|
Jabor posted:if "growing your userbase" is more important than being a good custodian of people's private data, keep on keeping on i guess. i mean we're talking about facebook here right
|
# ? Jun 14, 2017 14:38 |
|
|
# ? May 17, 2024 15:03 |
|
Powerful Two-Hander posted:i used a well know UK energy switching site the other day and after going through its setup stuff it created me an account on their service which weirdly required no password, turns out what they do is just link your account to your email address then when you want to login send you a one time(i assume) link with a token in it. slack does this as well
|
# ? Jun 14, 2017 14:46 |
|
Subjunctive posted:the extra step is "Open in Instagram?", and equivalent (but more terribly worded) on Android, for which the cancel rate is non-trivial in other scenarios show them a banner in the app that's like "Don't lose access to your account! confirm your email address now!" or something to encourage them to confirm it. if they don't, then gently caress 'em.
|
# ? Jun 14, 2017 14:47 |
|
Subjunctive posted:slack does this as well I think it's fine because generally speaking, if you have access to someone's email, then you have access to pretty much any service linked to that email address. (barring 2FA)
|
# ? Jun 14, 2017 15:29 |
|
Yeah monzo bank does this since the email password is the security barrier anyway
|
# ? Jun 14, 2017 15:36 |
|
Chris Knight posted:so why should someone be allowed to sign up for an account with an email that they don't own?
|
# ? Jun 14, 2017 18:08 |
|
ate all the Oreos posted:yeah sabotaging facebook from the inside through subtle manipulation of stuff like this seems like a great way to get yourself off the short list for a guillotine'in when the revolution starts lol at your just-world assumption that there's a way off the short list for the guillotine
|
# ? Jun 14, 2017 18:54 |
|
communism bitch posted:http://www.politico.com/magazine/story/2017/06/14/will-the-georgia-special-election-get-hacked-215255 lolling pretty hard at this
|
# ? Jun 14, 2017 19:07 |
|
Jabor posted:all you need to do is not have the confirmation link automatically log you in. if they still have the cookie from their previous visit when they click the link, fine, if they don't then ask them to log in again. there's no excuse for the emailed confirmation link giving whoever knows it full access to the account. what user name do you log in with, assuming user name is email address? the old address that you forgot/no longer have access to or the new one that isn't confirmed? but the passwordless logins like that are good, because anthonypants can just ignore the email and the idiot teenager does not go on using the app without actually confirming an email
|
# ? Jun 14, 2017 19:11 |
|
anthonypants posted:some teen just did this again, but this time the account has a bunch of pictures in it. whoops make sure to upload a pic that says "i dont know what my loving email is" afterwards
|
# ? Jun 14, 2017 20:09 |
|
funny Star Wars parody posted:make sure to upload a pic that says "i dont know what my loving email is" afterwards
|
# ? Jun 14, 2017 20:26 |
|
what are the recommendations for products to do account password rotation/checkout/auditing? I'm going to do LAPS for all the Windows hosts but I need to deal with all the other poo poo somehow
|
# ? Jun 14, 2017 22:19 |
|
rjmccall posted:lol at your just-world assumption that there's a way off the short list for the guillotine there is and it's to be the one doing the guillotining
|
# ? Jun 14, 2017 22:21 |
|
users are loving dumb as hell
|
# ? Jun 14, 2017 22:24 |
|
more like lusers
|
# ? Jun 14, 2017 22:41 |
|
I just bought binja; does anyone know a good resource of crackmes to get better at reversing? I have no idea what I want to do with it after I patch dark mode into unity at home.
|
# ? Jun 14, 2017 22:50 |
|
leper khan posted:I just bought binja; does anyone know a good resource of crackmes to get better at reversing? these reversing challenges have pretty much everything you'd expect from a crackme https://github.com/ctfs/write-ups-2016/search?utf8=%E2%9C%93&q=reversing&type= also this is going on right now, but it's not really 100% just pure reverse engineering in binja LabyREnth.com
|
# ? Jun 15, 2017 03:29 |
|
Switching our product's crypto library over to libressl today.
|
# ? Jun 15, 2017 14:09 |
|
https://twitter.com/troyhunt/status/875401896185483264
|
# ? Jun 15, 2017 18:24 |
|
|
# ? Jun 15, 2017 18:40 |
|
Pardon my ignorance, but is sledging password managers just insulting them, or breaking them, or something else?
|
# ? Jun 15, 2017 19:20 |
|
Avenging_Mikon posted:Pardon my ignorance, but is sledging password managers just insulting them, or breaking them, or something else? I believe it's a synonym for "slagging".
|
# ? Jun 15, 2017 19:21 |
|
Avenging_Mikon posted:Pardon my ignorance, but is sledging password managers just insulting them, or breaking them, or something else?
