|
BarbarianElephant posted:Did they have to set an intern clicking "refresh" so it didn't log out automatically after a few minutes? Knowing the FBI, probably. Assuming Ross was even smart enough to have an inactive timeout.
|
#
?
Oct 3, 2017 21:51
|
|
|
|
| # ? Jun 7, 2024 16:25 |
|
|
fishmech posted:Lying? Drizly has been in business since 2012, that's certainly longer than DoorDash has been delivering alcohol. Turns out every. single. Yahoo. account. was hacked in 2013. Every one. And Yahoo's reassuring me that "The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. " Oh. Passwords in clear text weren't broken! I'm totally safe, then! I wonder if Verizon will try to claw back money, depending on how long this breach has been known, as well as how long this breach should have been known.
|
|
#
?
Oct 3, 2017 22:15
|
|
|
JawnV6 posted:He had his private laptop open with MYCRIEMS.TXT helpfully unencrypted. Feel free to continue going to a public library (how long before they have cameras and tracking there?) for your crimesearches on their computers.
|
|
#
?
Oct 3, 2017 22:20
|
|
|
DACK FAYDEN posted:I mean, in practice, you have to use your library card credentials to log in and you won't get one of those without a real enough form of ID... but if I'm making as much as that dude and stealing from Google I'd probably buy a fake ID and some fake documentation to get a library card to upload on why am I even posting this on SA goddammit Lots of places, you don't need library card creds. Libraries basically serve as homeless warming centers, up here in the northern Midwest at least, and they don't ask for your library card before the let you in or let you use a computer. Up here in Ann Arbor, you can see the homeless folks lining up outside the library early in the morning, waiting to get in and warm up. When I was living out of my car (in a much warmer climate), I used to spend five or six hours a day at the local library - nobody kicks you out, there's internet access, and the librarians generally keep the cops out. If you're between jobs or addresses, public libraries are the best. a foolish pianist fucked around with this message at 22:56 on Oct 3, 2017 |
|
#
?
Oct 3, 2017 22:50
|
|
|
Brief update on that crazy man with a submarine, Peter Madsen:quote:The suspected killer of Swedish journalist Kim Wall will be detained for four more weeks after a Copenhagen court heard that 15 stab wounds had been found on her body. What the gently caress
|
|
#
?
Oct 4, 2017 00:56
|
|
|
DACK FAYDEN posted:I mean, in practice, you have to use your library card credentials to log in and you won't get one of those without a real enough form of ID... but if I'm making as much as that dude and stealing from Google I'd probably buy a fake ID and some fake documentation to get a library card to upload on why am I even posting this on SA goddammit How about duck duck go (the search engine), using a vpn, and in incognito mode? What catches you then? fe: asking for a friend
|
|
#
?
Oct 4, 2017 02:06
|
|
|
Senor Dog posted:How about duck duck go (the search engine), using a vpn, and in incognito mode? What catches you then? Lots of VPNs flip pretty fast in the face of subpoenas and give up customer records including payment info and access IPs. If you pick the right VPN it might be okay but by that point you might as well just use TOR. Non-idiotic people survive on the dark web using a combination of VPNs, TOR, and/or amnesic operating systems. Also encryption and steganography. If you really want to be effectively untraceable online (I say effectively because there is really no way to be completely untraceable), you need to practice pretty strict protocols and most of the major busts come from user error re: security rather than security holes in the technology.
|
|
#
?
Oct 4, 2017 03:52
|
|
|
Tuxedo Gin posted:most of the major busts come from user error re: security rather than security holes in the technology.
|
|
#
?
Oct 4, 2017 03:57
|
|
|
[quote="“duz”" post="“477025218”"] Knowing the FBI, probably. Assuming Ross was even smart enough to have an inactive timeout. [/quote] A full field agent in fact! While the others were running around trying to find a power cable for that type of laptop because Ross forgot his. Like many details of Bitcoin real life is better than fiction.
|
|
#
?
