|
Harik posted:relatedly, is there a way to get link metrics for a website you don't own? I really want to know how people are stumbling over this obscure webpage 15 years later. you can usually get the referer url, but that's about it.
|
#
?
Apr 4, 2017 12:26
|
|
|
|
| # ? May 21, 2024 03:20 |
|
|
spankmeister posted:https://ictf.cs.ucsb.edu/pages/the-2016-2017-ictf-ddos.html reposting on new page because I know y'all don't read that last page news
|
|
#
?
Apr 4, 2017 12:26
|
|
|
Seen at the train station on my way to work, forgive the garbage quality. What come next? Suddenly this thread makes so much more sense.
|
|
#
?
Apr 4, 2017 13:16
|
|
|
spankmeister posted:https://ictf.cs.ucsb.edu/pages/the-2016-2017-ictf-ddos.html there is a sec thread poster on that team it's ok friend ictf is the shittiest ctf I agree
|
|
#
?
Apr 4, 2017 13:25
|
|
|
Pretty sure it's the positive numbers > 2 so that n^2 + n - 1 and n^2 - n + 1 are both prime. So it's 15.
|
|
#
?
Apr 4, 2017 13:29
|
|
|
Jabor posted:Pretty sure it's the positive numbers > 2 so that n^2 + n - 1 and n^2 - n + 1 are both prime. So it's 15. Perhaps a cyber security career IS 4 u!
|
|
#
?
Apr 4, 2017 13:33
|
|
|
Jabor posted:Pretty sure it's the positive numbers > 2 so that n^2 + n - 1 and n^2 - n + 1 are both prime. So it's 15. lol nice
|
|
#
?
Apr 4, 2017 13:33
|
|
|
Jabor posted:Pretty sure it's the positive numbers > 2 so that n^2 + n - 1 and n^2 - n + 1 are both prime. So it's 15. actually no the user just wrote their password in the space Edit: lmao quote:This test was designed to measure your aptitude for working with computers. This means that it will show how well you can follow instructions, obey rules and procedures, and solve problems. It has nothing to do with how much you know about computers or how much computer training you have received, so if you�re new to them, don�t worry! You might still do very well on this test. Even if you don�t score as high as you would have liked, that doesn�t mean that you are incapable of using a computer or even working in the computer field—only that you�ll probably have to work harder at it than someone who scores higher. Take this test before you enroll in any computer training schools. encoding errors preserved though that might just be firefox all posters please record your scores so we can form a hierarchy Powerful Two-Hander fucked around with this message at 14:08 on Apr 4, 2017 |
|
#
?
Apr 4, 2017 14:03
|
|
|
i got a 420.69%
|
|
#
?
Apr 4, 2017 14:10
|
|
|
i got 80085 points
|
|
#
?
Apr 4, 2017 14:11
|
|
|
i got an error!? "pc load letter" ?!
|
|
#
?
Apr 4, 2017 14:13
|
|
|
wait wait i thought of a joke about the internet dildo that nobody made yet: hackers? in MY vagina? it's more likely than you think!
|
|
#
?
Apr 4, 2017 14:47
|
|
|
WrenP-Complete posted:i got an error!? "pc load letter" ?! a life with computers is not for you, hand in your badge and gnu and get off the force
|
|
#
?
Apr 4, 2017 15:00
|
|
|
Disclosing security vulnerabilities is a pain in the rear end and I'm never doing it again who the gently caress is reimbursing me for all the cell phone minutes i spent on hold getting shunted from deparment to department because no-one knows what to do when I say "there's a glaring security flaw on your website"
|
|
#
?
Apr 4, 2017 15:06
|
|
|
"and they all think they have a virus" *attaches 3 photos indicating none of them think they have a virus, nor do any of them think they explicitly did the wrong thing, but are actually asking for clarification on where the problem lies* @ios is at their worst when its real clear they're just blind reposting stuff they know literally nothing about, like "experienced drone man" complained about their dji inspire deciding to update midair. which is not physically possible because updates require a tether or a firmware on the sd card (and it checks the sd and does firmware updates before starting up, not just randomly midflight) moron izzard fucked around with this message at 15:15 on Apr 4, 2017 |
|
#
?
Apr 4, 2017 15:06
|
|
|
Daman posted:there is a sec thread poster on that team It's a pretty lovely way to cheat and they didn't even win because of it lmao.
|
|
#
?
Apr 4, 2017 15:12
|
|
|
spankmeister posted:It's a pretty lovely way to cheat and they didn't even win because of it lmao. in a competition like ictf a 1% difference is wholly attributable to being unlucky with their poo poo garbage infrastructure not scoring correctly one or two times. it was a decent gamble, I wouldn't of thought their whole system was going to poo poo the bed just because you're doing under 100k connections either e: also if you're not first you're last p much no other place matters Daman fucked around with this message at 15:32 on Apr 4, 2017 |
|
#
?
Apr 4, 2017 15:22
|
|
|
Instant Grat posted:Disclosing security vulnerabilities is a pain in the rear end and I'm never doing it again forgot the actual fuckup: they're embedding the payment processor's poo poo in an iframe on a plain HTTP page
|
|
#
?
