|
flakeloaf posted:baseball: a sport where looking in a certain direction is cheating if you look without your eyes what kind of sam neill rear end motherfucker looks without eyes
|
# ? Sep 6, 2017 04:19 |
|
|
# ? May 13, 2024 21:55 |
|
BangersInMyKnickers posted:The emergency 5x power button click to disable biometrics on iOS 11 is designed to help with that though it doesn't help if you're getting ganked instead of pulled over with a slow process. Forces all auth back to pin Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? Also what do people think about a keypad with randomized nmber locations? Instead of it looking like 1, 2, 3, etc. It's 0-9 in a random location on the screen. Then after every number input, or maybe every 2 numbers, idk, all the numbers randomize again and you put the rest of the PIN in. Way back in the 80's or so when the first LED keypads were a thing, some DoE keypads were designed that way. The passcode would be 1,2,3,4 but looking at someone putting in that keycode from far away their hand would have to move all over the keypad to put in the code. Seems like that would eliminate shoulder surfing, at the expense of taking longer to unlock the phone. Not sure if that would be an acceptable trade off for usability or not.
|
# ? Sep 6, 2017 04:39 |
|
ate poo poo on live tv posted:Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? Means you type in your pin a lot slower and I worry about that increasing the risk of screen surfing not decrease it since you have to think so long, you'll probably also make your pin shorter as a result of it sucking rear end
|
# ? Sep 6, 2017 04:41 |
|
Trabisnikof posted:Does that still delete the saved fingerprints or did I imagine that? in ios11 you can turn fingerprints off for unlocking the phone but keep it for Apple pay or app store. so you can save your prints and re-enable the unlock whenever.
|
# ? Sep 6, 2017 05:06 |
|
ate poo poo on live tv posted:Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? we're going to be doing a digital version of this soon to some sites for ~pci compliance~ reasons lol
|
# ? Sep 6, 2017 05:13 |
|
ate poo poo on live tv posted:Way back in the 80's or so when the first LED keypads were a thing, some DoE keypads were designed that way. The passcode would be 1,2,3,4 but looking at someone putting in that keycode from far away their hand would have to move all over the keypad to put in the code. Seems like that would eliminate shoulder surfing, at the expense of taking longer to unlock the phone. they're referred to as "scramble pads" and are uncommon even in government installations. they randomize on powerup and every retry rather than every digit, though.
|
# ? Sep 6, 2017 05:17 |
|
oh, so basically the inspiration for the office 2003 ui?
|
# ? Sep 6, 2017 05:22 |
|
Zero One posted:in ios11 you can turn fingerprints off for unlocking the phone but keep it for Apple pay or app store. so you can save your prints and re-enable the unlock whenever. this isn't new in ios 11, it's what i have set up on my phone
|
# ? Sep 6, 2017 06:26 |
|
ate poo poo on live tv posted:Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? This is done on certain crypto gear as well but iirc it is mostly so that the pin pad gets even wear on all the buttons, not so much for shoulder surfing.
|
# ? Sep 6, 2017 06:43 |
|
Midjack posted:they're referred to as "scramble pads" and are uncommon even in government installations. they randomize on powerup and every retry rather than every digit, though. I've used these ( in an arts building of all places ) and they : - make a loud rear end computer blipping sound whenever you start a new entry or touch it - have the led keys shrouded in a way that you can't see the numbers if you're not right in front of it They're pretty cool and reasonably effective when they are controlling mag locked doors or things you couldn't otherwise easily open. Until they can make phone displays which can shift pixels or something for privacy they are still pretty unique.
|
# ? Sep 6, 2017 11:46 |
|
Zero One posted:in ios11 you can turn fingerprints off for unlocking the phone but keep it for Apple pay or app store. so you can save your prints and re-enable the unlock whenever. this has been an option for a long time, I'm doing that right now on iOS 10
|
# ? Sep 6, 2017 14:08 |
|
just grab at your stuff from outside your pants. Y'all should be experience with this by now.
|
# ? Sep 6, 2017 14:38 |
|
Info on neutering the Intel ME. Apparently this functionality is included and undocumented at the behest of government spec http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
|
# ? Sep 6, 2017 14:43 |
|
BangersInMyKnickers posted:this has been an option for a long time, I'm doing that right now on iOS 10 i only have ios11 now so I couldn't confirm if it was on older versions but it sounds like good news for all
|
# ? Sep 6, 2017 15:40 |
|
Remember Superfish? The Federal Trade Commission Remembers... FTC slaps Lenovo on the wrist for selling computers with secret adware quote:Companies need user "affirmative consent" to preinstall MITM adware, FTC says. I'm pleasantly surprised HN seems to agree with the headline.
