|
minivanmegafun posted:why the gently caress does mackeeper run a blog. do they actually have competent people working on their garbage? I remember that guy posting a couple of years ago about how he found a bunch of MongoDB instances that were setup without authentication, and then suddenly he started working for MacKeeper but all he posts about is still just unsecured DBs he's found.
|
#
?
Feb 27, 2017 03:42
|
|
|
|
| # ? May 21, 2024 03:41 |
|
|
minivanmegafun posted:why the gently caress does mackeeper run a blog. do they actually have competent people working on their garbage? "start a blog" is like one of the golden rules of SEO charlatans
|
|
#
?
Feb 27, 2017 03:47
|
|
|
oh wait that's right, he found out about THEIR unsecured MongoDB so they hired him and I guess his job is now to make them appear that they have a 'security' team? all I know is that mackeeper is the thing that's always on my friends' macs when they got a 'virus' from trying to download adobe.photoshop.cc.2016.n0sC0pEcReW.torrent
|
|
#
?
Feb 27, 2017 04:20
|
|
|
OSI bean dip posted:then again nothing generally works out of the box at $0 anyway yeah, I've got to get them set up with an ELK stack until their permanent engineers can grab a better splunk license. WEF is a great tip, I think that'll be really useful for when they need to do IR again. Hopefully I can use one DB for WEF and point multiple things at it (google timesketch, kibana, etc) osquery is cool, but none of the security dudes at this co can program for poo poo so I was swerving it. bro-osquery like you linked looks like the automation/collection layer I was missing for osquery which is awesome! I'll check out how much pain is involved.
|
|
#
?
Feb 27, 2017 13:07
|
|
|
has anyone ever done research into URL shortening services like bitly? i've just noticed that raytheon is one of their customers (rtn.co) which has me interested. e: who is going to bsides next month? not me because i suck Pile Of Garbage fucked around with this message at 13:16 on Feb 27, 2017 |
|
#
?
Feb 27, 2017 13:10
|
|
|
Daman posted:yeah, I've got to get them set up with an ELK stack until their permanent engineers can grab a better splunk license. WEF is a great tip, I think that'll be really useful for when they need to do IR again. Hopefully I can use one DB for WEF and point multiple things at it (google timesketch, kibana, etc) your security dudes need to learn how to code; especially learn how to write sql. they don't need to be experts (i certainly as hell am not) but they just need to be able to whip up scripts also https://twitter.com/thepacketrat/status/836217505416884224
|
|
#
?
Feb 27, 2017 15:57
|
|
|
also also https://twitter.com/mikispag/status/836218370605318144
|
|
#
?
Feb 27, 2017 15:59
|
|
|
OSI bean dip posted:your security dudes need to learn how to code; especially learn how to write sql. they don't need to be experts (i certainly as hell am not) but they just need to be able to whip up scripts or more importantly read code so they can tell what is a really terrible script to run
|
|
#
?
Feb 27, 2017 16:04
|
|
|
LWN had a quote about how some company mandated that everybody's password start with / because people kept pasting them into the company's IRC by accident (TRWTF is using IRC of course)
|
|
#
?
Feb 27, 2017 17:11
|
|
|
Sapozhnik posted:LWN had a quote about how some company mandated that everybody's password start with / because people kept pasting them into the company's IRC by accident Just make sure it doesn't have two slashes at the start.
|
|
#
?
Feb 27, 2017 17:14
|
|
|
all my passwords start with "/amsg "
|
|
#
?
Feb 27, 2017 17:55
|
|
|
my irc client is super smart and if I type in a file path like /etc/something it will count as a normal line rather than a command. i've never managed to type my password into irc before, probably because i'm super paranoid when i have passwords in the clipboard and also saw people who pasted passwords into the channel and laughed at them and it'd be very embarrassing to happen to me that's my irc secfuck story
|
|
#
?
Feb 27, 2017 18:01
|
|
|
hunter2
|
|
#
?
