|
anthonypants posted:are people assuming that's a password or did someone actually verify that. because people butt-dial on twitter all the time Usually that'll be in the form of predictive text nonsense though
|
#
?
Jan 26, 2017 19:52
|
|
|
|
| # ? May 17, 2024 16:07 |
|
|
anthonypants posted:are people assuming that's a password or did someone actually verify that. because people butt-dial on twitter all the time
|
|
#
?
Jan 26, 2017 19:56
|
|
|
hunter2
|
|
#
?
Jan 26, 2017 20:02
|
|
|
uh ignore that last message
|
|
#
?
Jan 26, 2017 20:02
|
|
|
why, it only comes up as ******* for me
|
|
#
?
Jan 26, 2017 20:04
|
|
|
Hunter2! e: https://twitter.com/leahmcelrath/status/824678929214636033?ref_src=twsrc%5Etfw
|
|
#
?
Jan 26, 2017 20:06
|
|
|
Phone posted:Hunter2! shoulda waited a couple more days w disclosure to make it more embarrasing but i guess twitter fame
|
|
#
?
Jan 26, 2017 20:21
|
|
|
a non-it person has had the built-in domain\administrator account credentials and used it to have that user logged on to a couple of workstations to pilot some new software that we're migrating to and i just found out about it. apparently my boss didn't think it was that big a deal, but we've had people from this company remote into these machines and do ~whatever~ and who knows what they've actually done. gonna bring this lil incident up to my boss's boss because this is insanely stupid
|
|
#
?
Jan 26, 2017 21:03
|
|
|
the NSA did nothing wrong spying on foreigns that's its job
|
|
#
?
Jan 26, 2017 21:25
|
|
|
http://www.zdnet.com/article/breach-site-leakedsource-raided-by-feds/quote:Breach site LeakedSource apparently raided by feds
|
|
#
?
Jan 26, 2017 21:52
|
|
|
atomicthumbs posted:i've run into garbage-tier craptops from major brands with celerons, windows 10, and 32gb emmc for storage lucky them, they are immune to viruses
|
|
#
?
Jan 26, 2017 22:18
|
|
|
this seems way more likely https://twitter.com/InspectorFletch/status/824642305487302656
|
|
#
?
Jan 26, 2017 22:25
|
|
|
when the hell did twitter support text->tweet and why the gently caress are those accounts using it
|
|
#
?
Jan 26, 2017 22:29
|
|
|
Wiggly Wayne DDS posted:when the hell did twitter support text->tweet and why the gently caress are those accounts using it since dumb phones were a thing and because 60 year old guys and tech.
|
|
#
?
Jan 26, 2017 22:34
|
|
|
Wiggly Wayne DDS posted:when the hell did twitter support text->tweet and why the gently caress are those accounts using it Why, exactly, do you think that the max tweet length is the same size as an SMS message?
|
|
#
?
Jan 26, 2017 22:35
|
|
|
Wiggly Wayne DDS posted:when the hell did twitter support text->tweet and why the gently caress are those accounts using it twitter originally was conceived as an sms-based service hence its limit on characters
|
|
#
?
Jan 26, 2017 22:37
|
|
|
OSI bean dip posted:twitter originally was conceived as an sms-based service hence its limit on characters it's also why a tweet of "m afreak you stink real bad" generates a DM
|
|
#
?
Jan 26, 2017 22:44
|
|
|
Volmarias posted:Why, exactly, do you think that the max tweet length is the same size as an SMS message? OSI bean dip posted:twitter originally was conceived as an sms-based service hence its limit on characters
|
|
#
?
Jan 26, 2017 22:46
|
|
|
Volmarias posted:Why, exactly, do you think that the max tweet length is the same size as an SMS message?
|
|
#
?
Jan 26, 2017 23:00
|
|
|
Wiggly Wayne DDS posted:
why wouldn't they keep them up. they're paying for a shortcode ( 40404 ) after all tumblr still lets you make posts by calling them at 1-866-584-6757 (it makes it an audio post) and that's way more complicated
|
|
#
?
Jan 26, 2017 23:30
|
|
|
new root ca: https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
|
|
#
?
Jan 26, 2017 23:50
|
|
|
pixaal posted:Ticket phone call email all came in at the same time.
|
|
#
?
Jan 27, 2017 00:51
|
|
|
|
|
#
?
Jan 27, 2017 01:09
|
|
|
anthonypants posted:SMS is 160, tweets are 140. 15 characters for username, plus certain special "control" characters at the beginning of messages like for dms, etc This is implementation dependent SMS* supports 140 bytes. 160 chars is possible, but you have to encode as 7-bit chars to do so.
|
|
#
?
Jan 27, 2017 11:22
|
|
|
huh. just today I looked in my spam folder and found a long forgotten sign-up confirmation e-mail from them. clicked the link and the site was down. I open the secfuck thread and welp
|
|
#
?
Jan 27, 2017 16:51
|
|
|
https://twitter.com/gcluley/status/824972776675082245 clueless
|
|
#
?
Jan 27, 2017 20:27
|
|
|
have there been any reports of malware taking advantage of av vulnerabilities?
|
|
#
?
Jan 27, 2017 20:52
|
|
|
redleader posted:have there been any reports of malware taking advantage of av vulnerabilities? does it matter? https://www.zerodium.com/program.html quote:Others / Techniques people will pay for them
|
|
#
?
