|
URL grey tea posted:i just started at cylance at the beginning of this year. socal is gr8. fake news why is your engine coded in unobfuscated c#?
|
# ? Apr 6, 2017 00:37 |
|
|
# ? May 18, 2024 14:32 |
|
it took them until 2017 https://twitter.com/fdfalcon/status/849771267259498498
|
# ? Apr 6, 2017 01:52 |
|
some people at work have cylance running on their workstations and it quarantined both git and powershell as suspicious software. Happy devs.
|
# ? Apr 6, 2017 02:14 |
|
Truga posted:i mean, i'm all for people not clicking on random popups, but how do you propose a browser implement a new feature like this? make it so that if you log into an http page despite the warning the computer shuts itself off
|
# ? Apr 6, 2017 02:19 |
OSI bean dip posted:why is your engine coded in unobfuscated c#? i am a mere tier 3 mortal and cannot really provide any valuable response here. insert "it's free software" gif here if true MononcQc posted:some people at work have cylance running on their workstations and it quarantined both git and powershell as suspicious software. Happy devs. i haven't heard of those being quarantined, but if they have memory protection or script control enabled git is known to flag stack pivots iirc. admin just needs to make an exclusion. the normal process is to train on a test box in alert mode before pushing to the general population for the first time. URL grey tea fucked around with this message at 03:17 on Apr 6, 2017 |
|
# ? Apr 6, 2017 02:29 |
|
Wiggly Wayne DDS posted:it took them until 2017
|
# ? Apr 6, 2017 03:30 |
|
surprised this hasnt been posted here yet: security researcher finds 40 0days in samsung's tizen os. quote:But the operating system is riddled with serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices, according to Israeli researcher Amihai Neiderman. this software is used in their smart tvs and smart watches and some smart phones in certain markets. the slashdot comments for this story shockingly had a few good posts. first this user was asked by their boss to investigate porting an app they were working on to tizen: quote:I was once asked by my boss to tinker with Tizen, see if it was usable, since a client was soliciting bids for an app they wanted to run on Samsung's smartwatch. a user who replied to that post dug up a user post on the daily wtf about "EFL," tizen's native ui toolkit (borrowed from the enlightenment wm of all places, and, yes, samsung employs the author of enlightenment to work on tizen). quote:I work for a certain corporation which uses a certain product. This is its story. To put the quality of this product into perspective, let me say it’s been in development for about 20 years and has pretty much no users (besides my corp and some “hey - let’s make our own Linux crappy distro, which no one will ever use” fanatics) and no community. It was written by a C programmer who “doesn’t like the notion of ‘type’ in programming”. Let that be a prelude of what’s to follow. Envy those who don’t know it; pity those who use it. another slashdotter shared a run-in they had with the developers of enlightenment at an open source developers conference: quote:Actually, the Daily WTF article is not particularly educational when it comes to EFL. It covers the obvious surface detail of what the developers do dangerously wrong. There are far worse things under the surface. Mr.Radar fucked around with this message at 04:23 on Apr 6, 2017 |
# ? Apr 6, 2017 04:13 |
|
Mr.Radar posted:"EFL," tizen's native ui toolkit (borrowed from the enlightenment wm of all places, and, yes, samsung employs the author of enlightenment to work on tizen). What the gently caress
|
# ? Apr 6, 2017 05:19 |
|
Mr.Radar posted:surprised this hasnt been posted here yet: security researcher finds 40 0days in samsung's tizen os. wat
|
# ? Apr 6, 2017 05:21 |
|
yeah sarnsung threw a few million dollars at the e17 team a few years back. everyone assumed it was going to go into their smart tvs and such but no one knew why they picked enlightenment.wikipedia posted:Version 0.17, also referred to as E17, was in development for 12 years starting in December 2000[6] until 21 December 2012 when it was officially released as stable. 12 years