Feb 27, 2017 18:04
|
|
|
please stop spamming asterisks tia
|
|
#
?
Feb 27, 2017 18:07
|
|
|
anthonypants posted:******* 
|
|
#
?
Feb 27, 2017 18:09
|
|
|
groundbreaking lols in the secfuck thread, lads..
|
|
#
?
Feb 27, 2017 18:12
|
|
|
Crime on a Dime posted:groundbreaking lols in the secfuck thread, lads.. Translating that quote's content to HTTP session data leaked via Cloudbleed is left as an exercise to the reader.
|
|
#
?
Feb 27, 2017 18:17
|
|
|
Sapozhnik posted:LWN had a quote about how some company mandated that everybody's password start with / because people kept pasting them into the company's IRC by accident hahahahaha
|
|
#
?
Feb 27, 2017 18:20
|
|
|
why does anyone still use LastPass KeePass and Dropbox are literally all you need and it's actual secure
|
|
#
?
Feb 27, 2017 20:58
|
|
|
http://seclists.org/fulldisclosure/2017/Feb/68quote:Summary
|
|
#
?
Feb 27, 2017 20:59
|
|
|
kek
|
|
#
?
Feb 27, 2017 21:00
|
|
|
my passwords all start with +++
|
|
#
?
Feb 27, 2017 21:07
|
|
|
+++ATH0 just in case
|
|
#
?
Feb 27, 2017 21:14
|
|
|
My Linux Rig posted:why does anyone still use LastPass, KeePass and SpiderOak are literally all you need and it's actual secure
|
|
#
?
Feb 27, 2017 21:28
|
|
|
spideroak lol
|
|
#
?
Feb 27, 2017 21:29
|
|
|
what next, tresorit?
|
|
#
?
Feb 27, 2017 21:29
|
|
|
I rolled my own cloud storage
|
|
#
?
Feb 27, 2017 21:30
|
|
|
AggressivelyStupid posted:I rolled my own cloud storage
|
|
#
?
Feb 27, 2017 21:30
|
|
|
Lol
|
|
#
?
Feb 27, 2017 21:37
|
|
|
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ who could have seen this coming https://www.youtube.com/watch?v=EcxNHgYUz6s
|
|
#
?
Feb 27, 2017 22:16
|
|
|
Cloud enabled shoes that phone home to alert you if they become untied while you're walking.
|
|
#
?
Feb 27, 2017 22:20
|
|
|
anthonypants posted:https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ who could have seen this coming  thx mongo
|
|
#
?
Feb 27, 2017 22:20
|
|
|
AggressivelyStupid posted:I rolled my own cloud storage username/post combo ftw
|
|
#
?
Feb 27, 2017 22:23
|
|
|
OSI bean dip posted:
|
|
#
?
Feb 27, 2017 22:30
|
|
|
i'm the qwe
|
|
#
?
Feb 27, 2017 22:33
|
|
|
cinci zoo sniper posted:spideroak lol i got a deal on spideroak so I get unlimited storage space and it works well enough 
|
|
#
?
Feb 27, 2017 22:34
|
|
|
E: wrong thread lol
burning swine fucked around with this message at 22:44 on Feb 27, 2017 |
|
#
?
Feb 27, 2017 22:42
|
|
|
sarehu posted:Yeah, make your passwords short, and different for each website. The length doesn't help -- if somebody's hacked the website, they'll probably get everything else in the database too, and a targeted crack isn't going to matter much. 
|
|
#
?
Feb 27, 2017 22:46
|
|
|
anthonypants posted:https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ who could have seen this coming I just finished reading this article and it was really entertaining and well written and I recommend reading it too!
|
|
#
?
Feb 27, 2017 22:54
|
|
|
|
| # ? May 21, 2024 03:41 |
|
|
shorter, smaller passwords are less conspicuous and harder for hackers to see hunter2
|
|
#
?
Feb 27, 2017 22:55
|
|