|
# ? Sep 6, 2017 15:44 |
|
why would you ever touch hn
|
# ? Sep 6, 2017 15:45 |
|
loving superfish
|
# ? Sep 6, 2017 16:12 |
|
project zero seem to have turned their attention to tor https://bugs.chromium.org/p/project-zero/issues/detail?id=1293Tor: Linux sandbox breakout via X11 posted:From inside the Linux sandbox described in
|
# ? Sep 6, 2017 16:54 |
|
Wiggly Wayne DDS posted:project zero seem to have turned their attention to tor https://bugs.chromium.org/p/project-zero/issues/detail?id=1293 if you want to attack tor, just start memory dumping the tor daemon while you're acting as an hsdir
|
# ? Sep 6, 2017 16:57 |
|
Lain Iwakura posted:if you want to attack tor, just start memory dumping the tor daemon while you're acting as an hsdir you're conflating attacks on end users with attacks on onion services with the way hidden service descriptors currently work you can, at best, knock them offline (this is fixed in prop 224)
|
# ? Sep 6, 2017 17:40 |
|
ate poo poo on live tv posted:Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? your muscle memory and your users' interest with it
|
# ? Sep 6, 2017 17:54 |
|
ate poo poo on live tv posted:Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? certainly adding it as an available option is easily doable, but options are not apples thing.
|
# ? Sep 6, 2017 17:55 |
|
apple hates the freedom to do dumb, lovely things to your phone
|
# ? Sep 6, 2017 18:24 |
|
Wiggly Wayne DDS posted:project zero seem to have turned their attention to tor https://bugs.chromium.org/p/project-zero/issues/detail?id=1293 <effortpost> this isn't that surprising, i played around with linux-based isolation and it comes down to x (and posix, for that matter) being a relic of a simpler time. that philosophy infects everything desktop related, like sound because for some reason linux still can't do a kernel-based mixer in 2017 so we need 15 competing userspace programs to do it instead. torpedo demonstrates the most trivial avenue of attack is to code-inject into the browser to do a native socketcall and wander out to the real web outside the proxy configuration. it's embarassing that it even worked, when the most minimal amount of isolation could restrict the browser process to connecting to the tor proxy socket. as the p0 bug report notes, the next attacks are also obvious - x + pulse are enormous surface areas that are trivial to break out of. this was some "competent security person looks at it, immediately escapes sandbox" level of trivial. pacondom probably needs to be written - looks like pulse daemon, but only passes specific whitelisted controls through. even with that, you're left with hostile code running in a container of some sort. even with a perfect vm, you're still left with the attacker having full access to everything you've done in tor. browser history, downloads, unsent documents, emails, etc. you can either automatedly exfil interesting things via tor, or just pipe a shell through for more personal inspection. most people will give themselves away at that point, by having something that links their real identity inside their "safe" sandbox. that's a problem outside tor too, app isolation would prevent the email attachment->cryptolocker or malware in ad network->browser->cryptlocker poo poo you get on the clearweb all the time.
|
# ? Sep 7, 2017 09:58 |
|
use
|
# ? Sep 7, 2017 10:23 |
|
also one big threat with the facial recognition stuff for people who absolutely have pictures of you is your parent who thinks you're gay or your partner who thinks you're cheating or whatever. those are just as valid threats as mugging.
|
# ? Sep 7, 2017 13:48 |
|
Phobeste posted:also one big threat with the facial recognition stuff for people who absolutely have pictures of you is your parent who thinks you're gay or your partner who thinks you're cheating or whatever. those are just as valid threats as mugging. for all the talk of "have a threat model" some people sure love to throw up their hands and jump to the "blackbagged to cia black site" scenario
|
# ? Sep 7, 2017 13:55 |
|
Phobeste posted:also one big threat with the facial recognition stuff for people who absolutely have pictures of you is your parent who thinks you're gay or your partner who thinks you're cheating or whatever. those are just as valid threats as mugging. thanks for teaching facebook what i look like and a bunch of information about me despite me not even having an account, mom
|
# ? Sep 7, 2017 14:18 |
|
hackbunny posted:for all the talk of "have a threat model" some people sure love to throw up their hands and jump to the "blackbagged to cia black site" scenario If that's a euphemism for "my girlfriend is screaming and crying about how I cheated on her in a dream she had and I long for a CIA kill team to end me" I guess that makes sense.
|
# ? Sep 7, 2017 14:19 |
|
bitches be trippin amirite
|
# ? Sep 7, 2017 14:32 |
|
ha ha ha, women ! ! !
|
# ? Sep 7, 2017 15:55 |
|
Volmarias posted:If that's a euphemism for "my girlfriend is screaming and crying about how I cheated on her in a dream she had and I long for a CIA kill team to end me" I guess that makes sense. I mean that "phsyical access is game over " was and is used as a debate ender by people who really should know better
|
# ? Sep 7, 2017 16:33 |
|
https://twitter.com/_grendan/status/905844826771476480
|
# ? Sep 7, 2017 19:24 |
|
|
# ? Sep 7, 2017 20:00 |
|
yeah but Hillary probably broke them
|
# ? Sep 7, 2017 20:03 |
|
they're not very breit, are they
|
# ? Sep 7, 2017 20:51 |
|
someone should make a 'bannon cannon' that breaks ads
|
# ? Sep 7, 2017 21:33 |
|
https://twitter.com/cnbcnow/status/905892104999755776
|
# ? Sep 7, 2017 21:46 |
|
oh wonderful
|
# ? Sep 7, 2017 21:50 |
|
|
# ? May 13, 2024 21:55 |
|
I really want to know what the website application vulnerability wasquote:Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
|
# ? Sep 7, 2017 21:52 |