|
I think you're being trolled.
|
#
?
Feb 27, 2017 22:56
|
|
|
|
| # ? May 17, 2024 19:02 |
|
|
why
|
|
#
?
Feb 27, 2017 22:57
|
|
|
so the ex-kaspersky guy got fingered for treason by a well connected business man who is also allegedly involved in cyber crime
|
|
#
?
Feb 27, 2017 23:08
|
|
|
ate all the Oreos posted:shorter, smaller passwords are less conspicuous and harder for hackers to see Does adding a \ in front count as salting? Hollow Talk fucked around with this message at 23:22 on Feb 27, 2017 |
|
#
?
Feb 27, 2017 23:13
|
|
|
jre posted:I think you're being trolled. it's hard to tell really
|
|
#
?
Feb 27, 2017 23:22
|
|
|
OSI bean dip posted:it's hard to tell really 
|
|
#
?
Feb 27, 2017 23:23
|
|
|
while walking to the office today, i found this: http://fobclone.wixsite.com/fobclone i'm the lack of access control
|
|
#
?
Feb 27, 2017 23:31
|
|
|
burglary as a service also, just a low rent clone of the unfortunately named fobcouver.ca
|
|
#
?
Feb 27, 2017 23:33
|
|
|
that is pretty unfortunate
|
|
#
?
Feb 27, 2017 23:34
|
|
|
I would buy a consolidator for fobs from aliexpress instantly like, this http://www.wexinc.com/wex-corporate/the-rise-of-the-all-in-one-card-consolidator/ but for fobs, even if it was just HID or something i have four of the loving things
|
|
#
?
Feb 27, 2017 23:54
|
|
|
Bhodi posted:I would buy a consolidator for fobs from aliexpress instantly There was a Kickstarter for one, all the reviews reported that it didn't work.
|
|
#
?
Feb 28, 2017 00:31
|
|
|
OSI bean dip posted:it's hard to tell really He's been posting super dumb opinions about everything all over the forums so he's either a troll or the dumbest motherfucker alive
|
|
#
?
Feb 28, 2017 00:39
|
|
|
sarehu posted:It's very easy to test my hypothesis. Take my 8 characters-and-less passwords on websites I use (they go down to 6), count how many times my accounts have been lost from the password being hacked, and compare the results with your however-long passwords that make you feel secure. 
|
|
#
?
Feb 28, 2017 00:39
|
|
|
Wat 😥😥
|
|
#
?
Feb 28, 2017 00:44
|
|
|
A Man With A Plan posted:He's been posting super dumb opinions about everything all over the forums so he's either a troll or the dumbest motherfucker alive sarehu posted:Also, at a startup it's a good idea to know your employment law poo poo, because they won't. For example the place I worked at didn't know that CA law requires paying out accrued vacation time when the employee leaves, and when I started they accidentally the whole health insurance for all the employees. Also a goon hacked the HR contractor's website and found out how much money I made.
|
|
#
?
Feb 28, 2017 00:46
|
|
|
re: access fobs, a bunch of the systems work by just reading the serial number off the 125khz token which is shamefully bad. i think the hid systems are actually able to interrogate the card bt they cost more than some apartment developer is going to pay. also fob + pin pad readers should be more common than they are. the card standard in use matters less if you can just smash the reader off the wall and deliver the data straight to the controller, though: http://blog.opensecurityresearch.com/2012/12/hacking-wiegand-serial-protocol.html Thanks Ants fucked around with this message at 01:07 on Feb 28, 2017 |
|
#
?
Feb 28, 2017 00:57
|
|
|
lmao
|
|
#
?
Feb 28, 2017 01:25
|
|
|
Thanks Ants posted:re: access fobs, a bunch of the systems work by just reading the serial number off the 125khz token which is shamefully bad. i think the hid systems are actually able to interrogate the card bt they cost more than some apartment developer is going to pay. not really, most LF systems just read the number off the fob. there are a ton of custom formats running around but the LF systems don't typically have enough sophistication on the credentials to do any sort of authentication newer HF stuff can get fancy as you describe
|
|
#
?
Feb 28, 2017 02:24
|
|
|
jre posted:While claiming a 3 month average is taking the piss a bit, they are correct that the speed with which they fixed this and deployed to massive infra is impressive. idk i deployed Facebook once. is everything in that blog post not standard?
|
|
#
?
Feb 28, 2017 03:21
|
|
|
A Man With A Plan posted:He's been posting super dumb opinions about everything all over the forums so he's either a troll or the dumbest motherfucker alive make sure to ask him why there aren't more women in software development just not here because I'm sure OSI doesn't want the thread poo poo up with 
|
|
#
?
Feb 28, 2017 04:01
|
|
|
i need help to not become a security fuckup  I want to encrypt traffic between some digital ocean servers. I am too stupid to set up a CA to use stunnel, is spiped ok? the only consequence of messing up is that people could cheat at online pictionary, but I'd still like to try to do this properly.
|
|
#
?
Feb 28, 2017 04:15
|
|
|
a witch posted:i need help to not become a security fuckup you can manually encrypt data by XORing the data as many times as you want bits of key strength. for example, if you XOR a packet 128 times it will be as strong as aes 128
|
|
#
?
