|
pseudorandom name posted:it is literally impossible to safely parse I haven't looked at the line, but it's safe to parse if the filename is in final position, or obviously would be if they'd escaped spaces
|
#
?
May 31, 2017 20:57
|
|
|
|
| # ? Jun 9, 2024 08:38 |
|
|
Subjunctive posted:I haven't looked at the line, but it's safe to parse if the filename is in final position, or obviously would be if they'd escaped spaces file names can also contain newlines, so, no and it isn't escaped at all technically the field is additionally delimited by ( and ), but those aren't escaped either
|
|
#
?
May 31, 2017 21:07
|
|
|
pseudorandom name posted:file names can also contain newlines, so, no mmm, quite
|
|
#
?
May 31, 2017 21:10
|
|
|
pseudorandom name posted:file names can also contain newlines, so, no The closing ) around that field is the last one in the text, so you can reliably parse by searching backwards from the end of the buffer to the ).
|
|
#
?
May 31, 2017 21:23
|
|
|
Rothon posted:The closing ) around that field is the last one in the text, so you can reliably parse by searching backwards from the end of the buffer to the ). what if you have a ) in the filename?
|
|
#
?
May 31, 2017 21:24
|
|
|
Subjunctive posted:what if you have a ) in the filename?
|
|
#
?
May 31, 2017 21:30
|
|
|
anthonypants posted:did you mean ( no, it proposed searching backward to the ), AIUI to find the range of the filename. if there's a ) in the filename the search will terminate early
|
|
#
?
May 31, 2017 21:32
|
|
|
pseudorandom name posted:it isn't a shell script in this case, its a proc file serializing data as plain text with fields delimited by spaces and one of the fields is a file name parsing random string output is the foundation of the unix philosophy
|
|
#
?
May 31, 2017 21:33
|
|
|
Subjunctive posted:no, it proposed searching backward to the ), AIUI to find the range of the filename. if there's a ) in the filename the search will terminate early
|
|
#
?
May 31, 2017 21:35
|
|
|
anthonypants posted:i think if you search backward from the end of the buffer like they suggested you're going to find the ) delimiter before you find the ) in the filename ah, I see, yeah proc is real bad
|
|
#
?
May 31, 2017 21:40
|
|
|
vietnam have been having fun, and publicly too https://twitter.com/Bing_Chris/status/870008641826557952
|
|
#
?
May 31, 2017 22:01
|
|
|
https://twitter.com/GossiTheDog/status/870034393729044480
|
|
#
?
Jun 1, 2017 00:16
|
|
|
Wiggly Wayne DDS posted:vietnam have been having fun, and publicly too I'm the cyber scoop dot com exclusive
|
|
#
?
Jun 1, 2017 03:33
|
|
|
im the redacted public key
|
|
#
?
Jun 1, 2017 06:43
|
|
|
i'm the encryption using a hash protocol
|
|
#
?
Jun 1, 2017 06:44
|
|
|
https://twitter.com/hackerfantastic/status/870208514240729088 lmao
|
|
#
?
Jun 1, 2017 14:07
|
|
|
lmao theres poop touching, and then theres this
|
|
#
?
Jun 1, 2017 14:20
|
|
|
fishmech posted:https://news.netcraft.com/archives/2017/05/31/stanford-uni-site-infested-with-hacking-tools-and-phish-for-months.html that reminds me of my last company, where there was an internet-exposed and also private-network-exposed Tomcat 5 server that had the default creds and hadn't been updated since it was installed in like, 2006, running on server 2003 that also hadn't been updated since 2006, and nobody noticed anything (other than it being super slow) until i went in to see why it was slow in loving 2013 and found a thriving, massive ecosystem of shells and hax and bits coin had grown 
|
|
#
?
Jun 1, 2017 14:25
|
|
|
who'd have thought "let's take up a collection to raise money for the fsb" would upset anyone
|
|
#
?
Jun 1, 2017 14:29
|
|
|
Well, well, well.... https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/ Which password manager wasn't poo poo again?
|
|
#
?
Jun 1, 2017 14:39
|
|
|
keepass why do people keep asking and not learning use the one that doesnt have the database in some ~magic autosync cloud~ and don't download stupid poo poo to your computer and execute it. that's all you have to do
|
|
#
?
Jun 1, 2017 14:46
|
|
|
average luser: but i forgot my keepass password and lost everything, therefore lastbass is better
|
|
#
?
Jun 1, 2017 14:50
|
|
|
Jewel posted:
then the russians asked "have you tried pencil"
|
|
#
?
Jun 1, 2017 14:50
|
|
|
aw i was enjoying everyone trying to justify this stupidity, especially the whole "we're not paying the shadowbrokers, just crowdfunding it"
|
|
#
?
