|
Been a long time since we've had a good bit of address-book propagating malware that wrecks your poo poo and shames you publicly for falling for it let the good times roll
|
#
?
May 3, 2017 23:34
|
|
|
|
| # ? Jun 7, 2024 22:06 |
|
|
COACHS SPORT BAR posted:Been a long time since we've had a good bit of address-book propagating malware that wrecks your poo poo and shames you publicly for falling for it i usually get a few instances of russian crapware from my skype contacts on yearly basis
|
|
#
?
May 3, 2017 23:36
|
|
|
COACHS SPORT BAR posted:Been a long time since we've had a good bit of address-book propagating malware that wrecks your poo poo and shames you publicly for falling for it let the good times roll? i think you mean party like its 1999
|
|
#
?
May 3, 2017 23:55
|
|
|
Saw this happen in real time at work today.
|
|
#
?
May 4, 2017 00:05
|
|
|
anthonypants posted:as far as i can tell it's everybody
|
|
#
?
May 4, 2017 00:05
|
|
|
apseudonym posted:Yeah should be using Microsoft stuff it's great eh the business cloud stuff is based on shartpoint and linq so it's not that great
|
|
#
?
May 4, 2017 00:49
|
|
|
PyPy posted:Saw this happen in real time at work today. same
|
|
#
?
May 4, 2017 01:31
|
|
|
Shaggar posted:that said, users understanding the concept of auth tokens is probably a tall ask. Good lord this ed: looks like some part of the code from the worm got saved by someone here: https://hastebin.com/gubegaqusi.xml pr0zac fucked around with this message at 02:48 on May 4, 2017 |
|
#
?
May 4, 2017 02:00
|
|
|
.
fins fucked around with this message at 14:08 on May 4, 2017 |
|
#
?
May 4, 2017 03:45
|
|
|
idk how much exactly of a secfuck it is, but joint 2fa app (anroid) used by two of my banks does automatically pop up upon an authorization request, and in doing so circumvents pin-protected lockscreen
|
|
#
?
May 4, 2017 17:03
|
|
|
cinci zoo sniper posted:circumvents pin-protected lockscreen
|
|
#
?
May 4, 2017 17:10
|
|
|
cinci zoo sniper posted:idk how much exactly of a secfuck it is, but joint 2fa app (anroid) used by two of my banks does automatically pop up upon an authorization request, and in doing so circumvents pin-protected lockscreen how 
|
|
#
?
May 4, 2017 17:13
|
|
|
in case anyone wonders, im on stock google rom for nexus 5, v6.0.1 with security patches from oct 5, 2016
|
|
#
?
May 4, 2017 17:14
|
|
|
Kuvo posted:how andoid following in the footsteps of x server apparently locked screen? it's actually just a maximized window set to always-on-top
|
|
#
?
May 4, 2017 17:15
|
|
|
you can do lock-screen interactions on iOS now too, my mail client will let me archive or delete without unlocking
|
|
#
?
May 4, 2017 17:19
|
|
|
Subjunctive posted:you can do lock-screen interactions on iOS now too, my mail client will let me archive or delete without unlocking what im talking here is that a full window of the 2fa auth app opens, blotting out the lockscreen in its entirety
|
|
#
?
May 4, 2017 17:20
|
|
|
cinci zoo sniper posted:that is the regular interaction, android has that too, say for music player to switch tracks and pause/play why does it matter if it's full-screen or not?
|
|
#
?
May 4, 2017 17:21
|
|
|
Subjunctive posted:why does it matter if it's full-screen or not?
|
|
#
?
May 4, 2017 17:21
|
|
|
cinci zoo sniper posted:as ive said, im not sure how much this actually matters. i just have never seen a lockscreen interaction other than a widget before, and it feels shortsighted that the app authorizing bank payments does circumvent some portion of security measure on the phone sorry, I got confused and thought you were the one going "android kramers in..."
|
|
#
?
