Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v12.2 - you have slammed your dick in the car door
«366 »
 
  • Locked thread
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender


code:
PATCH NOTES FOR 12.0
* A whole new version to reflect the ever-changing threat landscape
* Official HTTPS support--it only took Lowtax like a decade to get it to work properly

PATCH NOTES FOR 11.4
* Added details at end of OP for why the thread is called "You're busted, dude"

PATCH NOTES FOR 11.3
* POP POP of unsigned ints

PATCH NOTES FOR 11.0
* new version with less bloat
* all anime removed and hopefully forever

PATCH NOTES FOR v10.1
* no patch notes required

PATCH NOTES FOR v10.0

* decided that 8 and 9 were bad numbers and skipping to '10' would make us look cooler.
* js crypto added in for the sake of an internet argument

PATCH NOTES FOR v7.69

* Added 1.2 billion passwords from Russian hacker forums

PATCH NOTES FOR v7.2 "BoringSFM"

* The name is aspirational and not yet a promise

PATCH NOTES FOR V1.0.1g

* changed version number

PATCH NOTES FOR V0.9.8

* once again removed LF and Fishmech corruption from the last thread
* added a new feature that enables the mods/admins to go ahead and probate/ban as necessary if LF'n poo poo happens
* added heartbeat feature to non-existent SSL layer on the forums

PATCH NOTES FOR V69

* removed LF and Fishmech corruption from last thread
* new "hello" service for conference attendees
* blocking of js crypto through message relay services like twitter

PATCH NOTES FOR V1.2

* made more efficient for version 1.2 after having removed fishmeching and talk about credit card contracts

PATCH NOTES FOR V1.1

* don't loving use any of these goddamn exploits you dumbshits


join us on irc: irc.synirc.net #yossec

useful news resource for information security professionals: http://reddit.com/r/netsec/

here are some old threads that haven't been archived:

Security Fuckup Megathread - v11.4 - who u gonna snitch to pussy bitch gently caress u (apr 2015-apr 2016)
Security Fuckup Megathread - v10.1 (Hackers can turn your gas station into a bomb) (nov 2014-apr 2015)
Security Fuckup Megathread - v7.69 (stay safe security ghost) (aug-nov 2014)
Security Fuckup Megathread - v7.2 "BoringSFM" (jun-aug 2014)

Alereon posted:

seriously though people dont post anything that would allow a lurker from gbs to gently caress with anything

Lain Iwakura fucked around with this message at 15:43 on Nov 3, 2016

* # ? Apr 8, 2016 19:12
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 2, 2024 01:39
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
first post to hold stuff for later

* # ? Apr 8, 2016 19:12
  • Quote
Squeezy Farm
Jun 16, 2009
 Epic! Here's to another year! :cheers:

* # ? Apr 8, 2016 19:14
  • Quote
neutral milf hotel
Oct 9, 2001

by Fluffdaddy
:nsa::respek::nsa:

* # ? Apr 8, 2016 19:15
  • Quote
spankmeister
Jun 15, 2008






 0floor

* # ? Apr 8, 2016 19:17
  • Quote
pr0zac
Jan 18, 2004

~*lukecagefan69*~


Pillbug
posting on the first page cause thats important

* # ? Apr 8, 2016 19:17
  • Quote
cinci zoo sniper
Mar 15, 2013
0day posting

* # ? Apr 8, 2016 19:17
  • Quote
jre
Sep 2, 2011

To the cloud ?

Bangersinmyknickers" posted:

jre is such poo poo

Hey gently caress you :argh:

* # ? Apr 8, 2016 19:18
  • Quote
FlapYoJacks
Feb 12, 2009
 Sup, SELinux still good and cool.

