Kilos | Maaz hi | 06:39 |
---|---|---|
Maaz | Howzit Kilos | 06:39 |
Kilos | morning all | 06:39 |
* Kilos cries | 07:36 | |
Kilos | last year hail wiped out all fruit. this year black frost wiped mulderry trees clean of leaves and fruit | 07:38 |
* Kilos loves mulberries and mulberry jam | 07:38 | |
Kilos | and its called global warming? | 07:39 |
Kilos | im freezing my nuts off | 07:39 |
Kilos | hi Tonberry_ drussell | 07:39 |
Kilos | drussell can you make our meeting tuesday night at 20.30 and tell us where unity is heading maybe | 07:41 |
nuvolari | o/ | 09:32 |
Cantide | \o | 09:34 |
Kilos | hi nuvolari Cantide | 09:54 |
Cantide | hello~ | 09:58 |
Kilos | nuvolari dis die begin van eie pad loop | 09:59 |
Kilos | https://spinnup.com/en/release/not-sorry/ | 09:59 |
charl | Maaz: coffee on | 10:17 |
* Maaz washes some mugs | 10:17 | |
charl | good afternoon all | 10:18 |
charl | hi Kilos, Cantide, nuvolari | 10:18 |
charl | Cantide: long time no spoken to, how's it going | 10:18 |
Kilos | hi charl | 10:18 |
charl | :) | 10:18 |
Maaz | Coffee's ready for charl! | 10:21 |
charl | Maaz: thanks | 10:22 |
Maaz | charl: Sure | 10:22 |
Cantide | charl, it's going well :) | 10:30 |
Cantide | how about you? | 10:30 |
* Cantide is busy soldering something | 10:30 | |
charl | i'm doing well | 10:31 |
charl | what are you doing ? | 10:31 |
charl | with the soldering i mean | 10:31 |
Kilos | haha trying to get 2 things to stick together | 10:32 |
Cantide | http://switchmodedesign.com/collections/arduino-shields/products/open-source-nixie-tube-shield | 10:47 |
Cantide | this :p | 10:47 |
charl | cool ! | 10:52 |
Kilos | ohi superfly | 12:56 |
bushtech | lol. Doing speedtest.net test. Best ping = Vodacom Lesotho | 13:08 |
charl | hi bushtech | 13:09 |
bushtech | hi charl, kilos, others | 13:10 |
Kilos | hi bushtech | 13:12 |
Kilos | koud ne | 13:12 |
bushtech | Ja, en ek sien gaan Donderdag weer koud word | 13:13 |
Kilos | eish ons het dan twee nagte swart ryp gehad, hoe veel kouer moet dit word | 13:13 |
bushtech | Eish, ons het dit gelukkig gemis | 13:14 |
Kilos | al die moerbye weg | 13:15 |
Kilos | blare en vrugte | 13:15 |
Kilos | moerbeie? | 13:15 |
Kilos | sjoe ek vergeet | 13:16 |
Kilos | daai goeters | 13:16 |
bushtech | ok 'n woord wat ek lanklaas gesien het | 13:16 |
superfly | hi Kilos | 14:10 |
Kilos | Maaz coffee on | 16:20 |
* Maaz washes some mugs | 16:20 | |
Kilos | Maaz with cremora | 16:21 |
Maaz | Ah! At last someone with taste | 16:21 |
Kilos | Maaz and milk | 16:21 |
Maaz | Now you're talking | 16:21 |
Maaz | Coffee's ready for Kilos! | 16:24 |
Kilos | Maaz thanks | 16:25 |
Maaz | Kilos: Okay :-) | 16:25 |
Kilos | hi magespawn | 16:32 |
magespawn | hi Kilos | 16:32 |
charl | hi magespawn | 17:20 |
magespawn | hi charl | 17:20 |
theblazehen | Hey all, Kilos. | 18:43 |
theblazehen | Anyone here IT for UP? | 18:44 |
theblazehen | Found something I shouldn't... | 18:44 |
Kilos | hi theblazehen | 18:44 |
magespawn | hi theblazehen | 18:47 |
theblazehen | hi magespawn | 18:47 |
magespawn | IT for UP? | 18:47 |
theblazehen | magespawn, yeah | 18:48 |
magespawn | not getting it, what is UP? | 18:48 |
theblazehen | university of pretoria | 18:48 |
magespawn | ahh right | 18:48 |
magespawn | Symmetria, might know | 18:48 |
theblazehen | ty | 18:48 |
theblazehen | It's personal info of people so I kinda wanna let someone know | 18:49 |
Kilos | i think someone that comes on here is at that varsity | 18:51 |
Kilos | one of the newish guys | 18:51 |
theblazehen | Kilos, ty | 18:52 |
Kilos | ill try remember who it is and let you know | 18:52 |
theblazehen | thanks Kilos | 18:53 |
Kilos | np | 18:54 |
Kilos | hope i got it right though, someone said they studying atm | 18:54 |
theblazehen | kk | 18:57 |
theblazehen | Got data of 218417 people ... :/ | 19:05 |
Kilos | ouch | 19:06 |
theblazehen | yeah.. | 19:06 |
theblazehen | also marketing data, but yeah.. | 19:07 |
magespawn | wow theblazehen, open database or something/ | 19:07 |
theblazehen | magespawn, db dump in csv... | 19:08 |