May 4, 2017 17:24
|
|
|
Subjunctive posted:you can do lock-screen interactions on iOS now too, my mail client will let me archive or delete without unlocking it's optional and apps can't override it 
|
|
#
?
May 4, 2017 17:39
|
|
|
Subjunctive posted:why does it matter if it's full-screen or not? cinci zoo sniper posted:as ive said, im not sure how much this actually matters. i just have never seen a lockscreen interaction other than a widget before, and it feels shortsighted that the app authorizing bank payments does circumvent some portion of security measure on the phone artists representation of android security:
|
|
#
?
May 4, 2017 17:51
|
|
|
https://twitter.com/sweis/status/860152381698224128 https://twitter.com/kennethlipp/status/860162396299591681
|
|
#
?
May 4, 2017 17:56
|
|
|
POOP ALERT, DISENGAGE
|
|
#
?
May 4, 2017 17:58
|
|
|
my phone came with "smart lock" which means you can set it up so if it's connected to certain bluetooth devices it doesn't require a pin to wake and every time you pair a bluetooth device to it it asks if you want to enable smart lock with this device and all you have to do is say yes and it's enabled, no confirmation or password or anything. afaik it's one of those stupid things where they marked it as OS-essential so you can't uninstall it too, thanks LG
|
|
#
?
May 4, 2017 18:00
|
|
|
ate all the Oreos posted:my phone came with "smart lock" which means you can set it up so if it's connected to certain bluetooth devices it doesn't require a pin to wake and every time you pair a bluetooth device to it it asks if you want to enable smart lock with this device and all you have to do is say yes and it's enabled, no confirmation or password or anything. afaik it's one of those stupid things where they marked it as OS-essential so you can't uninstall it too, thanks LG jesus
|
|
#
?
May 4, 2017 18:03
|
|
|
cinci zoo sniper posted:as ive said, im not sure how much this actually matters. i just have never seen a lockscreen interaction other than a widget before, and it feels shortsighted that the app authorizing bank payments does circumvent some portion of security measure on the phone the sleep tracking app I use does this as well (overrides the lock screen) but to do anything else you have to actually unlock the phone, it doesn't keep it unlocked. it's useful in that case because when you want to pause it you don't want to fumble with unlocking your phone as for a bank's 2fa app doing it holy poo poo that is dumb as hell. arguably the same kind of dumb as steam's 2fa which literally just sends a notification saying "your steam guard code is 2butts" but at least you can turn that off
|
|
#
?
May 4, 2017 18:04
|
|
|
cinci zoo sniper posted:in case anyone wonders, im on stock google rom for nexus 5, v6.0.1 with security patches from oct 5, 2016 You should probably upgrade to a newer phone. Anyway, this functionality is provided via the showForAllUsers flag in the manifest of the activity (which supercedes the now deprecated "showOnLockScreen" flag). The intention is to allow them user to interact with something without having to unlock the phone, where the interaction would have no realistic security concerns. For example, displaying turn by turn navigation, while still allowing the user to turn the screen off for battery purposes. Android cannot know whether showing the activity is actually a security or privacy risk, only that the app author has explicitly declared that it is not. Obviously, for the dumb fucker writing this 2FA app, that is the wrong call, but it is wrong to blame the framework for an intentional security gently caress up.
|
|
#
?
May 4, 2017 18:06
|
|
|
Zamujasa posted:the sleep tracking app I use does this as well (overrides the lock screen) but to do anything else you have to actually unlock the phone, it doesn't keep it unlocked. it's useful in that case because when you want to pause it you don't want to fumble with unlocking your phone oh right i guess my alarm clock (sleeping cycle) does the same - ive never paid much attention to it. was just doing some internet banking today so i noticed that my phone goes from dark screen to  PLEASE VERIFY YOUR BANK PAGE DISPLAYS 1337 the moment i click something in my browser
|
|
#
?
