|
nice NICE NICE NICE https://twitter.com/newsycbot/status/911305527384256512 https://twitter.com/jupenur/status/911286403434246144
|
# ? Sep 22, 2017 20:15 |
|
|
# ? Jun 5, 2024 04:27 |
|
Jewel posted:nice NICE NICE NICE anthonypants fucked around with this message at 20:27 on Sep 22, 2017 |
# ? Sep 22, 2017 20:24 |
|
oh my GOOOOOOOOOOOOOOD
|
# ? Sep 22, 2017 21:05 |
|
what even prompted them to post the key on their blog private or otherwise?
|
# ? Sep 22, 2017 21:06 |
|
Shinku ABOOKEN posted:what even prompted them to post the key on their blog private or otherwise? in response they've revoked the key and removed the blog post entirely, it's still kicking around on caches though good luck talking to psirt until they've put out a new key though? then again pgp is such a clusterfuck on email that no one really uses it oh and mailvelope warns on exporting the private key as well so multiple fuckups
|
# ? Sep 22, 2017 21:14 |
|
|
# ? Sep 22, 2017 21:25 |
|
Shinku ABOOKEN posted:what even prompted them to post the key on their blog private or otherwise? It's relatively common for security groups to post their public key on their web site so you can encrypt messages to send to them.
|
# ? Sep 22, 2017 21:33 |
|
yeah if you find a security issue with their poo poo, you take their public key and sign a message so that the nsa or whoever can't tell what the vulnerability is
|
# ? Sep 22, 2017 21:37 |
|
https://twitter.com/me_irl/status/911328527248699392
|
# ? Sep 22, 2017 21:59 |
|
this is the choice poo poo secfuck
|
# ? Sep 22, 2017 22:36 |
|
A good shirt
|
# ? Sep 22, 2017 23:12 |
|
anthonypants posted:yeah if you find a security issue with their poo poo, you take their public key and sign a message so that the nsa or whoever can't tell what the vulnerability is you encrypt, not sign.
|
# ? Sep 22, 2017 23:36 |
|
Subjunctive posted:you encrypt, not sign. same difference
|
# ? Sep 22, 2017 23:38 |
|
Rufus Ping posted:same difference of course
|
# ? Sep 22, 2017 23:40 |
|
lol the broadpwn bug is a plain-old 90's style buffer overflow
|
# ? Sep 23, 2017 01:31 |
|
Shinku ABOOKEN posted:lol the broadpwn bug is a plain-old 90's style buffer overflow Bugs in 2017 aren't different than bugs in 1990.
|
# ? Sep 23, 2017 01:34 |
|
apseudonym posted:Bugs in 2017 aren't different than bugs in 1990. idk was xss an issue in 1990
|
# ? Sep 23, 2017 01:37 |
|
Security Fuckup Megathread - v14.0 - oh poo poo Adobe
|
# ? Sep 23, 2017 01:37 |
|
anthonypants posted:lmao i was just about to post this i always wanted to buy that shirt and well google reverse image search really isn't helping here
|
# ? Sep 23, 2017 01:41 |
|
(i'm going to assume that somehow the preferred stock photo for confederate flag t-shirts is a black man with swag)
|
# ? Sep 23, 2017 01:42 |
|
also since they revoked the key, through the magic of google cache here's an archived version if someone wants to frame it or something http://archive.is/MrWkg
|
# ? Sep 23, 2017 01:54 |
|
Trabisnikof posted:idk was xss an issue in 1990 yes. i pranked a guy stupid enough to have iframes allowed in his vbulletin board by changing my sig to a funny iframe and having some script in the frame request the user control panel to change the user sig to the same iframe. next day the forum was wiped
|
# ? Sep 23, 2017 02:03 |
|
rip geocities.
|
# ? Sep 23, 2017 02:04 |
|
surebet posted:also since they revoked the key, through the magic of google cache here's an archived version if someone wants to frame it or something
|
# ? Sep 23, 2017 02:31 |
|
Shinku ABOOKEN posted:yes. i pranked a guy stupid enough to have iframes allowed in his vbulletin board by changing my sig to a funny iframe and having some script in the frame request the user control panel to change the user sig to the same iframe. Shinku ABOOKEN posted:rip geocities. iframe not a thing until 1997. Geocities not a thing until 1994. vBulletin not a thing until 2000. But yeah, you totally did xss in 1990 EDIT: Had to look it up, but HTML WAS NOT A THING UNTIL 1993 (at least in terms of the first draft of how we know it) Proteus Jones fucked around with this message at 02:37 on Sep 23, 2017 |
# ? Sep 23, 2017 02:34 |
|
Proteus Jones posted:iframe not a thing until 1997. oops. i read it as 1990s.
