|
fishmech posted:It's pretty weird how mad you are where other people's ui elements are located ? no mad, just kinda perplexed that someone is angry that they can't sacrifice their security in exchange for trivial ui changes anymore.
|
# ? Feb 7, 2017 15:34 |
|
|
# ? May 17, 2024 23:25 |
|
cheese-cube posted:NPAPI support : firefox :: register_globals : PHP don't think this is about npapi support, but rather the extensions based on the xul/xpcom framework, basically the same customization level that turned the same base application into both firefox and thunderbird with just different xml/javascript tossed in going to webextensions, same relatively weaksauce thing that chrome and edge uses. no doubt way safer and easier to maintain, but the possiblities are also certainly not as many
|
# ? Feb 7, 2017 15:35 |
|
cheese-cube posted:NPAPI support : firefox :: register_globals : PHP microsd cards are the densest, let's assume he's using 128GB, 256 is too new 50TB/128GB =390.625 a microsd card is 1mm so that 39cm or 15.4in if you can get 2 stacks side by side thats 7.7in up your butt
|
# ? Feb 7, 2017 15:37 |
that twitter account
|
|
# ? Feb 7, 2017 15:38 |
|
Cybernetic Vermin posted:don't think this is about npapi support, but rather the extensions based on the xul/xpcom framework, basically the same customization level that turned the same base application into both firefox and thunderbird with just different xml/javascript tossed in so there's an API which has the same functionality as NPAPI but is less of a dumpster-fire sec wise compared to NPAPI?
|
# ? Feb 7, 2017 15:39 |
|
cheese-cube posted:NPAPI support : firefox :: register_globals : PHP nobody is bothered by NPAPI being gone, it's never worked in 64bit firefox anyway people are bothered with the webextensions framework being a shitshow, though at least they seem to be working hard on extending it finally hopefully they'll have most of the functionality down by the time they force xul off for everyone e;fb and no, it's nothing like npapi at all.
|
# ? Feb 7, 2017 15:39 |
|
ah i see. thanks for the info. everyone pls ignore my posts, im wrong again!
|
# ? Feb 7, 2017 15:44 |
|
Cybernetic Vermin posted:don't think this is about npapi support, but rather the extensions based on the xul/xpcom framework, basically the same customization level that turned the same base application into both firefox and thunderbird with just different xml/javascript tossed in gently caress xul/xpcom extensions. yes, they can do anything. they can completely rewrite the functionality of the application. it's a really bad way of doing things, and xul so bad that it's bad even for legit use nothing against xpcom and xpconnect though. love those guys
|
# ? Feb 7, 2017 15:51 |
|
yeah, I'm not going to defend xul in any way because it's a gigantic mess, and i purposefully avoided writing poo poo in it even though i've used firefox since the first beta releases. writing applications with xml ughhhh but webextensions right now can't replace quite a bit of things xul extensions do for firefox. webextensions is very good though and mozilla has been working hard on extending it to the point where it'll hopefully do most of the things xul does now. there's some things that won't ever be possible I'm sure, but I don't know any extensions that would need more than webextensions is theoretically capable of providing plus, it's more secure, since it runs inside the browser sandbox afaik. if you install a malicious firefox extension it probably can do some real damage right now
|
# ? Feb 7, 2017 16:03 |
|
Perplx posted:microsd cards are the densest, let's assume he's using 128GB, 256 is too new it's physically possible
|
# ? Feb 7, 2017 16:21 |
|
a bunch has gotta be text files full of repetitive log data so it probably compresses down to something more manageable anyway
|
# ? Feb 7, 2017 16:28 |
|
i'd aay we're back at option one: the contractor was just given a fuckton of data which was then placed on a network outside of the NSA. if we use occams razor then for once"1000 thumb(drives) in the butt" is less realistic.
|
# ? Feb 7, 2017 16:34 |
|
not mutually exclusive. how was the contractor given this data? maybe through butt drives
|
# ? Feb 7, 2017 16:37 |
|
we just don't have enough information to rule out butt data at this point
|
# ? Feb 7, 2017 16:38 |
|
gonna be a lot of bits when that condom ruptures
|
# ? Feb 7, 2017 16:38 |
|
with all the leaked Snowden docs it was proved the NSA even has a term for this: AnEx (Anal Exfiltration)
|
# ? Feb 7, 2017 16:40 |
|
power botton posted:maybe through butt drives universal serial butt
|
# ? Feb 7, 2017 16:40 |
|
Meat Beat Agent posted:universal serial butt
|
# ? Feb 7, 2017 16:44 |
|
Meat Beat Agent posted:universal serial butt
|
# ? Feb 7, 2017 16:47 |
|
Meat Beat Agent posted:universal serial butt
|
# ? Feb 7, 2017 16:52 |
|
Meat Beat Agent posted:universal serial butt
|
# ? Feb 7, 2017 16:53 |
|
i asked my colleague who worked at raytheon / DSIA "DID THE NSA EVER IMPLEMENT A BUTT TRANSFER PROTOCOL FOR CONTRACTORS?" and he says "It was one of their more successful implementations" case closed
|
# ? Feb 7, 2017 17:04 |
|
lol. steam is so bad ever since they moved to slowkit.
