|
the vulnerability isn't "tricking" lastpass into auto-filling something - it'll autofill anything that looks like a password, that's the whole point. the vulnerability is tricking lastpass into thinking bankofamerica.evil.com is a good place to autofill your bank password
|
#
?
Mar 17, 2017 05:39
|
|
|
|
| # ? May 17, 2024 16:34 |
|
|
if that's the case, then this is a further nail in the coffin of lastpass' autofill feature, rather than something abhorrently new. not saying lastpass isn't a dumpster fire, nor that they should be trusted to be doing things correctly without evidence, but this seems to be another variation of something taviso demonstrated a few months ago
|
|
#
?
Mar 17, 2017 05:48
|
|
|
xPanda posted:if that's the case, then this is a further nail in the coffin of lastpass' autofill feature, rather than something abhorrently new.
|
|
#
?
Mar 17, 2017 05:50
|
|
|
Is there a reason they are a version behind between whats on addons.mozilla.org and what you get if you download directly from the website.
|
|
#
?
Mar 17, 2017 06:15
|
|
|
at this point pretty much the only way to get any actual outrage would be to exploit a bunch of smart TVs that have microphones so that they record a bunch of audio and then put it up on pirate bay. gently caress, the largest employer in the US got hacked and nothing really happened other than 9/11 mayor getting made chief of cyber.
|
|
#
?
Mar 17, 2017 07:09
|
|
|
A Yolo Wizard posted:Is there a reason they are a version behind between whats on addons.mozilla.org and what you get if you download directly from the website. I have a friend who does addon development for Firefox and he's always complaining about the approval queue for new versions for the official addons site. I mean LastPass probably forgot to submit a new version, but some of the blame for some of the lag that might exist might also go to Mozilla.
|
|
#
?
Mar 17, 2017 08:36
|
|
|
i'm glad so many people are rushing to defend lastpass given their spotless security history
|
|
#
?
Mar 17, 2017 09:05
|
|
|
welp, if I wanted to be a career rapist, I now know who I'd want to be my Ph.D advisor
|
|
#
?
Mar 17, 2017 09:25
|
|
|
pseudorandom name posted:welp, if I wanted to be a career rapist, I now know who I'd want to be my Ph.D advisor uh what
|
|
#
?
Mar 17, 2017 09:35
|
|
|
just more Jacob Appelbaum stuff, this time implicating djb as a facilitator
|
|
#
?
Mar 17, 2017 09:40
|
|
|
vOv posted:uh what https://twitter.com/hdevalence/status/842526511915786240
|
|
#
?
Mar 17, 2017 12:06
|
|
|
Why the gently caress are those people so lovely? Why would anyone cover for such an awful awful person?
|
|
#
?
Mar 17, 2017 13:00
|
|
|
quote:On the last day of the Japan trip, I returned to the AirBNB and stayed upstairs by myself, in an attempt to take some time alone before I would have to be stuck with Jacob for the 16-hour trip back to Europe. Jacob came upstairs with a bottle of irritant eye drops, supposedly containing menthol, and pushed me to let him put them in my eyes. I said no, three times, before deciding that, because Jacob thrives on provoking negative reactions from others, it would be best to “go along to get along” until I would no longer have to deal with him. My right eye, into which Jacob placed an irritant eye drop, has never really felt the same since then; for months afterward it was continually slightly irritated, often watering, and I would get headaches localized to my right temple. wtf people need to stop rolling over for fuckers like this
|
|
#
?
Mar 17, 2017 13:11
|
|
|
i guess that's blaming the victim but i mean everyone involved in this loving fiasco, covering for him or minimizing for him gently caress
|
|
#
?
Mar 17, 2017 13:12
|
|
|
Cold on a Cob posted:wtf rethink this
|
|
#
?
Mar 17, 2017 13:16
|
|
|
Cold on a Cob posted:i guess that's blaming the victim I GUESS
|
|
#
?
Mar 17, 2017 13:17
|
|
|
yeah i phrased that poorly, my anger should be aimed solely at the jacob and the people that covered for him
|
|
#
?
Mar 17, 2017 13:19
|
|
|
and what is so precious about this jacob that he must be protected at all costs
|
|
#
?
Mar 17, 2017 13:21
|
|
|
Cold on a Cob posted:wtf i don't care what kind of special flower you are, there's no story that'll end with "and then i let him put some mystery irritant in my loving eye"
|
|
#
?
Mar 17, 2017 13:32
|
|
|
Bernstein is a wild rear end in a top hat jesus loving christ
|
|
#
?
Mar 17, 2017 13:44
|
|
|
quote:In the taxi to the airport and on the airplane, Jacob continued his inappropriate, boundary-violating behaviour, loudly describing to me (and the entire airplane) how at a previous job (at Kink.com) he had “hosed a woman with a converted Sawzall”, before asking “have you ever seen a woman squirt?”, and adding “This is not a work conversation, by the way” as if that were some kind of magical incantation that would make his behaviour appropriate. you know that experiment they did where they raised monkeys with robots to see how hosed up their concept of a social structure would be?  this one? convince me jacob is not the product of a similar experiment with a child raised entirely by the internet in the absence of any meaningful opposition from a parental figure
|
|
#
?
