Another Reason To Hate on the Chinese Government

Sometimes I wonder if people so adamantly defend China despite their issues and their obvious misinformation with the virus because they're afraid that making them mad will result in less cheap products from there in the future, especially if Trump gets reelected and wants to increase sanctions.

That's just me thinking out loud, nobody has to answer that although I'm sure someone will respond.

@n64dd: ????

A powerful dictatorship run by a despot held back information?

I'm shocked... shocked I tell you.

Sure. Phishing is not a targeted attack.

Who's defending China?

Please offer citation disproving the ICA report, SIC report, and DOJ report (each which I have kindly linked for you) which directly state Russia Interfered. N64DD's opinion is not valid citation.

Until further notice you have lost this debate.

I did. My background is in cyber security (i'm cyber security architect). Do you know what you're even reading?

You MUST be fully aware that you claiming you are an expert in cyber-security doesn't actually refute the extremely lengthy conclusions of our ICA and DOJ, from both Republicans and Democrats.

I will link them again for you:

https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume4.pdf

https://www.justice.gov/storage/report.pdf

Russia Interfered.

Either you directly quote what is incorrect in those large reports (with proof), or you concede. Until further notice you still remain the loser of this "debate". I can't believe this is even debated anymore outside of Q-Anon lol.

So you know Unix or STFU.

Can I ask you some Unix questions that aren't easily Googled?

10 second google searching tells me phishing can be a targeted attack.

Phishing can be a targeted attack. Guess you aren't the best at your job huh...…..

@LJS9502_basic: @horgen:

Incorrect. Phishing is a general

Net thrown to catch random victims.

Targeting would fall under social engineering.

For br0ken rabbit, very little unix is used in my job so i know enough to get by.

Wrong. There are different types of phishing. Included targeting phishing.

Less than 10 seconds to google will teach you. Either you are not well versed in your job or that isn't your job.

https://www.csoonline.com/article/3234716/types-of-phishing-attacks-and-how-to-identify-them.html

The US still hasn't paid for what the Spanish Flu did to the world.

@LJS9502_basic: nah fam. Those other kind of “phishing” dont classify as traditional phishing and are under other categories now.

Hillary got hit by traditional phishing, which what I was talking about. She got hit because she had an illegal personal server violating all kinds of legal documentation and agreements she had.

@foxhound_fox: Canada still hasn’t paid for Beiber.

Wait...you're not just an IT security guy, you're a Security Architect™, and you know very little of Unix?

So you admit the SIC and DOJ are correct, and Russia Interfered? As you have not given proof their reports are false.

He's your problem now.

I don't think anyone on the left or right likes the Chinese government that exists in mainland China. Red guys hate them for being a competitor, blue games hate them for them being horrible to their citizens.

Problem is, the red guys usually have a harder time separating the Chinese government with the Chinese people or Chinese Americans than the blue guys.

Spear phishing is a thing. And our company practices defense and against broad and targeted attacks.

Everyone has their reasons. The problem is that whenever stance the GOP takes on China, it's incoherent and unreasonable (e.g. sanctions, "they started it in the lab," and so on), and whenever Democrats oppose those stances for logical reasons, it's dismissed and suddenly they're pro-China.

The Chinese government screwed up and hid COVID-19 but right now, we're number one in COVID-19 stats and we continue to bicker without providing much of a solution other than a blame game.

@br0kenrabbit: enough to get by. More knowledge in networking, firewalls. Juniper, ccnp, blue coat (scs certified), cisco sase certified, palo alto, etc.

So say someone is pushing an attack via NTP exploit and forcing the use of an expired transport layer. What you do?

Patch NTP.

From memory a certain user with the username similar Nintendo console that first released Turok once suggested that everyone should turn on their air conditioning units to combat global warming.

That's what you're dealing with.

Only in the summer. In the winter all it would do is make everybody's electric bill bonkers.

Point proven.

