Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v10.1 (Hackers can turn your gas station into a bomb)
«232 »
 
  • Locked thread
EVGA Longoria
Dec 25, 2005

Let's go exploring!

 OSI Bean Dip, Canary emails being marked as junk by Microsoft (Office365), probably because the email coming through has some messed up headers

looks like it's coming through from "Support@" with the name "canary.pw support@canary.pw"

* # ? Jan 12, 2015 14:38
  • Quote
Adbot
ADBOT LOVES YOU

# ? Jun 5, 2024 21:23
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

 leeloo dallas multiass

* # ? Jan 12, 2015 14:43
  • Quote
Wiggly Wayne DDS
Sep 11, 2010



 http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx

* # ? Jan 12, 2015 14:44
  • Quote
Pile Of Garbage
May 28, 2007

Captain Foo posted:

leeloo dallas multiass

gross

* # ? Jan 12, 2015 14:46
  • Quote
Pile Of Garbage
May 28, 2007



 you know what, gently caress it who wants some MOH: https://www.digitalmarketing.com.au/rotation/australia/

* # ? Jan 12, 2015 15:03
  • Quote
EMILY BLUNTS
Jan 1, 2005

 wittycomments.mp3; 4 seconds of silence

* # ? Jan 12, 2015 15:09
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

EVGA Longoria posted:

OSI Bean Dip, Canary emails being marked as junk by Microsoft (Office365), probably because the email coming through has some messed up headers

looks like it's coming through from "Support@" with the name "canary.pw support@canary.pw"

can you send an e-mail to that e-mail address with the headers? thanks :)

* # ? Jan 12, 2015 16:08
  • Quote
Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki

kalstrams posted:

vlc+php, gross

i like how telegram's durov is constantly :qq: whatsapp stole my idea x :qq: whatsapp stole my idea y :qq: whatsapp stole beans from my chili :qq:
one of next :qq: whatsapp :qq: predictions from him is web-based service similar to telegram's

lol @ durov of all people complaining about someone stealing his ideas

* # ? Jan 12, 2015 16:39
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

ultramiraculous posted:

it requires a logged in user, at which point, gently caress you.

you can do the same thing in osx and probably linux

yeah so does the chrome one according to the api docs the idiot linked to that I guess he didn't understand

* # ? Jan 12, 2015 17:11
  • Quote
triple sulk
Sep 17, 2014

* # ? Jan 12, 2015 19:06
  • Quote
bicycle
Oct 23, 2013
 ruh roh
* # ? Jan 12, 2015 19:13
  • Quote
chestnut santabag
Jul 3, 2006

 already suspended
their youtube however... https://www.youtube.com/user/centcom

* # ? Jan 12, 2015 19:14
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

 i'm the official use only documents

* # ? Jan 12, 2015 19:21
  • Quote
Forums Terrorist
Dec 8, 2011

 mods namechange to cyberallah the most cybermerciful

* # ? Jan 12, 2015 19:22
  • Quote
Acer Pilot
Feb 17, 2007
put the 'the' in therapist

:dukedog:

 has someone informed cybercommand?

* # ? Jan 12, 2015 19:24
  • Quote
Crusader
Apr 11, 2002

Forums Terrorist posted:

mods namechange to cyberallah the most cybermerciful
* # ? Jan 12, 2015 19:27
  • Quote
compuserved
Mar 20, 2006

Nap Ghost

Forums Terrorist posted:

mods namechange to cyberallah the most cybermerciful
* # ? Jan 12, 2015 19:46
  • Quote
faxlore
Sep 24, 2014

a blue star tattoo for you!

Forums Terrorist posted:

mods namechange to cyberallah the most cybermerciful
* # ? Jan 12, 2015 19:50
  • Quote
Maximum Leader
Dec 5, 2014

Forums Terrorist posted:

mods namechange to cyberallah the most cybermerciful
* # ? Jan 12, 2015 19:53
  • Quote
cinci zoo sniper
Mar 15, 2013

Forums Terrorist posted:

mods namechange to cyberallah the most cybermerciful
* # ? Jan 12, 2015 19:56
  • Quote
Main Paineframe
Oct 27, 2010

Forums Terrorist posted:

mods namechange to cyberallah the most cybermerciful
* # ? Jan 12, 2015 20:22
  • Quote
Meat Beat Agent
Aug 5, 2007

felonious assault with a sproinging boner
b-rock "the islamic shock" hussein cyberallah obama

* # ? Jan 12, 2015 20:26
  • Quote
ozymandOS
Jun 9, 2004
 https://github.com/jduck/asus-cmd

RCE in several ASUS routers, looks to be local network only thankfully

* # ? Jan 12, 2015 21:13
  • Quote
syscall girl
Nov 7, 2009

by FactsAreUseless
Fun Shoe

Acer Pilot posted:

has someone informed cybercommand?

