|
grandfather's exe
|
# ? Apr 26, 2017 17:44 |
|
|
# ? May 21, 2024 02:13 |
|
infernal machines posted:mainframe of theseus NICE! Number19 posted:have some more atlassian fuckups while we're at it: https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html lol atlassian My company switched to hipchat a while ago, and I noticed that whenever someone sends a picture (which is frequently a screenshot of something proprietary, or at least not meant for disclosure), it ends up hosted on an s3 instance with absolutely no authentication. URL is something like s3.amazonaws.com/uploads.hipchat.com/[comany's unique ID]/[some other id]/[upload.png] I'd been meaning to do some prodding and see if [some other id] is predictable, maybe I should take that off the back burner
|
# ? Apr 26, 2017 17:47 |
|
haveblue posted:grandfather's exe I've only changed the language twice and the OS three times
|
# ? Apr 26, 2017 17:48 |
|
infernal machines posted:mainframe of theseus haveblue posted:grandfather's exe
|
# ? Apr 26, 2017 18:14 |
|
COACHS SPORT BAR posted:NICE! just stick a UUID in there and it's basically as good as authentication over https.
|
# ? Apr 26, 2017 18:17 |
|
COACHS SPORT BAR posted:NICE! I found slack had this same issue and it blew my mind. I _think_ its since been fixed? e: yeah totally has
|
# ? Apr 26, 2017 18:26 |
|
Subjunctive posted:just stick a UUID in there and it's basically as good as authentication over https. It's waaaaaay too short to be a UUID e: just compiled a list of all the urls sent to me. It's more or less on par with an imgur identifier. Meh, not as interesting as I had hoped burning swine fucked around with this message at 19:07 on Apr 26, 2017 |
# ? Apr 26, 2017 18:57 |
|
Wheany posted:I get this reference
|
# ? Apr 26, 2017 19:52 |
|
quote:14:26:20 warrshrike | I need some help from you geniuses
|
# ? Apr 26, 2017 19:52 |
|
so like an eeprom that contains your messages, sounds cool
|
# ? Apr 26, 2017 20:00 |
|
Good writeup on the security dumpster fire that is SugarCRM: http://karmainsecurity.com/tales-of-sugarcrm-security-horrors
|
# ? Apr 26, 2017 20:06 |
|
the sugarcrm "API" is basically sql injection.
|
# ? Apr 26, 2017 20:08 |
|
COACHS SPORT BAR posted:Good writeup on the security dumpster fire that is SugarCRM: quote:SugarCRM is a pretty popular Customer Relationship Management (CRM) application written in PHP code. It was born in 2004 as an open source project hosted on SourceForge, a development repository for free software. article just ends right there
|
# ? Apr 26, 2017 20:16 |
|
Loaded fine for mequote:SugarCRM is a pretty popular Customer Relationship Management (CRM) application written in PHP code. It was born in 2004 as an open source project hosted on SourceForge, a development repository for free software. By June of the same year, the rapid success of the project allowed the original developers to found SugarCRM Inc. and raise $2 million in venture capital. A month later, on July 3, Sugar Open Source version 1.0 was released. In October 200 ......... Etc
|
# ? Apr 26, 2017 20:19 |
|
Volmarias posted:Loaded fine for me whoosh
|
# ? Apr 26, 2017 20:24 |
|
i get joaks
|
# ? Apr 26, 2017 20:26 |
|
Cocoa Crispies posted:article just ends right there
|
# ? Apr 26, 2017 20:26 |
|
Volmarias posted:I've only changed the language twice and the OS three times
|
# ? Apr 26, 2017 20:33 |
|
lol what the heck
|
# ? Apr 26, 2017 20:39 |
https://arstechnica.com/information-technology/2017/04/picture-this-senate-staffers-id-cards-have-photo-of-smart-chip-no-security/quote:Moreover, in contrast to the executive branch's widespread adoption of PIV cards with a smart chip, most Senate staff ID cards have a photo of a chip printed on them, rather than a real chip.