|
# ? Jun 15, 2017 19:27 |
|
leper khan posted:I just bought binja; does anyone know a good resource of crackmes to get better at reversing? turns out doing this stuff successfully makes you feel pretty cool
|
# ? Jun 15, 2017 20:16 |
|
so apparently north korea did the wannacry ransomware https://www.washingtonpost.com/worl...381c_story.html idk seems weird - wannacry didnt really seem that different from the thousands of other ransomwares, it just happened to be really successful using a recently published exploit, and as i understand it they didn't set up proper infrastructure for the large amount of infections its like the flappy bird of ransomware so i kind of figure either nk must have been churning out ransomware for years and finally got lucky, or some it guy is fronting because "hacked by north korea" sounds better than "owned by 13 yo scriptkiddie because you didn't patch"
|
# ? Jun 15, 2017 21:40 |
|
they've used ransomware/wipers to obscure their attacks before, this shouldn't surprise anyone who's been paying the least bit of attention
|
# ? Jun 15, 2017 21:46 |
|
suffix posted:so apparently north korea did the wannacry ransomware quote:WannaCry was apparently an attempt to raise revenue for the regime, but analysts said the effort was flawed. Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said. That is likely because an operational error has made the transactions easy to track, including by law enforcement.
|
# ? Jun 15, 2017 21:54 |
|
anthonypants posted:
bitcoin: now also useless for crime
|
# ? Jun 15, 2017 21:59 |
|
Wiggly Wayne DDS posted:they've used ransomware/wipers to obscure their attacks before, this shouldn't surprise anyone who's been paying the least bit of attention if they want to obscure an attack why use their own custom ransomware instead of someone elses? seems a bit like obscuring a murder scene by jizzing all over it
|
# ? Jun 15, 2017 22:00 |
|
suffix posted:if they want to obscure an attack why use their own custom ransomware instead of someone elses? seems a bit like obscuring a murder scene by jizzing all over it
|
# ? Jun 15, 2017 22:13 |
|
i wouldn't want to be whoever has to explain to kim jong un that they're now stuck with a pile of "money" they can't do anything with otoh i could see kim jong un being really into bitcoin so maybe it's all good
|
# ? Jun 15, 2017 22:14 |
|
being virtually banned from trade worldwide, north korea makes money as a criminal enterprise. it's been documented before that two of their main exports are counterfeit dollar bills and meth. some have lamented that both products are of such high quality (they once had to bring their dollar printing standards way down to match the quality of the originals) that it's a pity north korea can't use their manufacturing excellence for legit products
|
# ? Jun 15, 2017 22:22 |
|
hackbunny posted:being virtually banned from trade worldwide, north korea makes money as a criminal enterprise. it's been documented before that two of their main exports are counterfeit dollar bills and meth. some have lamented that both products are of such high quality (they once had to bring their dollar printing standards way down to match the quality of the originals) that it's a pity north korea can't use their manufacturing excellence for legit products while unlimited access to slave labor and unchecked control of a nation-state can make you a very effective criminal manufacturer compared to a cartel or the mafia it only puts you at the middle of the road as a state
|
# ? Jun 15, 2017 22:35 |
|
why can't they cash it out? if it's actually nk why do they give a poo poo if investigators track the transactions to nk?
|
# ? Jun 15, 2017 23:45 |
|
I believe the NSA's assessment on this. They were right about the Sony hacks too. And about the intended purpose: Word on the street is that this version of wannacry wasn't ready yet, and got released by accident. Then it turned out to be a huge success and they weren't quite ready for that. (The hardcoded Bitcoin address for example meant that they had to authorize each decrypt by hand).
|
# ? Jun 15, 2017 23:53 |
|
Diva Cupcake posted:why can't they cash it out? if it's actually nk why do they give a poo poo if investigators track the transactions to nk? cant cash out in stolen amazon gift cards in north korea i guess
|
# ? Jun 15, 2017 23:59 |
|
Diva Cupcake posted:why can't they cash it out? if it's actually nk why do they give a poo poo if investigators track the transactions to nk? how would they cash out?
|
# ? Jun 16, 2017 00:01 |
|
I'm the bank that wants to be associated with north korea
|
# ? Jun 16, 2017 00:02 |
|
Diva Cupcake posted:why can't they cash it out? if it's actually nk why do they give a poo poo if investigators track the transactions to nk? Article said exchanges won't touch it because it's a know address, which removed the easiest avenue they had.
|
# ? Jun 16, 2017 00:03 |
|
|
# ? May 17, 2024 15:03 |
|
anonymous currency of the future
|
# ? Jun 16, 2017 00:03 |