|
still glad i paid for 1password
|
# ? Jun 10, 2016 19:10 |
|
|
# ? Jun 3, 2024 18:10 |
|
anthonypants posted:still glad i paid for 1password
|
# ? Jun 10, 2016 19:13 |
|
COACHS SPORT BAR posted:I'm the oddly disjointed 5 paragraphs of explanation about why this isn't a problem, followed by "OK fine we're using signatures and https now". he claims https is used for version checking but keepass.info still does not support https. i cbf looking into the source or w/e, but is the version checking now from a different domain, the same domain but somehow done in a bad but almost okay way with cert pinning or whatever, or from the same domain and not actually validating the lovely cert it serves? place your bets! more importantly (since falsely reporting a new version isn't really an issue on its own), when it thinks there is a new version, has it been fixed to take you straight to sourceforge, or is it still going to the easily hijackable keepass.info like i assume he still wants it to because he apparently serves ads? vote now on your phones!
|
# ? Jun 10, 2016 19:17 |
|
i can sort of understand the belief that it wasn't a critical problem because there's no auto-update feature, so all you can mitm is a fake "there's a new version" message, possibly wasting somebody's time while they go to download the new version and discover that they've been pranked the "we can't do it because of advertising revenue" response was the really loving bizarre and unsettling part. if they'd said "we're aware but because there's no auto-update this is a low-priority issue" then i imagine the response wouldn't have been nearly as strong
|
# ? Jun 10, 2016 19:20 |
|
one of my VMs got infected and brought into botnet somehow, anyone interested in files?
|
# ? Jun 10, 2016 19:21 |
|
Westie posted:one of my VMs got infected and brought into botnet somehow, anyone interested in files? mods please ban for
|
# ? Jun 10, 2016 19:21 |
|
|
# ? Jun 10, 2016 19:23 |
|
on the plus side only one VM was infected out of 10! which, is, well, a bonus
|
# ? Jun 10, 2016 19:24 |
|
Westie posted:one of my VMs got infected and brought into botnet somehow, anyone interested in files?
|
# ? Jun 10, 2016 19:25 |
|
i'm considering dropping keepass in favour of 1password or just outright writing my own keepass clone that uses its file format
|
# ? Jun 10, 2016 19:25 |
|
have you got your backer tiers sorted out before you go live?
|
# ? Jun 10, 2016 19:27 |
|
Wiggly Wayne DDS posted:have you got your backer tiers sorted out before you go live? $1 - you can poo poo on my kickstarter $10 - you can find out my phone number $100 - you can find out where i live $1000 - you can spend the night at my house $10000 - you can have the source code
|
# ? Jun 10, 2016 19:29 |
|
OSI bean dip posted:i'm considering dropping keepass in favour of 1password or just outright writing my own keepass clone that uses its file format
|
# ? Jun 10, 2016 19:29 |
|
Wiggly Wayne DDS posted:well which one then not too sure, i'll put it on virus total to see what shows, however, looking at the output of `ps faux` it looks like it's an exploit on ajenti i thought i had uninstalled that a loving decade ago
|
# ? Jun 10, 2016 19:29 |
|
i'll pledge a dollar to start the unfounded slanderous character assassination
|
# ? Jun 10, 2016 19:31 |
|
anthonypants posted:still glad i paid for 1password
|
# ? Jun 10, 2016 19:39 |
|
is 1password better than lastpass?
|
# ? Jun 10, 2016 19:49 |
|
faxlore posted:is 1password better than lastpass? i can poo poo on lastpass in detail again if you really want
|
# ? Jun 10, 2016 19:53 |
|
You can link me to a previous post, if you don't want to type it/copy paste it again.
|
# ? Jun 10, 2016 19:55 |
|
Wiggly Wayne DDS posted:breaches and vulnerabilities over years with no sign of change (up to dismissing public third party audits) anthonypants posted:also they're owned by logmein now, the company that bought hamachi back in the day
|
# ? Jun 10, 2016 20:02 |
|
faxlore posted:You can link me to a previous post, if you don't want to type it/copy paste it again.
