/srv/irclogs.ubuntu.com/2014/08/24/#ubuntu-za.txt

KilosMaaz  hi06:39
MaazHowzit Kilos06:39
Kilosmorning all06:39
* Kilos cries07:36
Kiloslast year hail wiped out all fruit. this year black frost wiped mulderry trees clean of leaves and fruit07:38
* Kilos loves mulberries and mulberry jam07:38
Kilosand its called global warming?07:39
Kilosim freezing my nuts off07:39
Kiloshi Tonberry_  drussell  07:39
Kilosdrussell  can you make our meeting tuesday night at 20.30 and tell us where unity is heading maybe07:41
nuvolario/ 09:32
Cantide\o09:34
Kiloshi nuvolari  Cantide  09:54
Cantidehello~09:58
Kilosnuvolari  dis die begin van eie pad loop09:59
Kiloshttps://spinnup.com/en/release/not-sorry/09:59
charlMaaz: coffee on10:17
* Maaz washes some mugs10:17
charlgood afternoon all10:18
charlhi Kilos, Cantide, nuvolari 10:18
charlCantide: long time no spoken to, how's it going10:18
Kiloshi charl  10:18
charl:)10:18
MaazCoffee's ready for charl!10:21
charlMaaz: thanks10:22
Maazcharl: Sure10:22
Cantidecharl, it's going well :)10:30
Cantidehow about you?10:30
* Cantide is busy soldering something10:30
charli'm doing well10:31
charlwhat are you doing ?10:31
charlwith the soldering i mean10:31
Kiloshaha trying to get 2 things to stick together10:32
Cantidehttp://switchmodedesign.com/collections/arduino-shields/products/open-source-nixie-tube-shield10:47
Cantidethis :p10:47
charlcool !10:52
Kilosohi superfly  12:56
bushtechlol. Doing speedtest.net test. Best ping = Vodacom Lesotho13:08
charl hi bushtech 13:09
bushtechhi charl, kilos, others13:10
Kiloshi bushtech  13:12
Kiloskoud ne13:12
bushtechJa, en ek sien gaan Donderdag weer koud word13:13
Kiloseish ons het dan twee nagte swart ryp gehad, hoe veel kouer moet dit word13:13
bushtechEish, ons het dit gelukkig gemis13:14
Kilosal die moerbye weg13:15
Kilosblare en vrugte13:15
Kilosmoerbeie?13:15
Kilossjoe ek vergeet13:16
Kilosdaai goeters13:16
bushtechok 'n woord wat ek lanklaas gesien het13:16
superflyhi Kilos14:10
KilosMaaz  coffee on16:20
* Maaz washes some mugs16:20
KilosMaaz  with cremora16:21
MaazAh! At last someone with taste16:21
KilosMaaz  and milk16:21
MaazNow you're talking16:21
MaazCoffee's ready for Kilos!16:24
KilosMaaz  thanks16:25
MaazKilos: Okay :-)16:25
Kiloshi magespawn  16:32
magespawnhi Kilos16:32
charlhi magespawn 17:20
magespawnhi charl 17:20
theblazehenHey all, Kilos.18:43
theblazehenAnyone here IT for UP?18:44
theblazehenFound something I shouldn't...18:44
Kiloshi theblazehen  18:44
magespawnhi theblazehen 18:47
theblazehenhi magespawn 18:47
magespawnIT for UP?18:47
theblazehenmagespawn, yeah18:48
magespawnnot getting it, what is UP?18:48
theblazehenuniversity of pretoria18:48
magespawnahh right18:48
magespawnSymmetria, might know18:48
theblazehenty18:48
theblazehenIt's personal info of people so I kinda wanna let someone know18:49
Kilosi think someone that comes on here is at that varsity18:51
Kilosone of the newish guys18:51
theblazehenKilos, ty18:52
Kilosill try remember who it is and let you know18:52
theblazehenthanks Kilos 18:53
Kilosnp18:54
Kiloshope i got it right though, someone said they studying atm18:54
theblazehenkk18:57
theblazehenGot data of 218417 people ... :/19:05
Kilosouch19:06
theblazehenyeah..19:06
theblazehenalso marketing data, but yeah..19:07
magespawnwow theblazehen, open database or something/19:07
theblazehenmagespawn, db dump in csv...19:08
magespawnhectic, looks like someone left something open that should be closed19:08
theblazehenyeah, all marketing data is open :(19:10
theblazehen>180 MB of data19:12
charlgood thing it was found by you and not by anonymous otherwise people would have been reading it on pastebin19:17
charlcontact the UP CERT and let them know19:17
theblazehencharl, CERT ?19:20
charlhttp://en.wikipedia.org/wiki/Computer_emergency_response_team19:20
charlwhere i work we also have one19:20
charlevery university *should* have a CERT19:20
theblazehenCan't find with quick google, any tips?19:21
charlnah then just contact the ict department19:21
theblazehenkk, ty19:21
charlmaybe they offer a reward for the tip :)19:22
Kilosya free coffee and biscuits with the head19:22
charlnah man you ask for too little19:23
charlat least ask for a cake19:23
Kilosyou are paving the way for your future studies19:23
Kiloshahaha19:23
theblazehencharl, yeah, that'd be nice! :D19:23
magespawnor considering the way some people react to this sort of disclosure, a lawsuit19:36
theblazehenmagespawn, that'd suck...19:40
theblazehenfuck it, ill STFU19:40
Kiloslol19:41
theblazehenOr anonymous mail.. yeah19:41
magespawnthat might be better19:43
theblazehenYeah, I'll do that19:54
