|
Lutha Mahtin posted:is this bubbling up in the blogs and twitters?? or do we have a case of yospos FIRST POST I didn't spread it further because I am certain the yospos Actual Cecurity Experts (ACEs) will take care of it and march angrily to the twitters and grab some Mozilla devs by the neck until they fix it.
|
# ? Aug 14, 2017 07:07 |
|
|
# ? May 15, 2024 03:19 |
|
Deep Dish Fuckfest posted:heh, i remember that. although i think it was mysql, which is even more shameful well yeah but regardless a database client should probably not have arbitrary code execution vulnerabilities regardless of if you trust the server (and if you're not using TLS with a cert infrastructure to encrypt your kink, regardless of if you trust the network)
|
# ? Aug 14, 2017 12:25 |
|
Look how else will I be able to dynamically patch my site at runtime? We can't have ANY downtime from bouncing the server, this is the most sure way to add content!!
|
# ? Aug 14, 2017 13:05 |
|
Carbon dioxide posted:I didn't spread it further because I am certain the yospos Actual Cecurity Experts (ACEs) will take care of it and march angrily to the twitters and grab some Mozilla devs by the neck until they fix it. I'm guessing there's more than a few Mozillians in YOSPOS.
|
# ? Aug 14, 2017 14:33 |
|
IIRC there's one in the gray thread for Firefox
|
# ? Aug 14, 2017 14:37 |
|
Subjunctive posted:Linux distributors are the worst. install your browsers directly from the vendors this but everything instead of just browsers
|
# ? Aug 14, 2017 16:26 |
|
akadajet posted:Always fun to see on the page of a library you're playing with. web "developers"
|
# ? Aug 14, 2017 16:28 |
|
Shaggar posted:this but everything instead of just browsers except for the vendors that make you do that curl [url] | bash bullshit that's getting annoyingly common
|
# ? Aug 14, 2017 16:33 |
|
Shaggar posted:web "developers" because rce never happens for anything but web apps
|
# ? Aug 14, 2017 16:36 |
|
Shaggar posted:this but everything instead of just browsers i for one love garbage drivers from chinese firmware engineers that install directly to a new folder they create at C:\SHITCOR~ because its still 1991 wait, why am i responding to shaggar ate all the Oreos posted:except for the vendors that make you do that curl [url] | bash bullshit that's getting annoyingly common for bonus points, point it an HTTPS URL but include the -k flag.
|
# ? Aug 14, 2017 16:47 |
|
Daman posted:so we all know kaspersky is the best AV, but now they've really cemented the title. smoka is going to be thrilled
|
# ? Aug 14, 2017 16:49 |
|
akadajet posted:because rce never happens for anything but web apps its a feature of javascript that everything you do is code injection. anatoliy pltkrvkay posted:i for one love garbage drivers from chinese firmware engineers that install directly to a new folder they create at C:\SHITCOR~ because its still 1991 I'm talking about things like java or tomcat where the distro version will be broken out of the box or at the very least contain a bunch of added libs you don't want there. nobody is installing Chinese drivers in a vm. Shaggar fucked around with this message at 16:52 on Aug 14, 2017 |
# ? Aug 14, 2017 16:49 |
|
Carbon dioxide posted:I didn't spread it further because I am certain the yospos Actual Cecurity Experts (ACEs) will take care of it and march angrily to the twitters and grab some Mozilla devs by the neck until they fix it. doesnt subjective work for mozilla or is he with facebook, i forget
|
# ? Aug 14, 2017 16:50 |
FAT32 SHAMER posted:doesnt subjective work for mozilla or is he with facebook, i forget subjunctive worked in facebook some time ago iirc
|
|
# ? Aug 14, 2017 16:51 |
|
Shaggar posted:its a feature of javascript that everything you do is code injection. lol
|
# ? Aug 14, 2017 17:04 |
|
so malwaretech update: - plead not guilty - the no internet access bail condition has been removed, now it's "don't touch that wannacry sinkhole" that's publicly known - wisconsin is no longer relevant re: jurisdiction given he'll reside in LA and has CA lawyers now - trial currently set in october, probably be moved back
|
# ? Aug 14, 2017 17:08 |
|
FAT32 SHAMER posted:doesnt subjective work for mozilla or is he with facebook, i forget he worked for Mozilla like a decade ago, then Facebook until recently
|
# ? Aug 14, 2017 17:10 |
|
|
# ? Aug 14, 2017 17:55 |
|
fishmech posted:still haven't seen any evidence that security updates are being "a/b tested" but rather just that 55 was too buggy and they're holding off until 55.0.2 is out (55.0.1 was already out) It's less "A/B tested" and more they apparently do staged rollouts of all updates, regardless of content. And who knows if there's a 55.0.2 coming out, when I tried to find out why I was being told 54.0.1 was "up to date" by the updater despite Mozilla.org showing a huge banner saying "update your browser now!" I was told "we do staged rollouts of updates." The only reason I was even checking was because IT flagged my computer for having "vulnerable software" installed. Dylan16807 posted:if it's a critical security patch that got backported to 55 but not to 54, then they screwed up. They're "critical" according to their own ranking system. Firefox 55 has a whole bunch of security updates including 5 they flagged critical and 11 marked as high. None of these were back-ported into Firefox 54, they're all listed as "fixed as of Firefox 55." It's hard to know any details beyond that because the bugs are still hidden and the CVE numbers aren't live yet. (So it's entirely possible some of the critical vulnerabilities don't even affect Firefox 54, but who knows, because they don't say. Doesn't seem likely, though.) If they are holding back the update for a reason, then the website shouldn't be showing a huge "Update Now!" banner, and if they aren't holding it back, then the About dialog shouldn't be lying and saying you're "up to date!" when you aren't. Something is hosed up somewhere.
