a 2015 CVE lol.Yes, using software that hasn't been updated in 2 years could pwn you (there's no public PoC of any of the family of CVEs in that link.) Using software that hasn't been updated in 2 years could pwn you and you woudn't even need to click the link either.. What is the point of your post?
edit; nevermind, ddn't see the date. nonetheless, they could just embed the pdf to pwn you. stop being reactionary especially for something with no known PoC and no known use of the bug to exploit anything. Reminds me of the people @ assemblergamer that think they're being spied on by the NSA, as if they're important lol.
My point? Don't click random links put on by people with small post counts, it's a very common threat vector for building up botnets (Yes, people still use botnets). In 2 years, the OP has 50 posts, he had a lot less when he posted this random link. That CVE was an example. You honestly think there's no 0-day PDF attacks? Heck, how many people even checked the link was a PDF.
What's YOUR point, that you should click on random links posted by new people in threads? Sounds like a great idea to me. Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
>It's a very common threat vector for building up botnets (Yes, people still use botnets)
This just reads like you have no idea what you're talking about. "people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
>You honestly think there's no 0-day PDF attacks?
First of all: PDF is a file format. Are you talking about an Acrobat Reader 0day? pdf.js? foxit?
Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
>Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
"Don't go outside because you might catch a cold." "Don't drive a car because you might get hit." It's plain fearmongering, and your comment about being a "security engineer" is completely irrelevant; I could bring up the fact I have a bunch of CVEs under my name, but that wouldn't change anything. You don't work for NA, so it doesn't make your job harder. Clicking on websites is not something people shouldn't do. If software has a bug, blame the developer, not the user.
At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats.
>"people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years. But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots? It's what captcha was invented for.
>Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago.
>Clicking on websites is not something people shouldn't do
This is very bad advice. It's the same as telling people it's ok to click random links they are emailed. You know better than that. Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps.
Edit: And finding a bug in graphviz doesn't mean it's still a smart idea to tell people to click on PDFs from untrusted sources. I don't care who you are, that's bad security in anyones book, and aginst most companies coperate policies for a reason.
ozzy 98- I don't think you need to feel like you are a chaperone to the forum users here. Let them make their own decisions on what's dangerous on the net... Just my thought on this matter. Anyway, if people want to continue discussing internet safety on this post then feel free
a 2015 CVE lol.Yes, using software that hasn't been updated in 2 years could pwn you (there's no public PoC of any of the family of CVEs in that link.) Using software that hasn't been updated in 2 years could pwn you and you woudn't even need to click the link either.. What is the point of your post?
edit; nevermind, ddn't see the date. nonetheless, they could just embed the pdf to pwn you. stop being reactionary especially for something with no known PoC and no known use of the bug to exploit anything. Reminds me of the people @ assemblergamer that think they're being spied on by the NSA, as if they're important lol.
My point? Don't click random links put on by people with small post counts, it's a very common threat vector for building up botnets (Yes, people still use botnets). In 2 years, the OP has 50 posts, he had a lot less when he posted this random link. That CVE was an example. You honestly think there's no 0-day PDF attacks? Heck, how many people even checked the link was a PDF.
What's YOUR point, that you should click on random links posted by new people in threads? Sounds like a great idea to me. Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
>It's a very common threat vector for building up botnets (Yes, people still use botnets)
This just reads like you have no idea what you're talking about. "people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
>You honestly think there's no 0-day PDF attacks?
First of all: PDF is a file format. Are you talking about an Acrobat Reader 0day? pdf.js? foxit?
Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
>Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
"Don't go outside because you might catch a cold." "Don't drive a car because you might get hit." It's plain fearmongering, and your comment about being a "security engineer" is completely irrelevant; I could bring up the fact I have a bunch of CVEs under my name, but that wouldn't change anything. You don't work for NA, so it doesn't make your job harder. Clicking on websites is not something people shouldn't do. If software has a bug, blame the developer, not the user.
At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats.
>"people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years. But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots? It's what captcha was invented for.
>Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago.
>Clicking on websites is not something people shouldn't do
This is very bad advice. It's the same as telling people it's ok to click random links they are emailed. You know better than that. Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps.
"At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats."
Except that there wasn't. The post was from Dec 15 2015, and the CVE you linked was from March 2015. Feel free to tell me the CVEs and link me to a writeup of these supposed "huge rash of multi-platform PDF attacks." There was a Flash 0day being used by Angular at the time, though.
"You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago."
With the highly personalized message such as OPs? No, they do not, unless they're specifically targeting somebody (in which case it wouldn't be a bot.)
"If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years."
"But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots?"
Bots can be used for anything, obviously. Most of them are just rented out or sold. Xrumer (the forum spam software) would not be used to spread exploits which use 0days.
"Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps. "
Yes, because by implying that a 0day would ever be wasted on some random forum (or any forum at all, really) really makes you seem smart. And hey, looks like you got your dates wrong too, considering there was no 'multi-platform pdf attack' in december 2015.
Of games- "Writing a book about the NES and Nintendo in PAL regions and Asia/Korea/Hong Kong/India/etc. Contact me if you have anything interesting about this."
If you are writing a book on PAL you should check out this book: http://www.syntaxerror.nu/abandon/#. I have not read it myself but what I have seen of it, it may be something you can use for research. It only cover SCN if i recall, but he may have made a extended version or something. Book is in Swedish though. But maybe google translate can work something out.
I saw his book after I had begun on my hack NES book. Had I seen it before, I would have just bought that and not started on this OCD road of copy/paste PDFs/books.
Of games- "Writing a book about the NES and Nintendo in PAL regions and Asia/Korea/Hong Kong/India/etc. Contact me if you have anything interesting about this."
If you are writing a book on PAL you should check out this book: http://www.syntaxerror.nu/abandon...#. I have not read it myself but what I have seen of it, it may be something you can use for research. It only cover SCN if i recall, but he may have made a extended version or something. Book is in Swedish though. But maybe google translate can work something out.
I saw his book after I had begun on my hack NES book. Had I seen it before, I would have just bought that and not started on this OCD road of copy/paste PDFs/books.
My research is mostly PAL-A stuff (aka not Sweden), but I have read about PAL-B regions and know some stuff. Which book is about the history of the NES there? NES-XX-SCN? Based on google translation it seems it's a "collectors guide", but I might be wrong. My book is about the actual history, rather than just looking at every game/developer (of course, I do look at some games for examples, but not in the graphical way others have.) Thanks for the suggestion though!
NES-XX-SCN-1 is the newest version I think. I think it's a collectors guide but much more in dept, where he writes about what was included with each game. Like on example was a typing error, so bergsala added a piece of paper where it said something about it (i think). I haven't seen the doc, but I guess there is a lot of hearsay when it comes to this I haven't heard about the book in your link before, but I know of another (or maybe it's the same) french company that have made a bunch of premium books on video game system. If I am not mistaken, I do believe they made a NES book also. I think the company is named Pixel or something. If I could read french, then those books would probably sit in my bookshelf
"At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats."
Except that there wasn't. The post was from Dec 15 2015, and the CVE you linked was from March 2015. Feel free to tell me the CVEs and link me to a writeup of these supposed "huge rash of multi-platform PDF attacks." There was a Flash 0day being used by Angular at the time, though.
"You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago."
With the highly personalized message such as OPs? No, they do not, unless they're specifically targeting somebody (in which case it wouldn't be a bot.)
"If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years."
http://blog.trendmicro.com/the-st...https://betanews.com/2015/10/23/h... " There are more sophisticated botnets than ever before and they’re engaging in a wider array of bad behavior." Ever since every skiddy got their hands on Zeus (holy shit it's been 7 years or so) and other variants, usage has been up
"But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots?"
Bots can be used for anything, obviously. Most of them are just rented out or sold. Xrumer (the forum spam software) would not be used to spread exploits which use 0days.
"Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps. "
Yes, because by implying that a 0day would ever be wasted on some random forum (or any forum at all, really) really makes you seem smart. And hey, looks like you got your dates wrong too, considering there was no 'multi-platform pdf attack' in december 2015.
This should just be taken to PM, it's nothing more than a personal attack.
I can not tell you any details about the PDF issues we were seeing, they were a TLP Amber. If you have access to the proper channels, you can look them up there. I honestly wouldn't know when they went public, it was 2 years ago.
>With the highly personalized message such as OPs?
Actually, yes, they have. Have you ever looked at the attacks performed directly to companies? A lot of mass bots will have something like a text file, just add the strings\text for the sites you want, and better ones could do some minor replacements. So one game forum might get a post just like this, another one on the list would get a slightly diffrent post.
Again, I'm done, this isn't the proper place for this, anything more, let's take it to pm. It's your view that people should click any link to any site without concern? Because this goes aginst most of your peers in the indrustry.
Yeah that's the same French company. Most of it very well known info, however around 40 pages talks about the French region, which is what I read. I believe the publisher had a falling out with all their customers so there's no English version (http://www.neogaf.com/forum/showthread.php?t=825499) The physical book is really low quality and pages fall out when reading it(seriously...)
This is the Swedish doc: which has English closed captions. It is interesting, but it has many falsehoods. The whole thing about the Famicom nearly being released in Sweden is very unlikely to be true for multiple reasons.
Some of my work seems similar to NES-XX-SCN-1 then. I've made sure to find out why certain inserts were used / etc., and put them into my writing so it feels natural. Nothing major was put into any PAL-A games as far as I remember, or at least as major as actually saying something was wrong in the game. 1 example would have been http://nintendoage.com/forum/messageview.cfm?StartRow=26&catid=5&threadid=168578 where I would write in the section talking about publishers, and using this no-styro as an example of publishers being given the option to change things in the packaging, and then I would have said why the 2 publishers for mckids/mcdonaldland and captain planet did this. alas, after contacting everybody that worked on the 2 games, nobody remembers.
this is the full documentary:
which i have not watched because I don't understand it.
Your project sounds fun. I would really like to read your PDF/book when you're done Take it easy and have fun on your book, and don't rush it (like I do on stuff)
Had some downtime yesterday and read through the 7800 e-book. Good stuff.
I can tell you put a lot of time into this. If there is a way to submit reports of typos, inaccurate info, etc, please let me know as I found a few in that one
Don't argue with ozzy. He's the be-all end all security master. He's surely to tell you at least once per week what he does, as if it makes a difference.
Had some downtime yesterday and read through the 7800 e-book. Good stuff.
I can tell you put a lot of time into this. If there is a way to submit reports of typos, inaccurate info, etc, please let me know as I found a few in that one
Keep it going!
You can send it to me on mail if you want sennep@hotmail.com. I can't promise that I get it done in the near future though. But I appreciate the help
ozzy 98- I don't think you need to feel like you are a chaperone to the forum users here. Let them make their own decisions on what's dangerous on the net... Just my thought on this matter. Anyway, if people want to continue discussing internet safety on this post then feel free
That's just the kinda talk I'd expect to hear from a Martian-Russian Commie!
ozzy 98- I don't think you need to feel like you are a chaperone to the forum users here. Let them make their own decisions on what's dangerous on the net... Just my thought on this matter. Anyway, if people want to continue discussing internet safety on this post then feel free
That's just the kinda talk I'd expect to hear from a Martian-Russian Commie!
Comments
Hey guys, let's click on random PDF's! https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7650 I'm sure they're fine.
a 2015 CVE lol.Yes, using software that hasn't been updated in 2 years could pwn you (there's no public PoC of any of the family of CVEs in that link.) Using software that hasn't been updated in 2 years could pwn you and you woudn't even need to click the link either.. What is the point of your post?
edit; nevermind, ddn't see the date. nonetheless, they could just embed the pdf to pwn you. stop being reactionary especially for something with no known PoC and no known use of the bug to exploit anything. Reminds me of the people @ assemblergamer that think they're being spied on by the NSA, as if they're important lol.