Apr 4, 2017 15:30
|
|
|
found a really dumb security bug in our firewalls and I'm excited to see if they do anything about it.
|
|
#
?
Apr 4, 2017 15:34
|
|
|
Instant Grat posted:Disclosing security vulnerabilities is a pain in the rear end and I'm never doing it again You should just make a public tweet mentioning them on Twitter that informs them they have a security problem and no real way to report it. ... I mean, at this point, "best practices" is "whatever Taviso does".
|
|
#
?
Apr 4, 2017 15:34
|
|
|
endlessmonotony posted:You should just make a public tweet mentioning them on Twitter that informs them they have a security problem and no real way to report it. That's what Troy Hunt told me to do when I emailed him for advice after eventually getting shunted to the payment processor and being told "yeah we know they're doing the iframe thing, we told them to get it fixed but what can you do" Unfortunately i have like 2 followers that aren't porn bots and both of them are my mom Hunt said he was gonna signal boost it, maybe that'll help This isn't like, some mom'n'pop joint, this is the postal service for the entire god drat country Instant Grat fucked around with this message at 15:46 on Apr 4, 2017 |
|
#
?
Apr 4, 2017 15:37
|
|
|
Shaming a company into doing the right thing only works if they can feel shame. How likely is it that they'll care about this if they're not even using HTTPS until something massively bad (for them) actually happens?
|
|
#
?
Apr 4, 2017 15:47
|
|
|
Instant Grat posted:That's what Troy Hunt told me to do when I emailed him for advice after eventually getting shunted to the payment processor and being told "yeah we know they're doing the iframe thing, we told them to get it fixed but what can you do" Forward it to Taviso and have him publically shame the company for you.
|
|
#
?
Apr 4, 2017 15:51
|
|
|
Instant Grat posted:That's what Troy Hunt told me to do when I emailed him for advice after eventually getting shunted to the payment processor and being told "yeah we know they're doing the iframe thing, we told them to get it fixed but what can you do" PM me with details?
|
|
#
?
Apr 4, 2017 16:30
|
|
|
OSI bean dip posted:PM me with details? Done
|
|
#
?
Apr 4, 2017 16:38
|
|
|
As a cool bonus, the engineer I spoke to at the payment processor said the reason he can't really do that much about it is their EULA doesn't forbid their customers from putting their payment module in an iframe on an unencrypted HTTP page So y'know "I'll bring it up again next time I talk to them, thanks for calling" Instant Grat fucked around with this message at 16:57 on Apr 4, 2017 |
|
#
?
Apr 4, 2017 16:47
|
|
|
https://twitter.com/k8em0/status/849284404337930240
|
|
#
?
Apr 4, 2017 17:02
|
|
|
Instant Grat posted:As a cool bonus, the engineer I spoke to at the payment processor said the reason he can't really do that much about it is their EULA doesn't forbid their customers from putting their payment module in an iframe on an unencrypted HTTP page
|
|
#
?
Apr 4, 2017 17:02
|
|
|
Instant Grat posted:Disclosing security vulnerabilities is a pain in the rear end and I'm never doing it again Did you try and call them to disclose a vuln?
|
|
#
?
Apr 4, 2017 17:04
|
|
|
apseudonym posted:Did you try and call them to disclose a vuln? There was no security or IT-related email address, the normal support address auto-reply told me to expect a reply in 6-8 business days, and I'm unemployed and bored I was trying to just get them to forward my message to some relevant person without it having to take two weeks but they kept forwarding me like a hot potato
|
|
#
?
Apr 4, 2017 17:09
|
|
|
amidst a ton of broadcom vulns being publicly released by project zero there's a good part 1 of attacking their wifi stack https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
|
|
#
?
Apr 4, 2017 17:15
|
|
|
Instant Grat posted:Disclosing security vulnerabilities is a pain in the rear end and I'm never doing it again oh so you also found a vulnerability in the internet connected dildo?
|
|
#
?
Apr 4, 2017 19:45
|
|
|
Cold on a Cob posted:oh so you also found a vulnerability in the internet connected dildo? Did someone already make a joke about pentesting
|
|
#
?
Apr 4, 2017 20:05
|
|
|
Instant Grat posted:Did someone already make a joke about pentesting Yes
|
|
#
?
Apr 4, 2017 20:23
|
|
|
peentesting
|
|
#
?
Apr 5, 2017 02:26
|
|
|
redleader posted:peentesting
|
|
#
?
Apr 5, 2017 04:07
|
|
|
Pen 15 Testing is my new sec group, who wants on?
|
|
#
?
Apr 5, 2017 07:56
|
|
|
Migishu posted:Pen 15 Testing is my new sec group, who wants on? go away aatrek
|
|
#
?
Apr 5, 2017 09:06
|
|
|
anyone posted about caa dns records yet? https://tools.ietf.org/html/rfc6844 looking forward to a bunch of sites having orange address bars on september 8th when this becomes mandatory and browsers start checking it
|
|
#
?
Apr 5, 2017 10:21
|
|
|
|
| # ? May 21, 2024 03:20 |
|
|
rip TLSA
|
|
#
?
Apr 5, 2017 11:03
|
|