|
I've been petitioning HR to change my title to Associate Systems Specialist or rear end.
|
# ? Nov 5, 2016 05:57 |
|
|
# ? May 10, 2024 00:56 |
|
cheese-cube posted:I've been petitioning HR to change my title to Associate Systems Specialist or rear end. I pitched Network Security and Audit, and made it pretty far up the chain until a VP sent me an email that said: quote:Nice try, but we're not going to let you call yourselves "NSA"
|
# ? Nov 5, 2016 06:03 |
|
My business cards list my job as ¯\_(ツ)_/¯
|
# ? Nov 5, 2016 06:04 |
|
flosofl posted:I pitched Network Security and Audit, and made it pretty far up the chain until a VP sent me an email that said: Go for communication resources protection office and then you can be creepo
|
# ? Nov 5, 2016 06:34 |
|
apseudonym posted:My business cards list my job as ¯\_(ツ)_/¯ This is a title I'd prefer.
|
# ? Nov 5, 2016 14:18 |
|
apseudonym posted:My business cards list my job as ¯\_(ツ)_/¯ I have mine as "Seņor Principal Oracle DBA".
|
# ? Nov 6, 2016 02:42 |
|
Oh neat there's an infosec thread. Currently freaking out about my impending CISSP debacle. Work is paying for it, but finance is v. bad at their jobs and has yet to actually send payment so while I'm technically registered for, and can attend the bootcamp on the 25th I can't get my exam voucher yet and now it's probably going to be like months between my camp and the exam. Working on OSCP in Q1 anyway, infinitely more interesting.
|
# ? Nov 6, 2016 03:23 |
|
did you tell them certs are a scam to take advantage of the corporate world and that they should just upgrade your salary instead vocabulary quizzes and typing exploit into meatsplot isn't worth ur time as a skilled engineer
|
# ? Nov 6, 2016 15:05 |
|
Fun excuse to not be at work for a week at a time so I'll take it. Unless it's this upcoming bootcamp which seems like it will be less fun than average.
|
# ? Nov 6, 2016 18:25 |
|
All employee at my work are probably going to get Yubikeys. Are they actually good?
|
# ? Nov 6, 2016 20:28 |
|
Xarn posted:All employee at my work are probably going to get Yubikeys. Are they actually good? Which Yubikey model, and what are you using them for? For basic U2F, they're nice little devices, but the Yubikey 4 recently moved most of their advanced crypto features to a closed source blob (was previously open source.) https://plus.google.com/+KonstantinRyabitsev/posts/4a7RNxtt7vy Whether or not that matters to you would depend on your uses for the device and your trust of closed source crypto.
|
# ? Nov 7, 2016 15:01 |
|
What's the Yubi story for the new Macs? Will they do some pass through thing so you can still charge your laptop? Maybe there's a TouchID U2F thing?
|
# ? Nov 7, 2016 15:32 |
|
Excuses but they at least did prepare a little bit: https://www.yubico.com/2016/07/yubikey-route-usb-c/
|
# ? Nov 7, 2016 17:32 |
|
Here comes the YOSPOS cross-post:BangersInMyKnickers posted:OKAY, SCHANNEL GPO UPDATE TIME I FINALLY STOPPED PUTTING IT OFF
|
# ? Nov 8, 2016 04:32 |
|
LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation.
|
# ? Nov 8, 2016 12:29 |
|
"Hi please check over these pentest results for your customer" *100 page PDF of port scans including public IP addresses that are nothing to do with this company, just happen to be on the same ISP. No executive summary, no conclusions drawn.*
|
# ? Nov 8, 2016 12:59 |
|
Thanks Ants posted:"Hi please check over these pentest results for your customer" Job's a good one!
|
# ? Nov 8, 2016 13:33 |
|
EssOEss posted:LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation. Another worthless hash-based p/w generator that forces you to remember hundreds of site-specific p/w rules and other configuration options to "save" you the effort of syncing a database file.
|
# ? Nov 8, 2016 15:57 |
|
BangersInMyKnickers posted:Here comes the YOSPOS cross-post: This was a good post there, and it's a good post here.
|
# ? Nov 8, 2016 15:59 |
|
EssOEss posted:LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation. What problem is that whole image thing supposed to solve? Why are people still using this piece of poo poo. Move to Keepass or 1Password, even.
|
# ? Nov 8, 2016 16:02 |
|
flosofl posted:What problem is that whole image thing supposed to solve? but then I have to waste time syncing files!!
|
# ? Nov 8, 2016 16:13 |
|
flosofl posted:What problem is that whole image thing supposed to solve? My only problem with 1Password is that its browser extension doesn't work with Iridium, at least with 1Password 6.