Oct 4, 2017 04:07
|
|
|
Arsenic Lupin posted:IIRC some of the Enigma encryption shortcuts came because early messages always led with the date or some other predictable text. Tuxedo Gin posted:Also encryption and steganography.
|
|
#
?
Oct 4, 2017 05:53
|
|
|
DACK FAYDEN posted:How can you use steganography on the Internet? I mean, it's obvious to everyone if characters have different encoding, so you'd have to do something time-sensitive or establish a pre-agreed code of which letters have actual meaning to read, in which case you're just pushing the problem of key exchange further back... Hidden volumes for large amount of data, though it isn't flawless. I once edited an academic paper from a CS professor and his team was hiding data in images by using some algorithm to slightly alter pixels along the border between elements in the photo and they claimed that the changes were not detectable without either the original image or the algorithm. I won't pretend to completely understand it but I learned that there is some very interesting things going on with digital stenography as governments and organizations continue to crack down or attempt to put back doors into encryption and other methods of computer security. EDIT: There's also the original internet steganography of communicating via codewords on obscure hobbyist message boards and such. Tuxedo Gin fucked around with this message at 09:13 on Oct 4, 2017 |
|
#
?
Oct 4, 2017 06:33
|
|
|
Most file-formats have so much information-bloat that you can do a lot if you're creative enough and images especially afford a lot of options.
|
|
#
?
Oct 4, 2017 06:38
|
|
|
The least significant bit of images, especially if it is 12 bits or more is probably essentially ramdom due to counting and readout noise. You may be able to use it as a one time pad
|
|
#
?
Oct 4, 2017 08:43
|
|
|
Tuxedo Gin posted:... stenography ... Hiding info is steganography. Stenography is just shorthand.
|
|
#
?
Oct 4, 2017 09:08
|
|
|
ima let u finish in me posted:Hiding info is steganography. Stenography is just shorthand. yeah my autocorrect kept loving it up and i didn't notice. chrome doesn't like the word steganography
|
|
#
?
Oct 4, 2017 09:12
|
|
|
With many file formats you can simply embed a different file within the metadata or just append it to the end, e.g. everdreard's mp3 gifs. This it trivial to do bout also about as trivial for forensic tools to identify. The more interesting way is altering the data itself such that it is indistinguishable from noise unless you know the key, i.e.:Spazzle posted:The least significant bit of images, especially if it is 12 bits or more is probably essentially ramdom due to counting and readout noise. You may be able to use it as a one time pad
|
|
#
?
Oct 4, 2017 10:27
|
|
|
mobby_6kl posted:With many file formats you can simply embed a different file within the metadata or just append it to the end, e.g. everdreard's mp3 gifs. This it trivial to do bout also about as trivial for forensic tools to identify. The more interesting way is altering the data itself such that it is indistinguishable from noise unless you know the key, i.e.: Yeah I remember that program. Can't remember the name for the life of me, but it was pretty neat.
|
|
#
?
Oct 4, 2017 14:03
|
|
|
mobby_6kl posted:For all we know, PYF cats thread is an ISIS hotspot.
|
|
#
?
Oct 4, 2017 15:34
|
|
|
DACK FAYDEN posted:True, and on particularly difficult decryption days (even late in the war) the RAF would bomb an area just to provoke a message with known plaintext portions about where they were bombing. The British ran loving circles around the Germans by the end despite the way more impressive technology in use. e: During WWII you couldn't send chess matches, crossword puzzles, or knitting patterns through the mail, because the Feds were worried about steganography.
|
|
#
?
Oct 4, 2017 15:56
|
|
|
Tuxedo Gin posted:yeah my autocorrect kept loving it up and i didn't notice. chrome doesn't like the word steganography Hmmm, very interesting. 
|
|
#
?