May 4, 2017 18:07
|
|
|
ate all the Oreos posted:my phone came with "smart lock" which means you can set it up so if it's connected to certain bluetooth devices it doesn't require a pin to wake and every time you pair a bluetooth device to it it asks if you want to enable smart lock with this device and all you have to do is say yes and it's enabled, no confirmation or password or anything. afaik it's one of those stupid things where they marked it as OS-essential so you can't uninstall it too, thanks LG This is disableable in device settings, unless LG is loving up to an incredible degree, in which case I'd love to know what phone this is.
|
|
#
?
May 4, 2017 18:07
|
|
|
Zamujasa posted:arguably the same kind of dumb as steam's 2fa which literally just sends a notification saying "your steam guard code is 2butts" but at least you can turn that off
|
|
#
?
May 4, 2017 18:07
|
|
|
Volmarias posted:You should probably upgrade to a newer phone. and yeah, im gearing up to switch phones later this year (poo poo doesnt come cheap on this end), even if for the security updates' sake, as my app (and smartphone overall) usage is becoming more and more considerate as the time goes. will probably get an iphone, since gently caress me if i'm paying 800 dollars for a phone that is deprecated in 3 years
|
|
#
?
May 4, 2017 18:12
|
|
|
ate all the Oreos posted:my phone came with "smart lock" which means you can set it up so if it's connected to certain bluetooth devices it doesn't require a pin to wake and every time you pair a bluetooth device to it it asks if you want to enable smart lock with this device and all you have to do is say yes and it's enabled, no confirmation or password or anything. afaik it's one of those stupid things where they marked it as OS-essential so you can't uninstall it too, thanks LG i think that's an android feature and it can certainly be disabled in the security screen on stock android, but i wouldn't past an oem to reinvent the wheel in a much stupider way
|
|
#
?
May 4, 2017 18:14
|
|
|
duTrieux. posted:artists representation of android security: i can gain local admin access on servers at work by browsing to cmd.exe from the save dialog on an invoked 'secure' remote session because it all runs under the local admin account i told the developers about this and they didn't respond lol
|
|
#
?
May 4, 2017 18:19
|
|
|
Powerful Two-Hander posted:i can gain local admin access on servers at work by browsing to cmd.exe from the save dialog on an invoked 'secure' remote session because it all runs under the local admin account "WONTFIX: Attacker was friendly."
|
|
#
?
May 4, 2017 18:20
|
|
|
cinci zoo sniper posted:that is the regular interaction, android has that too, say for music player to switch tracks and pause/play https://developer.android.com/reference/android/view/WindowManager.LayoutParams.html#FLAG_SHOW_WHEN_LOCKED While a 2fa shouldn't really do that since 2fa is about providing a 'what you have' physical access to the phone be a valid 2fa. E: beaten as gently caress
|
|
#
?
May 4, 2017 18:29
|
|
|
my hope is that eventually android and/or apple will put out some sort of authentication API where the phone itself is the 2FA and not a separate app. also, just want to say that I wish iOS would let you set non-owner PINs/fingerprints with restricted access.
|
|
#
?
May 4, 2017 18:41
|
|
|
Ur Getting Fatter posted:my hope is that eventually android and/or apple will put out some sort of authentication API where the phone itself is the 2FA and not a separate app. how do ipads do children mode then (assuming it exists)?
|
|
#
?
May 4, 2017 18:42
|
|
|
Wiggly Wayne DDS posted:...you turn that off....? well i don't but you can, say, hide the notification text on the lock screen, so the code shows up only when unlocked, because it's just a normal notification and not a lock screen bypassing mess
|
|
#
?
May 4, 2017 18:45
|
|
|
cinci zoo sniper posted:how do ipads do children mode then (assuming it exists)? all restrictions are device-wide and there's no concept of multiple logins with differing privilege levels
|
|
#
?
May 4, 2017 18:47
|
|
|
|
| # ? Jun 7, 2024 22:06 |
|
|
Zamujasa posted:well i don't but you can, say, hide the notification text on the lock screen, so the code shows up only when unlocked, because it's just a normal notification and not a lock screen bypassing mess
|
|
#
?
May 4, 2017 18:50
|
|