[00:41] <floridagram4> <Ivoriesablaze> ?
[00:49] <floridagram4> <ahoneybun> Trusted Contacts
[00:49] <floridagram4> <ahoneybun> Its a new app in the Play Store
[00:50] <floridagram4> <Ivoriesablaze> yep, just downloaded it
[02:00] <floridagram4> <Ivoriesablaze> so i just spend about 10 minutes looking for a blank dvd (don't judge) because the kali installer would just not work
[02:01] <floridagram4> <Ivoriesablaze> i tried one last thing with the usb installer, and was almost sure it wasn't going to work, at which point i was looking for the dvd
[02:02] <floridagram4> <Ivoriesablaze> when i found one, the imager was finished... of course THAT'S the one that freaking worked, making the whole DVD thing moot
[02:02] <floridagram4> <AdamOutler> Hey dude...  seriously...  get a freakin' 2 TB thumb drive for $12.  https://www.wish.com/search/2tb%20thumb%20drive#cid=576ca282393a5c6fbd1aa864
[02:02] <floridagram4> <ahoneybun> the wish?
[02:03] <floridagram4> <ahoneybun> china stuff
[02:03] <floridagram4> <AdamOutler> It's a reality.
[02:03] <floridagram4> <Ivoriesablaze> have you gotten yours yet?
[02:03] <floridagram4> <AdamOutler> coming on 30dec.
[02:03] <floridagram4> <Ivoriesablaze> i'll wait until you confirm that it's legit
[02:04] <floridagram4> <AdamOutler> I got a few things from wish so far...  Christmas lights, and some other misc stuff.  It was recommended by a coworker who uses it all the time.
[02:04] <floridagram4> <Ivoriesablaze> hm...
[02:05] <floridagram4> <AdamOutler> Don't get me wrong. it's cheap crap!  but it's cheap crap!
[02:07] <floridagram4> <Ivoriesablaze> true, i'd say if in a bind, it would be good, but it takes a month to get there, lol
[02:08] <floridagram4> <AdamOutler> Well, i have just one thing to say about that....  2TB thumb drive
[02:08] <floridagram4> <AdamOutler> How long would it take you to haul 2,000,000,000,000,000 bytes?
[02:09] <floridagram4> <Ivoriesablaze> technically more than that
[02:10] <floridagram4> <Ivoriesablaze> but that's like saying how long would it take you to haul 2,000,000,000,000 microliters?
[02:11] <floridagram4> <AdamOutler> heh, yeah, but your thumb drive is probably only 8, or 16 gigs.
[15:07] <floridagram4> <KMyers> @govatent - http://www.androidpolice.com/2016/12/07/bloomberg-pebble-time-2-pebble-core-canceled-part-fitbit-buyout-kickstarter-pledges-refunded/
[15:08] <floridagram4> <AdamOutler> https://source.android.com/compatibility/7.0/android-7.0-cdd.html#9_10_device_integrity
[15:08] <floridagram4> <AdamOutler> please read this and tell me if it is required that the user be provided a way to boot the device if the system verification fails.
[15:09] <floridagram4> <KMyers> Reading
[15:10] <floridagram4> <AdamOutler> Thanks.  They used proper RFC2119 rules throughout the document.  the sentance regarding this is just confusing though.  They said MUST NOT boot, unless.....  but they didn't say must be given the option to boot.
[15:10] <floridagram4> <KMyers> MUST NOT allow boot to complete when system verification fails, unless the user consents to attempt booting anyway, in which case the data from any non-verified storage blocks MUST not be used
[15:10] <floridagram4> <AdamOutler> Yeah.
[15:10] <floridagram4> <AdamOutler> That's a confusing sentence.  They don't say must be allowed to boot.
[15:11] <floridagram4> <AdamOutler> they don't say the user must be given the option to concent.
[15:11] <floridagram4> <KMyers> That says to me that the boot process must be halted and some sort of a prompt be displayed to the user to tell them the system has been modified or does not pass the validation. Ideally they should also see a warning of the risks this may have, They should then be given the option to proceed after agreeing to the risk.
[15:11] <floridagram4> <AdamOutler> sure, and I see the key word SHOULD, there as well
[15:12] <floridagram4> <AdamOutler> but it's just not written.
[15:12] <floridagram4> <AdamOutler> ok.
