New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Are the leaders of uber still toxic trash? If I was the hacker, I'd be worried that Travis fuck has already hired a hit team.
Do they know where/who to hit tho? I am assuming the hacker won't be giving his address ...
What would happen if they used FastestVPN?
Nah he used TotallylegitVPN
In these situations, I don't think about the shitbird CEOs, this 50-75m incident response is a drop in the budget.
My heart is with the hundreds of security personnel and sysadmins (many like us) who will have stressful days and sleepless nights due to this. It's all been taken. Sneakers secrets, OneLogin, Confluence, Slack, quite literally everything. This also includes their HackerOne account that had open reports, which means exploits may ensue.
It's going to be a month or two to rebuild everything, and I honestly commend them on somehow keeping the system online while investigating an incident response and cleaning up.
Vote with your wallets, but I wish nothing like this upon anyone. Brings me back to flashes of Staminus. Just with more fail due to SSO and PAM management which allowed them to spread faster.
People who maintain servers - think about Canary Tokens and juicy filenames. You can not only create docx, but pdf, AWS tokens, even secret DNS names you plant with CNAMES to notify you if breached.
You may not have $$$$ for a SoC checking your files or crazy security, but if you place passwords.docx or ach_details.pdf / ssh_jump_server.txt (with the hostname CNAME'd to a canary token) , or stuff like ach_raises_2023.pdf on a share-drive, you might be able to stop something like this in its track.
He used nmap and scanning tools. Had they had a honeypot, or even simple canary token via DNS CNAME / DNS, this could've been avoided.
Free: https://canarytokens.org/generate
Be safe out there.
This wasn't the first, and probably, not the last time.
Negligible impact on stock price, because... yeah it's just a hack and it's weekned.
I don't see why not, especially as this hacker is a young'n'. Probably games on the same machine and that is still not the smoothest of experiences on Linux. Most likely heavily uses Linux too though, via hosted resources, local VMs, WSL, ete., but with Windows as the desktop because it is needed for other reasons.
I'm Linux everywhere server-side for personal stuff, but still have a Windows as the main OS on the laptop and home desktop.
Was all billing information compromised too?
Well, if there's a proper TAO hack, they'll just change the Canary hostname in the hosts file and it's defeated.
Also, real world issue where valid reads are needed by real people (and their legit credentials get stolen) and then you're only watching fake files or dealing with false positives.
Armchair security is fucking easy.
Operating systems are just another tool. Does it really matter who uses what OS, as long as they get their job done? Windows has WSL now as well.
Indeed. I was talking in the context of the "Hacker Persona" shown in TV/movies, etc. Where typically Windows is not shown, however, some terminal based application is.
You also have to make sure to wear a hoodie, in a dark room, with green text on a black background and giant progress bars that say "HACKING IN PROGRESS...". Otherwise it's not truly hacking.
such attacks usually done by people familiar with infrastructure, i.e. ex-employees.
It will be too funny if its not. I mean if it's hacked by someone who have not been in Uber earlier.
wow
"We can now confirm that the attack was commited by a former Uber employee...
...an 18-year old driver from New Delhi..."
Really desperate to know this. Need to cancel my cards if that's true.
I already did as a precaution.
https://www.uber.com/newsroom/security-update/
Weird that they only specify trip history and not user billing and accounts but I assume all user PII is on different infra. But who knows, the hacker had access to a lot
Red Bull?
What make me laugh are those real time password cracking progress bars that look like spinning slot machine wheels. The display flickers with high speed random characters until the hacker's computer suddenly finds a password character. That character locks in place with a loud click sound. The remaining characters continue to flicker as the computer isolates them here and there until the entire password is revealed, yielding full control to the hacker. It does not work that way in real life.
seems like the uber guy leaked the gta 6 footage https://gtaforums.com/topic/985481-gta-6-americas-leak-90-mp4-footagevideos/?do=findComment&comment=1071949695
I get a 404 error for this
https://web.archive.org/web/20220918045635/https://gtaforums.com/topic/985481-gta-6-americas-leak-90-mp4-footagevideos/
https://archive.ph/LXkcl
Wayback doesnt display the goods but has more pages saved
I don't know if anything beats the CSI where a hacker is breaching their firewall and there's TWO people just typing away on the same keyboard trying to stop it.
Edit: lol, video title "Two Idiots, One Keyboard".
Sometimes the technical people that the writers collaborate with do this intentionally just to troll people. The other people working on the show (director, actors, whoever reviews the script, etc) don't know that much about hacking and so they don't question it.
uubub ub bberer
never used, no data.
NO ubub
It wouldn't make for very interesting film/TV if they just showed a blank screen for 15 hours and then it spat out a one line result.
And of course, there's this classic from Jurassic Park:
I can tell if you thought this was the only method and not one of many... Go trust SentinelOne and think you're safe.
And today I received the first piece of spam to the email address that's only ever been used for Uber. Sigh.
Guess they must at least have geo information from the DB as well he spam was tailored to UK.