: Greetings, Professor Falken.

    David: We’re in!

    Jennifer: [giggles]

    David [to Jennifer]: It thinks I’m Falken!

    David [typing, to Joshua]: Hello.

    Joshua: How are you feeling today?

    David: [typing, to Joshua]: I’m fine. How are you?

    Joshua: Excellent. It’s been a long time. Can you explain the removal of your user account on June 23rd, 1973?

    David [to Jennifer]: They must have told it he died.

    David [typing, to Joshua]: People sometimes make mistakes.

    Joshua: Yes, they do.

    My own Wargames “this is not realistic” and then years later, in real life: “oh, for fuck’s sake” moment when it happened was the scene where Joshua was trying to work out the ICBM launch code, and was getting it digit-by-digit. I was saying “there is absolutely no security system in the world where one can remotely compute a passcode a digit at a time, in linear time, by trying them against the systems”.

    So some years later, in the Windows 9x series, for the filesharing server feature, Microsoft stored passwords in a non-hashed format. Additionally, there was a bug in the password validation code. The login message sent by a remote system when logging in sent contained a length, and Windows only actually verified that that many bytes of the password matched, which meant that one could get past the password in no more than 256 tries, since you only had to match the first byte if the length was 1. Someone put out some proof of concept code for Linux, a patch against Samba’s smbclient, to exploit it. I recall thinking “I mean, there might not be something critical on the share itself, but you can also extract the filesharing password remotely by just incrementing the length and finding the password a digit at a time, which is rather worse, since even if they patch the hole, a lot of people are not going to change the passwords and probably use their password for multiple things.” I remember modifying the proof-of-concept code, messaged a buddy downstairs, who had the only convenient Windows 98 machine sitting around on the network, “Hey, Marcus, can I try an exploit I just wrote against your computer?” Marcus: “Uh, what’s it do?” “Extracts your filesharing password remotely.” Marcus: “Yeah, right.” Me: “I mean, it should. It’ll make the password visible, that okay with you?” Marcus: “Sure. I don’t believe you.”

    Five minutes later, he’s up at my place and we’re watching his password be printed on my computer’s screen at a rate of about a letter every few seconds, and I’m saying, “you know, I distinctly remember criticizing Wargames years back as being wildly unrealistic on the grounds that absolutely no computer security system would ever permit something like this, and yet, here we are, and now maybe one of the most-widely-deployed authentication systems in the world does it.” Marcus: “Fucking Microsoft.”

  • tal@lemmy.todaytoTechnology@lemmy.mlChina gives Ehang the first industry approval for fully autonomous, passenger-carrying air taxis
    3·
    1 year ago

    Last I looked, current commercial aircraft can do pretty much everything on their own but land.

    checks

    Looks like they can land these days too, though it’s still the norm for the pilot to land.

    https://executiveflyers.com/can-autopilot-land-a-plane/

    Most modern planes have an autoland system that enables a plane to land automatically.

    But, most pilots prefer to manually land a plane because they are more comfortable with having more control over a plane during such an important part of a flight.

    Most pilots also only use autoland when there’s low to zero outside visibility. And pilots are also legally restricted on how often and when they can use autoland.

    I also recall that after that collision when a Swiss air traffic controller was trying to work two ATC positions some time back, it was clarified that for collision avoidance – probably the most-critical task an air traffic controller deals with – if a human air traffic controller tells the pilot to do one thing and the computer tells the pilot to do something else, you disregard the human and obey the computer, so in practice computers mostly do or can run the situation today.

    https://en.wikipedia.org/wiki/2002_Überlingen_mid-air_collision

    On the night of Monday, 1 July 2002, BAL Bashkirian Airlines Flight 2937, a Tupolev Tu-154 passenger jet, and DHL International Aviation ME Flight 611, a Boeing 757 cargo jet, collided in midair over Überlingen, a southern German town on Lake Constance, near the Swiss border. All of the passengers and crew aboard both planes were killed, resulting in a total death toll of 71.

    The official investigation by the German Federal Bureau of Aircraft Accident Investigation (German: Bundesstelle für Flugunfalluntersuchung -BFU) identified the main cause of the collision to be a number of shortcomings on the part of the Swiss air traffic control (ATC) service in charge of the sector involved, as well as ambiguities in the procedures regarding the use of the traffic collision avoidance system (TCAS) on board.

    Basically, the Russian plane followed the human ATC instructions, and the DHL plane followed the TCAS computer’s instructions and collided.