they're working double shifts

two goons on every keyboard

* # ? Jan 12, 2015 22:42
  • Quote
ultramiraculous
Nov 12, 2003

"No..."
Grimey Drawer
yospos

http://randomthoughts.greyhats.it/2015/01/osx-bluetooth-lpe.html

edit: and this is also pretty shameful https://www.sektioneins.de/en/blog/14-12-23-mach_port_kobject.html

ultramiraculous fucked around with this message at 23:25 on Jan 12, 2015

* # ? Jan 12, 2015 23:21
  • Quote
Wayne Knight
May 11, 2006

BP posted:

https://github.com/jduck/asus-cmd

RCE in several ASUS routers, looks to be local network only thankfully

consumer router exploits bug the poo poo out of me because nobody will update them. ever.

we need a canary feature that tracks what hardware you have and alerts you to update when poo poo like this happens.

* # ? Jan 12, 2015 23:25
  • Quote
Celexi
Nov 25, 2006

Slava Ukraini!
 pretend your home network is the internet and configure your computer as if it were connected directly to internet

* # ? Jan 12, 2015 23:26
  • Quote
Bloody
Mar 3, 2013

ultramiraculous posted:

yospos

http://randomthoughts.greyhats.it/2015/01/osx-bluetooth-lpe.html

edit: and this is also pretty shameful https://www.sektioneins.de/en/blog/14-12-23-mach_port_kobject.html

read that first url as greyhatsh.it

* # ? Jan 12, 2015 23:28
  • Quote
Malloc Voidstar
May 7, 2007

Fuck the cowboys. Unf. Fuck em hard.
http://www.telegraph.co.uk/technolo...id-Cameron.html

David Cameron posted:

But the question remains: are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: ‘No we must not’.

* # ? Jan 12, 2015 23:28
  • Quote
Bloody
Mar 3, 2013

Aleksei Vasiliev posted:

http://www.telegraph.co.uk/technolo...id-Cameron.html

no they will not!

* # ? Jan 12, 2015 23:28
  • Quote
suffix
Jul 27, 2013

Wheeee!

triple sulk posted:



when world war the third begins and the nukes of war are let loose, i hope i learn about it from a screenshot of a tweet with the twitter egg avatar

* # ? Jan 12, 2015 23:47
  • Quote
suffix
Jul 27, 2013

Wheeee!
also a missed opportunity to get #cyberjihad trending

* # ? Jan 12, 2015 23:48
  • Quote
qntm
Jun 17, 2009

Aleksei Vasiliev posted:

http://www.telegraph.co.uk/technolo...id-Cameron.html

if only there was a word that meant "using fear to effect political change"

* # ? Jan 13, 2015 00:34
  • Quote
ultramiraculous
Nov 12, 2003

"No..."
Grimey Drawer

qntm posted:

if only there was a word that meant "using fear to effect political change"

fearism maybe?

* # ? Jan 13, 2015 00:36
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

ultramiraculous posted:

fearism maybe?

whooooosh

* # ? Jan 13, 2015 00:37
  • Quote
EMILY BLUNTS
Jan 1, 2005

 Ah, scareistics
that should work

* # ? Jan 13, 2015 00:58
  • Quote
Twenty-Seven
Jul 6, 2008

I'm so tired
scarrorism

* # ? Jan 13, 2015 01:13
  • Quote
CISADMIN PRIVILEGE
Aug 15, 2004

optimized multichannel
campaigns to drive
demand and increase
brand engagement
across web, mobile,
and social touchpoints,
bitch!
:yaycloud::smithcloud:

qntm posted:

if only there was a word that meant "using fear to effect political change"

i think the word you are seeking is republican

* # ? Jan 13, 2015 01:14
  • Quote
ultramiraculous
Nov 12, 2003

"No..."
Grimey Drawer

Captain Foo posted:

whooooosh

whooooosh

* # ? Jan 13, 2015 02:07
  • Quote
Adbot
ADBOT LOVES YOU

# ? Jun 5, 2024 21:23
  • Quote
Storysmith
Dec 31, 2006

 usability fuckup:
http://www.freeipa.org/page/Self-Service_Password_Reset

quote:

The FreeIPA project makes strong security standards and encryption available for regular users and environments, without a need to be a security expert to be able to configure and use it. This approach however requires all it's parts to maintain a certain level of security that users can trust to avoid undermining it's purpose. A system is as strong as it's weakest part and it was found that a self-service password reset service may indeed be the weak spot.

The most common approach to password self-service may be security questions (vulnerable to social engineering), reset by an e-mail (may be sent in plain text between mail servers) or others. Such approaches are vulnerable and can be abused. While they are fine for a low security system like a mailing list or a free mail service, we do not see it as secure enough for FreeIPA and we do not plan to include it in the core.

other possible weak spots they may have missed: users writing down their passwords because it's such a pain in the rear end to reset them if they forget them, users using weak passwords so that they'll remember them

* # ? Jan 13, 2015 02:23
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v10.1 (Hackers can turn your gas station into a bomb)
«232 »