|
Lain Iwakura posted:as i tweeted, how is that not going to end up in tears? you can set permissions in postgres such that a guest user can't do much
|
# ? Jun 7, 2017 18:11 |
|
|
# ? Jun 7, 2024 14:40 |
|
Cocoa Crispies posted:you can set permissions in postgres such that a guest user can't do much
|
# ? Jun 7, 2017 18:22 |
|
anthonypants posted:what if you could run sql commands directly against crt.sh, to do custom queries or w/e never used that cert.sh site before, just noticed cloudflare made certs for my domains with them even though I only use them for dns
|
# ? Jun 7, 2017 18:50 |
|
anthonypants posted:i hope it's a read-only clone of the database but do they have json/xml export functionality yet, or is someone else going to have to do that now for json you can use the row_to_json() function
|
# ? Jun 7, 2017 19:08 |
|
Perplx posted:never used that cert.sh site before, just noticed cloudflare made certs for my domains with them even though I only use them for dns they do it so turning on https for your poo poo takes seconds instead of minutes also why would you use buttflare but only for dns
|
# ? Jun 7, 2017 19:42 |
|
Lain Iwakura posted:as i tweeted, how is that not going to end up in tears? they said they spun up new resources, so id assume they are read-only replica(s) with that account having read-only access on top of that.
|
# ? Jun 7, 2017 19:44 |
|
Cocoa Crispies posted:also why would you use buttflare but only for dns it's got a better interface than my registrar does and i don't care enough about my spare time projects to do anything else
|
# ? Jun 7, 2017 20:05 |
|
Cocoa Crispies posted:they do it so turning on https for your poo poo takes seconds instead of minutes to butt plugin is a thing of glory
|
# ? Jun 7, 2017 21:51 |
|
https://www.bleepingcomputer.com/news/security/malware-uses-router-leds-to-steal-data-from-secure-networks/Bleeping Compter posted:Specially-designed malware installed on a router or a switch can take control over the device’s LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment. https://www.youtube.com/watch?v=mSNt4h7EDKo
|
# ? Jun 7, 2017 22:22 |
|
tod durch blinkenlights
|
# ? Jun 7, 2017 22:26 |
|
exfil via the sound of opening and closing the cd tray
|
# ? Jun 8, 2017 00:07 |
|
I like this time of year. About a month and a half from DEFCON all the lovely Stunt Hacks come out as they get acceptance letter from DEFCON.
|
# ? Jun 8, 2017 00:25 |
They need to think larger on the thermal. If you were able to sufficiently infiltrate a server farm you could exfiltrate data by pointing a long range FLIR camera at the cooling system exhaust.
|
|
# ? Jun 8, 2017 00:34 |
|
Shifty Pony posted:They need to think larger on the thermal. If you were able to sufficiently infiltrate a server farm you could exfiltrate data by pointing a long range FLIR camera at the cooling system exhaust. brb registering stayontarget.com
|
# ? Jun 8, 2017 01:29 |
|
root:$1$$oQoSkI0acntd1ifGxMHvp0:0:0:root:/:/bin/sh That's supposed to be... md5 with no salt, right??? md5crypt maybe? invision fucked around with this message at 04:49 on Jun 8, 2017 |
# ? Jun 8, 2017 04:29 |
|
invision posted:root:$1$$oQoSkI0acntd1ifGxMHvp0:0:0:root:/:/bin/sh I only count 22 characters in the hash, md5 is 32
|
# ? Jun 8, 2017 05:47 |
|
Raere posted:I only count 22 characters in the hash, md5 is 32 That's only if it's a hex string, this is a different encoding. $1$ is crypt so md5 and the salt is supposed to be between the second and third $ but it's not there so yeah, unsalted md5
|
# ? Jun 8, 2017 06:27 |
|
spankmeister posted:That's only if it's a hex string, this is a different encoding. speaking of encodings just yesterday i found a suspicious base64 encoded password field in this database i was trying to wrap my head around and was like "hmmm" and converted it to hex and yep google pulled it right up, straight unsalted MD5
|
# ? Jun 8, 2017 06:54 |
|
|
# ? Jun 9, 2017 03:55 |
|
woman up, as opposed to man up
|
# ? Jun 9, 2017 04:02 |
|
security down
|
# ? Jun 9, 2017 04:08 |
|
you're watchin' woman up, the worst show on television
|
# ? Jun 9, 2017 04:29 |
|
anyone ever hear of ReliaQuest? i got a somewhat suspicious recruiter email from them with half the mail merge tokens still showing claiming they need a dev for their security product but "no previous security experience required!" (exclamation point theirs) which seems... uhh... yeah... there was also random bits about "creating new capabilities and platforms that don’t exist today in our industry" which always ends well as this thread has seen e: just saw this winner on their homepage
|
# ? Jun 9, 2017 14:11 |
|
that guy is four seconds from declaring "gently caress it o'clock" and making the giant mess on the screen someone else's problem
|
# ? Jun 9, 2017 14:25 |
|
https://twitter.com/SwiftOnSecurity/status/873052608851697664 lmao
|
# ? Jun 9, 2017 14:39 |
|
the real secfuck is such a person having access to classified systems in the first place
|
# ? Jun 9, 2017 14:46 |
|
It took me a moment to see that he was wearing a jacket, it honestly looked like he was wearing a bib.
|
# ? Jun 9, 2017 14:52 |
|
flakeloaf posted:the real secfuck is such a person having access to classified systems in the first place
|
# ? Jun 9, 2017 14:56 |
|
Clearly we can only trust our intelligence decisions to skynet
|
# ? Jun 9, 2017 14:58 |
|
flakeloaf posted:the real secfuck is such a person having access to classified systems in the first place but she was in the military, which comes with an automatic societal assumption of trustworthiness and Real American Hero status
|
# ? Jun 9, 2017 15:35 |
|
that name should be enough of a red flag
|
# ? Jun 9, 2017 17:48 |
|
guess who just got two letters from Gamestop notifying me that they had a security breach from august 10th 2016 to february 9th 2017 and that I put CC info into their system during that time. thiiiiiiiiiis guuuuuuuuy.
spit on my clit fucked around with this message at 18:40 on Jun 9, 2017 |
# ? Jun 9, 2017 17:56 |
|
spit on my clit posted:guess who just got two letters from Gamestop notifying me that they had a security breach from august 10th to february 9th and that I put CC info into their system during that time. thiiiiiiiiiis guuuuuuuuy. august 10th to february 9th of what? 2008?
|
# ? Jun 9, 2017 18:00 |
|
Stay Alert: 6 Ways To Tell If The Email You Got From Scarlett Johansson Asking For Your Credit Card Info So She Can Buy Sex Gear For Your Love Carnival Is A Phishing Scam Or Not
|
# ? Jun 9, 2017 18:06 |
|
next thing you'll be telling me these hot lesbians don't actually want my penis
|
# ? Jun 9, 2017 18:08 |
|
what do you mean that google didn't send me an e-mail telling me i was a good user of their services?
|
# ? Jun 9, 2017 18:18 |
guys i just became the millionth visitor of amazon
|
|
# ? Jun 9, 2017 18:20 |
|
still waiting for that check from bill gates
|
# ? Jun 9, 2017 18:24 |
|
all promised funds from Bill Gates will be issued in Shoe Carnival gift certificates
|
# ? Jun 9, 2017 18:26 |
|
|
# ? Jun 7, 2024 14:40 |
|
ThePeavstenator posted:august 10th to february 9th of what? 2008? 2016-2017.
|
# ? Jun 9, 2017 18:39 |