|
gently caress, i would have just redacted the name of the coffee chain in those tweets if i knew it would cause multiple tedious derails
|
#
?
Aug 10, 2017 05:36
|
|
|
|
| # ? May 15, 2024 05:46 |
|
|
cheap sugary coffee and donuts is like manna from heaven and i will fight anyone who says otherwise (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
?
Aug 10, 2017 05:59
|
|
|
anthonypants posted:which didn't have anything to do with salesforce specifically, it was just to show off a cool thing they made and were using internally and want to give to the world. it should go over well idk why this suddenly became news again yesterday but I wouldn't have signed off on something called "meatpistol" either even if it is an anagram of "metasploit"
|
|
#
?
Aug 10, 2017 05:59
|
|
|
dunkin donuts: imagine if every donut was like a stale cake donut, even the yeast/glazed ones krispy kreme: imagine if every donut was like a glaze-covered mush of sugar and fat, even the cake ones (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
?
Aug 10, 2017 06:29
|
|
|
get this poo poo out of the secfuck thread, please and thanks
|
|
#
?
Aug 10, 2017 06:57
|
|
|
how about you get out of the secfuck thread, please and gently caress off
|
|
#
?
Aug 10, 2017 07:04
|
|
|
My loving god shut the gently caress up about donuts
|
|
#
?
Aug 10, 2017 07:12
|
|
|
spankmeister posted:My loving god shut the gently caress up about donuts
|
|
#
?
Aug 10, 2017 07:16
|
|
|
Cocoa Crispies posted:idk why this suddenly became news again yesterday but I wouldn't have signed off on something called "meatpistol" either even if it is an anagram of "metasploit" I'm glad security doesn't have a gender problem like the rest of tech and their ten page manifestos hurry up boys let's think of a way to anagram something into a dick joke for our next tool
|
|
#
?
Aug 10, 2017 07:41
|
|
|
Daman posted:I'm glad security doesn't have a gender problem like the rest of tech and their ten page manifestos the language of wizardsec itself is pretty foul: "penetration testing," "exploits," and "owning" are just the first ones i can think of
|
|
#
?
Aug 10, 2017 09:56
|
|
|
anthonypants posted:upguard found a bunch of data from some energy infrastructure company a month ago https://www.upguard.com/breaches/data-leak-pqe spankmeister posted:What's upguard?
|
|
#
?
Aug 10, 2017 09:57
|
|
|
I don't think hating on DD or KK is hating on poor people. It's hating on lovely bad for you food. People shouldn't eat or drink that garbage. One would argue that people think even less of the nutrition information in a huge caramel frappuccino than they do a donut. (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
?
Aug 10, 2017 11:25
|
|
|
Cocoa Crispies posted:the language of wizardsec itself is pretty foul: "penetration testing," "exploits," and "owning" are just the first ones i can think of Meh. Those at least have metaphors that make sense, as opposed to bending over backwards to make a dick joke.
|
|
#
?
Aug 10, 2017 11:49
|
|
|
probably secfuck: our customer only supports one browser internally (IE11). apparently unmanaged and unpatched chome installs on endpoints is a big security issue for said customer (at least according to their head wizard). in this situation you'd think the best option would be to restrict chome on endpoints using something like applocker. well, the head wizard thought differently and instead decided to get our SCCM guys to package an enterprise version of chome that's updateable via SCCM and managed via group policy. this packaged version of chome was then deployed to the whole fleet. so, instead of having to worry about a handful of dinguses who have chome installed we now have to worry about the entire loving fleet. to make things worse an e-mail was sent to all personnel telling everyone about the chome deployment so they know that it's there. oh and the issue of deploying an unsupported browser has been "solved" by effectively blacklisting "*.companyname.com" in chome via group policy so that they cant access internal websites using the browser.  e: oh yeah they also packaged it with abp instead of ublock origin which is dumb
|
|
#
?
Aug 10, 2017 12:45
|
|
|
lotta people itt getting introduced to the concept of fishmech'ing today. also krispy kreme uber alles (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
?