Oct 4, 2017 16:29
|
|
|
quote:Shopify falls after short-seller Andrew Left releases critical video Here's the video: http://www.citronresearch.com/citron-exposes-the-dark-side-of-shopify/ I think there's some valid points about overzealous marketing, but the comparison to Herbalife seems like a bit of a stretch. Shopify, to my knowledge, has created an actual useful product. I'm under the impression that Shopify has made the best product for brick and mortar indie shops to quickly make an online shop, and for flea market scale retailers. Left's accusation I suppose is that Shopify revenue is coming from I dunno fake businesses that churn instantly, and people are only making money by selling people on the dream of making money. The question is how much of Shopify revenue comes from people who are expanding a viable, proven business to online, and how much revenue is coming from this sort of "jumping on the bandwagon, non viable, insta churn online junk business" stuff that Left is highlighting.
|
|
#
?
Oct 4, 2017 17:14
|
|
|
High profile short seller makes pronouncement that a stock is overvalued, said stock drops in price shortly after. Hmmmmmmm.
|
|
#
?
Oct 4, 2017 17:39
|
|
|
Senor Dog posted:How about duck duck go (the search engine), using a vpn, and in incognito mode? What catches you then? If it's an active investigation? A number of things. They could use browser/OS fingerprinting, which is not just the browser's user agent but what plugins are installed, what media formats are supported and security settings. If Java or Flash is allowed to run, then you can store a marker on the local machine for later confirmation. But the most common method I've seen used is that they just embed a tracking pixel on a compromised page or otherwise somehow trick you into viewing an image that's actually on one of their machines. Since they only sent it to you, they likely now have your real IP. Then, when they think they have your physical location, they can do any number of fun tricks, like killing your internet for a minute and seeing if the account they think is you goes offline as well. Or you can be like wunderkind Ross and order fake ids from your black market to your admin account with your real photo on them and have the package get intercepted by the postal police.
|
|
#
?
Oct 4, 2017 19:05
|
|
|
Steve French posted:High profile short seller makes pronouncement that a stock is overvalued, said stock drops in price shortly after. Hmmmmmmm. https://www.nytimes.com/2017/06/08/magazine/the-bounty-hunter-of-wall-street.html
|
|
#
?
Oct 4, 2017 19:15
|
|
|
Arsenic Lupin posted:This has always been true of spying in general and cryptography in particular. One of the most important sources in U.S. knowledge of Russia from 1943-1980, the Venona Project, was made possible because the Russian company that made one-time pads got lazy and produced duplicates. IIRC some of the Enigma encryption shortcuts came because early messages always led with the date or some other predictable text. Or my favorite: quote:The one snag with Enigma of course is the fact that if you press A, you can get every other letter but A. I picked up this message and—one was so used to looking at things and making instant decisions—I thought: 'Something's gone. What has this chap done? There is not a single L in this message.' GJ giving up the new rotor wiring, lazy operator guy. duz posted:If it's an active investigation? A number of things. They could use browser/OS fingerprinting, which is not just the browser's user agent but what plugins are installed, what media formats are supported and security settings. If Java or Flash is allowed to run, then you can store a marker on the local machine for later confirmation. But the most common method I've seen used is that they just embed a tracking pixel on a compromised page or otherwise somehow trick you into viewing an image that's actually on one of their machines. Since they only sent it to you, they likely now have your real IP. Then, when they think they have your physical location, they can do any number of fun tricks, like killing your internet for a minute and seeing if the account they think is you goes offline as well. Harik fucked around with this message at 23:04 on Oct 4, 2017 |
|
#
?
Oct 4, 2017 22:51
|
|
|
https://twitter.com/_DianeKim/status/915693210088984576 posting this here, cause why not edit: and before it's asked, the better translation here is "they are a doctor/they are a babysitter" he or she is invalid since that info is not contained in the sentence as written Condiv fucked around with this message at 21:16 on Oct 5, 2017 |
|
#
?
Oct 5, 2017 21:10
|
|
|
Steve French posted:High profile short seller makes pronouncement that a stock is overvalued, said stock drops in price shortly after. Hmmmmmmm.  And they say competition is dead!
|
|
#
?