|
# ? Feb 7, 2017 17:11 |
|
i'm inclined to say "lol if your 'app' is just a browser backed by a bunch of websites" but isn't that the folly of everything these days?
|
# ? Feb 7, 2017 17:14 |
|
cheese-cube posted:NPAPI support : firefox :: register_globals : PHP npapi support is already dropped in 64 bit firefox for everything but flash, also, extensions arent implemented through the npapi
|
# ? Feb 7, 2017 17:20 |
|
yeah i know that now. i'm an idiot
|
# ? Feb 7, 2017 17:20 |
|
Here's my sec gently caress for the year. Had an employee leave us a few months ago who was doing work at a national lab. Guess he thought the best way to handle chain of custody for his computer my group owns was to leave it in an unused cube in a public space and write a username/password on a whiteboard next to it (which gives full access to the lab's network) and "This is DrPossum's computer now" (I'm not even his supervisor or have anything to do with ownership) I learned of this by email from a rando grad student at the lab asking if he could use it. DrPossum fucked around with this message at 17:30 on Feb 7, 2017 |
# ? Feb 7, 2017 17:27 |
|
well could he use it?
|
# ? Feb 7, 2017 17:32 |
|
Wiggly Wayne DDS posted:well could he use it? Holy poo poo i'm so livid right now. Everyone involved with this did not pay attention to the required idiot baby computer security training to work there and my loving name is one a loving whitebaord with it
|
# ? Feb 7, 2017 17:36 |
|
oh wow lol
|
# ? Feb 7, 2017 17:38 |
|
DrPossum posted:Here's my sec gently caress for the year. Had an employee leave us a few months ago who was doing work at a national lab. Guess he thought the best way to handle chain of custody for his computer my group owns was to leave it in an unused cube in a public space and write a username/password on a whiteboard next to it (which gives full access to the lab's network) and "This is DrPossum's computer now" (I'm not even his supervisor or have anything to do with ownership) yeah same but it's a drilling drig and the laptop belongs to the senior drilling supervisor and he leaves it unlocked all the time and the offices well there aren't really any locked offices on a rig and often they're unoccupied and there's no CCTV and he has passwords for his laptop, personal laptop, FB and personal e-mail on post-its around the desk. also there's an unsecured network on the vessel for wired and wireless acess with no 802.1x on the wired and just PSK for wireless (codes written on whiteboard in SDSV office).sure that net doesn't touch client network and has service-provider break-out to the internet instead of hitting the MPLS but lol there's some very "loose" ACLs on the ASA in front of the VSAT and you could quite easily traverse back to shore. also it's the same poo poo in the geo office and the completions office. i forgot what my point was but lol there's no sec offshore edit: lol i forgot there's a port in the medic's office that has port sec disabled because it needs some life-saving device plugged-in but lol if you want to hook up just un-plug the super life saving device no one cares. Pile Of Garbage fucked around with this message at 17:50 on Feb 7, 2017 |
# ? Feb 7, 2017 17:47 |
|
any port in a packet storm
|
# ? Feb 7, 2017 17:57 |
|
it's the scariest loving thing because i'm watching off-shore gas processing facilities going into production with equally lax configuration on them. they're being commissioned in korea and the company has gone hard on lowest $ tender which means they've ended up with poo poo and we're just made to produce punch-lists of poo poo which is hosed and may or may not get fixed. makes me sick to my stomach thinking i could be responsible if a system goes to piss and the onshore plant goes boom or something equally disastrous. i didn't build these systems i just tried to force people to make them not shite and do things properly (because if you're not prepared to do something properly then you shouldn't loving do it)
|
# ? Feb 7, 2017 18:06 |
|
Chris Knight posted:any port in a packet storm
|
# ? Feb 7, 2017 18:10 |
|
power botton posted:with all the leaked Snowden docs it was proved the NSA even has a term for this: AnEx (Anal Exfiltration) Brb, adding AnEx testing to the contract with our pentest (lol) team.
|
# ? Feb 7, 2017 18:36 |
|
local provincial party shows off how it is getting hacked https://twitter.com/Emile_BC/status/828788950806384640
|
# ? Feb 7, 2017 18:50 |
|
they might have an open git repo idk edit: nothing to see there, they're just screencapping logs from WP. also their WP install is patched to latest and they have a competent host. Pile Of Garbage fucked around with this message at 19:00 on Feb 7, 2017 |
# ? Feb 7, 2017 18:57 |
|
gocardless, direct debit charging -as-a-service company, got burglarised
|
# ? Feb 7, 2017 18:59 |
|
Rufus Ping posted:gocardless, direct debit charging -as-a-service company, got burglarised password protected is not encrypted whoops
|
# ? Feb 7, 2017 19:35 |
|
|
# ? May 17, 2024 23:25 |
|
Meat Beat Agent posted:universal serial butt Chris Knight posted:any port in a packet storm
|
# ? Feb 7, 2017 21:05 |