Feb 28, 2017 04:34
|
|
|
i'd setup an IPsec tunnel between the two servers
|
|
#
?
Feb 28, 2017 04:35
|
|
|
Raere posted:you can manually encrypt data by XORing the data as many times as you want bits of key strength. for example, if you XOR a packet 128 times it will be as strong as aes 128 Pfft, that's for amateurs. Have you heard of ROT13? Try ROT19! They'll never expect that!
|
|
#
?
Feb 28, 2017 04:38
|
|
|
a witch posted:I am too stupid to set up a CA to use stunnel, is spiped ok? cheese-cube posted:i'd setup an IPsec tunnel between the two servers thats cruel cheese cube.
|
|
#
?
Feb 28, 2017 04:40
|
|
|
Midjack posted:not really, most LF systems just read the number off the fob. there are a ton of custom formats running around but the LF systems don't typically have enough sophistication on the credentials to do any sort of authentication HID will do cooler stuff the more money you get them that being said if you get ahold of one of the earlier iCLASS readers it is possible to dump out the standard private key, which is used in most installations (you can specify your own key for added security but it's wayyyyyyyyyyyy more expensive. If you hold a HID key up to a reader and it doesn't beep, they've got their own. If it does decode, you can clone a card that has access)
|
|
#
?
Feb 28, 2017 05:14
|
|
|
a witch posted:i need help to not become a security fuckup spiped is fine but there might be better options depending on what kind of traffic it is cfssl is handy for setting up a CA and issuing certs but the documentation is crap. you may potentially be able to use letsencrypt certs with stunnel you may also wish to consider openvpn which is fairly straightforward to set up Rufus Ping fucked around with this message at 05:57 on Feb 28, 2017 |
|
#
?
Feb 28, 2017 05:55
|
|
|
Thanks Ants posted:re: access fobs, a bunch of the systems work by just reading the serial number off the 125khz token which is shamefully bad. i think the hid systems are actually able to interrogate the card bt they cost more than some apartment developer is going to pay. reminder that you can just spray some of that canned duster through a crack in the door to trigger the heat sensor on the other side to think someone's leaving i have done that a few times when I forgot my card at work since i happened to carry a little can of air at the time 
|
|
#
?
Feb 28, 2017 06:12
|
|
|
or slip a receipt under the door. but yeah, why did you carry a can of compressed air?
|
|
#
?
Feb 28, 2017 06:16
|
|
|
infernal machines posted:or slip a receipt under the door. ... because i wanted to try to open the door with it, then i forgot to take it out of my bag for a few weeks 
|
|
#
?
Feb 28, 2017 06:47
|
|
|
that's very sneakers of you
|
|
#
?
Feb 28, 2017 06:51
|
|
|
https://bugs.chromium.org/p/chromium/issues/detail?id=694593
|
|
#
?
Feb 28, 2017 06:52
|
|
|
i'm probably dumb but does that only affect proxysg os v6.5 or is it v6.5 and later. we're actually in the process of trying to upgrade our pair of blue coats, one is on 6.6 but the other is on 6.5 so lol
|
|
#
?
Feb 28, 2017 07:51
|
|
|
Absurd Alhazred posted:Pfft, that's for amateurs. Have you heard of ROT13? Try ROT19! They'll never expect that! 
|
|
#
?
Feb 28, 2017 11:57
|
|
|
quote:We're waiting on a response from Blue Coat. They were made aware of TLS 1.3 several months ago, but evidently did not test their software per our instructions. lol?
|
|
#
?
Feb 28, 2017 12:07
|
|
|
cheese-cube posted:i'm probably dumb but does that only affect proxysg os v6.5 or is it v6.5 and later. we're actually in the process of trying to upgrade our pair of blue coats, one is on 6.6 but the other is on 6.5 so lol quote:Note these issues are always bugs in the middlebox products. TLS version negotiation is backwards compatible, so a correctly-implemented TLS-terminating proxy should not require changes to work in a TLS-1.3-capable ecosystem. It can simply speak TLS 1.2 at both client <-> proxy and proxy <-> server TLS connections. That these products broke is an indication of defects in their TLS implementations.
|
|
#
?
Feb 28, 2017 17:44
|
|
|
Jimmy Carter posted:HID will do cooler stuff the more money you get them i interviewed at hid, i asked a bunch of security questions that got answers like "uhhh, would you be interested in working on that?" (it was mostly for the printers and I was really not interested in doing that )
|
|
#
?
Feb 28, 2017 17:50
|
|
|
oops https://twitter.com/matthew_d_green/status/836552317138788353
|
|
#
?
Feb 28, 2017 18:19
|
|
|
Rufus Ping posted:you may also wish to consider openvpn which is fairly straightforward to set up This is good advice. OpenVPN comes with easyCA, which serves as a wrapper around openSSL and makes the whole CA creation really straightforward. Depending on keysizes, you might have to edit a pregenerated config file, but it handles everything from CA -> Server Certificate -> Client Certificate(s).
|
|
#
?
Feb 28, 2017 18:33
|
|
|
|
| # ? May 17, 2024 19:02 |
|
|
lol
|
|
#
?
Feb 28, 2017 18:43
|
|