--- Log opened Fri Dec 30 00:00:22 2016
04:12 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:b102:e709:7d5a:c2f3] has quit []
06:26 <@Dolemite> mr0ning, be0tches and h0ez!
08:10  * aestetix hugs Dolemite 
08:37 < xray> yo
09:02 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:60f1:1f0:dac:c94e] has joined #se2600
09:46 <@rattle> JAR-16-20296 is complete dreck.
10:10 < aestetix> rattle: I am thinking of getting a bunch of orange balloons and popping them at the stroke of midnight
10:10 < aestetix> my other idea was to burn a bag of cheetos, but it turns out that might stink
10:19 < _NSAKEY> aestetix: So, any delicious drama?
10:19 < aestetix> drama?
10:20 < aestetix> you mean from congress?
10:20 < _NSAKEY> Yeah.
10:20 < _NSAKEY> I know you're not there, but I'm sure people talk.
10:20 < aestetix> well I'm having a gathering on Jan 1 that a bunch of congress folks will be coming to
10:20 < aestetix> so I'm sure I'll hear all about it
10:21 < aestetix> I'd say the biggest drama I'm aware of right now is the SHA2017 ticket price
10:21 < aestetix> oh btw
10:21 < aestetix> have any of you seen the show Homeland?
10:26 <@Dolemite> yes
10:29 < aestetix> Dolemite: I'm five episodes in and its turning into a sappy soap opera
10:29 < aestetix> does it get back on track?
10:30 < aestetix> It seems like the plot starts to get good, and then there is some stupid soap opera issue that happens
10:48 <@Dolemite> It varies from season to season
10:48 < aestetix> I'm on season 1
10:49 <@Dolemite> Season 1 and 3 were the better ones.  Season 2 got pretty mired down.
10:51 <@Dolemite> Actually, I was thinking wrong.  It was season 4 that was horrible.
10:52 <@Dolemite> Season 5 is probably the one you'd most like.
10:52 <@brimstone> but you have to get through 1-4 to get to season 5
10:52 < aestetix> ugh
10:52 <@Dolemite> Nah
10:52 <@Dolemite> Just start with Season 5
10:53 < aestetix> I'll finish out season 1 and maybe skip to season 5
10:53 <@Dolemite> It was good enough for George Lucas to start in the middle
10:53 < aestetix> since I do not want the stupid love drama crap
10:53 <@Dolemite> Well, there's still some, but a lot less of it.  It's more like manipulation.
10:54 < aestetix> I can deal with that
10:54 < aestetix> I just don't want half an episode that's who slept with who
10:54 < aestetix> or worse, a full episode
10:56 < aestetix> Also, I don't know why some of these shows feel the need to keep going
10:56 <@Dagmar> rattle: I can't wonder WTF magic they're pulling to convince people that the damn thing is anything but a work of fiction
10:57 < aestetix> Or stretch out what should be three episodes into 10 episodes
10:57 <@Dagmar> Hell, short story authors would be embarassed to use that much magical thinking in their plot lines
10:58 <@Dagmar> Also, what kind of shitcode is this nonsense $base64decode = /\='base'\.\(\d+\*\d+\)\.'_de'\.'code'/
10:58 <@Dagmar> There are probably hundreds of fucking webshells that their "signature" will also match
10:59 < aestetix> Dagmar: reading the US report on the DNC hack?
11:00 <@Dagmar> Yes.  This is bullshit
11:00 < aestetix> I knew because that was the one shred of technical info in it
11:00 <@Dagmar> I guess we'll be able to tell who is completely full of shit by looking for people saying this report proves anything more than they can use a spellchecker
11:01 <@Dagmar> aestetix: Pretty much every fucking webshell I ever pulled out of Vanderbilt's infrastructure matches that fucking "signature"
11:01 <@Dagmar> It literally doesn't mean _shit_ that there was a webshell involved somewhere, other than to possibly indicate that HTTP servers were in some way involved
11:07 <@Dagmar> Where's even the fucking IP address they mention
11:10 <@Dagmar> There's no attachments in this PDF file that I can see
11:11 < aestetix> also the fact I recognized that based on the shitty code you pasted is telling
11:16 <@Dagmar> `mount /system`
11:27 < aestetix> Dagmar: I can't find the report. URL?
