|
ate all the Oreos posted:i mean "lovely security" seems like the kind of thing you can brush under the rug for not really costing money until something bad happens, not having automated / streamlined customer support strikes me as the kind of thing some middle-manager MBA would have optimized away to save 5% on labor costs years ago Seeing how they repeatedly gave out the wrong link maybe they just hosed up the canned reply?
|
# ? Sep 20, 2017 18:46 |
|
|
# ? May 14, 2024 10:37 |
|
Trabisnikof posted:Seeing how they repeatedly gave out the wrong link maybe they just hosed up the canned reply? it all seems to come from "Tim" so yeah maybe lol
|
# ? Sep 20, 2017 18:47 |
|
non-us banks don't give their customers the same protections we take for granted
|
# ? Sep 20, 2017 18:59 |
|
Shaggar posted:non-us banks don't give their customers the same protections we take for granted Don't US banks have a history of giving you access to everything after they ask you your mother's maiden name on the phone and you reply with some random mumbling?
|
# ? Sep 20, 2017 19:27 |
|
probably depends on the bank but if they did you wouldn't be liable.
|
# ? Sep 20, 2017 19:36 |
|
drat, I thought the terrible way some people pronounce JWT was just a bad joke. But...RFC 7519 posted:The suggested pronunciation of JWT is the same as the English word "jot". It's actually in the standard.
|
# ? Sep 20, 2017 20:18 |
|
Shaggar posted:so what you're saying is regulations are bad and we should let the market decide? No we should make sure that the industry we are attempting to regulate has zero input whatsoever to the regulations we are applying. If that means the regulations are written in a way that makes them impossible to comply with, good, the industry get's continually fined until it goes away.
|
# ? Sep 20, 2017 22:11 |
|
so you're saying that people who have no idea how the industry works should make rules around it?
|
# ? Sep 20, 2017 22:32 |
|
actually they should do detailed and in-depth industry consultations, then implement the exact opposite of whatever recommendations they were given
|
# ? Sep 20, 2017 22:37 |
|
the entire credit industry is hosed and has no idea what the gently caress is going on i applied for a fancy credit card lately and was approved but can't get it because for some reason the credit agencies decided that i need to verify my identity by calling them from my parent's landline phone which i haven't used in any capacity for over a decade
|
# ? Sep 20, 2017 23:15 |
|
M_Gargantua posted:my solution has always been to have javascript disabled by default until an allowance is added. only breaks some sites where they try to forward your browser through like four intermediary sites for cred certification or form submission. Casual browsing is surprisingly functional without javascript, though the people who want to browse the forums at work should really cough up the $5 for the noads upgrade.
|
# ? Sep 20, 2017 23:33 |
|
duTrieux. posted:the entire credit industry is hosed and has no idea what the gently caress is going on just find someone with a T1/PRI and have them spoof the number for you. no big deal
|
# ? Sep 20, 2017 23:56 |
|
duTrieux. posted:the entire credit industry is hosed and has no idea what the gently caress is going on Same except for I was trying to get approved to call a 1-900 number.
|
# ? Sep 20, 2017 23:57 |
|
...wait, wait, someone at a credit card company thinks Caller ID is a valid and secure method for identifying someone??
|
# ? Sep 20, 2017 23:58 |
|
Farmer Crack-rear end posted:just find someone with a T1/PRI and have them spoof the number for you. no big deal dammit I was literally going to offer this for
|
# ? Sep 20, 2017 23:59 |
|
https://www.blackhat.com/eu-17/brie...ent-engine-8668
|
# ? Sep 21, 2017 00:17 |
|
Farmer Crack-rear end posted:...wait, wait, someone at a credit card company thinks Caller ID is a valid and secure method for identifying someone?? yes. well, partially. bsaically i'd call them and then they'd call me back
|
# ? Sep 21, 2017 00:18 |
|
well that finally happened. gently caress Us.
|
# ? Sep 21, 2017 00:43 |
|
ME is MINIX? that is a surprising choice.