theblazehenSafe to do it with straight mail from my current server, which has reverse DNS pointing to theblazehen.com? I've been in the monthly meetings here with my IRL name19:55
magespawndo you own theblazehen.com/19:58
theblazehenmagespawn, yeah, but not with real name on whois19:58
theblazehenmagespawn, better to just create new VPS?19:59
charlyeah that's true magespawn 20:04
magespawnmight be a bit paranoid, i was just thinking about this http://www.htxt.co.za/2013/08/20/your-pins-accounts-and-invoices-leaked-onto-net-by-city-of-joburg/20:04
charlsome people are really dumb20:04
charltheblazehen: no that would be dumb, your domain records point straight back at you20:04
charlunless you use anonymous whois but even then the registrar has the info20:05
charlyour credit card everything20:05
charluse tor and send mail through some anonymous channel20:05
theblazehenmagespawn, got a friend who is in UP to send me the email address for someone in CS dept20:05
charlin every mail you send your IP of the sender is also recorded20:05
theblazehencharl, anon whois, plus fake name20:05
theblazehenyeah, TOR sounds good20:05
charlthen they stll have your credit card details20:06
charlthe registrar i mean20:06
theblazehencharl, shit. Can't disable?20:06
theblazehencharl, used paypal with fake name also20:06
charlah whow20:06
charlyou are thorough :)20:06
charlyou border on the illegal :P20:06
Kiloslol20:06
theblazehencharl, hehe ;20:06
theblazehen)20:06
charlbut yeah your real name is linked here20:06
Kilosbleading edge20:06
charlnah use tor20:06
Kilosbleeding20:06
theblazehencharl, yeah, thats why I was thinking. Will use TOR. Any recommendations? Or just sign up for a hotmail or something?20:07
charlhotmail is good20:07
theblazehenkk, ty20:07
charlyou can use a service like one of https://www.google.nl/search?q=send+anonymous+email20:08
charlbut i don't know how realiable they are20:08
charland they might get caught in the spam filter20:08
charlhotmail is best20:08
charlnobody blocks hotmail20:08
theblazehenyeah, I'll use hotmail then. Thanks for the advice :)20:09
charlbut it's sad that some people are too stupid to see the value in these tipoffs20:09
charlhow they see it as a threat, it's so brain dead20:09
charlat least i can say these tipoffs are very much appreciated where i work20:10
charland that students can do it under their own name without any fear of law suits20:10
charli just don't know if they get cake either :P but i hope they do20:10
theblazehencharl, hmm, thats nice. Where would that be?20:10
theblazehenA university?20:10
charlyes20:10
charli work in the ict department so to speak20:11
theblazehenkk. Think it's likely that they'd check logs to see who accessed the files?20:11
charlthey will most definitely do that if they are smart20:12
charlwe also had an incident and they went through the logs to see who did the "pen testing"20:12
theblazehenSo they'd then see I accessed it? Maybe it's better to leave it then..20:12
charli think so too20:12
charldon't put yourself in the risk20:12
theblazehenyeah20:12
charlas sad as it is to say that20:13
Kilosjust get a friend to do it for you20:13
theblazehenyep :( I'd really have liked to have cake :(20:13
Kiloslol20:13
theblazehenKilos, lol20:13
charlKilos: then they will still look at the logs and get theblazehen's IP20:13
Kilosoi20:14
charlit doesn't matter who reports it now20:14
charlif you want to do pen testing you have to use tor right from the start20:14
Kiloswell nothing bad was done so what20:14
theblazehencharl, it was actually an accident really20:14
charlyeah exactly that's what i also thought20:14
charlthen it's too late :)20:14
theblazehenWas looking at their mirrors, went up a directory, then saw the "marketing" folder20:15
bushtechthe fact that you did not go in via tor but openly proves no evil intent20:15
Kilosnight guys, sleep tight.20:16
charlbushtech: it depends on the way *they* look at it20:16
charlnn Kilos 20:16
Kilosask the fly for advice20:16
bushtechbut it makes a logical defence20:16
theblazehenbushtech, logic does not always apply...20:17
theblazehenI think I'll leave it... 20:18
SilverCodetheblazehen: I say report it. More than likely the admin will be apreciative20:18
charlbtw was looking at https://www.whonix.org/ the other day20:19
theblazehenHad a look at data, didn't have ID no's in20:19
charlthat's pretty fascinating20:19
theblazehenSilverCode, but if not? I'd rather be safe20:19
SilverCodetheblazehen: it is unlikely the admin who fucked up, but rather someone who doesn't understand security20:19
SilverCodetheblazehen: so the admin will see the info in the correct light20:20
theblazehenSilverCode, yeah, it was in a folder with other marketing stuff20:20