magespawn | hectic, looks like someone left something open that should be closed | 19:08 |
theblazehen | yeah, all marketing data is open :( | 19:10 |
theblazehen | >180 MB of data | 19:12 |
charl | good thing it was found by you and not by anonymous otherwise people would have been reading it on pastebin | 19:17 |
charl | contact the UP CERT and let them know | 19:17 |
theblazehen | charl, CERT ? | 19:20 |
charl | http://en.wikipedia.org/wiki/Computer_emergency_response_team | 19:20 |
charl | where i work we also have one | 19:20 |
charl | every university *should* have a CERT | 19:20 |
theblazehen | Can't find with quick google, any tips? | 19:21 |
charl | nah then just contact the ict department | 19:21 |
theblazehen | kk, ty | 19:21 |
charl | maybe they offer a reward for the tip :) | 19:22 |
Kilos | ya free coffee and biscuits with the head | 19:22 |
charl | nah man you ask for too little | 19:23 |
charl | at least ask for a cake | 19:23 |
Kilos | you are paving the way for your future studies | 19:23 |
Kilos | hahaha | 19:23 |
theblazehen | charl, yeah, that'd be nice! :D | 19:23 |
magespawn | or considering the way some people react to this sort of disclosure, a lawsuit | 19:36 |
theblazehen | magespawn, that'd suck... | 19:40 |
theblazehen | fuck it, ill STFU | 19:40 |
Kilos | lol | 19:41 |
theblazehen | Or anonymous mail.. yeah | 19:41 |
magespawn | that might be better | 19:43 |
theblazehen | Yeah, I'll do that | 19:54 |
theblazehen | Safe to do it with straight mail from my current server, which has reverse DNS pointing to theblazehen.com? I've been in the monthly meetings here with my IRL name | 19:55 |
magespawn | do you own theblazehen.com/ | 19:58 |
theblazehen | magespawn, yeah, but not with real name on whois | 19:58 |
theblazehen | magespawn, better to just create new VPS? | 19:59 |
charl | yeah that's true magespawn | 20:04 |
magespawn | might be a bit paranoid, i was just thinking about this http://www.htxt.co.za/2013/08/20/your-pins-accounts-and-invoices-leaked-onto-net-by-city-of-joburg/ | 20:04 |
charl | some people are really dumb | 20:04 |
charl | theblazehen: no that would be dumb, your domain records point straight back at you | 20:04 |
charl | unless you use anonymous whois but even then the registrar has the info | 20:05 |
charl | your credit card everything | 20:05 |
charl | use tor and send mail through some anonymous channel | 20:05 |
theblazehen | magespawn, got a friend who is in UP to send me the email address for someone in CS dept | 20:05 |
charl | in every mail you send your IP of the sender is also recorded | 20:05 |
theblazehen | charl, anon whois, plus fake name | 20:05 |
theblazehen | yeah, TOR sounds good | 20:05 |
charl | then they stll have your credit card details | 20:06 |
charl | the registrar i mean | 20:06 |
theblazehen | charl, shit. Can't disable? | 20:06 |
theblazehen | charl, used paypal with fake name also | 20:06 |
charl | ah whow | 20:06 |
charl | you are thorough :) | 20:06 |
charl | you border on the illegal :P | 20:06 |
Kilos | lol | 20:06 |
theblazehen | charl, hehe ; | 20:06 |
theblazehen | ) | 20:06 |
charl | but yeah your real name is linked here | 20:06 |
Kilos | bleading edge | 20:06 |
charl | nah use tor | 20:06 |
Kilos | bleeding | 20:06 |
theblazehen | charl, yeah, thats why I was thinking. Will use TOR. Any recommendations? Or just sign up for a hotmail or something? | 20:07 |
charl | hotmail is good | 20:07 |
theblazehen | kk, ty | 20:07 |
charl | you can use a service like one of https://www.google.nl/search?q=send+anonymous+email | 20:08 |
charl | but i don't know how realiable they are | 20:08 |
charl | and they might get caught in the spam filter | 20:08 |
charl | hotmail is best | 20:08 |
charl | nobody blocks hotmail | 20:08 |
theblazehen | yeah, I'll use hotmail then. Thanks for the advice :) | 20:09 |
charl | but it's sad that some people are too stupid to see the value in these tipoffs | 20:09 |
charl | how they see it as a threat, it's so brain dead | 20:09 |
charl | at least i can say these tipoffs are very much appreciated where i work | 20:10 |