11:33 < aestetix> found it
11:33 < aestetix> _NSAKEY: so I was sort of wrong. Andy's medium writeup about Jake is making the rounds.
11:34 < aestetix> I do wish people would stop beating that fucking horse.
11:34 < aestetix> Seriously. Either Jake committed a crime or he didn't. None of these "anarchists" has the guts to actually take this to the police and make a formal complaint.
11:35 < aestetix> And then all the nonsense about "the police never do anything" which is hard to hear coming from people who didn't even try.
11:46 <@Dagmar> Who what?>
11:50 <@rattle> I've been involved in investigations related to the Russian hacks.  I understand why they are not releasing some of the indicators and whatnot..  But what they did release is complete fucking dreck.
11:50 < aestetix> rattle: why did they bother releasing it then?
11:50 < aestetix> https://news.ycombinator.com/item?id=13279600
11:50 < aestetix> case in point
11:50 < PigBot> Title: Technical report on DNC hack [pdf] | Hacker News (at news.ycombinator.com) http://tinyurl.com/zk5yfln
11:51 <@Dagmar> 'We don't want to reveal how much we know, or how we know it'
11:51 <@rattle> aestetix: I think they just felt like they had to release something.
11:51 <@Dagmar> ...but the seven fucking pages of boilerplate is shameful.
11:51 < aestetix> rattle: well the Obama administration has been by far the least transparent ever.
11:51 <@rattle> This whole thing is just FBI/DHS in clown shoes.
11:51 < aestetix> But even by those standards this is shit.
11:52 <@Dagmar> The one thing it does show is that this APT was operating on about the same level as millions of script kiddies and the DNC should be completley ashamed
11:52 <@brimstone> Four More Years!
11:52 < aestetix> Dagmar: maybe they were too busy discussion strategies to battle microaggressions
11:52 <@rattle> The DNS _should_ be completely ashamed, and that's besides the point..  But the Ruskies do have some decent TTPs..
11:53 <@rattle> This press is a pretty good run through of some of their tools.. http://www.welivesecurity.com/wp-content/uploads/2016/06/visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1.pdf
11:53 < PigBot> rattle: That URL appears to have no HTML title within the first 30480 bytes.
11:53 <@rattle> s/press/preso/
11:53 <@rattle> s/DNS/DNC/ This freaking spell check sucks.
11:53 < aestetix> I mean it honestly seems like if I want to find out what the DNC or Obama is actually doing, my best bet is wikileaks
11:54 <@Dagmar> lol
11:54 <@Dagmar> https://beta.companieshouse.gov.uk/company/10542519
11:54 < PigBot> Title: ; DROP TABLE "COMPANIES";-- LTD - Overview (free company information from Companies House) (at beta.companieshouse.gov.uk) http://tinyurl.com/zd9kj7h
11:55 <@Dagmar> aestetix: Or just email them some RAT you cobbled together with a GUI tool and look for yourself
11:55 < aestetix> haha
11:55 <@Dagmar> Apparently it's fuckin' trivial to compromise the DNC
11:55 <@brimstone> Password:
11:55 < aestetix> This is one advantage of Herr Trump not using email
11:56 <@brimstone> tweet him a phishing link?
11:56 <@brimstone> also, *Herr Drumpf
11:56 < aestetix> actually
11:56 < aestetix> if you could get someone on trump's staff to tweet out the URL to a malware file
11:57 < aestetix> with a context like "proof obama is a tranny"
12:26 <@Dagmar> You read the docs that come with the sources
12:53 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has quit [Ping timeout: 258 seconds]
13:06 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has joined #se2600
13:06 -!- mode/#se2600 [+o rhia] by ChanServ
13:27 <@rattle> Security at the DNC was a joke.  I can verify that first hand.  Back 2008-2010'ish when the tanks started coordinating regarding the Chinese shenanigans, they were one of the orgs that just didn't seem to care.