|
|
# ? Apr 26, 2017 21:06 |
|
rafikki posted:https://arstechnica.com/information-technology/2017/04/picture-this-senate-staffers-id-cards-have-photo-of-smart-chip-no-security/ if those chip pictures prove themselves to be brave and secure, one day they will become real chips
|
# ? Apr 26, 2017 21:16 |
|
rafikki posted:https://arstechnica.com/information-technology/2017/04/picture-this-senate-staffers-id-cards-have-photo-of-smart-chip-no-security/ my brain automatically converted piv to penis in vagina
|
# ? Apr 26, 2017 21:23 |
are planeforce have bug bounty program now
|
|
# ? Apr 26, 2017 21:25 |
|
A Pinball Wizard posted:my brain automatically converted piv to penis in vagina computer fucker.
|
# ? Apr 26, 2017 21:36 |
|
pinball in wizard
|
# ? Apr 26, 2017 22:00 |
|
http://www.antbleed.com/quote:Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer. quote:At worst, this firmware backdoor allows Bitmain to shut off a large section of the global hashrate (estimated to be at up to 70% of all mining equipment). It can also be used to directly target specific machines or customers. Standard inbound firewall rules will not protect against this because the Antminer makes outbound connections.
|
# ? Apr 26, 2017 22:39 |
|
https://twitter.com/SDLerner/status/857339715577663489 https://twitter.com/petertoddbtc/status/857341376245182464
|
# ? Apr 26, 2017 22:40 |
|
anthonypants posted:https://twitter.com/SDLerner/status/857339715577663489 someone should do the last bit
|
# ? Apr 26, 2017 22:42 |
|
fishmech posted:someone should do the last bit
|
# ? Apr 26, 2017 22:43 |
|
fishmech posted:someone should do the last bit
|
# ? Apr 26, 2017 22:43 |
|
this is actually good for bitcoin because
|
# ? Apr 26, 2017 22:43 |
|
I lust for bitcoin death
|
# ? Apr 26, 2017 22:57 |
|
fishmech posted:someone should do the last bit
|
# ? Apr 26, 2017 23:09 |
|
fishmech posted:someone should do the last bit quote:The last bit was mined for the first time, half in jest, on April 20, 2140, at a time when humanity first stepped into the light.
|
# ? Apr 26, 2017 23:23 |
|
With the way bitcoins work, the amount of bitcoins mined per period of time cannot change, I think. So if you were to kill a majority of bitcoin miners, those who are left over would suddenly get way more bitcoins way faster.
|
# ? Apr 26, 2017 23:27 |
|
Carbon dioxide posted:With the way bitcoins work, the amount of bitcoins mined per period of time cannot change, I think. the difficulty would balance out so that the speed would end up around the same (average 10 minutes iirc) after a short burst period, but the thing is they would lock out anyone not using the best asics if they shut off all the antminers outside of the chinese pools. they can effectively lock out the entire rest of the bitcoin network and they only way to prevent it is to somehow patch and repair the firmware and hope there isn't more hidden backdoors or develop and deploy a par competitor with the current antminers. china has the entire bitcoin protocol by the balls with this.
|
# ? Apr 26, 2017 23:33 |
|
Cocoa Crispies posted:whoosh ... gently caress
|
# ? Apr 26, 2017 23:34 |
|
Carbon dioxide posted:With the way bitcoins work, the amount of bitcoins mined per period of time cannot change, I think. the difficulty adjustment isn't instant but i don't remember how often it happens, i want to say twice a month or something g
|
# ? Apr 26, 2017 23:38 |
|
Mr. Nice! posted:the difficulty would balance out so that the speed would end up around the same (average 10 minutes iirc) after a short burst period, but the thing is they would lock out anyone not using the best asics if they shut off all the antminers outside of the chinese pools. the difficulty can only change every so often (as it stands, once every 14 days if things are in good working order, as it's every 2016 blocks), and can only change up to a certain amount each time. it could take months easily for bitcoin to adjust back to consistent 10ish minute blocks again if 70% of the mining power was immediately wiped out and stayed wiped out.
|
# ? Apr 26, 2017 23:39 |
|
|
# ? May 21, 2024 02:13 |
|
vOv posted:the difficulty adjustment isn't instant but i don't remember how often it happens, i want to say twice a month or something g
|
# ? Apr 26, 2017 23:43 |