|
anthonypants posted:lmao yeah sure, you somehow managed to engineer a system that flawlessly executes even with a critical component unresponsive but you are dumb enough not to engineer it to not issue certs when that component is unresponsive.
|
# ? Sep 14, 2017 05:34 |
|
|
# ? May 14, 2024 08:36 |
|
Max Facetime posted:Encryption is not a human right and neither is downloading apps, in fact both could well be illegal in some places, so where's the human rights violation? could you be any dumber (edgier?). "illegal" isn't in the ballpark of "not a right", it's not even the same game
|
# ? Sep 14, 2017 11:26 |
|
cis autodrag posted:yeah sure, you somehow managed to engineer a system that flawlessly executes even with a critical component unresponsive but you are dumb enough not to engineer it to not issue certs when that component is unresponsive. These things are often related! It's so robust it manages to function even in conditions where it clearly shouldn't. Wow, sounds like that person should get a raise.
|
# ? Sep 14, 2017 11:41 |
|
hackbunny posted:could you be any dumber (edgier?). "illegal" isn't in the ballpark of "not a right", it's not even the same game i'm sure it's one of those "well humans did without encryption for years until now" trains of thought or whatever which is provably false
|
# ? Sep 14, 2017 11:59 |
|
External process stderr and stdout mashed together Exit code not checked "Let me just use a regular expression to pull the thing I care about" Robust computing genius
|
# ? Sep 14, 2017 13:56 |
|
prisoner of waffles posted:External process stderr and stdout mashed together also blaming the switch to 64 bit like it hasn't been a loving decade
|
# ? Sep 14, 2017 15:16 |
|
security fuckup of the day: just got an email from my sister containing two things, "hey why idn't this working?" and a high res photo of some medical network login dialog with the creds in plain text
|
# ? Sep 14, 2017 15:57 |
|
Cocoa Crispies posted:also blaming the switch to 64 bit like it hasn't been a loving decade
|
# ? Sep 14, 2017 17:33 |
|
oh or regex-bashing the output of dig as if using your language's dns library is somehow more difficult
|
# ? Sep 14, 2017 17:40 |
|
love 2 make system calls in my business app
|
# ? Sep 14, 2017 17:43 |
|
|
# ? Sep 14, 2017 18:28 |
|
gently caress the uae and gently caress their war on yemen https://twitter.com/buenen/status/908244882610900992
|
# ? Sep 14, 2017 18:36 |
|
Shinku ABOOKEN posted:gently caress the uae and gently caress their war on yemen is it surprising he's using a hotmail email address? i guess it's secure as anything else
|
# ? Sep 14, 2017 20:55 |
|
prisoner of waffles posted:External process stderr and stdout mashed together that's the unix philosophy!
|
# ? Sep 14, 2017 21:18 |
|
Cocoa Crispies posted:oh or regex-bashing the output of dig as if using your language's dns library is somehow more difficult if your language is C# there's no way to get CAA records without P/Invoke within .NET. Python also requires a 3rd party library. dealing with records other than A/AAAA can actually be more work. it used to be even worse, but SPF's use of TXT spurred interest in supporting it
|
# ? Sep 14, 2017 21:46 |
|
Subjunctive posted:if your language is C# there's no way to get CAA records without P/Invoke within .NET. Python also requires a 3rd party library. wait are you seriously telling me that the standard dns libraries for .net and python don't have the ability to just get all the records belonging to a host? you've been able to do this with PHP since the beginning of time
|
# ? Sep 14, 2017 22:01 |
|
McGlockenshire posted:wait are you seriously telling me that the standard dns libraries for .net and python don't have the ability to just get all the records belonging to a host? you've been able to do this with PHP since the beginning of time that is what I'm telling you
|
# ? Sep 14, 2017 22:08 |
|
McGlockenshire posted:wait are you seriously telling me that the standard dns libraries for .net and python don't have the ability to just get all the records belonging to a host? you've been able to do this with PHP since the beginning of time it's the same C win32 function though
|
# ? Sep 14, 2017 22:23 |
|
McGlockenshire posted:wait are you seriously telling me that the standard dns libraries for .net and python don't have the ability to just get all the records belonging to a host? you've been able to do this with PHP since the beginning of time yeah piling on because ruby & erlang both ship with this, but they're not as amateur hour as python and .net
|
# ? Sep 15, 2017 03:15 |
|
Remember when Equifax was a root CA and then sold their CA to Symantec https://twitter.com/GossiTheDog/status/908359849850875905
|
# ? Sep 15, 2017 04:01 |
|
50/50 on the private key somehow being all zeros
|
# ? Sep 15, 2017 04:09 |
|
equifax just gets more owned as the days go by, and no other companies will learn from their mistakes.
|
# ? Sep 15, 2017 05:05 |
|
surebet posted:security fuckup of the day: just got an email from my sister containing two things, "hey why idn't this working?" and a high res photo of some medical network login dialog with the creds in plain text most peoples' approach to credentials and cryptographic secrets is "it's okay to send this to a third party i don't think is malicious" because they have no concept of their assumptions being wrong and no understanding that third parties are privy to these communications. customers send us their certificate private keys on a daily basis unrequested because they think it will aid in solving their problem. if it's any consolation about half of those think the certificate itself is the private key, and have no idea where their private key is. wtf is good and favorable.