Yes, FABULOUS idea. This is PURE GOLD. I'm speechless, you're just .... I am sorry I just don't have words to describe your amazing idea. I reckon a Nobel prize should be on its way! Pure genius!

"Remember people of the earth, switch on your air conditioning units (only during summer) to combat global warming" - N64dd.

Okay, but are you already compromised? If I've already attacked you and you're just now patching, I'm still in.

@br0kenrabbit: install norton and say a prayer.

Also change the ntp port to something non-default, limit ips/urls it can connect to. White listing ips and urls is needed. That would be a good start.

My payload is listen and report. It's the same size and name as a rarely-used system file (lets say for fax), and when launched will record keystrokes, parse for non-English words (hopefully catching passwords here), and attach the result to an outgoing E-mail after 1 week.

Norton I wouldn't worry about. It would catch me if I attempted any encryption or actually altering a system file, but there's no need for that.

@br0kenrabbit: norton was a joke brah

Also the attack you’re talking about is used for ddos. I think you’re confusing what the transport layer does of OSI.

Oh, no. I switched scenarios completely with the "my payload" bit. I'm having too much fun.

We used a 'poison well' system for a particular client years (read: decades) back. There was a forward facing fake network set up that hackers could snoop around in, but it was independent of the actual real network. Any of the files a hacker may find interest in, XLS files for instance, would call back to us if downloaded and opened.

That was more for lack of a better option: back in the 90's Network security was like trying to plug a hole in a ship with tissue paper.

The worst payload I've seen is an AWARD BIOS flasher. That fucker...

Edit: And you could use NTP to access encrypted outgoing data, you could force the acceptance of an outdated (hacked) version of SSL

@br0kenrabbit: uh huh

Glad to know your attack really didn’t make much sense.

Anyways. I hope the world goes after China.

No, you just didn't think it through. I gave you the information in the first post:

forcing the use of an expired transport layer

That being an expired version of SSL. So now I got all your passwords.

@br0kenrabbit: you’re changing what you’re doing everytime and that’s not how any of this works.

Lol I’m done and we’ve derailed this thread too much.

No. Let's go through this.

Post #1

forcing the use of an expired transport layer

I now have your passwords. I'm in.

Post #2

Okay, but are you already compromised? If I've already attacked you and you're just now patching, I'm still in.

Now I get to upload whatevar I want.

Post #3

My payload is listen and report.

This is what I upload. Forget the NTP stuff, irrelevant at this point. You patched it, good job, too late.

@n64dd

The response I'm looking for isn't even technical. It's far more basic than that.

Actually from my understanding Spear Phishing is considered a targeted phishing attack from my experience.

Spear phishing is the act of sending emails to specific and well-researched targets while purporting to be a trusted sender. The aim is to either infect devices with malware or convince victims to hand over information or money.

@n64dd: Go after China! Perhaps a little military action needed?

Guess you should have read the entire link.

Do you think they should investigate china after this or anything of that effect?

Who is "they"?

Yes who?

@LJS9502_basic: other governments, the UN, etc.

Yes. I think they should investigate China, just as we should investigate the Trump administration after this is all over. We have to see exactly what went wrong.

How do you propose they do that? China is on the UN Security Council and has veto power. They're also a global economic superpower at this point and hold sway in every region of the globe. The US has also ceded a lot of influence and allies to China since Trump got into office.

I'm all for bringing nefarious actors to justice but they've got the rest of the world through the wringer. Short of going into open warfare and the consequences of that are destruction of global supply chains and the global economy, I'm not sure what exactly can be done.

We were hearing the downplaying since January.

A lot of us knew what was happening just by seeing what was leaked and the wechat conversations. It was already known that it started sometime in November. Surprised it took the west this long when neckbeards on the internet figured this shit out before anybody else.

@ratchetclank92: why do you hate them? They made everything you own. The virus sucks but the science is saying it wasn't made in a lab by Chinese.