|
mab at least allows for accounting for network devices, so it's not a total free for all. Pushing the security effort line has a ton more buy in today in light of today's attacks but people still are highly resistant to extra effort. Especially for internal vectors, when they don't understand that doesn't necessarily mean literally a hacker disguising himself and coming on board or into a facility. Expensive lessons have to be learned first I guess.
|
#
?
Jun 18, 2017 14:20
|
|
|
|
| # ? Jun 3, 2024 10:30 |
|
|
Partycat posted:Pushing the security effort line has a ton more buy in today in light of today's attacks... What attacks?
|
|
#
?
Jun 18, 2017 16:23
|
|
|
goddamnedtwisto posted:was his problem "i think my girlfriend is deleting all my emails because people keep telling me they've sent me something and i've never received it"? nah he claims his ex has hacked dozens of voip phones (i assume like vonage?) over the past couple years. reading it again, i still think the guy is just not very smart, but i change my mind to say there might be some mental illness too. the level 3 reply is pretty funny though, they say "uh, we're trying to figure out your report, can you explain how we fit into the story here?" 
|
|
#
?
Jun 18, 2017 17:38
|
|
|
amazing: https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCUPrivate key corresponding to public key in trusted Cisco certificate embedded in executable posted:Hi all,
|
|
#
?
Jun 18, 2017 18:30
|
|
|
that revocation fight is going to be so good
|
|
#
?
Jun 18, 2017 21:44
|
|
|
I'm the responsible disclosure advised by at hanno
|
|
#
?
Jun 19, 2017 14:58
|
|
|
Another password manager enters the fold. This one has a node process that replaces username and password in the requests instead of entering them directly into the form. Also it's a node project https://github.com/HainaLi/horcrux_password_manager
|
|
#
?
Jun 19, 2017 15:19
|
|
|
Let's Play/Walkthrough For the sake of this walkthrough, we assume you are a paranoid user who does not trust any one keystore with your credentials. You decide to spread your secrets across three keystores (at least two are required to use Horcrux) across three distinct datacenter regions in Amazon Web Services (AWS). You then plan to make a Facebook account with Horcrux and successfully login. 
|
|
#
?
Jun 19, 2017 15:22
|
|
|
Xposting from the opsec thread because this one was pretty big... the RNC hired an analytics firm who doesn't security and left a unpassworded S3 db full of 198 million people's personal info https://www.upguard.com/breaches/the-rnc-fileshttps://www.upguard.com/breaches/the-rnc-files posted:In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that unsecured databases containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions. BIG DATA
|
|
#
?
Jun 19, 2017 15:27
|
|
|
necrotic posted:Another password manager enters the fold. This one has a node process that replaces username and password in the requests instead of entering them directly into the form. What is the worst that can happen? I am sure it has the highest quality code.
|
|
#
?
Jun 19, 2017 15:27
|
|
|
Lain Iwakura posted:What is the worst that can happen? I am sure it has the highest quality code. JavaScript code:i'm the unique salt?
|
|
#
?
Jun 19, 2017 15:31
|
|
|
Bhodi posted:Xposting from the opsec thread because this one was pretty big... the RNC hired an analytics firm who doesn't security and left a unpassworded S3 db full of 198 million people's personal info https://www.upguard.com/breaches/the-rnc-files not much what's upguard with you
|
|
#
?
Jun 19, 2017 15:32
|
|
|
AggressivelyStupid posted:
Minor issue. It's Node!
|
|
#
?
Jun 19, 2017 15:36
|
|
|
Bhodi posted:Xposting from the opsec thread because this one was pretty big... the RNC hired an analytics firm who doesn't security and left a unpassworded S3 db full of 198 million people's personal info https://www.upguard.com/breaches/the-rnc-files Now I have a reason to be smug about not voting/registering. 
|
|
#
?
Jun 19, 2017 15:45
|
|
|
leper khan posted:Now I have a reason to be smug about not voting/registering. no you are a loving idiot
|
|
#
?
Jun 19, 2017 16:19
|
|
|
Please do not derail this thread
|
|
#
?
Jun 19, 2017 16:25
|
|
|
Bhodi posted:Xposting from the opsec thread because this one was pretty big... the RNC hired an analytics firm who doesn't security and left a unpassworded S3 db full of 198 million people's personal info https://www.upguard.com/breaches/the-rnc-files
|
|
#
?
Jun 19, 2017 16:29
|
|
|
AggressivelyStupid posted:Let's Play/Walkthrough well at least we know they will have an easy time coming up with the name for the exploit public release. thinking basilisk fang
|
|
#
?
