|
so far only one user asked me why we were loading stuff from anal.whatever and i'm just like "it's for analysis, what did you think it was for" now that i've said this i bet someone's going to update the adblock lists with ^https?://anal\..* and that would be real funny so i'm fine with that
|
#
?
Jan 8, 2020 15:52
|
|
|
|
| # ? Jun 9, 2024 13:25 |
|
|
https://www.nydailynews.com/news/national/truck-plows-analtech-odor-leads-hazmat-situation-article-1.3189762
|
|
#
?
Jan 8, 2020 15:53
|
|
|
Jabor posted:Essentially yeah, signed javascript doesn't give you any discriminatory power that you don't already have based on origin. this is the part that's not true. signing is totally independent of host origin. while you definitely can have something signed by "somethingawful llc" on somethingawful.com, you could also have something signed by "Not russian miners llc" on somethingawful.com. signing gives you the ability to whitelist somethingawful llc so code from not Russian miners llc wont run even though the origins are the same. its really not different from downloaded native software. That javascript is commonly edited in production and that signing would make that more difficult is not a really good argument against signing.
|
|
#
?
Jan 8, 2020 15:56
|
|
|
Main Paineframe posted:because, ultimately, the only reason most malicious code shows up on people's websites is because the website owner intentionally chose to run that code on their site this is a pretty stupid take
|
|
#
?
Jan 8, 2020 15:58
|
|
|
You can train your users to proper javascript hygiene by including this script on your website: <script src="https://ferd.ca/static/js/adblock-only.js"></script>
|
|
#
?
Jan 8, 2020 15:59
|
|
|
lol
|
|
#
?
Jan 8, 2020 16:02
|
|
|
Shaggar posted:this is a pretty stupid take the expert has spoken
|
|
#
?
Jan 8, 2020 16:13
|
|
|
accepting cookies is the first step of the site usage training program
|
|
#
?
Jan 8, 2020 16:24
|
|
|
Shaggar posted:activex was sandboxed too lol sandboxing was shoehorned in years afterward and didn't work for poo poo
|
|
#
?
Jan 8, 2020 16:44
|
|
|
https://twitter.com/eightytank/status/1214895767099494400?s=21
|
|
#
?
Jan 8, 2020 17:41
|
|
|
would that count as giving the computer an STD what level of cyberpunk hell future is this
|
|
#
?
Jan 8, 2020 17:46
|
|
|
Main Paineframe posted:because, ultimately, the only reason most malicious code shows up on people's websites is because the website owner intentionally chose to run that code on their site This is objectively wrong
|
|
#
?
Jan 8, 2020 17:53
|
|
|
haveblue posted:would that count as giving the computer an STD Haven't there already been a couple of talks about internet connected dildo exploits? This sounds familiar.
|
|
#
?
Jan 8, 2020 18:02
|
|
|
The Fool posted:This is objectively wrong he may have been making a joke, but it’s hard to tell in the context of web “development”.
|
|
#
?
Jan 8, 2020 18:04
|
|
|
Volmarias posted:Haven't there already been a couple of talks about internet connected dildo exploits? This sounds familiar. teledildonics have been a running industry joke for decades but yes it is possible though to what end. there was also that chinese clothes iron someone figure out was embedded with some kind of wifi board to do nefarious things for networks in range
|
|
#
?
Jan 8, 2020 18:14
|
|
|
I think there have been a few instances of it working in the other direction, people gaining unauthorized access to IOT sex toys
|
|
#
?
Jan 8, 2020 18:19
|
|
|
as far as I am aware those were all from your usual suspects of a 0000 pairing pin or that exploit that forces negotiation key strength down to something absurd like 8-bit
|
|
#
?
Jan 8, 2020 18:24
|
|
|
BangersInMyKnickers posted:as far as I am aware those were all from your usual suspects of a 0000 pairing pin or that exploit that forces negotiation key strength down to something absurd like 8-bit Love too encrypt via chiptunes.
|
|
#
?
Jan 8, 2020 18:25
|
|
|
BangersInMyKnickers posted:as far as I am aware those were all from your usual suspects of a 0000 pairing pin or that exploit that forces negotiation key strength down to something absurd like 8-bit
|
|
#
?
Jan 8, 2020 18:43
|
|
|
for those that missed it first time around https://techbeacon.com/security/knob-attack-confirms-bluetooth-horribly-insecure-episode-2914 quote:This time, we learn that the classic Bluetooth standards were badly written: Just about every implementation fails to ensure enough encryption-key entropy. So a nearby malicious actor could break into a pairing exchange and force the endpoints to downgrade the key to just one octet (all eight bits of it).
|
|
#
?