|
# ? Jun 10, 2016 20:08 |
|
jony ive aces posted:he claims https is used for version checking but keepass.info still does not support https. i cbf looking into the source or w/e, but is the version checking now from a different domain, the same domain but somehow done in a bad but almost okay way with cert pinning or whatever, or from the same domain and not actually validating the lovely cert it serves? place your bets! 2.34 has not actually been released yet, but I'm going to have a look at the source as soon as it's available. I wouldn't be shocked if he's just hard-coding reliance on his lovely cert but we'll see
|
# ? Jun 10, 2016 20:13 |
|
1password is worth it
|
# ? Jun 10, 2016 20:24 |
|
so part of my company's audit or PCI compliance thing or something involves "at least two" developers being certified in "security best practices" for coding. being the only person who actually gives a gently caress i have been tasked with choosing which cert me and a couple other devs get. this seems super suspicious, i don't know why they aren't just saying "get one of these certs" and left it so open-ended, but whatever. what's the official yossec recommendation for quote "security for code" certifications?
|
# ? Jun 10, 2016 20:39 |
|
As someone who is not a coder, I'd take a look at the contributors to the OWASP Secure Coding Practices and asking what they have seen as most beneficial (e.g. where are they lifting their best material from) then go from there.
|
# ? Jun 10, 2016 20:43 |
|
https://twitter.com/deray/status/741355856420319233 https://twitter.com/deray/status/741358452895801344 Social engineering wins again
|
# ? Jun 10, 2016 21:02 |
|
Changing the SIM on an active account seems like one of those things that should be required to be done in-store
|
# ? Jun 10, 2016 21:15 |
|
yeah, how does that work? did they just read them an IMSI? wtf
|
# ? Jun 10, 2016 21:20 |
|
verizon are a bunch of idiots and my coworker had a similar thing happen to him three times in a week over the phone even after he requested they put a fraud alert on his account the first time. they are terrible.
|
# ? Jun 10, 2016 21:37 |
|
Daman posted:yeah, how does that work? did they just read them an IMSI? wtf
|
# ? Jun 10, 2016 21:40 |
|
wyoak posted:Changing the SIM on an active account seems like one of those things that should be required to be done in-store i read a story (might've been posted in here) by someone who got their phone number stolen by someone who just walked in with a fake ID
|
# ? Jun 10, 2016 21:43 |
|
wyoak posted:Changing the SIM on an active account seems like one of those things that should be required to be done in-store AT&T has repeatedly cut off service for the wrong phone when somebody in my family uses an upgrade.
|
# ? Jun 10, 2016 22:46 |
|
OSI bean dip posted:i'm considering dropping keepass in favour of 1password or just outright writing my own keepass clone that uses its file format why is there no talk of keepassx in this discussion? or is it just as bad or some such?
|
# ? Jun 10, 2016 22:57 |
|
https://www.infoq.com/news/2016/06/visual-cpp-telemetry quote:Reviewing Microsoft's Automatic Insertion of Telemetry into C++ Binaries
|
# ? Jun 10, 2016 23:02 |
|
|
# ? Jun 10, 2016 23:19 |
|
no no it's just to log events in case you *wanted* microsoft to help you fix broke dick poo poo and telemetry is just, like, a name, man
|
# ? Jun 11, 2016 00:00 |
|
1password is now $65 for just a license now, right? $65 and i get to use it on my windows box, mbpr, etc? If so, I'm going to just go with 1password vs keep rear end
|
# ? Jun 11, 2016 00:12 |
|
Phone posted:1password is now $65 for just a license now, right? coupon code MacPowerUsers gets it down to $52
|
# ? Jun 11, 2016 00:25 |
|
another 10bux for pro features on ios or android but they're mostly unnecessary
|
# ? Jun 11, 2016 00:29 |
|
|
# ? Jun 3, 2024 18:10 |
|
So what's the proper way to share a 1pass dB across windows and Mac? I am now computer illiterate but it seemed like more work than it should be.
|
# ? Jun 11, 2016 00:32 |