charl | and that students can do it under their own name without any fear of law suits | 20:10 |
charl | i just don't know if they get cake either :P but i hope they do | 20:10 |
theblazehen | charl, hmm, thats nice. Where would that be? | 20:10 |
theblazehen | A university? | 20:10 |
charl | yes | 20:10 |
charl | i work in the ict department so to speak | 20:11 |
theblazehen | kk. Think it's likely that they'd check logs to see who accessed the files? | 20:11 |
charl | they will most definitely do that if they are smart | 20:12 |
charl | we also had an incident and they went through the logs to see who did the "pen testing" | 20:12 |
theblazehen | So they'd then see I accessed it? Maybe it's better to leave it then.. | 20:12 |
charl | i think so too | 20:12 |
charl | don't put yourself in the risk | 20:12 |
theblazehen | yeah | 20:12 |
charl | as sad as it is to say that | 20:13 |
Kilos | just get a friend to do it for you | 20:13 |
theblazehen | yep :( I'd really have liked to have cake :( | 20:13 |
Kilos | lol | 20:13 |
theblazehen | Kilos, lol | 20:13 |
charl | Kilos: then they will still look at the logs and get theblazehen's IP | 20:13 |
Kilos | oi | 20:14 |
charl | it doesn't matter who reports it now | 20:14 |
charl | if you want to do pen testing you have to use tor right from the start | 20:14 |
Kilos | well nothing bad was done so what | 20:14 |
theblazehen | charl, it was actually an accident really | 20:14 |
charl | yeah exactly that's what i also thought | 20:14 |
charl | then it's too late :) | 20:14 |
theblazehen | Was looking at their mirrors, went up a directory, then saw the "marketing" folder | 20:15 |
bushtech | the fact that you did not go in via tor but openly proves no evil intent | 20:15 |
Kilos | night guys, sleep tight. | 20:16 |
charl | bushtech: it depends on the way *they* look at it | 20:16 |
charl | nn Kilos | 20:16 |
Kilos | ask the fly for advice | 20:16 |
bushtech | but it makes a logical defence | 20:16 |
theblazehen | bushtech, logic does not always apply... | 20:17 |
theblazehen | I think I'll leave it... | 20:18 |
SilverCode | theblazehen: I say report it. More than likely the admin will be apreciative | 20:18 |
charl | btw was looking at https://www.whonix.org/ the other day | 20:19 |
theblazehen | Had a look at data, didn't have ID no's in | 20:19 |
charl | that's pretty fascinating | 20:19 |
theblazehen | SilverCode, but if not? I'd rather be safe | 20:19 |
SilverCode | theblazehen: it is unlikely the admin who fucked up, but rather someone who doesn't understand security | 20:19 |
SilverCode | theblazehen: so the admin will see the info in the correct light | 20:20 |
theblazehen | SilverCode, yeah, it was in a folder with other marketing stuff | 20:20 |
theblazehen | Still rather be safe. | 20:20 |
theblazehen | Maybe if I access the files from a few other machines? | 20:20 |
charl | theblazehen: use tor and force a different proxy every time | 20:21 |
theblazehen | yeah! | 20:21 |
charl | then at least it procudes reasonable doubt | 20:21 |
theblazehen | systemctl status openvpn@client | 20:21 |
charl | a different exit node i mean | 20:21 |
charl | there is a way to force that | 20:21 |
theblazehen | > active (running) | 20:21 |
theblazehen | :D | 20:21 |
charl | yes and some other non-tor nodes in the mix | 20:21 |
theblazehen | charl, good idea | 20:21 |
theblazehen | BTW my VPN is a tor node too | 20:22 |
theblazehen | But not exit :( | 20:22 |
charl | paranoia mode: on :) | 20:22 |
charl | nah you can never be too secure | 20:22 |
theblazehen | yeah | 20:22 |
SilverCode | theblazehen: is it a publically accessible server, or just accessible from with the UP network? | 20:23 |
theblazehen | Well unless you run LFS and communicate over IPOAC and check every packet, and route it all through TOR and then to one of your VPN's that you paid for via bitcoin? | 20:23 |
theblazehen | SilverCode, public access. | 20:24 |
theblazehen | charl, and run all that on a FPGA | 20:24 |
theblazehen | too secure? | 20:24 |
charl | makes my head spin :) | 20:24 |
