|
Shaggar posted:well atleast its negligence instead of someone sneaking malicious code into a signed driver. 2017.txt e: vvv nice vvv Pile Of Garbage fucked around with this message at 16:46 on May 11, 2017 |
#
?
May 11, 2017 16:37
|
|
|
|
| # ? Jun 3, 2024 12:21 |
|
|
Security Fuckup Megathread - v13.69 - malicious negligence in signed driver
|
|
#
?
May 11, 2017 16:42
|
|
|
security fuckup: the poop is trying to touch me edition pretty sure i previously mentioned the lady that has a similar first name/same last name as me before that keeps using my x.yyyyyy@gmail.com address over the years i received medical stuff, financial stuff, work stuff, email money transfers, teeth x-rays, privileged government documents, a will, crazy amounts of family pictures and an awesome spaghetti sauce recipe i try to delete stuff without opening it when i recognize it (like from her alma matter) but screw you lady, we're in the same industry, apart from the divorce lawyer stuff i get the same emails from the same senders, so i'm bound to open some of them i did reach out a couple times in the past to let her know about this, but since it's only getting worse, it's just easier to burn everything to the point, she just added me on linkedin in the blind and on the one hand, i kinda feel like i should take her up on it since it'd only be fair she knows who i am at this point, and she'd actually be a relevant professional contact on the other, i basically have had her complete medical, financial, legal and personal file go through my inbox and i'm concerned this could bite me in the rear end if she gets her identity stolen (by someone else) what's the best practice here?
|
|
#
?
May 11, 2017 17:49
|
|
|
surebet posted:security fuckup: the poop is trying to touch me edition
|
|
#
?
May 11, 2017 17:53
|
|
|
anthonypants posted:if they're not going to acknowledge you then don't acknowledge them. they probably just mashed the "find linkedin contacts, here is my email address username and password" button and you're in there since you've emailed them. not the same email, so either she's adding all of us with the same name (~25 in the region) or she connected the dots from our old conversations like i said my first reflex is to add her, but i'm concerned about liability down the line
|
|
#
?
May 11, 2017 18:16
|
|
|
does linkin still reach out within the browser session to scrape any Gmail contacts?
|
|
#
?
May 11, 2017 18:20
|
|
|
JawnV6 posted:does linkin still reach out within the browser session to scrape any Gmail contacts? i don't think that's possible unless you've granted it access to your account or some poo poo. just re-check your settings in linkedin and opt-out of all the bullshit
|
|
#
?
May 11, 2017 18:24
|
|
|
pretty sure it'll do that if requested, not sure if it still does that on it's own also after reviewing my linkedin counterpart i figure out why i'm getting gov't docs, one of my twins is a freakin' minister so it's possible that i'm dealing with parallel idiocy here e: i forget the details, but didn't linkedin use goog's sso and took the opportunity to request access to contacts or something?
|
|
#
?
May 11, 2017 18:26
|
|
|
surebet posted:what's the best practice here? impersonate her and make some sick remixes for comedy gold
|
|
#
?
May 11, 2017 18:30
|
|
|
Powaqoatse posted:impersonate her and make some sick remixes for comedy gold nah i got my identity stolen once (found out on a trip that my card was maxed out because i apparently purchased the services of quite a few escorts in russia) the closest i came to touching the poop was accept an email money transfer into her bank account, since i knew both the answer to the secret question and where to point the cash, but that would be inviting issues into my life
|
|
#
?
May 11, 2017 18:36
|
|
|
actually sorry surebet on re-reading i think i missed the point as to the linkedin discussion. as to your original query: get a new e-mail address. as you're using a third-party e-mail service and another party is misusing your deets the only effective and easiest way to disassociate yourself from the whole deal is to get a new e-mail address. there's not really any other options for recourse. you can't have this old-ladies service disconnected, you can't guarantee that she will listen to your plea for sanity and you cannot expect any gov/police outfits to take things seriously (and even if they do they can't force this person to stop doing the wrong thing). or alternatively just keep the address you've got, delete the poo poo when you get it and if the poo poo ever does hit the fan scream plausible deniability and tell them to subpoena your email provider. beyond that there's probably nothing you can do and i doubt there's a precedent for this kind of poo poo in case law of course i'm not a lawyer so paging a lawyer or something
|
|
#
?