|
# ? Nov 8, 2016 16:20 |
|
EssOEss posted:LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation. I'd love to see what the LastPass apologists have to say about this. E: oi vey this is not what I thought I was reading Lain Iwakura fucked around with this message at 17:36 on Nov 8, 2016 |
# ? Nov 8, 2016 16:36 |
|
BangersInMyKnickers posted:There's character limits for the schannel GPO. I honestly don't think I knew this. What the poo poo, MS
|
# ? Nov 8, 2016 16:57 |
|
OSI bean dip posted:I'd love to see what the LastPass apologists have to say about this. what
|
# ? Nov 8, 2016 17:09 |
|
OSI bean dip posted:I'd love to see what the LastPass apologists have to say about this. It's nothing to do with them I don't think
|
# ? Nov 8, 2016 17:22 |
|
Rufus Ping posted:It's nothing to do with them I don't think Proteus Jones fucked around with this message at 17:40 on Nov 8, 2016 |
# ? Nov 8, 2016 17:25 |
|
I'm also confused about purpose of those glyphs, but also about calling lastpass "hash-based password generator".
|
# ? Nov 8, 2016 17:30 |
|
CLAM DOWN posted:I honestly don't think I knew this. What the poo poo, MS So long as you don't go crazy on the DSA and DHE ciphers you won't run in to it. But yeah, 1023 characters and you're done. Win10 really helps keep it down by splitting curve preference in to its own gpo instead of needing to declare every single curve you want to use with each EC cipher. I'm sure they made the limit before EC was on the radar and 1023 characters is enough for anyone.
|
# ? Nov 8, 2016 17:32 |
|
flosofl posted:Nothing to do with the apologists or nothing to do with Lastpass? Because it has everything to do with Lastpass. It's Lastpass that's generating those glyphs, and it's Lastpass that's being shown in the screenshot on that site. Infosec Thread: DON'T ROLL YOUR OWN STRCMP()
|
# ? Nov 8, 2016 17:33 |
|
Is LessPass and LastPass the same thing?
|
# ? Nov 8, 2016 17:33 |
|
Rufus Ping posted:It's nothing to do with them I don't think It doesn't. I am just being dumb here reading stuff before I am even awake.
|
# ? Nov 8, 2016 17:37 |
|
NFX posted:Is LessPass and LastPass the same thing?
|
# ? Nov 8, 2016 17:38 |
|
NFX posted:Is LessPass and LastPass the same thing? Oh for fucks sake. I can't read. I got gotten.
|
# ? Nov 8, 2016 17:40 |
|
This is why I only use AssPass, the only service where you snapchat a picture of your rear end to a professional who will then look up your password in a pile of post-it notes.
|
# ? Nov 8, 2016 17:41 |
|
Forgall posted:I'm also confused about purpose of those glyphs, but also about calling lastpass "hash-based password generator". "Most of our clientele are compulsive gamblers, and it looks like a cool slot machine. Really communicates that Web 2.0 feel to have our web app respond dynamically to user input! Way to grow the brand!"
|
# ? Nov 8, 2016 17:52 |
|
NFX posted:Is LessPass and LastPass the same thing? No, they're completely different. LastPass is a conventional password manager which lets you define passwords and encrypts them behind a master key. It's had some serious problems in its implementation, but there's nothing special about its theory of operation. LessPass is basically hash(domain + username + masterPassword). People come up with this idea every once in a while because it "solves" a lot of known problems with traditional password managers, and they're not experienced or careful enough to see the new, bigger problems it introduces. The weird glyphs are a mnemonic device to validate your password. LessPass doesn't ever give you a "your password was wrong" prompt - a different master password is just a different input to the hash function and gives you a different output. So, they give you a different hash function with a limited output set and map it to some icons, and you remember that your password confirmation is "blue building orange heart black car" or whatever. If you don't see those icons then you know your password is wrong. Of course, that's an information leak. Especially when you provide confirmation for each character as it's entered, which makes it trivial to break by hand. But what else would you expect from a password manager which doesn't ever let you change your password?
|
# ? Nov 8, 2016 17:53 |
|
Wiggly Wayne DDS posted:If your password manager, by default, has an unencrypted key stored (dOTP) that can be used to authenticate, obtain the encrypted vault key, decrypt the vault key, bypass IP restrictions, bypass 2FA and relies on local storage being impenetrable then you've got a bit of a design flaw. We've seen the damage in the past when Lastpass had an XSS problem that let an attacker grab any plaintext passwords from a vault silently. You're not storing your vault on a single system by virtue of using Lastpass so that is not the only possible angle of attack, and based on prior issues I can't comfortably advise people to use it for secure password storage. Especially given their response to the issues presented. NFX posted:Is LessPass and LastPass the same thing?
|
# ? Nov 8, 2016 17:55 |
|
Space Gopher posted:No, they're completely different. How does the by-hand attack work when the glyphs update for every entered character? I'm not questioning that it works I would just like to understand it as a means of further insight into the problem.
|
# ? Nov 9, 2016 02:40 |
|
|
# ? May 10, 2024 00:56 |
|
andrew smash posted:How does the by-hand attack work when the glyphs update for every entered character? I'm not questioning that it works I would just like to understand it as a means of further insight into the problem. You look at the glyphs for the first character, and you try all the possible letters, numbers, etc. until you get the same set of glyphs. Now that you know the first character, you look at the second set of glyphs, and you try all the possible letters, numbers, etc. until you get the same set of glyphs. Now that you know the first two characters, you look at the third set of glyphs...
|
# ? Nov 9, 2016 02:46 |