* # ? Apr 8, 2016 19:19
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

 Root of thread trust chain posting

* # ? Apr 8, 2016 19:19
  • Quote
neutral milf hotel
Oct 9, 2001

by Fluffdaddy

Captain Foo posted:

Root of thread trust chain posting

looks like we found the first vulnerability of this thread lol

* # ? Apr 8, 2016 19:20
  • Quote
ate shit on live tv
Feb 15, 2004

by Azathoth
What is the public PGP key of this thread so I know I'm getting an authenticated yospos security fuckup experience?

* # ? Apr 8, 2016 19:21
  • Quote
graph
Nov 22, 2006

aaag peanuts

* # ? Apr 8, 2016 19:21
  • Quote
neutral milf hotel
Oct 9, 2001

by Fluffdaddy

Powercrazy posted:

What is the public PGP key of this thread so I know I'm getting an authenticated yospos security fuckup experience?

FCKGW

* # ? Apr 8, 2016 19:21
  • Quote
triple sulk
Sep 17, 2014



 ground floor

* # ? Apr 8, 2016 19:22
  • Quote
Methanar
Sep 26, 2013

by the sex ghost
MD5 hash your OP

31badc4023d67bf53111ec783291661f

Methanar fucked around with this message at 19:32 on Apr 8, 2016

* # ? Apr 8, 2016 19:22
  • Quote
Clockwerk
Apr 6, 2005


 0-day floor

* # ? Apr 8, 2016 19:22
  • Quote
FlapYoJacks
Feb 12, 2009
 Is there a SHA256 sum of this thread? I could only find a md5sum.

* # ? Apr 8, 2016 19:23
  • Quote
Blinkz0rz
May 27, 2001

MY CONTEMPT FOR MY OWN EMPLOYEES IS ONLY MATCHED BY MY LOVE FOR TOM BRADY'S SWEATY MAGA BALLS

kalstrams posted:

0day posting
* # ? Apr 8, 2016 19:23
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

BeOSPOS posted:

looks like we found the first vulnerability of this thread lol

lol

* # ? Apr 8, 2016 19:24
  • Quote
maniacdevnull
Apr 18, 2007

FOUR CUBIC FRAMES
DISPROVES SOFT G GOD
YOU ARE EDUCATED STUPID

 0-day Hussein

* # ? Apr 8, 2016 19:25
  • Quote
Migishu
Oct 22, 2005

I'll eat your fucking eyeballs if you're not careful

Grimey Drawer
loading 0day hacking tools

* # ? Apr 8, 2016 19:29
  • Quote
Subjunctive
Sep 12, 2006

✨sparkle and shine✨

 what a bunch of loving nerds

* # ? Apr 8, 2016 19:31
  • Quote
anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum
here is a security fuckup for the new thread:

at my last job, they used solarwinds and most of the stuff piped logs to some server that it monitored. their "ids" solution was a script that checked logs for false ssh entries, and on the 100th hit, it would send a ticket to the noc. the noc was responsible for pulling that ip address, going back into solarwinds to make sure that they were really an active threat, and not some guy who only made two or three invalid attempts in the past hour, and then fed that ip address into another script that null routed that ip to some of the routers. this script was very old and did not affect the routers for the somewhat newer pci/compliance environment.

oh, and solarwinds was helpful in pulling the ptr for ip addresses that had one, and if you had a domain name that didn't have an a record, it couldn't get added to the null route table

anthonypants fucked around with this message at 19:34 on Apr 8, 2016

* # ? Apr 8, 2016 19:31
  • Quote
jony ive aces
Jun 14, 2012

designer of the lomarf car


Buglord
0day posting in a new thread that gives me an excuse to write off the thousands of unread posts in the old one

* # ? Apr 8, 2016 19:31
  • Quote
Truga
May 4, 2014
Lipstick Apathy

OSI bean dip posted:

code:
PATCH NOTES FOR 12.0
* Official HTTPS support--it only took Lowtax like a decade to get it to work properly

Finally, :nsa: can't read my shitposts as they fly through the tubes

Or can they? :nsavince:

* # ? Apr 8, 2016 19:34
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
if you guys want me to put images or highlights from previous threads, just share them and i'll put them into the second post or some poo poo