May 11, 2017 18:39
|
|
|
pseudorandom name posted:well, we all know the motto of the secfuck thread: "just squeeze the water out of the poop and drink it to be cool and macho like Bear Grylls"
|
|
#
?
May 11, 2017 18:46
|
|
|
the words "deterrence policy" just got spoken regarding a signed and soon to be released US executive order regarding 'cybersecurity'
|
|
#
?
May 11, 2017 18:52
|
|
|
Wiggly Wayne DDS posted:the words "deterrence policy" just got spoken regarding a signed and soon to be released US executive order regarding 'cybersecurity' that smells of kinetic strike responses
|
|
#
?
May 11, 2017 19:16
|
|
|
Unleash the LEO Baron Trump, High Lord of Cyber
|
|
#
?
May 11, 2017 19:31
|
|
|
https://www.reddit.com/r/IAmA/comments/6ajstf/im_eugene_kaspersky_cybersecurity_guy_and_ceo_of/ kaspersky's ama
|
|
#
?
May 11, 2017 19:35
|
|
|
surebet posted:security fuckup: the poop is trying to touch me edition delete on receipt and don't initiate or acknowledge any further contact with her that isn't via your attorney. if she knows you, you are the first suspect when her pii is inevitably compromised
|
|
#
?
May 11, 2017 19:47
|
|
|
talk to a law person yes
|
|
#
?
May 11, 2017 19:49
|
|
|
cheese-cube posted:actually sorry surebet on re-reading i think i missed the point as to the linkedin discussion. as to your original query: get a new e-mail address. as you're using a third-party e-mail service and another party is misusing your deets the only effective and easiest way to disassociate yourself from the whole deal is to get a new e-mail address. comedy option: delete her email address since you probably have the security questions or are set up as the backup, then make her a new email address that's less close to yours and through careful gaslighting convince her that that new one has always been her email and she's just insane
|
|
#
?
May 11, 2017 20:07
|
|
|
kill her and assume her identity then, in a Shyamalan-esque twist, develop split personalities and continue both your original life and her life except your version of her is more reasonable and changes her loving email address and severs all contact with original-you forever.
|
|
#
?
May 11, 2017 20:45
|
|
|
cinci zoo sniper posted:https://www.reddit.com/r/IAmA/comments/6ajstf/im_eugene_kaspersky_cybersecurity_guy_and_ceo_of/ kaspersky's ama It's poo poo.
|
|
#
?
May 11, 2017 20:47
|
|
|
sec gently caress: https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/ Oops, we accidentally left our backups and documentation about our top secret crypto-breaking project on an internet accessible share.
|
|
#
?
May 11, 2017 21:23
|
|
|
lol the second time they did this
|
|
#
?
May 11, 2017 21:30
|
|
|
Midjack posted:delete on receipt and don't initiate or acknowledge any further contact with her that isn't via your attorney. if she knows you, you are the first suspect when her pii is inevitably compromised pretty much the plan i settled on, what bothers me is that she's apparently taken on a senior role at a university i'm considering, because of course she did. i guess that's an awkward conversation for down the line. aaaaaaaaaaaa i guess my life is now inexorably linked to idiots with no opsec
|
|
#
?
May 11, 2017 21:58
|
|
|
Has anyone compiled a list of executable hashes for the HP audio driver with key logging?
|
|
#
?
May 11, 2017 22:02
|
|
|
Shaggar posted:well atleast its negligence instead of someone sneaking malicious code into a signed driver. you say that but putting "oops im keylogging everyone because i left debug on" code into millions of hp machines would be a perfect state actor cover. then all you need is a cj and they can get the keylogs and by the time you figure it out the joe random programmer that did it (probably on an outsourced contract) is gone
|
|
#
?