[15:12] <floridagram4> <KMyers> But the part of it that does not make sense is " in which case the data from any non-verified storage blocks MUST not be used"
[15:12] <floridagram4> <AdamOutler> It's talking about corruption or modification to a SYSTEM partition on Android.
[15:13] <floridagram4> <KMyers> Maybe wipe userdata?
[15:13] <floridagram4> <AdamOutler> if you modify the system partiton, it will cause this situation.
[15:13] <floridagram4> <KMyers> If done officially yes, but if a root exploit modifies the system partition, it wont trigger a factory reset
[15:13] <floridagram4> <AdamOutler> for Android 7.0 on deviecs with AES cryptio >50mbps that is.
[15:14] <floridagram4> <AdamOutler> No, this isn't factory reset.  This is stopping the boot process to allow the user to know the device is modified.
[15:15] <floridagram4> <KMyers> Unless they want it done the same way it is done on ChromeOS
[15:15] <floridagram4> <AdamOutler> Android 6.0 + knows if the system partition is modified or not by default, using continuous checks from DM-Verity
[15:15] <floridagram4> <AdamOutler> that's how it's done.
[15:16] <floridagram4> <AdamOutler> I'm just trying to figure out if the OEM can legally shutdown the device if the System is modified according to that CCD above.
[15:18] <floridagram4> <KMyers> I would hope not - It is one thing to drop support and some features (NFC payments/DRM/etc) but to actually brick or lock a user out of their own device is really a scary proposition.
[15:18] <floridagram4> <KMyers> In my option, it comes down to who actually owns the device, the user or the OEM?
[15:19] <floridagram4> <AdamOutler> This has industry-wide ramifications.  Verizon would have users bring devices back to service.
[15:20] <floridagram4> <KMyers> Yeh, it is a very slippery slope.
[16:04] <floridagram4> <KMyers> Wow - http://thehackernews.com/2016/12/linux-kernel-local-root-exploit.html
[16:47] <floridagram4> <Ivoriesablaze> Well, I just installed kali on my other laptop last night which is a rolling distro, so that side is safe
[16:48] <floridagram4> <AdamOutler> Kali isn't exactly a "safe" distro.
[16:48] <floridagram4> <AdamOutler> It likely hasn't been updated yet.
[16:48] <floridagram4> <Ivoriesablaze> You know what I mean, as far as the kernel goes
[16:48] <floridagram4> <AdamOutler> It likely won't receive updates for a while.
[16:48] <floridagram4> <Ivoriesablaze> Ah, true
[16:49] <floridagram4> <AdamOutler> Kali is an Offensive Security distro.  Ubuntu is a Defensive Security distro.
[16:49] <floridagram4> <AdamOutler> or debian
[16:49] <floridagram4> <AdamOutler> either way.
[16:49] <floridagram4> <Ivoriesablaze> I wouldn't really call ubuntu a security distro...
[16:50] <floridagram4> <Ivoriesablaze> More of a production distro
[16:50] <floridagram4> <AdamOutler> Well, in terms of security updates, Ubuntu is generally first.
[16:50] <floridagram4> <Ivoriesablaze> Hmm....
[17:44] <floridagram4> <ahoneybun> I think they just sent a security update to all versions of Ubuntu
[17:45] <floridagram4> <AdamOutler> What I'm saying is: just like changes to Debian don't directly affect Ubuntu, changes to Ubuntu won't directly affect Kali.
[17:45] <floridagram4> <AdamOutler> Ubuntu is proactive about defensive security.  Kali isn't known for that.
[18:04] <floridagram4> <KMyers> Wow, T-Mobile may have made a huge security blunder
[18:06] <floridagram4> <KMyers> https://twitter.com/JohnLegere/status/806556501070356480
[18:06] <floridagram4> <KMyers> Look at the guy who logged in and got another customers information. I was able to replicate it and got 2 other customers details (phone number, email address and name)
[20:36] <floridagram4> <AdamOutler> https://www.xda-developers.com/t-mobile_digits_security/
[20:43] <floridagram4> <KMyers> Yup. I want to hear T-Mobiles response
[20:43] <floridagram4> <ahoneybun> so what is DIGIT?
[20:44] <floridagram4> <AdamOutler> It's like google voice for T-Mobile
[20:44] <floridagram4> <KMyers> That was one of the ones I got, censored a bit
[20:45] <floridagram4> <ahoneybun> oh
[21:02] <floridagram4> <ahoneybun> wow @Ivoriesablaze 's LG Neon got Marshmallow