|
# ? Apr 6, 2017 05:45 |
|
atomicthumbs posted:What the gently caress e17 was a loving unicorn
|
# ? Apr 6, 2017 05:59 |
|
Instant Grat posted:Choice extract from the motherboard article: im the weird reporter telling a guy about how i was bullied in elementary school and laughing out loud
|
# ? Apr 6, 2017 06:11 |
|
code:
|
# ? Apr 6, 2017 08:30 |
|
perfect
|
# ? Apr 6, 2017 08:34 |
|
My current NHS trust thinks 3 monthly password resets are for loosers and so makes you change every drat month. As a result every computer has a username and password helpfully written down on a sticker on the machine, single sign on is enabled so when you log in it signs into the radiology and pathology systems with the deets of the last person who went to the trouble of logging in to those with their own creds
|
# ? Apr 6, 2017 09:19 |
|
Progressive JPEG posted:
You're doing it wrong. Try: dig google.com type257
|
# ? Apr 6, 2017 11:48 |
|
Ugh. 1Password just removed built-in cloud sync from their v6 Windows client update released April 5. They're blaming Dropbox for switching to their new v2 API, but on the forums it's very apparent that they would like everyone to move to their subscription model. They've confirmed that v4 for Windows is dead, and they will no longer sell you a v4 license through their commercial site. WLAN syncing from v4 will not make it to v6, in order to promote their subscription model. You can still do cloud syncing with v6, but you'll need to have Dropbox / Onedrive / Google Drive / BT Sync / whatever installed to sync the vault, which v6 can just talk to. v6 now has local vault capability. Finally, in their zeal to remove features from the v6 app, they've made it so that if you remove all your previously-functional, but now non-functional cloud-synced-through-the-v6-app vaults, the only option to add a new vault is to log into or sign up for a 1password.com account. I assume this is just an oversight and in the next new version you'll be able to either choose to use a 1password.com account, OR sync to a local vault. But for now, make sure you add your new local sync before removing all your old, non-functional sync accounts! Not a sec gently caress at all, but given how this thread seems to like Agilebits, this might be the start of some people changing their mind about them. bobfather fucked around with this message at 14:01 on Apr 6, 2017 |
# ? Apr 6, 2017 13:48 |
|
I just use iCloud, sorry about your online cloud thinger with a war criminal on the board
|
# ? Apr 6, 2017 13:52 |
|
had to google a bit to figure out that the guy is probably talking about 1password, somehow did not make a lot of sense that dropbox would drop dropbox sync from their client
|
# ? Apr 6, 2017 14:00 |
|
minivanmegafun posted:I just use iCloud, sorry about your online cloud thinger with a war criminal on the board The Windows clients have never had / will never have iCloud support, and neither will the Android version of 1Pass. Also, AES-256 + a good password is pretty solid, no matter how crappy the security on Dropbox's backend may or may not be.
|
# ? Apr 6, 2017 14:01 |
|
Cybernetic Vermin posted:had to google a bit to figure out that the guy is probably talking about 1password, somehow did not make a lot of sense that dropbox would drop dropbox sync from their client Yeah, sorry, edited.
|
# ? Apr 6, 2017 14:02 |
|
bobfather posted:Ugh. 1Password just removed built-in cloud sync from their v6 Windows client update released April 5. They're blaming Dropbox for switching to their new v2 API, but on the forums it's very apparent that they would like everyone to move to their subscription model. nifty beans how long until tavis writes a program that impersonates one app to the other and gets either your whole password store or your whole dropbox dumped into notepad
|
# ? Apr 6, 2017 14:06 |
|
boxdrop.io
|
# ? Apr 6, 2017 14:09 |
|
lol i got that plex VPN email the other day and just this morning i checked my junk mail and found
|
# ? Apr 6, 2017 14:28 |
|
there's an address at the bottom of the email that i didn't catch, it goes to here: https://www.google.com/maps/place/3...2483571!6m1!1e1 trust your VPN service to FOX rent-a-car!
