|
2015 were different times.
|
#
?
Oct 9, 2017 11:30
|
|
|
|
| # ? May 15, 2024 11:56 |
|
|
EssOEss posted:2015 were different times. Yes, they are super secure now. https://twitter.com/EclipsingR/status/917135137971822592
|
|
#
?
Oct 9, 2017 13:41
|
|
|
Proteus Jones posted:Yes, they are super secure now. normal people would never understand "hash and salt" so they just say "encrypted". i'm not saying they arent storing passwords w/ reversible encryption, just that this isnt exactly compelling evidence
|
|
#
?
Oct 9, 2017 16:17
|
|
|
NEED MORE MILK posted:normal people would never understand "hash and salt" so they just say "encrypted". i'm not saying they arent storing passwords w/ reversible encryption, just that this isnt exactly compelling evidence they were emailed the password
|
|
#
?
Oct 9, 2017 16:27
|
|
|
https://twitter.com/gadievron/status/917122274280472576
|
|
#
?
Oct 9, 2017 16:28
|
|
|
ate all the Oreos posted:they were emailed the password oh well 
|
|
#
?
Oct 9, 2017 16:29
|
|
|
ate all the Oreos posted:they were emailed the password Come now, I'm sure they had the standard disclaimer in the footer that if the person wasn't the intended recipient to delete the message. No one disregards those.
|
|
#
?
Oct 9, 2017 16:31
|
|
|
How does a modern website even manage store passwords now? If you know what you're doing you're going to salt and hash. If you don't know what you're doing every webapp-in-a-box template/module is going to salt and hash your user's passwords.
|
|
#
?
Oct 9, 2017 16:40
|
|
|
that's for basic not knowing what you're doing beginners, after a bit of experience you reach the sweet spot of not knowing what you're doing where you feel you don't need webapp-in-a-box any more because you can write real code like a grown-up
|
|
#
?
Oct 9, 2017 16:44
|
|
|
our company just ditched kaspersky - seems like everyone is moving away from it
|
|
#
?
Oct 9, 2017 17:18
|
|
|
Rip Eugene
|
|
#
?
Oct 9, 2017 17:22
|
|
|
i think the kaspersky stuff is most likely xenophobic cold warrior bullshit fud but what do i know 
|
|
#
?
Oct 9, 2017 17:34
|
|
|
ThePeavstenator posted:How does a modern website even manage store passwords now? If you know what you're doing you're going to salt and hash. If you don't know what you're doing every webapp-in-a-box template/module is going to salt and hash your user's passwords. You'd think so but the tutorials are often so wrong that it ends up not being secure even if you copy-paste straight off the official guides: Your Node.js authentication tutorial is (probably) wrong
|
|
#
?
Oct 9, 2017 17:39
|
|
|
ThePeavstenator posted:How does a modern website even manage store passwords now? If you know what you're doing you're going to salt and hash. If you don't know what you're doing every webapp-in-a-box template/module is going to salt and hash your user's passwords. People are loving dumb is why. The first time I made a database to store passwords I thought to myself "Self, don't be a dumb. Take a few hours, do some research, figure out the best way to store passwords." After a few hours I had a bcrypt/hash/salt setup going that stored passwords not in plain text and I thought it was pretty decent. 99.99999% of the people out there won't even think about "Don't be dumb" and will just go about storing poo poo in plain text.
|
|
#
?
Oct 9, 2017 17:52
|
|
|
Proteus Jones posted:Yes, they are super secure now.
|
|
#
?
Oct 9, 2017 17:55
|
|
|
anthonypants posted:i have no idea what this company does but here is their latest tweet https://twitter.com/Twoo/status/915231291397869569 faq says What is Twoo? Twoo is the most fun way to meet new people in your area.
|
|
#
?
Oct 9, 2017 17:57
|
|
|
Midjack posted:faq says okay but how do i change my date of birth
|
|
#
?
Oct 9, 2017 17:57
|
|
|
good news everyone, paying for things is about to get easier! Nothing could possibly go wrong!quote:A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online. https://www.bleepingcomputer.com/news/technology/browsers-will-store-credit-card-details-similar-to-how-they-save-passwords/
|
|
#
?
Oct 9, 2017 18:09
|
|
|
that sounds like poo poo from an rear end
|
|
#
?
Oct 9, 2017 18:10
|
|
|
COACHS SPORT BAR posted:good news everyone, paying for things is about to get easier! Nothing could possibly go wrong! the github is full of interesting questions, such as Should the API support field validation? or Should user agent validate currency? or How are digital signatures supported for Payment Requests? anthonypants fucked around with this message at 18:23 on Oct 9, 2017 |
|
#
?
Oct 9, 2017 18:19
|
|
|
my bitter bi rival posted:i think the kaspersky stuff is most likely xenophobic cold warrior bullshit fud but what do i know ....eeeeeehhhhhhhh, not really. There's been a push to remove Kaspersky Lab's employees and replace them with 'friendlier' faces that have ties to the Russian State Department, Intelligence, and Military. They've even gone as far as charging Kaspersky Lab employees as US spies.
|
|
#
?
Oct 9, 2017 18:19
|
|
|
my bitter bi rival posted:i think the kaspersky stuff is most likely xenophobic cold warrior bullshit fud but what do i know It isn't bullshit.
|
|
#
?
Oct 9, 2017 18:23
|
|
|
It's also not new.
|
|
#
?
