Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy
«216 »
 
  • Locked thread
Subjunctive
Sep 12, 2006

✨sparkle and shine✨

COACHS SPORT BAR posted:

It's waaaaaay too short to be a UUID

e: just compiled a list of all the urls sent to me. It's more or less on par with an imgur identifier. Meh, not as interesting as I had hoped

well, you can pack 128 bits of a UUID in any format you want. what's the bit-width of the identifier?

* # ? Apr 26, 2017 23:42
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 21, 2024 06:10
  • Quote
anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum
rip grsec https://twitter.com/paxteam/status/857227858917425153

* # ? Apr 26, 2017 23:47
  • Quote
Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano
a monumental loss

* # ? Apr 26, 2017 23:49
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
i'll miss seeing spender get into pissing matches over grsec

* # ? Apr 26, 2017 23:52
  • Quote
fishmech
Jul 16, 2006

by VideoGames
Salad Prong
basically the reason there's a limit on how quickly the bitcoin difficulty can go up or down at each adjustment, is to prevent a theoeretical attack where some entity temporarily spends a ton of processing power to mine to drive up the difficulty, and then stops that processing as soon as the difficulty jumps a ton in order to slow things down for everyone.

and also prevents someone from temporarily holding back a mass amount of processing power to lower the difficulty in order to immediately come back and try to push through a lot of stuff when they bring it back up

* # ? Apr 26, 2017 23:54
  • Quote
Daman
Oct 28, 2011

OSI bean dip posted:

:allears:

so, that guy's funny, but here's some quotes from the one guy responding to them in that channel.

quote:

<Bitweasil> warrshrike, right. So. Quit video games if you want to get good at stuff.

<Bitweasil> No, I don't play video games, because I have better things to do with my time, like get good at low level x86 and such.
<Bitweasil> You're welcome to fap around playing games. Have a ball. But that nerfs your ability to get /good/ at poo poo.

<Bitweasil> warrshrike, thought so. Self identifies as 'gamer', about 100% odds they spend a lot of time pointlessly fapping too.
<Bitweasil> If you're going to do that, at least learn some proper pickup artistry and use real women.


* Bitweasil doubts warrshrike will last a week with no gaming & no fapping.

<Bitweasil> I'm pretty sure there's a "nofap" community on reddit.

* Bitweasil faintly hates to be an rear end about the whole gaming and fapping thing, but, seriously, you won't get good at anything if you do that.

<Bitweasil> You're more likely to find it's hard and go back to gaming and fapping, though.

never stop being horrible, security community

* # ? Apr 27, 2017 00:01
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
jesus

i always forget to rejoin that channel until someone tells me something funny is coming up

* # ? Apr 27, 2017 00:04
  • Quote
JawnV6
Jul 4, 2004

So hot ...

quote:

<Bitweasil> No, I don't play video games, because I have better things to do with my time, like get good at low level x86 and such.
huh

* # ? Apr 27, 2017 00:05
  • Quote
Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

Daman posted:

so, that guy's funny, but here's some quotes from the one guy responding to them in that channel.


never stop being horrible, security community

is that ##re because people in another irc channel I'm in mentioned the same toxic rear end in a top hat

* # ? Apr 27, 2017 00:12
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

Cocoa Crispies posted:

is that ##re because people in another irc channel I'm in mentioned the same toxic rear end in a top hat

yes

* # ? Apr 27, 2017 00:32
  • Quote
in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

OSI bean dip posted:

:allears:

wasnt there something at fosdem this year like this from an 'ideas guy'

* # ? Apr 27, 2017 04:19
  • Quote
anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum
https://twitter.com/rcalo/status/857379143737950209

* # ? Apr 27, 2017 04:45
  • Quote
Shame Boy
Mar 2, 2010

Daman posted:

so, that guy's funny, but here's some quotes from the one guy responding to them in that channel.


never stop being horrible, security community

i'm not sure this person knows what "nerfs" means

or "fap"

* # ? Apr 27, 2017 07:24
  • Quote
spankmeister
Jun 15, 2008
Probation
Can't post for 7 hours!
Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

* # ? Apr 27, 2017 08:28
  • Quote
redleader
Aug 18, 2005

Engage according to operational parameters

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

5


can't wait for various governments to crack down on this poo poo. it's gonna happen.