Aug 10, 2017 13:07
|
|
|
https://twitter.com/jjvincent/status/895554642133659648
|
|
#
?
Aug 10, 2017 14:13
|
|
|
Awesome.
|
|
#
?
Aug 10, 2017 14:15
|
|
|
quote:China has successfully sent "hack-proof" messages from a satellite to Earth for the first time. Is this "hack-proof" or """""""""hack-proof"""""""""? Presumably at some point in the process (once the data reaches its destination?) your secret quantum data needs to be turned back into its original best_simpsons_quotes.txt format to be usable, at which point it's as vulnerable as anything else? Is the data actually less vulnerable during transmission, or is it just easier to figure out its been compromised once it reaches its destination? gently caress copmuters
|
|
#
?
Aug 10, 2017 14:42
|
|
|
communism bitch posted:http://www.bbc.co.uk/news/technology-40885723 if it's actual quantum encryption then the idea is it's basically a very secure way to send key data, after that it's just a boring normal OTP (or a stream cipher or whatever). so basically if anyone intercepts the key data or looks at it or anything you gently caress with the quantum-y bits of the system and it's immediately detectable (in fact it completely prevents you from continuing the connection), so you cancel the transmission before any of the ciphertext is even encoded. it's hack-proof in that the quantum bits are assured by physics to work that way, and if you use a OTP (correctly use it, that is) you're mathematically assured that the encryption part is "provably secure" too. obviously if you have access to the system on either side of the secure bits then you can hack away e: also I swear someone already did it from a satellite to a ground station years ago so idk if this is anything new or just China trying to look cool Shame Boy fucked around with this message at 14:51 on Aug 10, 2017 |
|
#
?
Aug 10, 2017 14:48
|
|
|
huh, I was just joking with a coworker this week about writing an obfuscater that maliciously attacks a decompiler...guess this is god's equivalent.
|
|
#
?
Aug 10, 2017 14:49
|
|
|
ate all the Oreos posted:if it's actual quantum encryption then the idea is it's basically a very secure way to send key data, after that it's just a boring normal OTP (or a stream cipher or whatever). so basically if anyone intercepts the key data or looks at it or anything you gently caress with the quantum-y bits of the system and it's immediately detectable (in fact it completely prevents you from continuing the connection), so you cancel the transmission before any of the ciphertext is even encoded. quote:e: also I swear someone already did it from a satellite to a ground station years ago so idk if this is anything new or just China trying to look cool
|
|
#
?
Aug 10, 2017 14:57
|
|
|
I remember reading somewhere about an 0 day in Ethereal (or maybe shortly after name switch to wireshark) that allowed RCE if you sniffed a bad packet. Glad to see the concept has been expanded on! (If anyone has a source on that I looked a little but can't find anything - IIRC it dropped shortly before Defcon and some people didn't patch and were owned for trying to sniff the network)
|
|
#
?
Aug 10, 2017 15:02
|
|
|
maskenfreiheit posted:I remember reading somewhere about an 0 day in Ethereal (or maybe shortly after name switch to wireshark) that allowed RCE if you sniffed a bad packet. Glad to see the concept has been expanded on! there's been a lot of etherial/wireshark RCE's because each different protocol decoder is its own little plugin and has its own fun problems, and a lot of the rare ones (for protocols nobody ever actually uses anymore) probably haven't been touched in years
|
|
#
?
Aug 10, 2017 15:05
|
|
|
"Scientists Put Malware in DNA For the First Time - "encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer."" Source: Someone on IRC who says they read it on reddit E: Also here https://www.wired.com/story/malware-dna-hack/
|
|
#
?
Aug 10, 2017 17:53
|
|
|
it's under discussion in the grey thread too; they scooped ya
|
|
#
?
Aug 10, 2017 17:53
|
|
|
so in other words, mind is software?
|
|
#
?
Aug 10, 2017 17:57
|
|
|
Carbon dioxide posted:"Scientists Put Malware in DNA For the First Time - "encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer."" rick and morty did it first
|
|
#
?
