|
gotta have 2fa to protect my digital hats
|
#
?
May 4, 2017 18:57
|
|
|
|
| # ? Jun 4, 2024 14:59 |
|
|
duTrieux. posted:gotta have 2fa to protect my digital hats
|
|
#
?
May 4, 2017 18:59
|
|
|
lol at using games in order to gamble and launder money
|
|
#
?
May 4, 2017 19:03
|
|
|
duTrieux. posted:lol at using games in order to gamble and launder money
|
|
#
?
May 4, 2017 19:11
|
|
|
cinci zoo sniper posted:dude, csgo knives used to cost up to 40k, still cost up to 15k. theres are like 50k worth sniper rifles atm. even "pleb-tier" skins for same csgo can be in hundreds of dollars (those were thousands of dollars earlier, yes) asking price isn't selling price or is it i don't know, i'm not up on shootman economics
|
|
#
?
May 4, 2017 19:15
|
|
|
Ur Getting Fatter posted:my hope is that eventually android and/or apple will put out some sort of authentication API where the phone itself is the 2FA and not a separate app. 2FA tends to be pretty bespoke server side unfortunately, which is why I doubt there will be platform APIs anytime soon. If you've got an app on the device then 2fa is pretty easy (and even doing hard crypto binding isn't _that_ painful)
|
|
#
?
May 4, 2017 19:17
|
|
|
flakeloaf posted:asking price isn't selling price it is, there is no shortage of buyers which are very rich children
|
|
#
?
May 4, 2017 19:19
|
|
|
Ur Getting Fatter posted:my hope is that eventually android and/or apple will put out some sort of authentication API where the phone itself is the 2FA and not a separate app. some of what you need for this already exists, in that you can put ACLs on keychain items that require/allow biometric authentication, but as others have argued you'd still have tons of work to do for full on 2FA still, you can create a key and have reasonable confidence it's bound to a specific device/fingerprint (you can also mark individual items as non-syncable) quote:also, just want to say that I wish iOS would let you set non-owner PINs/fingerprints with restricted access. this gets really hard because you need to be able to know which finger has been presented; identification vs. authentication
|
|
#
?
May 4, 2017 19:24
|
|
|
apseudonym posted:2FA tends to be pretty bespoke server side unfortunately, which is why I doubt there will be platform APIs anytime soon. If you've got an app on the device then 2fa is pretty easy (and even doing hard crypto binding isn't _that_ painful) i'll settle for an api call that lets the app show an authentication request on the lockscreen and then the phone lets you use touchid to approve it without actually having to go into the app. same end result. edit: I realize that it seems like I'm bitching about a trivial problem (just unlock the phone, open the app, and approve the authentication request) but this is seriously the kind poo poo that prevents someone like my dad from using 2fa. if you can reduce it down to one simple step, he can deal with that dpkg chopra fucked around with this message at 19:28 on May 4, 2017 |
|
#
?
May 4, 2017 19:26
|
|
|
Ur Getting Fatter posted:i'll settle for an api call that lets the app show an authentication request on the lockscreen and then the phone lets you use touchid to approve it without actually having to go into the app. same end result. It's tricky because the required details vary a lot between devs. Is it sufficient to have the app report to the server "yup authed"? Do you need to use a wrapped hw backed key with auth requirements?" Seriously the most questions I get from devs are 2fa and crypto related and what people want varies way too much for useful platform APIs 
|
|
#
?
May 4, 2017 19:39
|
|
|
idk i use Duo Mobile with my university 2fa and i get a push notification on my phone, i swipe from the lock screen, use touch id to unlock the phone, and press the green checkmark button in the app, i dont know any way this could be more convenient pressing the green checkmark button automatically authorizes the login attempt in whatever web browser on whatever machine im using, its real nice
|
|
#
?
May 4, 2017 21:37
|
|
|
goddamnedtwisto posted:i think that's an android feature and it can certainly be disabled in the security screen on stock android, but i wouldn't past an oem to reinvent the wheel in a much stupider way it's definitely them reinventing the wheel in this case since its part of a whole dumb suite of wheel reinventing that also replaces the entire homescreen and stuff by default. I'll see if I can disable it, I seem to remember turning it off still nagged you to enable it whenever something was paired but that was like a year and a half ago It's an LG G4 from AT&T for whoever's curious
|
|
#
?
May 4, 2017 21:46
|
|
|
Cocoa Crispies posted:it's optional and apps can't override it which of those disables being able to force-press a lock screen notification bubble? I can't get it to happen for me pr0zac! it's Steve!
|
|
#
?
May 4, 2017 21:52
|
|
|
Subjunctive posted:which of those disables being able to force-press a lock screen notification bubble? I can't get it to happen for me Steve is touching some very dangerous poop
|
|
#
?
May 4, 2017 23:48
|
|
|
Steam 2fa is badly implemented because the only way I could find to log in to Steam (on my phone I think?) after updating my phone last time was to disable it it's still disabled about a year later because meh
|
|
#
?
May 5, 2017 00:22
|
|
|
Munkeymon posted:Steam 2fa is badly implemented because the only way I could find to log in to Steam (on my phone I think?) after updating my phone last time was to disable it if steam wasn't the top dealer for dumpy rear end in a top hat white guys' drug of choice they'd be sunk because valve's steam team is incredibly incompetent
|
|
#
?