theblazehenStill rather be safe.20:20
theblazehenMaybe if I access the files from a few other machines?20:20
charltheblazehen: use tor and force a different proxy every time20:21
theblazehenyeah!20:21
charlthen at least it procudes reasonable doubt20:21
theblazehensystemctl status openvpn@client20:21
charla different exit node i mean20:21
charlthere is a way to force that20:21
theblazehen> active (running)20:21
theblazehen:D20:21
charlyes and some other non-tor nodes in the mix20:21
theblazehencharl, good idea20:21
theblazehenBTW my VPN is a tor node too20:22
theblazehenBut not exit :(20:22
charlparanoia mode: on :)20:22
charlnah you can never be too secure20:22
theblazehenyeah20:22
SilverCodetheblazehen: is it a publically accessible server, or just accessible from with the UP network?20:23
theblazehenWell unless you run LFS and communicate over IPOAC and check every packet, and route it all through TOR and then to one of your VPN's that you paid for via bitcoin?20:23
theblazehenSilverCode, public access.20:24
theblazehencharl, and run all that on a FPGA20:24
theblazehentoo secure?20:24
charlmakes my head spin :)20:24
charla field programmable gate array ...20:25
charlsheesh20:25
theblazehenno hardware backdoors!20:25
charlip over avian carriers ?!20:25
theblazehenyeah!20:25
charlyeah that does perhaps go over the top20:25
charl:D20:25
theblazehenWhat do they say? The safest machine is one not plugged in?20:26
theblazehenOh AND power off a UPS to prevent side cahnnel attacks20:26
charlyeah20:26
theblazehenand keep it underground and in faraday cage20:26
theblazehenprevents thaty laser window listening thing, as well as EMI20:27
charlyeah and if you do want to host something host in http://www.cyberbunker.com/ :)20:27
theblazehencharl, I wish I could :(20:27
theblazehenBarely able to pay for digital oceans cheapest + backup20:27
charlah digital ocean20:28
charlwas looking at them the other day20:28
charldecided to go with tilaa instead though20:28
theblazehenah kk. Personal or work?20:28
charlbecause digital ocean has some traffic limits20:28
charlfor personal this time20:28
charland tilaa has unmetered traffic20:28
charli just want to have ddos protection20:28
charlso that if i do get a ddos that i don't get insane bills20:29
theblazehencharl, hmm. Any locations in africa?20:29
theblazehenWait, so you pay per TB?20:29
theblazehenAfaik DO has $0.03 per TB over cap20:29
theblazehenor GB, can't remember20:29
charlprobably per GB20:29
charlif you get a major incoming ddos you're screwed20:29
theblazehenyeah, that's true. Can't you use cloudflare?20:30
charlit's not an http server20:30
theblazehenah20:30
charli want to use it combination smtp+irc+xmpp20:30
SilverCodeok, found the folder20:30
charlhetzner just limits you down to 10mbps after the first 1tb20:31
SilverCodeyeah ... that is pretty well hidden20:31
theblazehenDIY cloudflare? One or two cheap VPS's with hard data cap + round robin DNS or something?20:31
charltilaa is fully unlimited20:31
SilverCodeI mean, not hidden20:31
theblazehenSilverCode, ah, kk. See what I'm talking about..20:31
theblazehencharl, nice20:31
charlit is very doubtful that they can do anything to you if it's that open20:31
charlbut i don't know the legal system in z20:32
charlza20:32
theblazehencharl, you also see it?20:32
SilverCodebut just looking at the other stuff there, I'm not sure it is supposed to be private20:32
theblazehenSilverCode, have you looked at the data?20:32
SilverCodeno20:32
charli have to go now, work tomorrow20:32
charlhave a good evening all20:32
SilverCodejust the filenames for now :)20:32
charland good night :)20:32
SilverCodebut now I see the "UP ALUMNI DATABASE SCAN"20:33
theblazehencya charl 20:33
SilverCodewhich probably *isn't* supposed to be there20:33
theblazehenSilverCode, yeah, the DB is what I got..20:33
theblazehenso... STFU or not?20:34
SilverCodemeh, it looks like it has been sitting there for a year20:36
SilverCodeso I don't think it really matters either way20:36
theblazehenyeah20:37
SilverCodeit looks like even the IT guys store stuff on that public FTP server20:40
theblazehenSilverCode, yeah20:44
theblazehenwell fuck it, I won't do anything about it20:44
SilverCode....so I think that DB dump are the least of their problems20:45
SilverCodeI'm pretty sure one of these log file backups has the unshadowed version of their root password20:45
theblazehenSilverCode, damn..21:00
theblazehenwell.. /me gets tor browser :D21:00
theblazehenSilverCode, directory? Nothing in pub/up/it21:02
theblazehenSilverCode, I'm not finding anything?21:10

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!