Aug 10, 2017 17:59
|
|
|
spit on my clit posted:so in other words, mind is software? philosophically, 
|
|
#
?
Aug 10, 2017 17:59
|
|
|
Daman posted:I'm glad security doesn't have a gender problem like the rest of tech and their ten page manifestos some folks here think im the no fun zone sjw joke police, but honestly I don't have a problem with dick jokes as hack tool names. dicks are funny and nearly always unwelcome so it fits. if they called it the oval office buster 5000 then there might be an issue
|
|
#
?
Aug 10, 2017 18:09
|
|
|
I didn't even read it as a dick joke, because I'm a square
|
|
#
?
Aug 10, 2017 18:15
|
|
|
Subjunctive posted:I didn't even read it as a dick joke, because I'm a square really liked Cronenberg's eXistenZ, eh?
|
|
#
?
Aug 10, 2017 18:24
|
|
|
ate all the Oreos posted:unironically agree with this, society needs fewer fried dough stores that are harder to access donuts are bad rear end dummy (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
?
Aug 10, 2017 18:32
|
|
|
security is just a thing that you should think about and do whenever you do any IT thing. delegating perms in AD? hmm maybe i can do this in a fine-grained per-attribute manner to support principal of least-privilege! creating an ACL on an ASA? hmm maybe i should determine the specific ports that are required instead of just doing an allow all! delegating perms on a server? hmm maybe this service account designed to run a script via scheduled task doesn't need local admin and instead i can delegate the specific user right for executing a batch task so it won't run in an elevated context! importing a PFX key pair on a server? hmm maybe i should un-tick the "mark private key exportable" option! delegating perms in a thing? hmm these built-in roles are fine but what if i created specific roles to delegate perms supporting least privilege principal! it's just small dumb poo poo that everyone does every loving day that makes security secure
|
|
#
?
Aug 10, 2017 18:33
|
|
|
Subjunctive posted:I didn't even read it as a dick joke, because I'm a square same. i just thought it was a clever anagram
|
|
#
?
Aug 10, 2017 18:35
|
|
|
Shaggar posted:same. i just thought it was a clever anagram clever is stretching things
|
|
#
?
Aug 10, 2017 19:03
|
|
|
[quote="“akadajet”" post="“475229620”"] clever is stretching things [/quote] :goatse: 
|
|
#
?
Aug 10, 2017 19:41
|
|
|
i think it's one of those things where people squint at it and ask "huh, i wonder if this is appropriate" and gradually talk themselves into ratcheting it up the problematic continuum every time they talk about it like no i wouldn't have named it that and yeah i would've asked someone else to change the name but if i hadn't seen the name until right before the presentation i wouldn't have leapt to "okay don't present this or you're fired"
|
|
#
?
Aug 10, 2017 20:14
|
|
|
cheese-cube posted:probably secfuck: our customer only supports one browser internally (IE11). apparently unmanaged and unpatched chome installs on endpoints is a big security issue for said customer (at least according to their head wizard). in this situation you'd think the best option would be to restrict chome on endpoints using something like applocker. well, the head wizard thought differently and instead decided to get our SCCM guys to package an enterprise version of chome that's updateable via SCCM and managed via group policy. this packaged version of chome was then deployed to the whole fleet. Wait, ABP is bad?
|
|
#
?
Aug 10, 2017 20:21
|
|
|
Schadenboner posted:Wait, ABP is bad? ublock origin is now the preferred ad blocker due to ABPs having a white listing program for certain ads
|
|
#
?
Aug 10, 2017 20:26
|
|
|
|
| # ? May 15, 2024 05:46 |
|
|
Lightbulb Out posted:ublock origin is now the preferred ad blocker due to ABPs having a white listing program for certain ads Oh that. Were there lovely mal-ads on their white list or was it more of a philosophical thing? E: I'm not disagreeing with the philosophy, I'm just wondering if I need to go check my dad's machine. Schadenboner fucked around with this message at 20:31 on Aug 10, 2017 |
|
#
?
Aug 10, 2017 20:28
|
|