May 5, 2017 00:23
|
|
|
Munkeymon posted:Steam 2fa is badly implemented because the only way I could find to log in to Steam (on my phone I think?) after updating my phone last time was to disable it for comparison, the blizzard authentication process works a little differently: the blizzard game/webpage shows you a short (four-character?) alphanumeric string, and also sends a push notification to your phone. your phone shows you the same alphanumeric string (which you can choose to display on your lock screen or not), and asks if you want to approve the auth request, and you get a confirm/deny prompt. if you're at the lock screen, you can longpress the notification, select confirm/deny, and then you have to enter your pin or fingerprint or whatever for it to go through. i like this method and i think it's good.
|
|
#
?
May 5, 2017 00:41
|
|
|
I got duo auth on all my vaguely important machines and I don't know if its good but it stays out of my way and makes me feel secure
|
|
#
?
May 5, 2017 01:16
|
|
|
goddamnedtwisto posted:i think that's an android feature and it can certainly be disabled in the security screen on stock android, but i wouldn't past an oem to reinvent the wheel in a much stupider way It's definitely an Android thing, I have it on my AOSP Galaxy Note 4, but it also definitely prompts for the PIN/pattern/whatever if you want to add a device or modify the Smart Lock settings. It's a reasonable tradeoff in the car for example, but I wouldn't bind it to a set of headphones or my watch.
|
|
#
?
May 5, 2017 04:20
|
|
|
Captain Foo posted:Steve is touching some very dangerous poop "hey now the drone feed is showing my office, isn't that weird guys? let me see if I can go outside and wave to i-" *entire city block explodes*
|
|
#
?
May 5, 2017 07:08
|
|
|
secfuck: just found this GPO in our environment, it's to get bginfo.exe to run via a batch file sitting in netlogon on all the drat SAP servers https://twitter.com/GarbageDotNet/status/860398920450494464 i guess it wasn't working for them so they said "lol gently caress it disable everything" and it started working. idiotfuckers
|
|
#
?
May 5, 2017 08:50
|
|
|
a new wordpress 0-day? must be another day ending with y
|
|
#
?
May 5, 2017 12:42
|
|
|
cinci zoo sniper posted:a new wordpress 0-day? must be another day ending with y more like wordpress 2day vuln Captain Foo fucked around with this message at 14:16 on May 5, 2017 |
|
#
?
May 5, 2017 14:07
|
|
|
Captain Foo posted:more like wordpress 2day vuln :vface: lorf
|
|
#
?
May 5, 2017 14:15
|
|
|
i was gonna post it yesterday but i read the european date backwards and thought it had happened a month ago and i was late to the party 
|
|
#
?
May 5, 2017 14:26
|
|
|
the internet is cool and good https://twitter.com/jjmacnab/status/860512321642287104
|
|
#
?
May 5, 2017 16:23
|
|
|
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/11896203/ "Edge displays "123456" in PDF but prints "114447"" 
|
|
#
?
May 5, 2017 16:52
|
|
|
wonder what'd happen if you PDF'd that page and viewed it in edge
|
|
#
?
May 5, 2017 16:52
|
|
|
meanwhile in the av vendor world https://www.av-test.org/en/news/new...7077.1493914732 
|
|
#
?
May 5, 2017 16:57
|
|
|
Tayter Swift posted:the internet is cool and good all I could think of when I read "we are not a bunch of babies to be kicked around" https://www.youtube.com/watch?v=aYK9hGcmE7c
|
|
#
?
May 5, 2017 18:38
|
|
|
https://twitter.com/whitequark/status/860549648494321666
|
|
#
?
May 5, 2017 18:48
|
|
|
i have many questions, and unfortunately answers
|
|
#
?
May 5, 2017 18:54
|
|
|
BangersInMyKnickers posted:lmbo the only way this is possible is if he's using XP/2003 somewhere which doesn't have any AES ciphers in schannel. There's an optional KB you can install on 2003 to give it RSA_AES_CBC_SHA support. XP is poo poo out of luck and the only cipher/protocol overlap left on it is 3DES over TLS 1.0 which is why I generally still leave it on.
|
|
#
?
May 5, 2017 18:56
|
|
|
anthonypants posted:fwiw google says that if fips mode is enabled then disabling 3des will break rdp. i do not know why fips mode would be enabled, or why it would need to be enabled. fips mode is the greatest
|
|
#
?
May 5, 2017 18:58
|
|
|
I'm crying
|
|
#
?
May 5, 2017 19:22
|
|
|
anthonypants posted:fwiw google says that if fips mode is enabled then disabling 3des will break rdp. i do not know why fips mode would be enabled, or why it would need to be enabled. better the broken standard that's certified than the secure stuff that is not
|
|
#
?
May 5, 2017 19:31
|
|
|
Cocoa Crispies posted:fips mode is the greatest
|
|
#
?
May 5, 2017 20:16
|
|
|
A bunch of our customers love FIPS mode and last year we finally updated all our poo poo so that it would work with FIPS enabled and I have no clue what it does but its very important to the enterprise
|
|
#
?
May 5, 2017 21:14
|
|
|
Cocoa Crispies posted:fips mode is the greatest
|
|
#
?
May 5, 2017 21:21
|
|
|
|
| # ? Jun 4, 2024 14:59 |
|
|
what's a fips
|
|
#
?
May 5, 2017 23:07
|
|