Jun 1, 2017 15:02
|
|
|
Jewel posted:keepass Truga posted:average luser: but i forgot my keepass password and lost everything, therefore lastbass is better  "Use the system where you have to keep track of things yourself if anything changes and you get to copy paste things in manually for each website and you sync your key file across your computers using dropbox" "drop what? Key who? Look, why can't I just keep using this thing I'm already using, it works great and I'm used to it and I don't have to do any extra work. I don't have to type a password in whenever I want to use a website, why are you making this harder?"How does this thread continue to not understand that usability is a larger, more immediate, and more visible concern for end users than a nebulous concept of good security practices? This is the same thread that understands "making strict password change rules means people will just add 1 to the end each time" Volmarias fucked around with this message at 15:51 on Jun 1, 2017 |
|
#
?
Jun 1, 2017 15:37
|
|
|
Because security people are the worst. Like they're cjs on steroids
|
|
#
?
Jun 1, 2017 15:48
|
|
|
Volmarias posted:
but that's exactly my point even if you can get a user to get used to using keep rear end, they'll forget their password after not typing it in for 2 weeks and then they're royally hosed and will go back to their bad solution, because it has a password reminder and is in cloud
|
|
#
?
Jun 1, 2017 15:53
|
|
|
or they'll put a keep rear end word in the same excel file that has their kid's birthday and their mom's address in it, then the obvious will dawn on them and zzactualgoodCopy(3) of Book1.xls will take over
|
|
#
?
Jun 1, 2017 16:01
|
|
|
https://www.youtube.com/watch?v=Az49aNuYeJs
|
|
#
?
Jun 1, 2017 16:03
|
|
|
Volmarias posted:
okay but i think there's a bit of a difference between Your Grandma's password manager needs and the needs of someone who is asking the security thread on something awful dot com which to use
|
|
#
?
Jun 1, 2017 16:25
|
|
|
Ok, but that's not what is happening.
|
|
#
?
Jun 1, 2017 16:35
|
|
|
Volmarias posted:Ok, but that's not what is happening.  Kurvi Tasch posted:Which password manager wasn't poo poo again? i mean i get that it's a rhetorical but the thread answered it anyway so i'd say it counts
|
|
#
?
Jun 1, 2017 16:37
|
|
|
ate all the Oreos posted:
So it was a rhetorical question but also a real question?
|
|
#
?
Jun 1, 2017 16:40
|
|
|
Jewel posted:keepass
|
|
#
?
Jun 1, 2017 17:22
|
|
|
Volmarias posted:
usability is important, but shouldn't also significantly undermine the entire point of the thing that you're using if knowing what a file is is too complicated, then one should just use a pen and paper and then keep the paper somewhere secure "remembering where i kept my piece of paper with passwords on it is too hard! i'm going to give it to somebody in my neighborhood and then have him shout my paswords at me wheneve ri need them. so much more usable!"
|
|
#
?
Jun 1, 2017 17:25
|
|
|
Sure, but don't cluck at non-technical end users for picking the thing that appears to be good enough when there's no reasonable alternative for them. "Just keep writing your passwords down on a pencil and paper" is both going to come across as patronizing, and also prevents them from picking a password that won't be both easy to write down and also to type in.
|
|
#
?
Jun 1, 2017 17:48
|
|
|
the solution is to educate people on basic digital security, not to dumb everything down so as to be worse than nothing
|
|
#
?
Jun 1, 2017 17:50
|
|
|
Jewel posted:keepass
|
|
#
?
Jun 1, 2017 17:50
|
|
|
also i don't think using pen/paper is patronizing; if somebody is uncomfortable with digital solutions then having a written record that they can mentally classify witht he same security as, idk, a checkbook or a social security card works fairly well.
|
|
#
?
Jun 1, 2017 17:51
|
|
|
|
| # ? Jun 9, 2024 08:38 |
|
|
anthonypants posted:when i paid for lastpass, keep rear end was still an open sores nightmare where you needed third-party plugins for anything you actually wanted to use it for, and a lot of plugins weren't compatible between keep rear end v1 and keep rear end v2. i've since switched to 1password but i don't believe keep rear end has gotten any better. like, if i wanted to get chrome integration with keep rear end, i'd go to their plugins page, ctrl+f chrome, the first result is a plugin called KeeForm, here is their website, whoops it doesn't actually work with chrome um i use keepass with chrome and i didn't have to install any plugins? i just go to keepass and press ctrl+v on the entry and it auto-types into chrome for me?
|
|
#
?
Jun 1, 2017 17:51
|
|