Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

HM-2

Member
  • Content Count

    285
  • Joined

  • Last visited

Awards


This user doesn't have any awards

About HM-2

  • Title
    Member

Profile Information

  • Location
    United Kingdom

System

  • CPU
    Intel Core i7 6900K
  • Motherboard
    MSI X99A MPOWER
  • RAM
    32GB GSkill Trident Z RGB 3000MHz
  • GPU
    EVGA RTX2080 XC
  • Case
    Lian Li PC-O11 Dynamic XL
  • Storage
    1x Samsung 970 Evo 500GB, 2x Samsung 850 Evo 1TB
  • PSU
    Corsair AX750
  • Display(s)
    ASUS ROG Swift PG279Q
  • Cooling
    NZXT Kraken X62
  • Keyboard
    Filco Majestouch 2
  • Mouse
    Corsair M65 RGB
  • Sound
    Q Acoustic 2010i Speakers, Sabaj A4 Class D Amplifier
  • Operating System
    Windows 10 Professional

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yeah it's really not. There's a lot of lying in espionage but the core premise behind intelligence gathering is to obtain information which allows you to accurately predict future events and actions. Being untruthful or inaccurate is inherently not very helpful in the pursuit of that task. The last time I got into a discussion of this nature I got slapped down because "no politics on the forum" but there are entirely sound geopolitical reasons for releasing information like this, not least to allow victim organisations to detect and remediate threats. Explain to me how it's in anyone's interest for the NSA to provide misleading or inaccurate information when basically every infosec firm out there will now be hunting for this activity and looking to publish their own research on the Next Big Exciting Thing? I mean anyone with a VT subscription and s copy of IDA or Ghidra can literally download the samples and verify their findings. As an aside, generally the kinds of people who are more suspicious of their own government than foreign ones aren't particularly interesting espionage targets for either.
  2. I wasn't suggesting it was a viable one-size fits all solution across all server platforms, it was more a subtle dig at people who set up JBOSS servers then leave the JMX deployment console publicly accessible so you can just arbitrarily upload and execute any WAR payload you like. Because yes, leaving JMX unauthenticated and open t'internet is still a thing in 2020. As, amazingly, is leaving Cisco Smart Install similarly open on legacy IOS kit that didn't get the CVE-2018–0171 patch so you can extract the router config and associated credentials...or even overwrite it entirely.
  3. This with bells on. Even putting aside the frequency with which their timing chain tensioners grenade themselves and result in basically turning most moving parts within the long block to scrap, they also suffer a myriad of other issues including wastegate failures, injector seals, swirl flaps and EGR related issues that in some cases have caused engine fires. Personally I'd just avoid any 4-cylinder BMW engine entirely. Almost all of the recent ones have had a myriad of issues.
  4. Agreed for the most part, though Linux only comprises about 13.5% of global server market share as of 2019. Far greater than it's desktop saturation, but still a very long way behind Windows. Where Linux variants are really prevalent is within the hardware space- infrastructure within telcos, network switches and appliances of all shapes and size, SOHO and home routers, right down to IoT dreck. This sort of thing (well, JBOSS/Wildfly, Tomcat, Struts2 and over the last year or so a huge glut of SSL VPN products including Citrix and Pulse Secure) accounts for a bit chunk of it, but misconfiguration and failure to implement proper hardening also account for a lot of compromises. You don't need to dig around for a viable exploit if someone's left a remote file upload functionality open to world+dog and you can just push a web shell straight onto the server using nothing more than an entirely legitimate HTTP POST request.
  5. Vega 64s are nominally 300W TDP cards. You might see a little over 400W stress testing when heavily overclocked but not in regular use even if you are rendering, and certainly not from mining. In reality though most people manage to get both an overclock and an undervolt with a bit of tweaking. The video shows draw at the wall correct? That's probably ~10% higher than the actual power utilisation due to PSU efficiency curves. All vendors suggest minimum power supplies well over the actual required, as do most PSU calculators. Nvidia suggest a 650W minimum for a 2080Ti bit plenty of people run them on 500s or even less, even overclocked, without issue.
  6. Distro plate milling begams today. Had to make a few adjustments so my machinist is happy with the design- Reduced some channel depths around 1.5mm in a couple of places to reduce likelihood of cracking when tapping M4 threads Moved a couple of screw positions for similar reasons (proximity to channels or other screw holes on the opposite side of the plate) Dropped from M5 to M4 for the pump bracket because of concerns around thread engagement depths in 10mm holes. The latter one is a bit of a pain as it might require some re-engineering of the pump mount. I'm hoping I can use an M4 bolt with a larger 9.5mm head and use the countersinks to ensure alignment, or finding a stepped-down bolt with an M5 shaft and M4 threading, but if I have to reprint the pump bracket it's not the end of the world. All other parts are here and ready now including some spare pump seals and EK-ZMT in 10/16 matte black.
  7. You almost certainly don't. 850-900w would be perfectly adequate for a 5GHz overclocked 10980XE and two RTX 2080Tis. Vegas are power hungry yes, but two of them and a HEDT processor would easily be accommodated by a good quality 900-1000w PSU with plenty of headroom.
  8. 3G and 2G use KASUMI and A5/1 respectively, which are both insecure cryptographic ciphers. KASUMI is an order of magnitude harder to cryptanalyse, but easily possible on a modern desktop computer via a related-key attack within a matter of an hour or so. A5/1 has been broken (in terms of cryptographic security) since about 2002.
  9. They're basically 4G jammers- they operate as local base stations, overpower real transmitters within a small local area, and basically pretend they can't carry 4G which forces a device connected to it to downgrade to 3G or 2G.
  10. The AX Gold series PSUs were truly excellent for their era, but that era was a decade ago. I'd have much rather bought a new, modern design 750 or 850 than taken a chance on this, and that's coming from someone whose main system is powered by an AX Gold he's owned since about 2011.
  11. It's a nice idea but I'd really rather they'd invested the design, tooling and production costs in improving the general build quality of their products which has taken a massive nosedive over the last 5 or so years. Then again I'm right handed.
  12. It's obviously not good but there are far easier ways to accomplish the same outcome, like 3G/2G downgrade attacks a la police Stingray devices and the like. The biggest limitation, particularly if you're in an urban area, is actually determining the specific target's call from others in order to record it due to how heavily saturated radio layers are; Moreover the recording phase itself is non-trivial despite the relatively low cost of devices capable of doing it. A lab demonstration of techniques like this and being able to accomplish it in the wild are very different things.
  13. If you're looking at splashing that much I would seriously consider some extended play-tests. Personally I'm a big fan of the Shure SRH-1540 and 1840 which also shave a few hundred off your budget. There's also the Beyerdynamic Amiron. There's a bit of a "no-man's land" between the ~$400 headphones and the $1000+ headphones like the HD800s which is largely inhabited by stuff that's overpriced for no good reason and performs no better than cheaper sets. It's kinda up to you whether you think the latter is worth the 2-and-a-half times price tag.
×