13:28 <@rattle> They went down then too..  But, never seemed to have the "security awakening" that many other orgs did.
13:32 <@rattle> At this point, I'm numb.  I'm so tired of listening to people talk about this shit like they have a clue, when they have zero fucking idea what they are talking about.
13:32 <@rattle> I hope the DNI report clears some shit up when it comes out.
13:36 < aestetix> rattle: well first they need to appoint a new DNI
13:39 <@rattle> DNI is already working on it.  It's independent of the transition.
13:41 <@rattle> What really needs to happen is for Congress to start an investigation.
13:42 <@rattle> By the time Congress figures out what it wants to do, the IC should have already dropped it's bombs.  If Congress launches an investigation, the private sector threat intel community will drop it's bombs.
13:43 <@rattle> Everyone in the know in the private sector is just standing around waiting to see what the government is going to do.
13:46 <@rattle> This whole situation is unbelievably fucked up.
13:49 < _NSAKEY> <@rattle> This whole thing is just FBI/DHS in clown shoes.
13:49 < _NSAKEY> When does anyone at either of those orgs remove their clown shoes? I was under the impression that they stayed on until retirement, at the very earliest.
13:49 <@Dagmar> They don't seem to care about ethics, so it's not very surprising they shouldn't care about security either
13:50 < aestetix> lololo congress doing something
13:50 <@rattle> What makes you think any of those problems are unique to the DNC?
13:50 <@Dagmar> Their solution to most problems simply seems to be to tell everyone that things are great if you're on the inside
13:50 < aestetix> given that the new potus and the speaker of the house both hate congress
13:50 <@rattle> Or a particular political party?
13:57 < aestetix> omg
13:57 < aestetix> https://twitter.com/realDonaldTrump/status/814919370711461890
13:57 < PigBot> Title: Donald J. Trump on Twitter: "Great move on delay (by V. Putin) - I always knew he was very smart!" (at twitter.com) http://tinyurl.com/h9xdh5a
13:58 < aestetix> and it's pinned, so herr trump is learning more twitter features
14:35 < xray> https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/
14:35 < xray> US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware
14:50 <@brimstone> is it outdated if it's still effective?
14:55 <@brimstone> _NSAKEY: you awake?
14:56 < _NSAKEY> brimstone: Not for much longer.
14:57 <@brimstone> _NSAKEY: my usual md5 reverse sites aren't helping. Might you want to take a crack at e75e9653c1f8275113e32d1f1b8cb5f5ece5ee3d ?
14:57 <@brimstone> no, 0f1e9d1c0dd10bc722c34254e51bff62
14:57 <@brimstone> the e7 was a test
14:57 < _NSAKEY> I'll queue up some jobs and sleep on it.
14:57 <@brimstone> also, it's a sha1
14:57 <@brimstone> cool, thanks
14:58 < _NSAKEY> Yeah, it looked a bit long to be an md5.
15:09 < _NSAKEY> brimstone: It's MD5.
15:10 < _NSAKEY> Or at least, conforms to the length. I'm so tired that it looked like SHA1 until I started seeing line-length exceptions.
15:31 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has quit [Quit: ZNC - http://znc.in]
15:32 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has joined #se2600
15:47 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has quit [Quit: ZNC - http://znc.in]
15:49 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has joined #se2600
15:49 <@brimstone> well, it's not in hashes.org or crackstation's lists
15:56 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has quit [Quit: ZNC - http://znc.in]
15:57 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has joined #se2600
18:11 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has quit [Ping timeout: 240 seconds]
18:23 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has joined #se2600
18:23 -!- mode/#se2600 [+o rhia] by ChanServ
19:30 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has left #se2600 []
21:10 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:60f1:1f0:dac:c94e] has quit []
22:40 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has joined #se2600
23:06 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has quit [Quit: ZNC - http://znc.in]
23:06 -!- xray_ [~xray@2601:c4:c000:be00:fe34:2daa:38c4:d376] has joined #se2600
--- Log closed Sat Dec 31 00:00:23 2016