|
I regret that post and I acknowledged in the thread it was wrong of me
|
#
?
Feb 22, 2017 23:20
|
|
|
|
| # ? May 17, 2024 15:33 |
|
|
OSI bean dip posted:I regret that post and I acknowledged in the thread it was wrong of me just that post? how magnanimous of you
|
|
#
?
Feb 22, 2017 23:24
|
|
|
OSI bean dip posted:I regret that post and I acknowledged in the thread it was wrong of me Cool, can we go back to laughing at sec fucks and not have to wade through you quoting your own dick waving posts from else where in the forums ?
|
|
#
?
Feb 22, 2017 23:25
|
|
|
jre posted:Cool, can we go back to laughing at sec fucks and not have to wade through you quoting your own dick waving posts from else where in the forums ? how about we both agree to not derail the thread further with either?
|
|
#
?
Feb 22, 2017 23:27
|
|
|
YOSPOS# no shut jre
|
|
#
?
Feb 22, 2017 23:29
|
|
|
SpaceClown posted:YOSPOS# no shut jre
|
|
#
?
Feb 22, 2017 23:30
|
|
|
ack
|
|
#
?
Feb 22, 2017 23:33
|
|
|
jre posted:Cool, can we go back to laughing at sec fucks and not have to wade through you quoting your own dick waving posts from else where in the forums ? but i enjoy waving my dick  anyway have a secfuck https://www.theregister.co.uk/2017/02/21/us_dhs_computer_access_down/ 🤔
|
|
#
?
Feb 23, 2017 00:59
|
|
|
vodkat posted:but i enjoy waving my dick
|
|
#
?
Feb 23, 2017 01:04
|
|
|
Have an unanswered tweet I sent out to Ticketmaster last year: https://twitter.com/Migishu/status/797946928893816832
|
|
#
?
Feb 23, 2017 01:35
|
|
|
I just went back, while it's "Powered by Ticketmaster", it looks like it's only for the Place Des Arts in Montreal. Maybe they're the ones that are creating the password rules? Either way, I was able to create an account with a 1 character password. I'm going to sent a tweet out to them.
|
|
#
?
Feb 23, 2017 01:47
|
|
|
Triple SLAM https://twitter.com/Migishu/status/834567858285854721
|
|
#
?
Feb 23, 2017 01:58
|
|
|
I would have accepted "most Security Experts suck rear end at building real things" as a response instead of "OMG NSA".
|
|
#
?
Feb 23, 2017 02:20
|
|
|
Hello, Yospos Bitch apseudonym posted:I would have accepted "most Security Experts suck rear end at building real things" as a response instead of "OMG NSA". eripsa is loving insane
|
|
#
?
Feb 23, 2017 03:16
|
|
|
Wiggly Wayne DDS posted:if the security experts are the ones installing nsa backdoors, then who are the ones detecting them? who pentests the pentesters?
|
|
#
?
Feb 23, 2017 04:08
|
|
|
Finally recovered from RSA. The security bubble is in some serious decline y'all. 1) The free shwag was lovely this year. No free shirts or other poo poo. 2) Want any of the cool poo poo, time to sit through a 20-30 minute sales presentations 2) The parties were garbage. One of the 'hottest' parties gave you two free drink tickets. 3) There were also way less parties than previous years Dare I say, IT Security might be in decline Also, as a white person..............
|
|
#
?
Feb 23, 2017 04:10
|
|
|
Ur Getting Fatter posted:who pentests the pentesters? i like to penetrate pentesters
|
|
#
?
Feb 23, 2017 04:19
|
|
|
Migishu posted:I just went back, while it's "Powered by Ticketmaster", it looks like it's only for the Place Des Arts in Montreal. Maybe they're the ones that are creating the password rules? see my previous post about the TIFF scenario, also done through ticketmaster, also with the ability to create 1 character passwords :/
|
|
#
?
Feb 23, 2017 05:12
|
|
|
Optimus_Rhyme posted:Finally recovered from RSA. The security bubble is in some serious decline y'all. When going to a rapid7 all expenses paid party in some vegas club I remember thinking "This is the high water mark of the security bubble. I will think back to this moment in a few years when the bubble has popped and think about how ridiculous this all was."
|
|
#
?
Feb 23, 2017 08:37
|
|
|
just go to congress and bring a bottle of booze and share it and have fun and pick up some free stickers and buy a tor t shirt or w.e and pretend youre a hacker or speak to smart people who arent actually trying to hire you or sell you poo poo and have fun and give a gently caress about the culture and avoid ioerror supporters and stop expecting the industry to give you tons of free drinks just for showing up and just provide the kicking rad party yourself hth
|
|
#
?