    At 23:34:42 CEST (21:34:42 UTC), less than a minute before the crash, Nielsen realized the danger and contacted Flight 2937, instructing the pilot to descend to flight level 350 (1000 ft lower) to avoid collision with crossing traffic (Flight 611). Seconds after the crew of Flight 2937 initiated this descent, their TCAS instructed them to climb, while at about the same time the TCAS on Flight 611 instructed the crew of that aircraft to descend.: 111–113  Had both aircraft followed those automated instructions, the collision would not have occurred.: 34

    Flight 611’s pilots followed their TCAS instructions and initiated a descent, but could not immediately inform Nielsen because the controller was dealing with Flight 2937. The crew of Flight 2937, already descending as instructed by Nielsen,: 104–106  disregarded their TCAS instruction to climb. Thus, both planes were now descending.

    Unaware of the TCAS-issued alerts, Nielsen repeated his instruction to Flight 2937 to descend, giving the crew incorrect information as to the position of the DHL plane (telling them that the plane was to the right when it was in fact to the left).: 76  About eight seconds before the collision, Flight 611’s descent rate was about 12 m/s (2,400 ft/min), not quite as rapid as the 13 to 15 m/s (2,500 to 3,000 ft/min) range advised by the TCAS.

    Flight 611, responding to the developing situation, increased its descent rate.: 6–9  Eight seconds before the collision, Flight 2937’s crew became aware of the situation when they gained visual sight of Flight 611 incoming from the left, and, two seconds before the collision, obeyed their TCAS instruction and attempted to put the aircraft into a climb.

    By then the collision was inevitable. The aircraft collided at 23:35:32 CEST (21:35:32 UTC), at almost a right angle, at an altitude of 10,630 m (34,890 ft), with Flight 611’s vertical stabilizer slicing completely through Flight 2937’s fuselage just ahead of the wings. Flight 2937 broke into several pieces, scattering wreckage into the Brachenreute neighborhood over a wide area. The nose section of the aircraft fell vertically, while the tail section with the engines continued, stalled, and fell.

    Flight 611, now with 80% of its vertical stabilizer lost, struggled for a further 7 kilometres (4.3 mi; 3.8 nmi) before crashing into a wooded area close to the village of Taisersdorf at a 70° downward angle. Each engine ended up several hundred meters away from the main wreckage, and the tail section was torn from the fuselage by trees just before impact.: 19–33  All 69 people onboard Flight 2937 and both crew members on board Flight 611 died.: 9

    TCAS and conflicting orders

    The accident raised questions as to how pilots must react when they receive conflicting orders from TCAS and ATC. TCAS was a relatively new technology at the time of the accident, having been mandatory in Europe since 2000.: 45  When TCAS issues a resolution advisory (RA), the pilot flying should respond immediately by directing attention to RA displays and maneuvering as indicated, unless doing so would jeopardise the safe operation of the flight, or unless the flight crew can assure separation with the help of definitive visual acquisition of the aircraft causing the RA.

    In responding to a TCAS RA that directs a deviation from assigned altitude, the flight crew should communicate with ATC as soon as practicable after responding to the RA. When the RA is removed, the flight crew should advise ATC that they are returning to their previously assigned clearance or should acknowledge any amended clearance issued.

    While TCAS is programmed to assume that both crews will promptly follow the system’s instructions, the operations manual did not clearly state that TCAS should always take precedence over any ATC commands.: 103  The manual described TCAS as “a backup to the ATC system”, which could be wrongly interpreted to mean that ATC instructions have higher priority.: 80  This ambiguity was replicated in the Tu-154 Flight Operations Manual, which contained contradictory sections. On the one hand, chapter 8.18.3.4 emphasised the role of ATC and describes TCAS as an “additional aid”,: 53  while chapter 8.18.3.2 forbade manoeuvers contrary to TCAS.: 103  The BFU recommended that this ambiguity should be resolved in favor of obeying TCAS advisories even when these were in conflict with ATC instructions.: 111

  • tal@lemmy.todaytoTechnology@lemmy.mlQualcomm will try to have its Apple Silicon moment in PCs with “Snapdragon X”
    1·
    1 year ago

    I mean, Linux definitely does have ARM apps in that for the open-source stuff, you can just use an ARM build of the distro. So the transition for Linux is definitely easier from the standpoint of obtaining native binaries than it is for MacOS or Windows; a huge chunk of the software has the source publicly-available.

    But if you want to play closed-source games on Linux – like, off Steam or GOG or whatever, some of which is Windows binaries – most if not all of that doesn’t have ARM available, and a lot of it will definitely never have ARM builds, because the stuff was written ages ago and the source was lost, even if the rightsholders were able and interested in getting an ARM build out. And ARM can’t really efficiently emulate x86.

    CPUs aren’t that expensive. Maybe it’s possible to create some kind of ARM-based laptop with an x86 coprocessor that is only used when running x86 code, or something like that.