Jun 19, 2017 17:05
|
|
|
Zil posted:well at least we know they will have an easy time coming up with the name for the exploit public release. thinking basilisk fang unlocket
|
|
#
?
Jun 19, 2017 17:13
|
|
|
leper khan posted:Now I have a reason to be smug about not voting/registering. i've taken to mentally classifying people who intentionally didn't vote as soft trump supporters
|
|
#
?
Jun 19, 2017 17:49
|
|
|
duTrieux. posted:i've taken to mentally classifying people who intentionally didn't vote as soft trump supporters You do realize that national votes in non swing states literally don't matter
|
|
#
?
Jun 19, 2017 18:02
|
|
|
Janitor Prime posted:You do realize that national votes in non swing states literally don't matter It's a good thing that people only vote for the president, and not any other form of elected official then. Your vote in swing states doesn't matter either since the results have a margin of hundreds of people at a minimum too, so just don't ever vote.
|
|
#
?
Jun 19, 2017 18:09
|
|
|
Janitor Prime posted:You do realize that national votes in non swing states literally don't matter Michigan was a swing state?
|
|
#
?
Jun 19, 2017 18:42
|
|
|
FAT32 SHAMER posted:Michigan was a swing state? it is when the democratic party goes all marie antoinette on it loving retards
|
|
#
?
Jun 19, 2017 18:44
|
|
|
oh god shut the gently caress up and take it to the politics thread or dnd or loving anywhere else
|
|
#
?
Jun 19, 2017 19:24
|
|
|
necrotic posted:Another password manager enters the fold. This one has a node process that replaces username and password in the requests instead of entering them directly into the form. quote:iancarroll 4 hours ago [-] lol wtf node that's like the wrongest possible thing to do literally full compromise built into the api
|
|
#
?
Jun 19, 2017 19:51
|
|
|
Janitor Prime posted:You do realize that national votes in non swing states literally don't matter i live in california, i'm very well aware of this. it changes nothing unless you've given yourself wholly over to cynicism.
|
|
#
?
Jun 19, 2017 20:03
|
|
|
Midjack posted:oh god shut the gently caress up and take it to the politics thread or dnd or loving anywhere else i'm sorry, but everything is political. it's a bummer, i know.
|
|
#
?
Jun 19, 2017 20:04
|
|
|
post better. there's no end to sec fucks and other threads for your dumb arguments return of the stack clash: http://www.openwall.com/lists/oss-security/2017/06/19/1
|
|
#
?
Jun 19, 2017 20:42
|
|
|
duTrieux. posted:i live in california, i'm very well aware of this. dehumanize yourself and face to voter apathy
|
|
#
?
Jun 19, 2017 20:42
|
|
|
Midjack posted:oh god shut the gently caress up and take it to the politics thread or dnd or loving anywhere else agreed
|
|
#
?
Jun 19, 2017 22:34
|
|
|
duTrieux. posted:i'm sorry, but everything is political. it's a bummer, i know.  don't post in this thread again, idiot
|
|
#
?
Jun 19, 2017 23:40
|
|
|
Midjack posted:oh god shut the gently caress up and take it to the politics thread or dnd or loving anywhere else seriously. don't we have enough of this poo poo pushed into our faces everyday
|
|
#
?
Jun 19, 2017 23:54
|
|
|
it's hard to have something pushed in your face when you're a ghost.
|
|
#
?
Jun 20, 2017 07:02
|
|
|
|
|
#
?
Jun 20, 2017 15:44
|
|
|
Lain Iwakura posted:
you didn't say my true name backwards
|
|
#
?
Jun 20, 2017 17:50
|
|
|
duTrieux. posted:you didn't say my true name backwards he said it forwards
|
|
#
?
Jun 20, 2017 18:31
|
|
|
unrar may have missed a few vulnerabilities reported to them https://bugs.chromium.org/p/project-zero/issues/detail?id=1278 and https://bugs.chromium.org/p/project-zero/issues/detail?id=1286
|
|
#
?
Jun 20, 2017 18:51
|
|
|
Wiggly Wayne DDS posted:unrar may have missed a few vulnerabilities reported to them https://bugs.chromium.org/p/project-zero/issues/detail?id=1278 and https://bugs.chromium.org/p/project-zero/issues/detail?id=1286
|
|
#
?
Jun 20, 2017 18:55
|
|
|
|
| # ? Jun 3, 2024 10:30 |
|
|
Wiggly Wayne DDS posted:unrar may have missed a few vulnerabilities reported to them https://bugs.chromium.org/p/project-zero/issues/detail?id=1278 and https://bugs.chromium.org/p/project-zero/issues/detail?id=1286 raro
|
|
#
?
Jun 20, 2017 19:08
|
|