[00:47:54] *** Joins: ngomez (~nsgomez@2001:19f0:5c00:8965:22f2:77ed:e053:d8be)
[00:48:00] *** Joins: arirawr (~arirawr@40.76.77.146)
[00:49:36] *** Quits: arirawr- (~arirawr@40.76.77.146) (*.net *.split)
[00:49:39] *** Quits: nsgomez (~nsgomez@2001:19f0:5c00:8965:22f2:77ed:e053:d8be) (*.net *.split)
[00:49:43] *** Quits: skasturi (skasturi@april-fools/2014/runnerup/skasturi) (*.net *.split)
[01:01:51] *** Joins: skasturi (skasturi@april-fools/2014/runnerup/skasturi)
[03:45:47] *** Quits: vishwin_ (~alliek@wikimedia/O) (Ping timeout: 264 seconds)
[03:51:59] *** Joins: vishwin_ (~alliek@wikimedia/O)
[14:49:57] <gsingh93> ian_znc: http://www.openwall.com/lists/oss-security/2016/02/01/4
[14:49:58] <yossarian-bot> Title: oss-security - Socat security advisory 7 - Created new 2048bit DH modulus
[14:50:06] <gsingh93> first of all: lmao
[14:50:21] <gsingh93> secondly, do you want to exploit that with me?
[14:53:53] <gsingh93> iangcarroll: ^
[14:54:07] <iangcarroll> one sec, gotta talk about my PSAT scores with someone
[15:29:58] *** Quits: vishwin_ (~alliek@wikimedia/O) (Ping timeout: 256 seconds)
[15:35:56] *** Joins: vishwin_ (~alliek@wikimedia/O)
[16:20:52] <gsingh93> iangcarroll: ping
[16:20:58] <gsingh93> that's one long talk
[16:21:01] <gsingh93> did you fail?
[16:22:09] <iangcarroll> yes, i failed so badly the test broke
[16:22:26] <gsingh93> they had to make the scores a signed int, just for you
[16:22:32] <iangcarroll> lolol
[16:22:35] <gsingh93> wow that's a clever one
[16:22:44] <gsingh93> i came up with that on the spot
[16:22:50] * gsingh93 pats himself on the back
[16:22:59] <iangcarroll> as it turns out I have to help with a play until 8PM
[16:23:27] <gsingh93> kk
[16:23:39] <gsingh93> let me know if you want to work on in sometime this week
[16:23:50] <gsingh93> it seems like a nice and simple n-day to exploit
[16:24:15] <gsingh93> this*, not in
[16:26:42] <iangcarroll> will do
[18:13:18] <gsingh93> iangcarroll: https://www.facebook.com/groups/wearehx/permalink/1725755264335658/
[18:13:18] <yossarian-bot> Title: Log into Facebook | Facebook
[18:13:22] <gsingh93> i'm curious
[18:13:24] <gsingh93> i don't know the answer
[18:17:41] <iangcarroll> possible, I guess
[18:17:53] <iangcarroll> DO should be rate limiting how many domains can be added though
[18:28:39] <gsingh93> it seems to simple
[18:30:42] <iangcarroll> i mean, it is simple
[18:31:09] <iangcarroll> but it can only be exploited when nameservers stop serving records for a domain and allow others to claim the domain
[18:31:33] <gsingh93> so
[18:31:44] <gsingh93> let's say you own the domain
[18:31:54] <gsingh93> there's an A record for the domain pointing to your server
[18:32:04] <gsingh93> this CNAME thing will or won't work?
[18:32:39] <iangcarroll> wait, what?
[18:32:51] <gsingh93> isn't that what the question is saying?
[18:32:53] <iangcarroll> i thought the attack was a domain is pointed to DO but hasn't been added to an account
[18:33:07] <gsingh93> how do you know it isn't added to an account?
[18:33:19] <gsingh93> i thought this guy hijacked his own domain
[18:33:23] <iangcarroll> you can narrow it down by seeing if it returns any records; otherwise it's just brute force
[18:33:39] <iangcarroll> i don't think he has done this attack successfully (?)
[18:33:46] <gsingh93> let me read the post again
[18:34:18] <gsingh93> " I just tested it on one of my domain names. No restrictions. Pretty cool hack if you ask me."