charl | a field programmable gate array ... | 20:25 |
charl | sheesh | 20:25 |
theblazehen | no hardware backdoors! | 20:25 |
charl | ip over avian carriers ?! | 20:25 |
theblazehen | yeah! | 20:25 |
charl | yeah that does perhaps go over the top | 20:25 |
charl | :D | 20:25 |
theblazehen | What do they say? The safest machine is one not plugged in? | 20:26 |
theblazehen | Oh AND power off a UPS to prevent side cahnnel attacks | 20:26 |
charl | yeah | 20:26 |
theblazehen | and keep it underground and in faraday cage | 20:26 |
theblazehen | prevents thaty laser window listening thing, as well as EMI | 20:27 |
charl | yeah and if you do want to host something host in http://www.cyberbunker.com/ :) | 20:27 |
theblazehen | charl, I wish I could :( | 20:27 |
theblazehen | Barely able to pay for digital oceans cheapest + backup | 20:27 |
charl | ah digital ocean | 20:28 |
charl | was looking at them the other day | 20:28 |
charl | decided to go with tilaa instead though | 20:28 |
theblazehen | ah kk. Personal or work? | 20:28 |
charl | because digital ocean has some traffic limits | 20:28 |
charl | for personal this time | 20:28 |
charl | and tilaa has unmetered traffic | 20:28 |
charl | i just want to have ddos protection | 20:28 |
charl | so that if i do get a ddos that i don't get insane bills | 20:29 |
theblazehen | charl, hmm. Any locations in africa? | 20:29 |
theblazehen | Wait, so you pay per TB? | 20:29 |
theblazehen | Afaik DO has $0.03 per TB over cap | 20:29 |
theblazehen | or GB, can't remember | 20:29 |
charl | probably per GB | 20:29 |
charl | if you get a major incoming ddos you're screwed | 20:29 |
theblazehen | yeah, that's true. Can't you use cloudflare? | 20:30 |
charl | it's not an http server | 20:30 |
theblazehen | ah | 20:30 |
charl | i want to use it combination smtp+irc+xmpp | 20:30 |
SilverCode | ok, found the folder | 20:30 |
charl | hetzner just limits you down to 10mbps after the first 1tb | 20:31 |
SilverCode | yeah ... that is pretty well hidden | 20:31 |
theblazehen | DIY cloudflare? One or two cheap VPS's with hard data cap + round robin DNS or something? | 20:31 |
charl | tilaa is fully unlimited | 20:31 |
SilverCode | I mean, not hidden | 20:31 |
theblazehen | SilverCode, ah, kk. See what I'm talking about.. | 20:31 |
theblazehen | charl, nice | 20:31 |
charl | it is very doubtful that they can do anything to you if it's that open | 20:31 |
charl | but i don't know the legal system in z | 20:32 |
charl | za | 20:32 |
theblazehen | charl, you also see it? | 20:32 |
SilverCode | but just looking at the other stuff there, I'm not sure it is supposed to be private | 20:32 |
theblazehen | SilverCode, have you looked at the data? | 20:32 |
SilverCode | no | 20:32 |
charl | i have to go now, work tomorrow | 20:32 |
charl | have a good evening all | 20:32 |
SilverCode | just the filenames for now :) | 20:32 |
charl | and good night :) | 20:32 |
SilverCode | but now I see the "UP ALUMNI DATABASE SCAN" | 20:33 |
theblazehen | cya charl | 20:33 |
SilverCode | which probably *isn't* supposed to be there | 20:33 |
theblazehen | SilverCode, yeah, the DB is what I got.. | 20:33 |
theblazehen | so... STFU or not? | 20:34 |
SilverCode | meh, it looks like it has been sitting there for a year | 20:36 |
SilverCode | so I don't think it really matters either way | 20:36 |
theblazehen | yeah | 20:37 |
SilverCode | it looks like even the IT guys store stuff on that public FTP server | 20:40 |
theblazehen | SilverCode, yeah | 20:44 |
theblazehen | well fuck it, I won't do anything about it | 20:44 |
SilverCode | ....so I think that DB dump are the least of their problems | 20:45 |
SilverCode | I'm pretty sure one of these log file backups has the unshadowed version of their root password | 20:45 |
theblazehen | SilverCode, damn.. | 21:00 |
theblazehen | well.. /me gets tor browser :D | 21:00 |
theblazehen | SilverCode, directory? Nothing in pub/up/it | 21:02 |
theblazehen | SilverCode, I'm not finding anything? | 21:10 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!