|
# ? Aug 14, 2017 18:55 |
|
Xenoveritas posted:It's less "A/B tested" and more they apparently do staged rollouts of all updates, regardless of content. And who knows if there's a 55.0.2 coming out, when I tried to find out why I was being told 54.0.1 was "up to date" by the updater despite Mozilla.org showing a huge banner saying "update your browser now!" I was told "we do staged rollouts of updates." The only reason I was even checking was because IT flagged my computer for having "vulnerable software" installed. yeah, sounds like the system is hosed up somewhere. but if they decided it was appropriate to wait two months for the patch to get to the release channel, and only unhide the bug report once everyone has the fix, then a staged rollout is minor in comparison especially when they removed an entire release channel recently, so even with the staged rollout patches get to all users faster it's a fuckup, but not a security fuckup.
|
# ? Aug 14, 2017 21:59 |
|
https://twitter.com/notdan/status/897094686506074113
|
# ? Aug 14, 2017 22:06 |
|
I was reading that anonymous hacked the site and turned off the registration anonymity thing and it wasn't anything GoDaddy actively did but maybe that was bullshit
|
# ? Aug 14, 2017 22:07 |
|
Doxx nazis all day everyday.
|
# ? Aug 14, 2017 22:11 |
|
BangersInMyKnickers posted:I was reading that anonymous hacked the site and turned off the registration anonymity thing and it wasn't anything GoDaddy actively did but maybe that was bullshit that was stormfront trying to save face with a false flag, i think
|
# ? Aug 14, 2017 22:12 |
|
BangersInMyKnickers posted:I was reading that anonymous hacked the site and turned off the registration anonymity thing and it wasn't anything GoDaddy actively did but maybe that was bullshit they hosed up, the moved from godaddy to google domains and when you transfer the privacy protection gets disabled and then your domain gets deleted anyways lol https://twitter.com/MicahGrimes/status/897159294436683781
|
# ? Aug 14, 2017 22:15 |
|
mrmcd posted:
https://twitter.com/LauraLoomer/status/897116115935133696
|
# ? Aug 14, 2017 22:21 |
|
BangersInMyKnickers posted:I was reading that anonymous hacked the site and turned off the registration anonymity thing and it wasn't anything GoDaddy actively did but maybe that was bullshit
|
# ? Aug 14, 2017 23:16 |
|
also don't trust anything laura loomer says, she's the moron with the dry rotted "slashed" tires from last month
|
# ? Aug 14, 2017 23:54 |
|
Phone posted:also don't trust anything laura loomer says, she's the moron with the dry rotted "slashed" tires from last month what?
|
# ? Aug 15, 2017 00:10 |
|
https://twitter.com/thehill/status/897217289824722944 lol trump admin is asking dreamhost for records related to trump protest blogs
|
# ? Aug 15, 2017 00:15 |
|
cis autodrag posted:what?
|
# ? Aug 15, 2017 00:16 |
|
she also openly cheered the deaths of 2000 migrants with the hope that 2000 more might die
|
# ? Aug 15, 2017 00:23 |
|
so weev, the dude who claimed that his nazi tatto was just trolling, turned out to be the admin behind the daily stormer? I'l shocked!
|
# ? Aug 15, 2017 00:41 |
|
ymgve posted:so weev, the dude who claimed that his nazi tatto was just trolling, turned out to be the admin behind the daily stormer? I'l shocked!
|
# ? Aug 15, 2017 01:13 |
|
cis autodrag posted:what? hahahaha ooooohboy you are in for a treat
|
# ? Aug 15, 2017 03:18 |
|
BangersInMyKnickers posted:hahahaha ooooohboy you are in for a treat i saw ppl accusing a woman of not understanding tires and assumed the usual twitright misogyny but the real story is way funnier.
|
# ? Aug 15, 2017 03:27 |
|
it wasn't that she didn't understand tires, it was that she expected that everyone else would believe she had her tires slashed so she could get internet nazi points
|
# ? Aug 15, 2017 03:49 |
|
CommunistPancake posted:it wasn't that she didn't understand tires, it was that she expected that everyone else would believe she had her tires slashed so she could get internet nazi points No one would ever post lies for internet points
|
# ? Aug 15, 2017 06:11 |
|
you really think someone would do that? just go on the internet and tell lies?
|
# ? Aug 15, 2017 06:17 |
|
|
# ? May 15, 2024 03:19 |
|
i'm the Deutsche Bahn security questions
|
# ? Aug 15, 2017 08:28 |