Mar 17, 2017 13:50
|
|
|
This is the first time I've heard of that monkey experiment and holy poo poo that's disturbing as gently caress I will not convince you otherwise
|
|
#
?
Mar 17, 2017 14:31
|
|
|
flakeloaf posted:you know that experiment they did where they raised monkeys with robots to see how hosed up their concept of a social structure would be? lmao at 'this is not a work conversation by the way' like you can add nsfw tags irl or something
|
|
#
?
Mar 17, 2017 14:34
|
|
|
Migishu posted:This is the first time I've heard of that monkey experiment and holy poo poo that's disturbing as gently caress they made fun of it on MST3k, crow's mother was shown to be one of those wire mesh nipple robots
|
|
#
?
Mar 17, 2017 14:46
|
|
|
in lighter news: https://nakedsecurity.sophos.com/2017/03/16/switch-console-flaw-leaves-nintendo-looking-flat-footed/
|
|
#
?
Mar 17, 2017 15:34
|
|
|
quote:It might actually be the first time in history that people could get their hands on a console hack more easily than on the console itself.
|
|
#
?
Mar 17, 2017 15:40
|
|
|
A Pinball Wizard posted:in lighter news: They've removed almost all data management tools from the switch, compared to the wii and wii u (beyond "delete this" and "delete this but leave a link on my main screen in case I want to download it again"). All saves are internal memory only. You can't move games from the internal storage to the sd card directly, and you can't choose where to download a game if you have the sd card inserted. But there is no save or game file manipulation needed to hack the wii u (also a browser based exploit), and they'll probably gently caress that up with the switch as well.
|
|
#
?
Mar 17, 2017 16:05
|
|
|
quote:We recently updated the password security on the Synergy website (symless.com/synergy). This means you'll need to visit our site and set a new password. Use the "Forgot Your Password?" link on the login page. what did you use before now, guys 
|
|
#
?
Mar 17, 2017 16:12
|
|
|
quote:The security professionals out there will be glad to know that we now use bcrypt hashing for password storage. nice jab there
|
|
#
?
Mar 17, 2017 16:14
|
|
|
wait, synergy costs money now?
|
|
#
?
Mar 17, 2017 16:21
|
|
|
flakeloaf posted:you know that experiment they did where they raised monkeys with robots to see how hosed up their concept of a social structure would be? that kink.com story. that site sure loves to constantly pitch themselves as progressive women loving folks but they sure do seem to hire rapists at an extraordinary clip.
|
|
#
?
Mar 17, 2017 16:24
|
|
|
Truga posted:wait, synergy costs money now? he sent out an email a while ago saying that he put a ton of effort into it and only like 0.001% of all users donated so "it's going to cost money now" i happened to be one of the suckers that donated before it cost money so i get access to the premium version of everything he makes for life 
|
|
#
?
Mar 17, 2017 16:29
|
|
|
just gony drop this here https://twitter.com/faultywarrior/status/842687723408412673
|
|
#
?
Mar 17, 2017 16:33
|
|
|
On a scale of 1 to 10 how bad is storing SSNs in plaintext? I'm asking for a friend. E: along with pretty much every other piece of PII
|
|
#
?
Mar 17, 2017 16:36
|
|
|
tbh, synergy is still on github, so it's not a big deal, people will just compile it. but that is lovely of people not donating anything. i generally donate to projects i use often and can't contribute to in some way otherwise, especially big productivity enhancers like synergy. cheese-cube posted:just gony drop this here titanic also never sank before e: AggressivelyStupid posted:On a scale of 1 to 10 how bad is storing SSNs in plaintext? I'm asking for a friend. the correct way to handle personal information is to use your govt api to only get information when you need it, and then discard it. let it be their problem. you can probably do better than them, but you still don't want to be liable for poo poo imo. Truga fucked around with this message at 16:41 on Mar 17, 2017 |
|
#
?
Mar 17, 2017 16:38
|
|
|
AggressivelyStupid posted:On a scale of 1 to 10 how bad is storing SSNs in plaintext? I'm asking for a friend. You need to store them either with reversible encryption, or if you hash them, you can very easily enumerate the entire keyspace of all SSN's with any kind of hashing algorithm, there's only like what, a billion different possible SSN's?
|
|
#
?
Mar 17, 2017 16:41
|
|
|
@bigendiansmalls is a great name
|
|
#
?
Mar 17, 2017 16:42
|
|
|
pii at rest will soon be in motion
|
|
#
?
Mar 17, 2017 16:43
|
|
|
For clarification, I'm not the one storing them. If it were up to me I'd not touch that poo poo because I don't want to get owned and have it be my fault for being a big dumb idiot. I'm just looking at my own unencrypted ssn right now and am kinda annoyed but resigned to the fact that I already am owned
|
|
#
?
Mar 17, 2017 16:53
|
|
|
|
| # ? May 17, 2024 16:34 |
|
|
Truga posted:wait, synergy costs money now? I was pretty annoyed by this, they started charging right at the same time that they completely broke synergy on linux. They broke their poo poo then began charging to update to a working version arch even created a package with this description: code:
|
|
#
?
Mar 17, 2017 17:42
|
|