My point? Don't click random links put on by people with small post counts, it's a very common threat vector for building up botnets (Yes, people still use botnets). In 2 years, the OP has 50 posts, he had a lot less when he posted this random link. That CVE was an example. You honestly think there's no 0-day PDF attacks? Heck, how many people even checked the link was a PDF.
What's YOUR point, that you should click on random links posted by new people in threads? Sounds like a great idea to me. Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
>It's a very common threat vector for building up botnets (Yes, people still use botnets)
This just reads like you have no idea what you're talking about. "people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
>You honestly think there's no 0-day PDF attacks?
First of all: PDF is a file format. Are you talking about an Acrobat Reader 0day? pdf.js? foxit?
Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
>Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
"Don't go outside because you might catch a cold." "Don't drive a car because you might get hit." It's plain fearmongering, and your comment about being a "security engineer" is completely irrelevant; I could bring up the fact I have a bunch of CVEs under my name, but that wouldn't change anything. You don't work for NA, so it doesn't make your job harder. Clicking on websites is not something people shouldn't do. If software has a bug, blame the developer, not the user.
At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats.
>"people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years. But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots? It's what captcha was invented for.
>Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago.
>Clicking on websites is not something people shouldn't do
This is very bad advice. It's the same as telling people it's ok to click random links they are emailed. You know better than that. Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps.
Edit: And finding a bug in graphviz doesn't mean it's still a smart idea to tell people to click on PDFs from untrusted sources. I don't care who you are, that's bad security in anyones book, and aginst most companies coperate policies for a reason.
Hey guys, let's click on random PDF's! https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7650 I'm sure they're fine.
a 2015 CVE lol.Yes, using software that hasn't been updated in 2 years could pwn you (there's no public PoC of any of the family of CVEs in that link.) Using software that hasn't been updated in 2 years could pwn you and you woudn't even need to click the link either.. What is the point of your post?
edit; nevermind, ddn't see the date. nonetheless, they could just embed the pdf to pwn you. stop being reactionary especially for something with no known PoC and no known use of the bug to exploit anything. Reminds me of the people @ assemblergamer that think they're being spied on by the NSA, as if they're important lol.
My point? Don't click random links put on by people with small post counts, it's a very common threat vector for building up botnets (Yes, people still use botnets). In 2 years, the OP has 50 posts, he had a lot less when he posted this random link. That CVE was an example. You honestly think there's no 0-day PDF attacks? Heck, how many people even checked the link was a PDF.
What's YOUR point, that you should click on random links posted by new people in threads? Sounds like a great idea to me. Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
>It's a very common threat vector for building up botnets (Yes, people still use botnets)
This just reads like you have no idea what you're talking about. "people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
>You honestly think there's no 0-day PDF attacks?
First of all: PDF is a file format. Are you talking about an Acrobat Reader 0day? pdf.js? foxit?
Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
>Stop telling people to do dumb things, it makes my job, as a security engineer, a hell of a lot harder. The fact that it was a PDF just made it worse.
"Don't go outside because you might catch a cold." "Don't drive a car because you might get hit." It's plain fearmongering, and your comment about being a "security engineer" is completely irrelevant; I could bring up the fact I have a bunch of CVEs under my name, but that wouldn't change anything. You don't work for NA, so it doesn't make your job harder. Clicking on websites is not something people shouldn't do. If software has a bug, blame the developer, not the user.
At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats.
>"people still use botnets" lol.. really? omg no way! There's literally thousands of botnets in operation, and they don't get spread by someone posting on random Nintendo forums; and especially not using a new xploit.
If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years. But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots? It's what captcha was invented for.
>Second: You think someone is going to burn a 0day on some random Nintendo forum? lmao.
You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago.