|
# ? Apr 6, 2017 14:32 |
|
Mr.Radar posted:surprised this hasnt been posted here yet: security researcher finds 40 0days in samsung's tizen os. every single part of that slashdot post is quote-worthy. jesus h christ. quote:Another interesting design related to callbacks is key handling. You can register your callback for keydown events and get all the info in a neat structure named Evas_Event_Key_Down. What would you expect from such structure? Maybe a key code? Ha! EFL gives you something more – a key name. Instead of comparing integer code to some universal key number, you are forced to do a string comparison against system-dependent key name. To find if your key was A, compare the name to string “A”; to check for return key, compare to “[Return]”; to check for play button, compare to “XF86AudioPlay” and pray your application will never be ported to something else than a Linux with X.org. In short – you want to react to 20 key presses, make 20 string comparisons against names which are listed somewhere in you OS/window system documentation. i imagine all enlightenment docs to read like that "the missile knows where it is at all times. it knows this because it knows where it isn't." video sounds
|
# ? Apr 6, 2017 15:17 |
|
ate all the Oreos posted:there's an address at the bottom of the email that i didn't catch, it goes to here: Troy Hunt did a write-up of the whole dumbass MySafeVPN affair: https://www.troyhunt.com/the-importance-of-trust-and-integrity-in-a-vpn-provider-and-how-mysafevpn-blew-it/ "MyVPNHouse" is just an alias for the same exact scam - it literally just 301s you to MySafeVPN The address of the "headquarters" listed on their contact page is a Vietnamese restaurant in Ontario Instant Grat fucked around with this message at 16:23 on Apr 6, 2017 |
# ? Apr 6, 2017 16:17 |
|
pho bo ga vlan
|
# ? Apr 6, 2017 16:23 |
|
flakeloaf posted:pho bo ga vlan ia ia nsa fhtagn
|
# ? Apr 6, 2017 16:24 |
|
interesting tool: https://github.com/huntergregal/mimipenguin mimikatz-style memory dumping and searching for linux passwords. requires root, seems focused on linux desktop users, so all three of us should be careful.
|
# ? Apr 6, 2017 16:26 |
|
OSI bean dip posted:why is your engine coded in unobfuscated c#? What's wrong with code being unobfuscated? Or is this just a coding holy-war comment?
|
# ? Apr 6, 2017 16:34 |
ate poo poo on live tv posted:What's wrong with code being unobfuscated? Or is this just a coding holy-war comment?
|
|
# ? Apr 6, 2017 16:36 |
|
Storysmith posted:interesting tool: https://github.com/huntergregal/mimipenguin
|
# ? Apr 6, 2017 16:53 |
|
cinci zoo sniper posted:is this a serious "what are the security implications for an unprotected security product" Is this a serious "obfuscation provides meaningful security"?
|
# ? Apr 6, 2017 17:12 |
wolrah posted:Is this a serious "obfuscation provides meaningful security"?
|
|
# ? Apr 6, 2017 17:19 |
|
Instant Grat posted:Troy Hunt did a write-up of the whole dumbass MySafeVPN affair: https://www.troyhunt.com/the-importance-of-trust-and-integrity-in-a-vpn-provider-and-how-mysafevpn-blew-it/ yeah i know, which is why i posted this email that i got after that article went up
|
# ? Apr 6, 2017 17:29 |
|
cinci zoo sniper posted:is this a serious "what are the security implications for an unprotected security product" no
|
# ? Apr 6, 2017 17:42 |
|
i would like to know the serious reason why you should obfuscate your code though without the snark, like i thought that feature only existed to attempt to prevent other companies from ripping your stuff off easily
|
# ? Apr 6, 2017 17:44 |
|
|
# ? Apr 6, 2017 17:49 |
|
|
# ? May 18, 2024 14:32 |
|
ate all the Oreos posted:i would like to know the serious reason why you should obfuscate your code though without the snark, like i thought that feature only existed to attempt to prevent other companies from ripping your stuff off easily i'm more taking a jab at how they wrote their software and not the fact that they didn't obfuscate. they make it a real pain in the rear end to get ahold of a copy
|
# ? Apr 6, 2017 17:51 |