Jan 27, 2017 21:02
|
|
|
it may not be worth it to count on a specific av program unless youre going for a specific target i mean, youre limiting your attack surface if there are zero-days in the OS the av runs on, and probably the top 5 browsers all have bigger marketshare than any given av product too
|
|
#
?
Jan 27, 2017 21:06
|
|
|
Powaqoatse posted:it may not be worth it to count on a specific av program unless youre going for a specific target You exploit the AV because you can? No one goes "oh I have an rce but not use it because it's not popular enough." Besides AV vulns often give you system access because AV vendors are so bad
|
|
#
?
Jan 27, 2017 21:08
|
|
|
My favorite one is where the researcher tried to send the poc to the AV company, but their own corporate AV email system just happily executed the poc and never delivered the email. Edit it was Tavis of course: quote:Project Member Comment 1 by taviso@google.com, May 15 2016 https://bugs.chromium.org/p/project-zero/issues/detail?id=820 Trabisnikof fucked around with this message at 21:13 on Jan 27, 2017 |
|
#
?
Jan 27, 2017 21:10
|
|
|
redleader posted:have there been any reports of malware taking advantage of av vulnerabilities? I've heard rumblings. AV and security products make great targets because they're highly privileged low quality code. They're absolutely perfect targets if you're doing something targeted and want to be sneaky. If I wanted to get on your network all sneaky like I'd go for security boxes you've got (firewalls, AV boxes, MitM boxes, etc) first.
|
|
#
?
Jan 27, 2017 21:23
|
|
|
apseudonym posted:I've heard rumblings. yea thats what i mean since theres basically holes in everything all the time, its better ROI for blackhats to keep av holes secret & sell/use on specific targets to keep them low-key idk i might just be thinking wrong
|
|
#
?
Jan 27, 2017 21:26
|
|
|
nah, you're right hijacking a browser or the iot poo poo is great and all, but there's a lot of things they can't do. obviously you don't bother attacking av when making your kickass anime botnet because the potential amount of targets is an order of magnitude smaller but if you're going to do espionage, sabotage, that sort of poo poo, figuring out what av your target office uses (often just telneting to their mail server and sending to a bogus address will send you a reply with SCANNED BY OUR SUPERSCANNER 9000) and attacking that is probably one of the better courses of action, because 2 posts up
|
|
#
?
Jan 27, 2017 21:39
|
|
|
well put 
|
|
#
?
Jan 27, 2017 21:43
|
|
|
I doubt AV RCEs are going to be a serious risk for home/personal computers. There's enough fragmentation in the market that you're not going to get consistent payload deployment like going after the OS/browser/plugin trifecta and releasing an exploit through spam or ad channels is going to get it picked up on by the vendors quickly and a hotfix is going to get thrown in to their update channel and distributed to virtually all the endpoints inside a day or two. That's a whole lot of effort developing the payload for an RCE only to immediately bring yourself under heavy scrutiny and have your ingress cut off and your payload wiped in the next definition push. Government and corps should definitely be concerned since it will be worth the attacker's effort and the limiting targeting means you're more likely to go completely unnoticed and keep a permanent presence on their network.
|
|
#
?
Jan 27, 2017 22:02
|
|
|
I need the ability for one person in my company to send PII outside the organization. Right now she encrypts an archive, sends as an email attachment, and calls the other person with the archive password. Other orgs send her encrypted attachments through an external exchange--are any of these not awful? What service should we use? Bonus if it integrates with Office 365 / Outlook somehow for these people. Hed fucked around with this message at 22:15 on Jan 27, 2017 |
|
#
?
Jan 27, 2017 22:06
|
|
|
it doesn't matter if it is fragmented: the problem with av isn't really that the problem is that the methodology of preventing malware from executing worked great back in 1995 when at worst you could get infected by a floppy diskette once the internet became a mainstream thing and e-mail proliferated, the idea of having someone going through each sample and coming up with a signature was over. it was manageable for a long time only because the internet had yet to become something we need but the writing on the wall was there with the iloveyou virus back in mid-2000 the av industry's solution to this problem is to just add more "value" and rebrand themselves as endpoint solutions. this has resulted in them adding holes to their garbage and demonstrates an overall sloppiness in their approach av is dead because it's worthless; install windows 10 and use the av that it comes with or use a mac
|
|
#
?
Jan 27, 2017 22:08
|
|
|
I'm not disagreeing that the overall effectiveness is minimal these days (though I'm agreeing with shaggar that its still shooting down lowhanging fruit that could have caused problems). I do question how much of a realistic risk is poses to a home user verses a business and think folks here need to rethink the risk profile. Some of the vendors do things beyond what defender does like tracking botnet and malicious ad channel domains and IPs and killing the connection regardless of content. If MS moved the smartscreen up in to defender or as another OS component then the 3rd party AV market has nothing left of value in to me.
|
|
#
?
Jan 27, 2017 22:20
|
|
|
|
| # ? May 17, 2024 16:07 |
|
|
Hed posted:I need the ability for one person in my company to send PII outside the organization. Right now she encrypts an archive, sends as an email attachment, and calls the other person with the archive password. Other orgs send her encrypted attachments through an external exchange--are any of these not awful? send the PII via rfc1097 & go all manchurian candidate
|
|
#
?
Jan 27, 2017 22:25
|
|