>Clicking on websites is not something people shouldn't do
This is very bad advice. It's the same as telling people it's ok to click random links they are emailed. You know better than that. Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps.
"At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats."
Except that there wasn't. The post was from Dec 15 2015, and the CVE you linked was from March 2015. Feel free to tell me the CVEs and link me to a writeup of these supposed "huge rash of multi-platform PDF attacks." There was a Flash 0day being used by Angular at the time, though.
"You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago."
With the highly personalized message such as OPs? No, they do not, unless they're specifically targeting somebody (in which case it wouldn't be a bot.)
"If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years."
http://blog.trendmicro.com/the-state-of-botnets-in-late-2015-and-early-2016/ https://betanews.com/2015/10/23/how-spam-and-botnets-have-become-big-business-qa/ " There are more sophisticated botnets than ever before and they’re engaging in a wider array of bad behavior." Ever since every skiddy got their hands on Zeus (holy shit it's been 7 years or so) and other variants, usage has been up
"But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots?"
Bots can be used for anything, obviously. Most of them are just rented out or sold. Xrumer (the forum spam software) would not be used to spread exploits which use 0days.
"Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps. "
Yes, because by implying that a 0day would ever be wasted on some random forum (or any forum at all, really) really makes you seem smart. And hey, looks like you got your dates wrong too, considering there was no 'multi-platform pdf attack' in december 2015.
If you are writing a book on PAL you should check out this book: http://www.syntaxerror.nu/abandon/#. I have not read it myself but what I have seen of it, it may be something you can use for research. It only cover SCN if i recall, but he may have made a extended version or something. Book is in Swedish though. But maybe google translate can work something out.
I saw his book after I had begun on my hack NES book. Had I seen it before, I would have just bought that and not started on this OCD road of copy/paste PDFs/books.
Of games- "Writing a book about the NES and Nintendo in PAL regions and Asia/Korea/Hong Kong/India/etc. Contact me if you have anything interesting about this."
If you are writing a book on PAL you should check out this book: http://www.syntaxerror.nu/abandon...#. I have not read it myself but what I have seen of it, it may be something you can use for research. It only cover SCN if i recall, but he may have made a extended version or something. Book is in Swedish though. But maybe google translate can work something out.
I saw his book after I had begun on my hack NES book. Had I seen it before, I would have just bought that and not started on this OCD road of copy/paste PDFs/books.
My research is mostly PAL-A stuff (aka not Sweden), but I have read about PAL-B regions and know some stuff. Which book is about the history of the NES there? NES-XX-SCN? Based on google translation it seems it's a "collectors guide", but I might be wrong. My book is about the actual history, rather than just looking at every game/developer (of course, I do look at some games for examples, but not in the graphical way others have.) Thanks for the suggestion though!
There was a video 'documentary' with the guy who ran the SCN distributor, however it contains a lot that wasn't true, like Sweden being the first place outside of Japan and America to receive the NES.. There's also a French book (http://www.ebay.com.au/itm/La-storia-di-Nintendo-1983-2003-Famicon-Nintendo-Entertainment-System-Florent-G-/232410302430?epid=1205725785&hash=item361cbbc7de:g:rWsAAOSwd3dZacNd) which I bought and read, which was very informative, but I had to use google translate for it.
"At the time of the post, there was a hugh rash of multi-platform PDF attacks. One PDF would attack more than one PDF product, because they load up attacks for more than one product. At the time of this post, I was actively making IPS strings to detect some zero-day threats."
Except that there wasn't. The post was from Dec 15 2015, and the CVE you linked was from March 2015. Feel free to tell me the CVEs and link me to a writeup of these supposed "huge rash of multi-platform PDF attacks." There was a Flash 0day being used by Angular at the time, though.
"You think it would just be one forum? And are you claiming bots do NOT spam threats in forums? Because history disagrees with you. ESPECIALLY 2 years ago."
With the highly personalized message such as OPs? No, they do not, unless they're specifically targeting somebody (in which case it wouldn't be a bot.)