|
# ? Sep 21, 2017 00:49 |
|
so how much worse is that going to be than all the broken IPMI implementations from like five years ago? I mean other than ME being in consumer procs
|
# ? Sep 21, 2017 00:51 |
|
that's a pretty big "other than", IMO
|
# ? Sep 21, 2017 00:56 |
|
Minix? Talk about security through obscurity
|
# ? Sep 21, 2017 01:28 |
|
i'm signing up for PADI, probably the world's most well known scuba diving organization the password i chose was "password"
|
# ? Sep 21, 2017 02:29 |
|
but don't you see, it's so obvious no one will ever guess it!
|
# ? Sep 21, 2017 02:53 |
|
Pie Colony posted:i'm signing up for PADI, probably the world's most well known scuba diving organization SSI is superior both in website and training program
|
# ? Sep 21, 2017 03:00 |
|
Pie Colony posted:i'm signing up for PADI, probably the world's most well known scuba diving organization for a second i thought it was rating your phone number
|
# ? Sep 21, 2017 03:11 |
|
Raere posted:SSI is superior both in website and training program
|
# ? Sep 21, 2017 03:21 |
|
Raere posted:SSI is superior both in website and training program
|
# ? Sep 21, 2017 03:32 |
|
it assumes both my billing and shipping addresses are the address i live at, with no way to change it, so i guess SSI it is
|
# ? Sep 21, 2017 03:38 |
|
infernal machines posted:actually they should do detailed and in-depth industry consultations, then implement the exact opposite of whatever recommendations they were given at the very least this would make stuff much more funny
|
# ? Sep 21, 2017 04:42 |
|
They lobbied real hard to get that ruling in. Between "when your stuff is stolen" and "when you notify your bank", poo poo done on your account is your problem. The law will probably get changed after a few horror stories but in the meantime, first you create a problem... and then you sell the answer.
|
# ? Sep 21, 2017 04:49 |
|
Shaggar posted:so you're saying that people who have no idea how the industry works should make rules around it? I wish the government would regulate your posting
|
# ? Sep 21, 2017 07:08 |
|
in news absolutely no one saw coming it turns out there was a secondary payload delivered via the ccleaner backdoor: https://blog.avast.com/progress-on-ccleaner-investigationquote:First of all, analysis of the data from the CnC server has proven that this was an APT (Advanced Persistent Threat) programmed to deliver the 2nd stage payload to select users. Specifically, the server logs indicated 20 machines in a total of 8 organizations to which the 2nd stage payload was sent, but given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds. This is a change from our previous statement, in which we said that to the best of our knowledge, the 2nd stage payload never delivered. now if you want to know which companies were targeted ask talos: http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
|
# ? Sep 21, 2017 08:50 |
|
Carbon dioxide posted:Don't US banks have a history of giving you access to everything after they ask you your mother's maiden name on the phone and you reply with some random mumbling? 90% of the married women I know on Facebook have their maiden names before their last names (I am guessing so high school friends know who they are) it is gonna be so easy to steal their kids' identities in ~15 years hobbesmaster posted:equifax isn’t going to spend anything on customer service if they’re not spending money on security and their stock has been going up the past few days lol
|
# ? Sep 21, 2017 12:19 |
|
p much every time we had a security bug in the press at Netscape our stock went up. maybe there is no such thing as bad publicity
|
# ? Sep 21, 2017 12:22 |
|
M_Gargantua posted:my solution has always been to have javascript disabled by default until an allowance is added. only breaks some sites where they try to forward your browser through like four intermediary sites for cred certification or form submission. lmao
|
# ? Sep 21, 2017 13:13 |
|
from the makers of netnanny comes javajanitor
|
# ? Sep 21, 2017 13:37 |
literally a secfuck - SEC got hacked https://www.washingtonpost.com/news...m=.89f7e8ed94ac
|
|
# ? Sep 21, 2017 14:29 |
|
cinci zoo sniper posted:literally a secfuck - SEC got hacked yeah i heard about it this morning, where NPR compared it to back to the future for some goddamn reason because they used the information for insider trading
|
# ? Sep 21, 2017 14:49 |
|
|
# ? May 14, 2024 10:37 |
|
Wiggly Wayne DDS posted:in news absolutely no one saw coming it turns out there was a secondary payload delivered via the ccleaner backdoor: https://blog.avast.com/progress-on-ccleaner-investigation Are those internal domains?
|
# ? Sep 21, 2017 14:59 |