[18:34:40] <iangcarroll> he keeps using A/CNAME which is confusing because how I read it relies on the domain not having been enrolled at all
[18:35:07] <iangcarroll> i can't add ian.sh to two different accounts so idk
[18:39:29] <iangcarroll> lol http://elections.ap.org/
[18:39:31] <yossarian-bot> Title: U.S. ELECTIONS |
[18:39:33] <iangcarroll> they didn't really finish their footer
[18:45:17] <cydrobolt> iangcarroll, lol
[18:45:22] <cydrobolt> is this from fuzzy search
[18:45:41] <cydrobolt> iangcarroll, how were the PSATs for you
[18:46:16] <iangcarroll> what's fuzzy search?
[18:46:33] <iangcarroll> well, I know what fuzzy searching is, but in this context
[18:47:00] <iangcarroll> I did okay for a sophomore
[18:47:06] <iangcarroll> apparently I'm on track for college
[18:54:01] <gsingh93> with a little luck, you just might graduate
[18:54:22] <gsingh93> have you thought about what colleges you want to go to?
[18:55:10] <iangcarroll> no
[18:55:20] <iangcarroll> because then I'd have to look up their avg minimum GPAs
[18:55:24] <iangcarroll> and then I'd have to calculate mine
[18:55:24] <cydrobolt> oh god
[18:55:28] <cydrobolt> don't talk about GPAs
[18:55:32] <cydrobolt> my GPA is going downhill
[18:55:32] <cydrobolt> gg
[18:55:33] <cydrobolt> gg
[18:55:42] <iangcarroll> mine is roughly 0
[18:55:47] <cydrobolt> my math grade
[18:55:48] <cydrobolt> went from an A
[18:55:49] <cydrobolt> to
[18:55:54] <cydrobolt> something I don't even want to mention
[18:55:55] <iangcarroll> though to my credit I have never failed a class
[18:55:57] <cydrobolt> midterm == death
[18:56:08] <cydrobolt> oh god my time management on the midterm
[18:56:09] <cydrobolt> oh go
[18:56:10] <cydrobolt> d
[18:56:12] <iangcarroll> lol
[18:56:17] <cydrobolt> just no
[18:56:21] <iangcarroll> got 71% as my final grade for geometry last year
[18:56:23] <iangcarroll> barely made it
[18:56:24] <cydrobolt> i only had 5 mins
[18:56:30] <cydrobolt> for what I was supposed dto take 40 mins on
[18:56:30] <cydrobolt> lol
[18:56:31] <cydrobolt> GG
[18:56:59] <cydrobolt> life protip learn when the test ends before it starts
[18:57:23] <iangcarroll> just gonna like, self-accredit ian's tech school and get a PhD in dank memes
[18:58:09] <iangcarroll> msft gave ian's tech school 300 codes to give out to students
[18:58:14] <iangcarroll> for dreamspark
[19:02:10] <gsingh93> iangcarroll: go to UM
[19:02:27] <gsingh93> then you can play the CTFs I run there
[19:02:43] <iangcarroll> but then I wouldn't have an excuse to not go see my parents
[19:02:56] <gsingh93> yea, that was the worst part about UM
[19:03:10] <gsingh93> i could get away with it for a while though
[19:03:22] <iangcarroll> lol
[19:03:24] <gsingh93> busy studying or group project excuses
[19:05:09] <iangcarroll> got another CTF coming up?
