pr0zac posted:

@facebook it was 90% arguing with people about dumb edge cases around blocking logic and why profile pictures aren't considered private

@uber we just started the program so its tons of script kiddies running scans and letting us know we have an urgent SQLi in our joomla (we don't run joomla) but we're using hackerone so we get reputation for reporters and can block and rate limit people which should improve the signal/noise

the 5% of reports that are high quality make the programs invaluable though and large public facing companies that have the resources to start one but don't are real dumb (Apple)

Carbon dioxide posted:

"agressively vegan".

anthonypants posted:

finally, the long national nightmare of quicktime on windows is over http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/

Cocoa Crispies posted:

you can just say "big dumb idiot who has bad opinions on life"

moonshine is...... posted:

So apparently this is a thing https://deaddrops.com/ a friend of mine told me her techie friend is really into it. So that's fun.

moonshine is...... posted:

So apparently this is a thing https://deaddrops.com/ a friend of mine told me her techie friend is really into it. So that's fun.

moonshine is...... posted:

So apparently this is a thing https://deaddrops.com/ a friend of mine told me her techie friend is really into it. So that's fun.

Carbon dioxide posted:

Goddamn, I clicked that link expecting something interesting, and instead I get a guy who can't stop talking about how he is "agressively vegan". Please don't ever link to that crap again. Seriously, I somehow kept that vid going for 6 minutes without going mad and he's still going on about that and hasn't once mentioned the supposed topic of his talk.

moonshine is...... posted:

So apparently this is a thing https://deaddrops.com/ a friend of mine told me her techie friend is really into it. So that's fun.

anthonypants posted:

https://twitter.com/webster/status/720758545688477696

anthonypants posted:

https://twitter.com/webster/status/720758545688477696

anthonypants posted:

https://twitter.com/webster/status/720758545688477696

anthonypants posted:

https://twitter.com/webster/status/720758545688477696

Shaggar posted:

the government should not be allowed near computers

Bhodi posted:

or at least the cops who self-select for below-average intelligence

Midjack posted:

looks like a glory hole for your computer

Midjack posted:

looks like a glory hole for your computer

Trabisnikof posted:

one of the nearest ones to me is literally installed in a glory hole

computer toucher posted:

pr0zac posted:

I think im missing something

e: oh god dammit there's the pass's barcode

anthonypants posted:

apparently if you generated enough bit.ly urls you could get access to someone's onedrive until microsoft removed the feature http://www.wired.com/2016/04/researchers-cracked-microsoft-googles-shortened-urls-spy-people/

Midjack posted:

looks like a glory hole for your computer

DuckConference posted:

on gmail in iOS, you can't attach non-picture files to an email, you can only add them in google drive and make them viewable to anyone with the URL

Jabor posted:

if you figure out a way to figure out one of those urls without actually being given it, lmk

ErIog posted:

It's more that if they're sniffed then whoever sniffed it needs no other authentication to be able to view the picture. I noticed it a while ago, and I bet most hangout users don't know it behaves like that. Any picture you send over Hangouts to another user is public information.

It's super weird because it's clearly a violation of the expectation of privacy. Text sent to another person isn't public. Pictures are.

anthonypants posted:

https://twitter.com/webster/status/720758545688477696

quote:

Abstract
In December 2015, Juniper Networks announced that
unknown attackers had added unauthorized code to
ScreenOS, the operating system for their NetScreen VPN
routers. This code created two vulnerabilities: an authentication
bypass that enabled remote administrative access,
and a second vulnerability that allowed passive decryption
of VPN traffic. Reverse engineering of ScreenOS binaries
revealed that the first of these vulnerabilities was a conventional
back door in the SSH password checker. The
second is far more intriguing: a change to the Q parameter
used by the Dual EC pseudorandom number generator. It
is widely known [7, 33] that Dual EC has the unfortunate
property that an attacker with the ability to choose Q can,
from a small sample of the generator’s output, predict all
future outputs. In a 2013 public statement, Juniper noted
the use of Dual EC but claimed that ScreenOS included
countermeasures that neutralized this form of attack.
In this work, we report the results of a thorough independent
analysis of the ScreenOS randomness subsystem,
as well as its interaction with the IKE VPN key establishment
protocol. Due to apparent flaws in the code,
Juniper’s countermeasures against a Dual EC attack are
never executed. Moreover, by comparing sequential versions
of ScreenOS, we identify a cluster of additional
changes that were introduced concurrently with the inclusion
of Dual EC in a single 2008 release. Taken as a
whole, these changes render the ScreenOS system vulnerable
to passive exploitation by an attacker who selects
Q. We demonstrate this by installing our own parameters,
and showing that it is possible to passively decrypt
a single IKE handshake and its associated VPN traffic in
isolation without observing any other network traffic.

DuckConference posted:

on gmail in iOS, you can't attach non-picture files to an email, you can only add them in google drive and make them viewable to anyone with the URL

pretty annoying since I didn't want to share my credit card details with the world. of course I was already attaching them to an unencrypted email but I already accepted that fuckup

DuckConference posted:

on gmail in iOS, you can't attach non-picture files to an email, you can only add them in google drive and make them viewable to anyone with the URL

pretty annoying since I didn't want to share my credit card details with the world. of course I was already attaching them to an unencrypted email but I already accepted that fuckup

spankmeister posted:

depending on the mail server you are sending it to, the email can actually be encrypted in transit

not something you want to rely on though

Bhodi posted:

or at least the cops who self-select for below-average intelligence

DuckConference posted:

on gmail in iOS, you can't attach non-picture files to an email, you can only add them in google drive and make them viewable to anyone with the URL

pretty annoying since I didn't want to share my credit card details with the world. of course I was already attaching them to an unencrypted email but I already accepted that fuckup

Jabor posted:

...what?

if they can't see the text you've sent to the other person, how are they going to see the image?