That's genius. I didn't think you could modify RAM from a sub device.
-snip-
[QUOTE=Sombrero;51385632]That's genius. I didn't think you could modify RAM from a sub device.[/QUOTE]
It can't. It pretends to be a network adapter to hijack your packets.
This isn't a new idea, this kind of shit's been existent for a while.
[QUOTE=gk99;51386425]This isn't a new idea, this kind of shit's been existent for a while.[/QUOTE]
No one claims it to be a new idea, just a very portable and easily executable one.
But can it do your laundry?
[QUOTE=gk99;51386425]This isn't a new idea, this kind of shit's been existent for a while.[/QUOTE]
Yeah, it's just that everyone knows not to be smug about programming on a pi.
Look at that guys face ffs, this is ridiculous
[QUOTE=Natrox;51386288]It can't. It pretends to be a network adapter to hijack your packets.[/QUOTE]
I'm assuming it has to be connected to the computer itself
[QUOTE]The tool called Poison Tap can break into a password-protected computer if the user has left an internet browser running in the background.
The attacker can then remotely use the victim's web accounts undetected.[/QUOTE]
like you plug it in and that's how its magic works
Mitigated by using HTTPS, which just about every major or respected site uses, so this really isn't that big of a deal.
[QUOTE=Sombrero;51385632]That's genius. I didn't think you could modify RAM from a sub device.[/QUOTE]
Not from USB (as Natrox mentioned), but a few other ports allow it so you can do just about anything if there's one of those.
There are I think PCI and Firewire devices for law enforcement that take RAM dumps.
Eh? That PCB is a Raspberry Pi Zero is it not?
[editline]17th November 2016[/editline]
Oh I see how it's doing it now.
[QUOTE=rndgenerator;51386929]No one claims it to be a new idea, just a very portable and easily executable one.[/QUOTE]
Generally when it's referred to as "news" I'd hope that it's "new."
And I mean it was already portable, the only interesting part about this is "easily executable" and if you're bothering to try and break onto a machine having to enter some batch commands probably isn't going to stop you
[QUOTE=Tamschi;51387269]Not from USB (as Natrox mentioned), but a few other ports allow it so you can do just about anything if there's one of those.
There are I think PCI and Firewire devices for law enforcement that take RAM dumps.[/QUOTE]
firewire is actually the spawn of satan
also: this "exploit" isn't really much of one especially if the network connections are already open or have a network iface already set for use.
[editline]18th November 2016[/editline]
also yes HTTPS and IP verification that major sites use
[QUOTE=Map in a box;51392272]firewire is actually the spawn of satan
also: this "exploit" isn't really much of one especially if the network connections are already open or have a network iface already set for use.
[editline]18th November 2016[/editline]
also yes HTTPS and IP verification that major sites use[/QUOTE]
I don't think IP verification would necessarily help, but HTTPS should (barring malicious 'legitimate' certificates).
[QUOTE=Tamschi;51394185]I don't think IP verification would necessarily help, but HTTPS should (barring malicious 'legitimate' certificates).[/QUOTE]
IP verification as in, if you want it to be useful, you have to duplciate the cookies on another machine.
[QUOTE=Map in a box;51397147]IP verification as in, if you want it to be useful, you have to duplciate the cookies on another machine.[/QUOTE]
It's so annoying if/when websites do that though.
You have mostly static addresses in the US, but here in Europe they usually change daily.
[QUOTE=Tamschi;51397206]It's so annoying if/when websites do that though.
You have mostly static addresses in the US, but here in Europe they usually change daily.[/QUOTE]
Its mainly only done for sites you'd want it done for, like banks and whatnot IIRC, and I think Google does it for their "secure sign in" -- eg to access account history and whatnot
Sorry, you need to Log In to post a reply to this thread.