Users of Antares plugins, or others using Codemeter license manger may be locked out of their licences in Pro-Tools. The licenses show up in the various license managers, but Pro-Tools says NO. This is due to added file system security of Mojave. Add Pro Tools to the “Full Disk Access” list in Security & Privacy System Preference. That should solve the problem. good luck.
There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated. Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority. This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors. Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.
I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.
* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.
I met a pile of incredible people. Bought some amazing toys (for science), some i’ve even got working. Saw some talks and demos. Talked to some of my heroes and listened to even more. I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives. I played with the ECU of a fake car! now i just have finish building the DarkNet Badge! enjoy my pictures. The hat data is still being analyzed. I’ll try to build something out of it eventually.
I have used MinuteKEY in the past to easily bypass DO NOT COPY keys. Today’s errand was more about a quick solution then a security bypass. I was just copying normal keys today. Here is what i learned. With MinuteKEY, you could only make batch copies of the same key. In fact, the MinuteKEY kiosk locked your key into the machine until all the copying is done. There were zero protections against DO NOT COPY keys. They do however print keys right there in a variety of styles and colors.
Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2). At the time, I assumed the Nest app talked directly to the thermostat. Not true. It just needs internet to talk to it’s servers where it receives the commands and preferences from the app. Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network. First, I needed to asses which devices, like the Nest, would be unable to make the transition. Luckily, most of these devices don’t need anything more then internet access. One was moved to a hard line and the last attached to a Radius capable wireless bridge. I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!
I was very excited to discover this feature listed in my Unifi controller today. You can now repurpose the VOIP port to act as a WAN2. The ironic part is that i don’t believe the VOIP port serves any actual VOIP function as of yet. I’ve been recommending these USG routers since I learned of their existence. Unfortunately a lot of my clients want dual WAN and until now, the Unifi Security Gateway fell short. No longer, Ubiquiti has a really great product line with the Unifi. I am continuously discovering great new innovation with the latest update to their software, firmware, or cloud platform. I have been waiting for this!
@SamyKamkar made an impressive and terrifying tool. This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor. On a locked machine no less! It depends much on the trust that our computers take for granted. Trusting a USB device is not up to no good. Trusting the local network not trying to confuse. We must reexamine this trust going forward. It didn’t take long to get it up and running, however once you do, you can spend hours tinkering. (i was working to combine it with @mubix‘s work here)
I am also delighted to have my first Raspberry Pi as a USB device rather then host. it is certainly exciting to create some new doodads using this dangerous toolkit.
I have since made a version without the cache attack. I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation. next step is to man in the middle ssl too. I’m turning it into a device that logs everything while connected, but doesn’t persist.
My appearance on Hart Attack last month is finally available to stream and download. enjoy. Original Post