Oct 9, 2017 18:23
|
|
|
CommieGIR posted:....eeeeeehhhhhhhh, not really. There's been a push to remove Kaspersky Lab's employees and replace them with 'friendlier' faces that have ties to the Russian State Department, Intelligence, and Military. 
|
|
#
?
Oct 9, 2017 18:26
|
|
|
is amazon still suing people over one-click purchases or is that patent expiring soon
|
|
#
?
Oct 9, 2017 18:26
|
|
|
protip: if you're running an av client for some reason and you don't want random poo poo being exfiltrated to your av vendor, disable sample submission like, is there any evidence that the nsa/kaspersky thing was anything other than that idiot contractor taking poo poo home and his av uploading flagged files?
|
|
#
?
Oct 9, 2017 18:31
|
|
|
infernal machines posted:protip: if you're running an av client for some reason and you don't want random poo poo being exfiltrated to your av vendor, disable sample submission
|
|
#
?
Oct 9, 2017 18:34
|
|
|
CommieGIR posted:....eeeeeehhhhhhhh, not really. There's been a push to remove Kaspersky Lab's employees and replace them with 'friendlier' faces that have ties to the Russian State Department, Intelligence, and Military. i didn't klnow that. thats interesting and i guess changes things a little but still think that if you are a normal home computer user, the russian state should probably not be a part of threat model. no one cares about you.
|
|
#
?
Oct 9, 2017 18:38
|
|
|
my bitter bi rival posted:i didn't klnow that. thats interesting and i guess changes things a little but still think that if you are a normal home computer user, the russian state should probably not be a part of threat model. no one cares about you. next step: kaspersky internet security injecting fake news into your timeline/searches
|
|
#
?
Oct 9, 2017 18:41
|
|
|
The def update sets allow for execution of arbitrary code on the endpoint as root/system and I bet you could slip something sneaky in there to target a specific client site if you really wanted to. If you're a big corporate or government and are concerned about being a target for that kind of thing then yeah, you should be using a domestic vendor. People still don't understand the level of control AV software has over an endpoint or how far its management hooks really extend and what that means for liability.
|
|
#
?
Oct 9, 2017 18:41
|
|
|
infernal machines posted:protip: if you're running an av client for some reason and you don't want random poo poo being exfiltrated to your av vendor, disable sample submission this is the first part of what happened seems like after the sample was submitted, that employee was "coincidentally" targeted by Russian hackers, who were able to get pretty much everything else. there's no indication that Kaspersky or their software were involved in that hack, though, beyond happening to find the initial indication that got him targeted in the first place at worst, they happened to receive the sample due to the contractor's fuckups, noticed that it was tied to a state actor, and notified their government. though they're denying that; their explanation for that coincidence is that maybe they'd been hacked too and the attacker found it in their networks. doesn't sound too likely to me, but Kaspersky's internal networks were hacked pretty badly back in 2015 when the events in question happened, so either way, the nsa's definitely overemphasizing the role of kaspersky in order to dodge the blame for their boneheaded idiocy. the contractor who was working on new hacking tools to replace the ones that were leaked by a previous contractor accidentally leaked them to an antivirus company, and then got his computer completely compromised by foreign hackers
|
|
#
?
Oct 9, 2017 19:29
|
|
|
anthonypants posted:looks like a cool way for a website to transmit your credit card info over http, and have that decision abstracted away from you
|
|
#
?
Oct 9, 2017 19:33
|
|
|
Cocoa Crispies posted:otoh since it's just a knockoff of pay they could do the right thing and have mandatory HTTPS and store payment data in a way that requires mandatory authentication against secure hardware https://developer.apple.com/documentation/applepayjs this definitely sounds like a thing browser developers are going to do
|
|
#
?
Oct 9, 2017 19:50
|
|
|
Cocoa Crispies posted:otoh since it's just a knockoff of pay they could do the right thing and have mandatory HTTPS Cocoa Crispies posted:and store payment data in a way that requires mandatory authentication against secure hardware
|
|
#
?
Oct 9, 2017 19:52
|
|
|
Midjack posted:this definitely sounds like a thing browser developers are going to do i mean 1/4 of them already did
|
|
#
?
Oct 9, 2017 19:54
|
|
|
Cocoa Crispies posted:i mean 1/4 of them already did what's the percentage by marketshare?
|
|
#
?
Oct 9, 2017 19:55
|
|
|
Lightbulb Out posted:our company just ditched kaspersky - seems like everyone is moving away from it even my nontechnical coworkers are asking me what's a good antivirus these days (kaspersky users, its cheap and well marketed in latvia)
|
|
#
?
Oct 9, 2017 20:26
|
|
|
my bitter bi rival posted:i think the kaspersky stuff is most likely xenophobic cold warrior bullshit fud but what do i know freedom fries anti-virus
|
|
#
?
Oct 9, 2017 20:29
|
|
|
kaspersky has engaged in corporate espionage on other AV players on that note
|
|
#
?
Oct 9, 2017 21:04
|
|
|
|
| # ? May 15, 2024 11:56 |
|
|
i think that has less to do with "they're russians and therefore spies and also evil" and more to do with "they're a corporation with the means to spy on their competitors" honestly, i'd be more disappointed to hear that large IT companies don't routinely break into each other's poo poo
|
|
#
?
Oct 9, 2017 21:14
|
|