[19:05:13] <iangcarroll> not too far of a drive
[19:09:15] <cydrobolt> iangcarroll, microsoft's azure is terrible
[19:09:15] <cydrobolt> af
[19:09:29] <cydrobolt> gsingh93, trust me if um accepted me i would be happy af
[19:10:26] <iangcarroll> meh, it's not awful
[19:10:38] <iangcarroll> it's the worst among {AWS,Google,Rackspace,Azure}
[19:11:44] <iangcarroll> better than trying to use like DO in production though lol
[19:12:55] <gsingh93> iangcarroll: we'll probably have one before the semester ends
[19:13:09] <gsingh93> you probably won't be eligible for prizes, but you can still play
[19:13:47] <iangcarroll> oh well
[19:14:02] <iangcarroll> let me know when it gets scheduled
[19:19:35] <gsingh93> will do
[19:19:40] <gsingh93> i have some new problems coming up
[19:19:47] <gsingh93> one was based off of a recent problem i solved at work
[19:20:17] <iangcarroll> kinda want to write a CTF, maybe under certly's name
[19:20:21] <iangcarroll> but I have like
[19:20:28] <iangcarroll> -3 units of time
[19:20:29] <iangcarroll> so
[19:21:58] <gsingh93> iangcarroll: i can help you out
[19:24:01] <iangcarroll> cool; i'll have to do it april-may range though, as I've got to sort some other stuff out first
[19:26:08] <iangcarroll> i act on too many ideas of mine :p
[19:31:12] <cydrobolt> iangcarroll, certly is pretty cool
[19:31:41] <gsingh93> can you describe what certly actually does?
[19:31:47] <gsingh93> is it like the middle man for getting a cert?
[19:32:08] <gsingh93> and then managing all of them?
[19:32:48] <iangcarroll> it was, at one point
[19:33:25] <iangcarroll> in 2014 when you wanted to buy a cert you either paid digicert $250 or used a god awful interface to try and order it
[19:33:30] <cydrobolt> so ian_znc
[19:33:37] <iangcarroll> wrong ian :p
[19:33:37] <cydrobolt> does this actually give me a certificate
[19:33:41] <cydrobolt> or does it just manage them
[19:33:51] <gsingh93> or you could use startssl, like me
[19:34:07] <iangcarroll> that does not really contradict "or used a god awful interface" :P
[19:34:22] <gsingh93> ah, good point
[19:34:51] <cydrobolt> what about letsencrypt now
[19:35:13] <iangcarroll> LE, imo, only adds to the problem when you need wildcards or EV certs, etc
[19:35:22] <iangcarroll> you end up with multiple places to manage and renew all of your certs
[19:35:49] <iangcarroll> however, I'm going to pivot certly because at this point a CA or a major player needs to adopt ACME, and we don't have enough leverage to really make any technical changes to how CAs operate
[19:36:08] <iangcarroll> adopt and fork ACME, that is, or at least modify it before it becomes a standard
[19:36:42] <iangcarroll> ACME doesn't solve payment or validation, both critical things for CAs that need to make money
[19:37:00] <iangcarroll> well, both critical things for CAs, the former for those who need to make money
[19:37:10] <gsingh93> how much money have you made?
[19:37:23] <iangcarroll> we never really launched
[19:37:36] <gsingh93> lolol
[19:37:41] <iangcarroll> but we've probably processed ~$600 in manual orders via email
[19:37:47] <iangcarroll> which is not really much
[19:38:33] <iangcarroll> one of the problems I've run into is that I cannot build a usable interface for a dashboard lol
[19:38:53] <gsingh93> your problem is really just that it's written in PHP
[19:39:13] <iangcarroll> obviously :p
[19:41:10] <iangcarroll> i have a break in two weeks so we'll see if I learn python
[19:41:26] <iangcarroll> it might be worth it to build stuff in PHP just to annoy people though
[19:41:51] <iangcarroll> :p
[19:48:52] <gsingh93> iangcarroll: you'll have the benefit of no one ever wanting to mess with your code
[19:49:15] <gsingh93> like that one guy who puts "THIS FILE WAS GENERATED, DO NOT MODIFY" at the top of all his code
[19:50:24] <iangcarroll> lol
[22:03:55] <cydrobolt> lol double taxes
[22:04:05] <cydrobolt> will be paying double taxes next summer
[22:04:21] <cydrobolt> cat $ >> /dev/null
[22:05:15] <cydrobolt> canada though
[22:05:32] <iangcarroll> does canada have bad taxes?
[22:08:20] <gsingh93> lol, someone skipped their highschool government class
[22:09:54] <iangcarroll> i can't take it yet :p
[22:09:56] <iangcarroll> too young
[22:10:59] <vishwin> lol.
[22:11:11] <vishwin> s/lol/lawl/
[22:11:12] <yossarian-bot> vishwin probably meant: lawl.
[23:29:31] *** Joins: majora (~majora@205.204.23.189)