|
# ? Sep 15, 2017 05:17 |
|
spit on my clit posted:equifax just gets more owned as the days go by, and no other companies will learn from their mistakes. https://doublepulsar.com/apache-struts-and-the-three-leading-us-credit-agencies-7c2bf1c9661e
|
# ? Sep 15, 2017 05:46 |
|
SeaborneClink posted:https://doublepulsar.com/apache-struts-and-the-three-leading-us-credit-agencies-7c2bf1c9661e Looking forward to this guy being blamed for everything by the feds.
|
# ? Sep 15, 2017 06:05 |
|
a bunch of people are legitimately just posting screenshots of them exploiting the vulnerability on companies maybe the feds should stop them
|
# ? Sep 15, 2017 06:11 |
|
Haquer posted:i'm sure it's one of those "well humans did without encryption for years until now" trains of thought or whatever look over 2000 years just isnt a good track record, look how lovely these roman ciphers are!
|
# ? Sep 15, 2017 06:55 |
|
mods change my name to shifty julius
|
# ? Sep 15, 2017 06:56 |
|
https://twitter.com/MoritzWittmann/status/908319633660416001 i'm looking forward to the fallout of the first company ballsy enough to willingly make orders through a tv ad, although it apparently has happened accidentally before, at small scale: http://gizmodo.com/tv-report-on-accidental-amazon-orders-triggers-attempte-1790958217 i mean if you want to have a thing that'll spy on you and make shopping lists that's fine, but why in the hell would you give it authoritative access to your money
|
# ? Sep 15, 2017 07:00 |
|
Daman posted:a bunch of people are legitimately just posting screenshots of them exploiting the vulnerability on companies is it illegal if it's your data you're accessing anyway?? but yeah, feds should stop the companies from doing dumb poo poo somehow. maybe just jail all ceos preemptively
|
# ? Sep 15, 2017 08:21 |
|
surebet posted:the larger issue is that this happened in the wake of last year's failed coup in turkey where some revolutionaries did in fact use bylock, however it's download and use was made illegal retroactively in an effort to root out participants not already detained. what is this app supposed to do, really? allow you to pretend you are living in a European Union country? prevent government repression of the users of the app? make the government more better and all good? none of which will occur without cooperation from the Turkish government an encrypted communications app in the EU is just snake oil. for the Turkish it's snake venom Haquer posted:i'm sure it's one of those "well humans did without encryption for years until now" trains of thought or whatever modern encryption is something computers do, not humans. ergo it's not a human right
|
# ? Sep 15, 2017 10:30 |
|
Max Facetime posted:modern encryption is something computers do, not humans. ergo it's not a human right The right to privacy seems pretty key, but :shrugemoji: You are an absurd person. Modern security is something locks do, not humans. ergo it's not a human right to not be made to quarter troops in your house.
|
# ? Sep 15, 2017 10:40 |
|
surebet posted:i mean if you want to have a thing that'll spy on you and make shopping lists that's fine, but why in the hell would you give it authoritative access to your money ask the many, many yosposters who own one
|
# ? Sep 15, 2017 10:57 |
|
Max Facetime posted:modern encryption is something computers do, not humans. ergo it's not a human right communicating with other people is something people do you gigantic boob
|
# ? Sep 15, 2017 10:58 |
|
hackbunny posted:ask the many, many yosposters who own one first time i saw someone demo it with their bank accounts i was like lol that is just waiting for fraud galore
|
# ? Sep 15, 2017 13:16 |
|
The Something Awful Forums > Discussion > Serious Hardware / Software Crap > YOSPOS > Security Fuckup Megathread - v14.1 - modern encryption is something computers do
|
# ? Sep 15, 2017 13:22 |
|
Max Facetime posted:modern encryption is something computers do, not humans. ergo it's not a human right and by the way, a=a, so checkmate guys
|
# ? Sep 15, 2017 13:43 |
|
hackbunny posted:ask the many, many yosposters who own one yeah, but you're a paranoid moron if you think that those devices aren't always recording and sending data back home or if you don't want to unlock your phone with your visage my light bulbs have their own dns! I FUKKEN LOVE TECHNOLOGY
|
# ? Sep 15, 2017 13:46 |
|
Babies Getting Rabies posted:did we already talk about how comodo ignores caa and just issues certificates despite caa records for those domains not authorizing them to do so? quote:Hi Gerv. Upon closer investigation just now, I (re)discovered that dig's +sigchase option is only available if BIND has been built with -DDIG_SIGCHASE. startcom are having some trouble gaining trust back: https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/hNOJJrN6WfE/5i46-wV5AAAJ quote:* Certnomis chose to cross-sign StartCom while StartCom had audits with significant qualifications, and allowed them to recommence publicly-trusted issuance before they had demonstrated to Mozilla that they had met the remediation conditions required. While this may not have been against the letter of our requirements for StartCom to restart trusted operations, we feel it was not in the spirit of them.
|
# ? Sep 15, 2017 13:48 |
|
|
# ? May 14, 2024 08:36 |
|
Phone posted:yeah, but you're a paranoid moron if you think that those devices aren't always recording and sending data back home or if you don't want to unlock your phone with your visage lol if you arent already forcing all dns requests to your own server in a battle against your own devices
|
# ? Sep 15, 2017 15:20 |