* # ? Apr 27, 2017 08:53
  • Quote
Acer Pilot
Feb 17, 2007
put the 'the' in therapist

:dukedog:

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

that was horrifying

* # ? Apr 27, 2017 09:17
  • Quote
Powerful Two-Hander
Mar 10, 2004

Mods please change my name to "Tooter Skeleton" TIA.

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/


quote:

The code is riddled with bad examples of how to do things and it seems was developed by one guy called 'shawn' whose name appears throughout. They narrowly avoided one persistent XSS vulnerability by stripping tags followed by the comment /* should we even bother? */.

security fuckup megathread: /* should we even bother? */.

* # ? Apr 27, 2017 09:39
  • Quote
redleader
Aug 18, 2005

Engage according to operational parameters

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.

this is too good

* # ? Apr 27, 2017 09:47
  • Quote
big scary monsters
Sep 2, 2011

-~Skullwave~-

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

very nice

* # ? Apr 27, 2017 09:57
  • Quote
Maximum Leader
Dec 5, 2014

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 10:05
  • Quote
Progressive JPEG
Feb 19, 2003

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

I'll be the lack of sanitisation

* # ? Apr 27, 2017 10:16
  • Quote
AggressivelyStupid
Jan 9, 2012

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 10:27
  • Quote
A Pinball Wizard
Mar 23, 2005

I know every trick, no freak's gonna beat my hands

College Slice

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.

Smythe please

* # ? Apr 27, 2017 12:20
  • Quote
Dex
May 26, 2006

Quintuple x!!!

Would not escrow again.

VERY MISLEADING!

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 12:27
  • Quote
The MUMPSorceress
Jan 6, 2012


^SHTPSTS

Gary’s Answer

Daman posted:

so, that guy's funny, but here's some quotes from the one guy responding to them in that channel.


never stop being horrible, security community

i can't describe to you the intense fear and revulsion i felt at the phrase "use real women".

* # ? Apr 27, 2017 15:19
  • Quote
power botton
Nov 2, 2011

 All good security research is done by the volcel community

* # ? Apr 27, 2017 15:18
  • Quote
FAT32 SHAMER
Aug 16, 2012

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 15:24
  • Quote
fins
May 31, 2011

Floss Finder
from the dates in here https://github.com/ScottHelme/nomx/blob/master/micro-sd/var/mail/root

it looks like this pile of crap took almost a year to develop.

* # ? Apr 27, 2017 15:42
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
I got permission to mirror it on secsnakeoil.

* # ? Apr 27, 2017 16:28
  • Quote
Pikavangelist
Nov 9, 2016

There is no God but Arceus
And Pikachu is His prophet

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.

mods

* # ? Apr 27, 2017 16:35
  • Quote
Migishu
Oct 22, 2005

I'll eat your fucking eyeballs if you're not careful

Grimey Drawer

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 17:13
  • Quote
Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

redleader posted:

5


can't wait for various governments to crack down on this poo poo. it's gonna happen.

I'm not holding my breath.

* # ? Apr 27, 2017 17:17
  • Quote
Kuvo
Oct 27, 2008

Blame it on the misfortune of your bark!
Fun Shoe

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

5

* # ? Apr 27, 2017 17:22
  • Quote
Truga
May 4, 2014
Lipstick Apathy

Volmarias posted:

I'm not holding my breath.

yeah, the free market should take care of this just fine!

* # ? Apr 27, 2017 17:41
  • Quote
Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

OSI bean dip posted:

I got permission to mirror it on secsnakeoil.

:yayclod:

* # ? Apr 27, 2017 18:49
  • Quote
AstuteCat
May 4, 2007

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 19:19
  • Quote
Rooney McNibnug
Sep 2, 2008

"Life always hopes. When a definite object cannot be outlined, the indomitable spirit of hope still impels the living mass to move toward something--something that shall somehow be better."

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

I read this hours ago but I'm still laughing about it. 5.

* # ? Apr 27, 2017 19:40
  • Quote
30 TO 50 FERAL HOG
Mar 2, 2005

spankmeister posted:

Here's some more snake oil bullshit getting brutally owned:

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

im the hot glue holding the LEDs

* # ? Apr 27, 2017 20:12
  • Quote
vOv
Feb 8, 2014

Powerful Two-Hander posted:

security fuckup megathread: /* should we even bother? */.
* # ? Apr 27, 2017 20:14
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 21, 2024 06:10
  • Quote
necrotic
Aug 2, 2005
I owe my brother big time for this!
 we need an ssl cert for email. whats a good provider these days?

* # ? Apr 27, 2017 21:26
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy
«216 »