kyak changed the topic of #qi-hardware to: Copyleft hardware - http://qi-hardware.com | hardware hackers join here to discuss Ben NanoNote, atben/atusb 802.15.4 wireless, anelok and other community driven hw projects | public logging at http://en.qi-hardware.com/irclogs and http://irclog.whitequark.org/qi-hardware
dandon has quit [Quit: .]
dandon has joined #qi-hardware
fengling has quit [Ping timeout: 268 seconds]
fengling has joined #qi-hardware
wildlander has quit [Quit: Saliendo]
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined #qi-hardware
fengling has quit [Ping timeout: 268 seconds]
fengling has joined #qi-hardware
<kyak> found this http://routersecurity.org/bugs.php while persuading a collegue of mine to wipe out the vendor firmware
<kyak> and use openwrt or derivatives instead
<kyak> all related news are put together for convenience :)
sb0 has joined #qi-hardware
eintopf_ has joined #qi-hardware
eintopf has quit [Ping timeout: 264 seconds]
eintopf_ is now known as eintopf
<whitequark> hm, where's joerg
sb0 has quit [Quit: Leaving]
sb0 has joined #qi-hardware
<wpwrak> whitequark: he's traveling these days. he may still notice (eventually) then you write something here, though.
<whitequark> ahh 33c3
<whitequark> then he probably already knows
<eintopf> 33c3 I wish I would be there
<wpwrak> naw, visiting a friend. not 33c3
<wpwrak> kyak: someone should make a horror movie with this :)
Nik05_ has quit [Read error: Connection reset by peer]
Nik05 has joined #qi-hardware
sb0 has quit [Quit: Leaving]
<kyak> wpwrak: and the horror part starts when a guy tries to install openwrt --)
<wpwrak> kyak: ah, you're planning the sort of movie where the heroes die, too :)
<kyak> ^)
<DocScrutinizer51> whitequark: not 33C3
<DocScrutinizer51> what's up?
<DocScrutinizer51> sorry, not going to visit shitty twitter on N900
<DocScrutinizer51> prolly wou.dn"t work amyway
<DocScrutinizer51> well thats german news :)
<DocScrutinizer51> our TV journalists found it together with Mhackers'
<DocScrutinizer51> basically brute force cracking of a 'pw' alike 6digit transaction number afaik
<DocScrutinizer51> they prolly should inastall fail2ban ;)
<DocScrutinizer51> funny hack but no real big thing in my book
<whitequark> its like BGP
<whitequark> anyone can hijack anyone's flights
<DocScrutinizer51> well, as long as you cam brute force crack the 6charr(?) transaction token, yes. Under same premise i can root 60 percent all computers on this globe
<DocScrutinizer51> you 'only' need family name of a customer. rough time window of transaction, and then bruteforce the transaction token. pretty 'insecure' eh? No, they just should throttle bruteforce e.g. by fail2ban
<whitequark> DocScrutinizer51: but that's true, you can intercept 60% (actually might be more than 60%) of traffic with a fake BGP advertisement
<whitequark> and if you know a rough timewindow then you don't even need to bruteforce the entire token
<DocScrutinizer51> nfc what's that BGP thing
<DocScrutinizer51> what they told in TV they simply bruteforce cracked the transaction ID
<DocScrutinizer51> which is... cracking for kindergarden
<wpwrak> kids today ...
<DocScrutinizer51> yeah, they just repeated it in TV: the hackers brute force cracked the 6char reference ID with a known customer name. So how does that differ from bruteforcing the root password of any arbitrary server?
<whitequark> DocScrutinizer51: who even uses passwords anymore? good luck bruteforcing my ssh key
<DocScrutinizer51> add reasonable throttling like fail2ban and everything banana
<DocScrutinizer51> meh
<DocScrutinizer51> good luck clickbaiting me into this nonissue
<DocScrutinizer51> poor implementation of an otherwise perfectly secure concept
<DocScrutinizer51> of course the IDs need to be true random, and auth needs rate limit, just lie any arbitrary other auth system. That they do call it reference ID and not password is a communication failure, not an IT design failure
<DocScrutinizer51> Nohl is making up big news to give ARD reporters a topic to cover C3 in news
<DocScrutinizer51> pretty dishonest
<eintopf> :o the channel is alive
<eintopf> btw: my tft power supply with the replaced elkos still works
fengling has quit [Ping timeout: 268 seconds]
fengling has joined #qi-hardware
wildlander has joined #qi-hardware
mth has joined #qi-hardware
sandeepkr has joined #qi-hardware
sandeepkr has quit [Read error: No route to host]
sandeepkr has joined #qi-hardware
sandeepkr has quit [Remote host closed the connection]
sandeepkr has joined #qi-hardware
sandeepkr has quit [Read error: Connection reset by peer]
sandeepkr has joined #qi-hardware
sandeepkr has quit [Remote host closed the connection]
sandeepkr_ has joined #qi-hardware
sandeepkr_ has quit [Max SendQ exceeded]
sandeepkr_ has joined #qi-hardware
sandeepkr__ has joined #qi-hardware
sandeepkr__ has quit [Remote host closed the connection]
sandeepkr_ has quit [Ping timeout: 260 seconds]