"If you work in this indrustry, you are quite out of touch then. Botnet usage has actually declined in the last two years."
http://blog.trendmicro.com/the-st... https://betanews.com/2015/10/23/h... " There are more sophisticated botnets than ever before and they’re engaging in a wider array of bad behavior." Ever since every skiddy got their hands on Zeus (holy shit it's been 7 years or so) and other variants, usage has been up
"But you know what these botnets were used for? Some of them would flood email and forums with links to spread themselves. Honestly, you don't remember spam bots?"
Bots can be used for anything, obviously. Most of them are just rented out or sold. Xrumer (the forum spam software) would not be used to spread exploits which use 0days.
"Stop trying to sound smarter about security than you are, when you can't even be bothered to look at time stamps. "
Yes, because by implying that a 0day would ever be wasted on some random forum (or any forum at all, really) really makes you seem smart. And hey, looks like you got your dates wrong too, considering there was no 'multi-platform pdf attack' in december 2015.
This should just be taken to PM, it's nothing more than a personal attack.
I can not tell you any details about the PDF issues we were seeing, they were a TLP Amber. If you have access to the proper channels, you can look them up there. I honestly wouldn't know when they went public, it was 2 years ago.
>With the highly personalized message such as OPs?
Actually, yes, they have. Have you ever looked at the attacks performed directly to companies? A lot of mass bots will have something like a text file, just add the strings\text for the sites you want, and better ones could do some minor replacements. So one game forum might get a post just like this, another one on the list would get a slightly diffrent post.
Again, I'm done, this isn't the proper place for this, anything more, let's take it to pm. It's your view that people should click any link to any site without concern? Because this goes aginst most of your peers in the indrustry.
This is the Swedish doc:
Some of my work seems similar to NES-XX-SCN-1 then. I've made sure to find out why certain inserts were used / etc., and put them into my writing so it feels natural. Nothing major was put into any PAL-A games as far as I remember, or at least as major as actually saying something was wrong in the game. 1 example would have been http://nintendoage.com/forum/messageview.cfm?StartRow=26&catid=5&threadid=168578 where I would write in the section talking about publishers, and using this no-styro as an example of publishers being given the option to change things in the packaging, and then I would have said why the 2 publishers for mckids/mcdonaldland and captain planet did this. alas, after contacting everybody that worked on the 2 games, nobody remembers.
this is the full documentary:
which i have not watched because I don't understand it.
@ozzy
no thanks. but "i can not tell you any details" yet you linked a cve (which was 9 months old.) https://nvd.nist.gov/vuln/search/results?adv_search=true&form_type=advanced&results_type=overview&query=pdf&pub_date_start_month=10&pub_date_start_year=2015&pub_date_end_month=0&pub_date_end_year=2016 feel free to tell me which one was being used.
I can tell you put a lot of time into this. If there is a way to submit reports of typos, inaccurate info, etc, please let me know as I found a few in that one
Keep it going!
Had some downtime yesterday and read through the 7800 e-book. Good stuff.
I can tell you put a lot of time into this. If there is a way to submit reports of typos, inaccurate info, etc, please let me know as I found a few in that one
Keep it going!
You can send it to me on mail if you want sennep@hotmail.com. I can't promise that I get it done in the near future though. But I appreciate the help
ozzy 98- I don't think you need to feel like you are a chaperone to the forum users here. Let them make their own decisions on what's dangerous on the net... Just my thought on this matter. Anyway, if people want to continue discussing internet safety on this post then feel free
That's just the kinda talk I'd expect to hear from a Martian-Russian Commie!
(Books are cool by the way)
ozzy 98- I don't think you need to feel like you are a chaperone to the forum users here. Let them make their own decisions on what's dangerous on the net... Just my thought on this matter. Anyway, if people want to continue discussing internet safety on this post then feel free
That's just the kinda talk I'd expect to hear from a Martian-Russian Commie!
(Books are cool by the way)
Sorry, didn't get the joke/insult/comment
Glad you like the books though