Feb 23, 2017 10:48
|
|
|
The web sight is getting rekt but SHA-1 is now officially completely broken: https://www.shattered.io/  e: a mirror I guess http://shattered.it/
|
|
#
?
Feb 23, 2017 14:14
|
|
|
spankmeister posted:The web sight is getting rekt but SHA-1 is now officially completely broken: 
|
|
#
?
Feb 23, 2017 14:45
|
|
|
|
|
#
?
Feb 23, 2017 14:47
|
|
|
Sapozhnik posted:i don't know much about docker but i'm still convinced it's bad The http interface is off by default at least
|
|
#
?
Feb 23, 2017 15:10
|
|
|
spankmeister posted:The web sight is getting rekt but SHA-1 is now officially completely broken: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
|
|
#
?
Feb 23, 2017 15:20
|
|
|
ate all the Oreos posted:The http interface is off by default at least doesn't VMWare have an available HTTP interface too? or do they use a custom protocol (not really better, imo) what should they use for control if not http? make admins ssh in and command-line for every operation?
|
|
#
?
Feb 23, 2017 15:25
|
|
|
Subjunctive posted:what should they use for control if not http? make admins ssh in and command-line for every operation? yes, obviously. also my good man have you installed gentoo
|
|
#
?
Feb 23, 2017 15:28
|
|
|
Diva Cupcake posted:Here's the Google blog post... "Today, 10 years after of SHA-1 was first introduced" ........... Odd place to make a mistake like that, and I don't mean the extra word/typo.
|
|
#
?
Feb 23, 2017 15:34
|
|
|
Subjunctive posted:doesn't VMWare have an available HTTP interface too? or do they use a custom protocol (not really better, imo) I think the problem is more that its configured incorrectly out of the box so its disabled with the intent that you configure it properly before enabling rather than deploying misconfigured by default. VMWare creates a bunch of bad defaults for its http server and its a huge pain in the dick to setup correctly even when using something like vsphere, but VMware is different since its infrastructure and docker is an application.
|
|
#
?
Feb 23, 2017 15:35
|
|
|
James Baud posted:"Today, 10 years after of SHA-1 was first introduced" ........... Odd place to make a mistake like that, and I don't mean the extra word/typo. lmao there really are 10 types of people in this world
|
|
#
?
Feb 23, 2017 15:54
|
|
|
Diva Cupcake posted:Here's the Google blog post...
|
|
#
?
Feb 23, 2017 16:29
|
|
|
Shaggar posted:I think the problem is more that its configured incorrectly out of the box so its disabled with the intent that you configure it properly before enabling rather than deploying misconfigured by default. i work for a company with an iot gateway that by default blocks all incoming connections on whatever the wan interface is detected as guess what the number one question for the gateways is
|
|
#
?
Feb 23, 2017 16:35
|
|
|
hobbesmaster posted:i work for a company with an iot gateway that by default blocks all incoming connections on whatever the wan interface is detected as it's not a question but i bet the number one ticket filed is "it dont work"
|
|
#
?
Feb 23, 2017 16:36
|
|
|
what does 110gpu/year processing mean in real world dollars? i imagine it varies because legit actors will pay for cloud processing which is probably more expensive but more efficient, while criminals/APTs will use botnet computing which is cheaper but less efficient?
|
|
#
?
Feb 23, 2017 16:40
|
|
|
a year now will be a month in few years
|
|
#
?
Feb 23, 2017 16:43
|
|
|
OSI bean dip posted:a year now will be a month in few years also, the thrust of their post was "sha-1 is now worthless against an attacker with large resources." the unspoken implication being that sha-1 is not safe against state-level actors and you should stop using it unless you want russia and china sonying the poo poo out of you.
|
|
#
?
Feb 23, 2017 16:56
|
|
|
https://twitter.com/rafalwilinski/status/834772410125733888
|
|
#
?
Feb 23, 2017 17:12
|
|
|
|
|
#
?
Feb 23, 2017 17:13
|
|
|
lol
|
|
#
?
Feb 23, 2017 17:14
|
|
|
|
| # ? May 17, 2024 15:33 |
|
|
Ur Getting Fatter posted:what does 110gpu/year processing mean in real world dollars? anyone who wanted to do this on an industrial scale would follow bitcoin's lead and design ASICs to do the hashing. that gets you a >thousand fold speed up over a GPU, for a similar per-unit cost.
|
|
#
?
Feb 23, 2017 17:15
|
|