May 11, 2017 22:39
|
|
|
ate all the Oreos posted:comedy option: delete her email address since you probably have the security questions or are set up as the backup, then make her a new email address that's less close to yours and through careful gaslighting convince her that that new one has always been her email and she's just insane fwiw thats my solution for the 12 year old norwegian poo poo who keeps signing my email up for minecrafts and razor phones... i request a password change & put in whatever as the new password. so far ive killed 8-9 accounts he signed up for doesnt work if its an account you actually use tho.
|
|
#
?
May 12, 2017 01:43
|
|
|
vOv posted:windows has a javascript dialect that's intended to be used for scripting and has APIs for loving with the registry. obviously it doesn't work from the browser ^^ is this that thing that tavis tweeted about ^^
|
|
#
?
May 12, 2017 01:49
|
|
|
what is a razor phone
|
|
#
?
May 12, 2017 01:52
|
|
|
No that sounds like jscript.exe
|
|
#
?
May 12, 2017 01:53
|
|
|
Powaqoatse posted:fwiw thats my solution for the 12 year old norwegian poo poo who keeps signing my email up for minecrafts and razor phones... i request a password change & put in whatever as the new password. so far ive killed 8-9 accounts he signed up for
|
|
#
?
May 12, 2017 02:12
|
|
|
anthonypants posted:someone did this with an instagram account and i got the confirmation email so i signed up and changed the password. sorry you lost your username because you don't know what your email address is, idiot exactly gently caress those idiots
|
|
#
?
May 12, 2017 02:16
|
|
|
btwmy goth gf posted:what is a razor phone ask kirk
|
|
#
?
May 12, 2017 02:17
|
|
|
e: wrong thread
|
|
#
?
May 12, 2017 02:25
|
|
|
surebet posted:pretty much the plan i settled on, what bothers me is that she's apparently taken on a senior role at a university i'm considering, because of course she did. i guess that's an awkward conversation for down the line. are you sure you don't have dissociative identity disorder and you actually own both email accounts?
|
|
#
?
May 12, 2017 04:40
|
|
|
i have some dude in australia that keeps signing up for poo poo like dominos with my email, i have his phone number and a whole bunch of other personal info, weirdest thing is his name is not even close to my name so i have no idea why he keeps using my email mb i should call him and ask sometime
|
|
#
?
May 12, 2017 04:52
|
|
|
Rufus Ping posted:No that sounds like jscript.exe yeah it's distinct from tavis's thing
|
|
#
?
May 12, 2017 05:46
|
|
|
cinci zoo sniper posted:observed an obvious pattern in the naming. there's no reason for that information to be human-readable, what is there to say about containing pii. playing whatever the opposite of devil's advocate is called - having the employee id in the filename would at least make it very easy for the server to check whether the logged-in user should have access to that file. now of course that still has huge problems and may well hint at all sorts of exciting other issues, but it is at least a reason why that info would be there.
|
|
#
?
May 12, 2017 06:37
|
|
|
https://twitter.com/barneyboo/status/862681993204682752quote:Biological information can easily be monitored by installing sensors in a lavatory bowl. Lavatories are usually shared by several people, so users need to be identified. Because of the need for privacy, using cameras, microphones, or scales is not appropriate. Though personal identification can be done using a touch panel, the user may forget to use it because the action is not necessary. In this paper, we focus on the differences in the way of pulling a toilet paper roll and propose a system that identifies individuals based on features of rotating of toilet paper rolls with a gyroscope. The evaluation results revealed that 83.9% accuracy was achieved for a five-person group in a laboratory environment, and 69.2% accuracy was achieved for a five-person group in a practical environment.
|
|
#
?
May 12, 2017 07:01
|
|
|
|
| # ? Jun 3, 2024 12:21 |
|
|
|
|
#
?
May 12, 2017 07:09
|
|
