|
oh my God don't do this poo poo in your username handling, or really, any fields on a consumer website or product https://twitter.com/0xabad1dea/status/842410941119643648/photo/1
|
# ? Mar 16, 2017 17:31 |
|
|
# ? Jun 8, 2024 09:18 |
|
Jewel posted:oh my God don't do this poo poo in your username handling, or really, any fields on a consumer website or product nicely donetendo
|
# ? Mar 16, 2017 17:40 |
|
dynamically-typed languages own
|
# ? Mar 16, 2017 17:45 |
|
anthonypants posted:dynamically-typed languages own but unironically
|
# ? Mar 16, 2017 17:50 |
|
jesus christ http://www.citypages.com/news/edina-police-ask-for-whole-citys-google-searches-and-a-judge-says-yes/416319633
|
# ? Mar 16, 2017 18:16 |
|
anthonypants posted:jesus christ http://www.citypages.com/news/edina-police-ask-for-whole-citys-google-searches-and-a-judge-says-yes/416319633 i don't think that's unreasonable seeing as they're getting a warrant
|
# ? Mar 16, 2017 18:26 |
|
lol @ thinking that will give them anything resembling worthwhile information though
|
# ? Mar 16, 2017 18:27 |
|
if their theory is that someone got the photos they used in an ID fraud by doing a GIS for "douglas j.f. jingleheimer schmidt" then yeah, i can see the list of everyone who searched that name being useful but how on earth would you prove that's the search term that brought you there
|
# ? Mar 16, 2017 18:35 |
|
Rex-Goliath posted:i don't think that's unreasonable seeing as they're getting a warrant that the warrant was granted is precisely the problem
|
# ? Mar 16, 2017 18:38 |
|
i'm the request for MAC addresses
|
# ? Mar 16, 2017 18:51 |
|
extra laughs if the guy's last name is "adams" or some other famous douglas
|
# ? Mar 16, 2017 19:03 |
|
Jewel posted:oh my God don't do this poo poo in your username handling, or really, any fields on a consumer website or product her name is a computer killing word
|
# ? Mar 16, 2017 19:44 |
|
spotted at my local supermarket: scalable network infrastructure
|
# ? Mar 16, 2017 19:51 |
|
Ur Getting Fatter posted:spotted at my local supermarket: scalable network infrastructure yeah, those are all networked so they don't have to be individually programmed with product codes/prices the control software is a dumpster fire and generally there is absolutely no access control whatsoever
|
# ? Mar 16, 2017 19:59 |
|
infernal machines posted:yeah, those are all networked so they don't have to be individually programmed with product codes/prices doesn't matter because the bar codes they print out are very predictable and have no controls on 'em either part of the last handful of digits is the price
|
# ? Mar 16, 2017 20:46 |
|
i honestly just wanted to make that dumb joke edit: remote produce execution
|
# ? Mar 16, 2017 20:57 |
|
Cocoa Crispies posted:doesn't matter because the bar codes they print out are very predictable and have no controls on 'em either if it weren't for the fact that they run off a z80 they'd probably be primo botnet targets
|
# ? Mar 16, 2017 21:07 |
|
Ur Getting Fatter posted:i honestly just wanted to make that dumb joke ive been waiting for that dumb sailor moon game to get ppls phones hacked so i could say "moonlight privilege escalation" but it never comes
|
# ? Mar 16, 2017 21:36 |
|
ate poo poo on live tv posted:Civil Forfeiture is hosed up and shouldn't be applauded in anyway. two wrongs make a right lisa
|
# ? Mar 17, 2017 00:40 |
|
Cocoa Crispies posted:doesn't matter because the bar codes they print out are very predictable and have no controls on 'em either only for products that have variable weights
|
# ? Mar 17, 2017 00:54 |
|
Rufus Ping posted:that the warrant was granted is precisely the problem yeah this poo poo is insane. i can't believe the judge was just okay with requesting a whole town's google history. gonna be fun when they realize it is a ton of poo poo to dig through
|
# ? Mar 17, 2017 01:18 |
|
use duck duck go if you're committing wire fraud
|
# ? Mar 17, 2017 01:18 |
|
EndlessRagdoll posted:yeah this poo poo is insane. i can't believe the judge was just okay with requesting a whole town's google history. gonna be fun when they realize it is a ton of poo poo to dig through all they're going to get is the pii of anyone who searched that specific term lol for when they receive a blank cd
|
# ? Mar 17, 2017 01:25 |
|
EndlessRagdoll posted:i really need to delete my lastpass account don't stop there lol but yeah same. wtf lastpass
|
# ? Mar 17, 2017 01:58 |
|
EndlessRagdoll posted:use duck duck go if you're committing wire fraud or at least a proxy lol
|
# ? Mar 17, 2017 03:30 |
|
pseudorandom name posted:only for products that have variable weights well yeah, hence the grocery scale that needs products loaded so they can print appropriately priced labels
|
# ? Mar 17, 2017 03:41 |
|
oh, I thought that was a checkout scale. suddenly your point makes a whole lot more sense.
|
# ? Mar 17, 2017 03:59 |
|
wouldn't that lastpass vulnerability taviso just showed off be negated by turning off autofill?
|
# ? Mar 17, 2017 04:09 |
|
anthonypants posted:putty 0.68 came out last month and it's finally got support for 25519 curves 2 something something 1 9 you say?
|
# ? Mar 17, 2017 04:27 |
|
xPanda posted:wouldn't that lastpass vulnerability taviso just showed off be negated by turning off autofill? here's a question: why are they using regex that way?
|
# ? Mar 17, 2017 04:27 |
|
OSI bean dip posted:here's a question: why are they using regex that way? i really have no idea, i don't understand much of whats going on in that screenshot
|
# ? Mar 17, 2017 05:11 |
|
i don't know how lastpass works but it looks like it's trying to create a input element that lastpass recognizes as a password field and then it types in the password, so a regex makes sense there
|
# ? Mar 17, 2017 05:16 |
|
xPanda posted:wouldn't that lastpass vulnerability taviso just showed off be negated by turning off autofill? hifi posted:i don't know how lastpass works but it looks like it's trying to create a input element that lastpass recognizes as a password field and then it types in the password, so a regex makes sense there
|
# ? Mar 17, 2017 05:18 |
|
sorry i mean makes sense in the sense of, "how do we solve this problem". it's probably something i would do although i don't have to write enterprise grade password software i wonder how google does it
|
# ? Mar 17, 2017 05:23 |
|
the problem isn't how lastpass is detecting password fields. the problem is that the attack worked despite the fact that travis's exploit page was on a completely different domain.
|
# ? Mar 17, 2017 05:28 |
|
hifi posted:sorry i mean makes sense in the sense of, "how do we solve this problem". it's probably something i would do although i don't have to write enterprise grade password software
|
# ? Mar 17, 2017 05:29 |
|
it's in an iframe though
|
# ? Mar 17, 2017 05:30 |
|
hifi posted:it's in an iframe though yeah and you can't gently caress with other domains' iframes. password fields don't have any special protection from JS, you can still get at their contents with .value(), so there has to be something else going on here.
|
# ? Mar 17, 2017 05:32 |
|
https://www.us-cert.gov/ncas/alerts/TA17-075A Even the US government knows that MiTMs are poo poo, what a world.
|
# ? Mar 17, 2017 05:36 |
|
|
# ? Jun 8, 2024 09:18 |
|
anthonypants posted:wouldn't that lastpass vulnerability taviso just showed off be negated by not using lastpass? well yes, but i was looking for something more technical than flippant
|
# ? Mar 17, 2017 05:39 |