Oct 6, 2017 01:39
|
|
|
Short sellers do God's work.
|
|
#
?
Oct 6, 2017 02:18
|
|
|
Spazzle posted:Short sellers do God's work. Short-sellers are their own arguments for why some financial services should really only be available to the most boring of institutional investors.
|
|
#
?
Oct 6, 2017 06:33
|
|
|
MiddleOne posted:Short-sellers are their own arguments for why some financial services should really only be available to the most boring of institutional investors. If you did that then how would we ever discover hackable flaws in pacemakers?
|
|
#
?
Oct 6, 2017 17:18
|
|
|
MiddleOne posted:Short-sellers are their own arguments for why some financial services should really only be available to the most boring of institutional investors. I can already imagine the tests for boring investors. "Which of the following arouses you?" A. A sexy woman B. Stacks of cash C. The comprehensive U.S. tax code and financial regulations
|
|
#
?
Oct 7, 2017 20:55
|
|
|
If you answer by asking, "For choice C do you mean the current code or a different year?" then you're in.
|
|
#
?
Oct 7, 2017 21:20
|
|
|
Ynglaur posted:If you answer by asking, "For choice C do you mean the current code or a different year?" then you're in. agreed, these are the people that i want managing the nation's wealth (unironically)
|
|
#
?
Oct 8, 2017 01:24
|
|
I CANNOT EJACULATE WITHOUT SEEING NATIVE AMERICANS BRUTALISED!
|
blowfish posted:agreed, these are the people that i want managing the nation's wealth (unironically) "While you were studying "marketing" via holding up sorority girls for keg stands...I was studying credit default swap protection leg yield and credit curve integrals as an input into a yet-unsolved function of recovery rates and whether these could be modeled to be dependent on interest and hazard rates." Doesn't really roll off the tongue like "studying the blade."
|
|
#
?
Oct 8, 2017 07:29
|
|
|
Ask the quant who applied the gaussian copula to pricing MBSes
|
|
#
?
Oct 8, 2017 07:37
|
|
|
Uber's sexism scandal is being made into a Hollywood moviequote:The drama, which has the working title Disruptors, is based on the life story of Susan Fowler, the Uber engineer whose expose of widespread sexual harassment at the taxi firm sparked an inquiry that led to the resignation of its CEO Travis Kalanick in June.
|
|
#
?
Oct 10, 2017 18:52
|
|
|
Uber Pushed the Limits of the Law. Now Comes the Reckoning Good summary of all the problems Uber is coming to face currently. quote:Uber faces at least five criminal probes from the Justice Department—two more than previously reported. Bloomberg has learned that authorities are asking questions about whether Uber violated price-transparency laws, and officials are separately looking into the company’s role in the alleged theft of schematics and other documents outlining Alphabet Inc.’s autonomous-driving technology. Uber is also defending itself against dozens of civil suits, including one brought by Alphabet that’s scheduled to go to trial in December. Also, quote:Sullivan wasn’t just security chief at Uber. Unknown to the outside world, he also took the title of deputy general counsel, four people said. The designation could allow him to assert attorney-client privilege on his communications with colleagues and make his e-mails more difficult for a prosecutor to subpoena. 
|
|
#
?
Oct 11, 2017 16:43
|
|
|
Doggles posted:Also, How can you assert expectation of privacy when you don't tell anyone you're in a privileged-communications relationship with your clients? 
|
|
#
?
Oct 11, 2017 20:22
|
|
|
Just put it in your email signature! Then everyone who gets the email is bound by it!
|
|
#
?
Oct 11, 2017 20:37
|
|
|
|
| # ? Jun 7, 2024 16:25 |
|
|
Absurd Alhazred posted:How can you assert expectation of privacy when you don't tell anyone you're in a privileged-communications relationship with your clients? This only works when you're doing "attorney work." If you're doing non-attorney work, the priviledge will be found invalid by the court.
|
|
#
?
Oct 11, 2017 20:37
|
|