Jan 8, 2020 18:59
|
|
|
infernal machines posted:but if we didn't how would the ignore list work?
|
|
#
?
Jan 8, 2020 20:43
|
|
|
Isn't there a power-only USB passthrough adapter you can get which is literally called a USB condom?
|
|
#
?
Jan 8, 2020 20:44
|
|
|
Doom Mathematic posted:Isn't there a power-only USB passthrough adapter you can get which is literally called a USB condom? yes
|
|
#
?
Jan 8, 2020 20:46
|
|
|
Doom Mathematic posted:Isn't there a power-only USB passthrough adapter you can get which is literally called a USB condom? I have several
|
|
#
?
Jan 8, 2020 20:49
|
|
|
what do they show up as in setupapi.dev.log?
|
|
#
?
Jan 8, 2020 21:03
|
|
|
BangersInMyKnickers posted:teledildonics have been a running industry joke for decades but yes it is possible though to what end. there was also that chinese clothes iron someone figure out was embedded with some kind of wifi board to do nefarious things for networks in range
|
|
#
?
Jan 8, 2020 21:11
|
|
|
https://twitter.com/katelibc/status/1215002777203593217?s=21 if I see any of y’all at DEFCON I have some weird stuff to share about this thing I’m working with
|
|
#
?
Jan 8, 2020 21:15
|
|
|
Volmarias posted:Haven't there already been a couple of talks about internet connected dildo exploits? This sounds familiar. https://www.youtube.com/watch?v=RnxcPeemHSc There's a whole heap of real privacy risks, on top of the normal control issues you'd usually expect.
|
|
#
?
Jan 8, 2020 21:17
|
|
|
as someone who has also reverse-engineered that particular brand of smart buttplug protocol, yeah it's not secure at all, though it's BTLE so like unless you take it outside you're probably fine e: oh i didn't take apart the app at all but it was really obviously poorly written so i just assumed it was insecure garbage
|
|
#
?
Jan 8, 2020 21:21
|
|
|
evil_bunnY posted:https://www.youtube.com/watch?v=RnxcPeemHSc that was a good talk and I’m glad i was there for it.
|
|
#
?
Jan 8, 2020 22:48
|
|
|
Shame Boy posted:as someone who has also reverse-engineered that particular brand of smart buttplug protocol, Lmfao
|
|
#
?
Jan 8, 2020 23:46
|
|
|
Midjack posted:that was a good talk and I’m glad i was there for it. it was a good one to get the day started for sure
|
|
#
?
Jan 8, 2020 23:55
|
|
|
https://twitter.com/GlitchWitch/status/1215035152923086849?s=19 lol
|
|
#
?
Jan 9, 2020 00:11
|
|
|
If they could change the admin password, it would gently caress up the hardcoded back doors that the govt/businesses/state actors would use
|
|
#
?
Jan 9, 2020 01:21
|
|
|
forget the big stuff, imagine how much damage someone could do by changing the timing of one or two traffic lights in any major city. Manhattan would be in gridlock and the Dow would plummet and you had better believe Rudy Giuliani would have something to say about it on Twitter. LA driversprobably wouldn't even notice. Road rage in Washington DC would elevate from orange to red as drivers ran out of cigarettes to keep them calm. Mormons in Salt Lake City or Provo could even go as far as along "what the heck?" out loud! Pure chaos!
|
|
#
?
Jan 9, 2020 02:22
|
|
|
someone did the work i didn't want to do also https://twitter.com/surebet247/status/1213491827694854146 https://www.troyhunt.com/the-difficulty-of-disclosure-surebet247-and-the-streisand-effect/
|
|
#
?
Jan 9, 2020 02:22
|
|
|
Lain Iwakura posted:someone did the work i didn't want to do
|
|
#
?
Jan 9, 2020 02:25
|
|
|
Lain Iwakura posted:someone did the work i didn't want to do
|
|
#
?
Jan 9, 2020 02:27
|
|
|
it's a sure bet!
|
|
#
?
Jan 9, 2020 02:55
|
|
|
|
| # ? Jun 9, 2024 13:25 |
|
|
random question. Are there any applications for SGX besides DRM and spyware
|
|
#
?
Jan 9, 2020 02:55
|
|