|
# ? Sep 23, 2017 02:36 |
|
Shinku ABOOKEN posted:he said the 90s of which 1997 or whatever belongs. also i am pretty sure vbulletin existed before that. OK, misread I get it. I was just like "Wha? WTF is he on about?"
|
# ? Sep 23, 2017 02:38 |
|
vBulletin existed in 1999 as a private port of UBB to PHP/MySQL by a Visual Basic community (vB, get it) but it wasn't a commercial product until 2001 UBB had a whole fuckton of vulnerabilities and they basically hired me because I ended up having to call them up and demonstrate to them on the phone why you don't pass unfiltered input into perl's open() UBB had a whole bunch of fun security bugs that existed only because nobody at the time ever considered that people might be malicious. Like all of the data files were stored with the file extension .cgi because then when end users tried to view those files Apache would try running them as CGI scripts and that'd 500 on them. Oh also user data files were named after the username. The first line of the file was the canonical user name, the second line was the unencrypted password. Someone figured out that they can name themselves, say, #!/usr/bin/perl and that was pretty much the end of that as soon as they figured out the 100% predictable directory name for user data storage. Same thing with not allowing parenthesis in URLs. That limitation was put in place as the most incredibly stupid and simple way to stop the XSS attacks of the day. That entire product was a clusterfuck. That entire company was a clusterfuck and in the end they deserved to lose the market even if it meant that the internet had to deal with vBulletin instead. McGlockenshire fucked around with this message at 02:46 on Sep 23, 2017 |
# ? Sep 23, 2017 02:44 |
|
surebet posted:i always wanted to buy that shirt and well google reverse image search really isn't helping here
|
# ? Sep 23, 2017 02:47 |
|
anthonypants posted:lol that it's an archive of the google cache well i mean despite my repeated attempts, i've yet to master time travel so this will have to do lol also fwiw archive.is apparently doesn't give a gently caress about robots.txt, which i'm making a mental note of
|
# ? Sep 23, 2017 02:50 |
|
McGlockenshire posted:vBulletin existed in 1999 as a private port of UBB to PHP/MySQL by a Visual Basic community (vB, get it) but it wasn't a commercial product until 2001 it's adorable in its weird quaintness, like how old timey cars were shifted with three different pedals and had a lever for manually changing the ignition timing
|
# ? Sep 23, 2017 04:04 |
|
Xpost from grey forumsMrBling posted:https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
|
# ? Sep 23, 2017 04:33 |
|
that's hella beer money for that little trick! gj guy
|
# ? Sep 23, 2017 07:21 |
|
infernal machines posted:the fact that there aren’t more high profile breaches of retail chains like target is purely because of the laziness of criminals lazy millennials are killing the cybercrime industry.
|
# ? Sep 23, 2017 11:00 |
|
Wheany posted:lazy millennials are killing the cybercrime industry. Don't worry, plenty of Eastern European/Russian/Asian millennials are taking up the flag.
|
# ? Sep 23, 2017 12:54 |
|
CommieGIR posted:Don't worry, plenty of Eastern European/Russian/Asian millennials are taking up the flag. Just register avoca.do as a hacking site and watch them flood in.
|
# ? Sep 23, 2017 14:15 |
|
Volmarias posted:Xpost from grey forums that's fantastic
|
# ? Sep 23, 2017 15:42 |
|
the university rolled out a new system for making edits to the catalog and course descriptions. login is your univ email address (first.lastname@school.edu) and we were all told to use the same password: school mascot + what i assume is some high level adminstrator's birth year (i.e. crimsontide68). suddenly it's really easy to login in as everyone in the approval chain (helpfully listed on the site) and shepherd your changes through to completion. two weeks later they finally integrated our single sign-on and put a stop to that capability. one presumes that the unidentified admin probably uses that same password for everything else they do online.
|
# ? Sep 23, 2017 19:36 |
|
what's the thread opinion on qubes os? how does it compare to whonix or tails?
|
# ? Sep 24, 2017 01:19 |
|
|
# ? Jun 5, 2024 04:27 |
|
Shinku ABOOKEN posted:what's the thread opinion on qubes os? how does it compare to whonix or tails? Qubes OS is catered towards a need for security via compartmentalization and has a pretty slick management system for creating different VMs within the OS for this. It includes a Whonix gateway and workstation template VM by default, actually, and you can create a number of other VMs that throw all traffic through the tor network (including a throw-away one) Tails is meant to run as a bootable USB (good anonymity in a pinch) where Qubes relies pretty highly on some hardware compatibilities and won't really work that way afaik. Qubes was created primarily for security where Tails was created primarily for privacy - that obviously doesn't mean that they can't have both, but its something to keep in mind. tl;dr - both are cool and good, but Qubes OS works better as a daily system where Tails is a "boot and bin" Rooney McNibnug fucked around with this message at 09:21 on Sep 24, 2017 |
# ? Sep 24, 2017 09:15 |