* # ? Apr 8, 2016 19:34
  • Quote
spankmeister
Jun 15, 2008






 i put forth a proposal for a new gang tag for the thread:
* # ? Apr 8, 2016 19:36
  • Quote
Segmentation Fault
Jun 7, 2012
 You're busted dude is definitely necessary

also all the times tavis ormandy caught AV firms royally loving up

* # ? Apr 8, 2016 19:37
  • Quote
Shame Boy
Mar 2, 2010

graph posted:



heh

* # ? Apr 8, 2016 19:37
  • Quote
Su-Su-Sudoko
Oct 25, 2007

what stands in the way becomes the way

 grnd floor

spankmeister posted:

i put forth a proposal for a new gang tag for the thread:
* # ? Apr 8, 2016 19:37
  • Quote
Chris Knight
Jun 5, 2002

me @ ur posts


Fun Shoe

quote:

Java keystores are dumb as gently caress and slow to load. Just include the files.
Whack for my Larry-o
There's a keystore in the JAR-o

* # ? Apr 8, 2016 19:39
  • Quote
jony ive aces
Jun 14, 2012

designer of the lomarf car


Buglord

OSI bean dip posted:

caro is alive :eyepop:

* # ? Apr 8, 2016 19:39
  • Quote
Wiggly Wayne DDS
Sep 11, 2010

OSI bean dip posted:

if you guys want me to put images or highlights from previous threads, just share them and i'll put them into the second post or some poo poo
all of it

* # ? Apr 8, 2016 19:39
  • Quote
Shame Boy
Mar 2, 2010

anthonypants posted:

here is a security fuckup for the new thread:

at my last job, they used solarwinds and most of the stuff piped logs to some server that it monitored. their "ids" solution was a script that checked logs for false ssh entries, and on the 100th hit, it would send a ticket to the noc. the noc was responsible for pulling that ip address, going back into solarwinds to make sure that they were really an active threat, and not some guy who only made two or three invalid attempts in the past hour, and then fed that ip address into another script that null routed that ip to some of the routers. this script was very old and did not affect the routers for the somewhat newer pci/compliance environment.

oh, and solarwinds was helpful in pulling the ptr for ip addresses that had one, and if you had a domain name that didn't have an a record, it couldn't get added to the null route table

lol 100 hits, i've seen bots get bored and give up before that

* # ? Apr 8, 2016 19:44
  • Quote
Kashuno
Oct 9, 2012

Where the hell is my SWORD?
Grimey Drawer
cool and good in on the ground floor this time

* # ? Apr 8, 2016 19:44
  • Quote
anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

Parallel Paraplegic posted:

lol 100 hits, i've seen bots get bored and give up before that
the pci environment had different reporting and in there it was usually around three at a time but from like 50 different ips. that report was actually a solarwinds-generated pdf and was even worse to comb through

also i should be more clear that it wasn't 100 hits from the same ip, it was every 100 hits. no one had a problem with this

* # ? Apr 8, 2016 19:49
  • Quote
Sharktopus
Aug 9, 2006

 high quality op, op

* # ? Apr 8, 2016 19:51
  • Quote
Shame Boy
Mar 2, 2010

anthonypants posted:

the pci environment had different reporting and in there it was usually around three at a time but from like 50 different ips. that report was actually a solarwinds-generated pdf and was even worse to comb through

also i should be more clear that it wasn't 100 hits from the same ip, it was every 100 hits. no one had a problem with this

wait what, it would just flag every 100th failed login?

* # ? Apr 8, 2016 19:53
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 2, 2024 01:39
  • Quote
hackbunny
Jul 22, 2007

I haven't been on SA for years but the person who gave me my previous av as a joke felt guilty for doing so and decided to get me a non-shitty av
lol at https://gifs.are.theworst.technology/

* # ? Apr 8, 2016 19:58
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v12.2 - you have slammed your dick in the car door
«366 »