|
Cocoa Crispies posted:i mean 1/4 of them already did more like 1/20 at best lmao
|
# ? Oct 9, 2017 21:37 |
|
|
# ? May 14, 2024 19:19 |
|
lol I got a Symantec platform health report back from my account rep and 70% of the "Virus Detections" in my network were from one misbehaving desktop who kept quarantining a bad .js file then detecting its own quarantine as bad and re-quarantining the file it it already had in an endless loop this product is such a clown show
|
# ? Oct 9, 2017 21:49 |
BangersInMyKnickers posted:lol I got a Symantec platform health report back from my account rep and 70% of the "Virus Detections" in my network were from one misbehaving desktop who kept quarantining a bad .js file then detecting its own quarantine as bad and re-quarantining the file it it already had in an endless loop this product is such a clown show in college I had that happen on a pc I was working on, but it spawned a new window each time it detected the file and the entire screen just filled up with them until the computer hard froze (I imagine from lack of resources). made an awful sound too.
|
|
# ? Oct 10, 2017 02:55 |
|
Speaking of W3C stuff, there is a spec going around to replace FIDO for phish-resistant 2-factor tokens with a superset of capabilities that include letting the OS handle these things. Looks like all the vendors are really dragging their feet which sucks because although Yubikeys are pretty rad I'd prefer to just use Touch ID
|
# ? Oct 10, 2017 05:57 |
|
ratbert90 posted:99.99999% of the people out there won't even think about "Don't be dumb" and will just go about storing poo poo in plain text. Our architect said that he doesn't care, just store the password in plain text and i objected very strongly. We are using java, so it wasn't even a case of having to invent the wheel again, and he loving knew this
|
# ? Oct 10, 2017 10:39 |
|
I got a call from a stressed IT guy today because AV had reported deleting 50k+ malware files from my staff drive. He was terrified they'd deleted one of my malware repos. As if I'd store malware on something they control. They were all false positives, it deleted some source repos. C code is very suspicious apparently.
|
# ? Oct 10, 2017 12:29 |
|
Wheany posted:Our architect said that he doesn't care, just store the password in plain text and i objected very strongly. We are using java, so it wasn't even a case of having to invent the wheel again, and he loving knew this i used to work at a place that hosted a few mailboxes for some of our better paying clients. passwords for the mailboxes were plaintext mysql fields. this was done not out of ignorance of the security issues with it, but because said clients kept forgetting their passwords, and also wanted their old passwords back (why? you forgot it anyway you poo poo), not new ones every time. this was a hard requirement, and the reason these clients refused to get a real provider. when i got hired, i said we'd be better off just telling them to gently caress off to gmail, and let them argue about forgotten passwords with google, but nepotism is a powerful drug. i found a better job fairly quickly at least. yoloer420 posted:C code is very suspicious apparently. http://hackertyper.net/
|
# ? Oct 10, 2017 12:33 |
|
Jimmy Carter posted:Speaking of W3C stuff, there is a spec going around to replace FIDO for phish-resistant 2-factor tokens with a superset of capabilities that include letting the OS handle these things. Looks like all the vendors are really dragging their feet which sucks because although Yubikeys are pretty rad I'd prefer to just use Touch ID I know of at least one working implementation of FIDO in the mbp touch bar.
|
# ? Oct 10, 2017 12:44 |
|
Wheany posted:Our architect said that he doesn't care, just store the password in plain text and i objected very strongly. We are using java, so it wasn't even a case of having to invent the wheel again, and he loving knew this Thunderdome him for his job.
|
# ? Oct 10, 2017 14:24 |
|
anthonypants posted:when the nsa does those things it's good Nah, its bad then too, especially NSA asking for back doors and hiding bugs/developer left-in back doors. There was a bunch of Ubiquiti stuff that had leftover development backdoors left in, and the NSA was pushing for them to be left in, despite the backdoors already being well known and documented as an issue.
|
# ? Oct 10, 2017 14:36 |
|
Truga posted:i used to work at a place that hosted a few mailboxes for some of our better paying clients. passwords for the mailboxes were plaintext mysql fields. this was done not out of ignorance of the security issues with it, but because said clients kept forgetting their passwords, and also wanted their old passwords back (why? you forgot it anyway you poo poo), not new ones every time. this was a hard requirement, and the reason these clients refused to get a real provider. there are secure ways to do this without storing them in plain text
|
# ? Oct 10, 2017 15:05 |
|
i wrote a program to try a bunch of different variations of my password (and variations of the variations of the variations...) and managed to recover it after only 38,509 attempts despite having typed that drat thing every day for the past year, i somehow managed to gently caress up the capitalization of one letter AND substitute an & in place of a ; in my brain, to the point where I didn't even consider the & to be suspicious at all. loving bizarre, i have no idea how I managed to short out my brain so bad
|
# ? Oct 10, 2017 15:32 |
|
http://www.newsweek.com/north-korea-cyber-army-hacked-us-south-korea-plans-decapitate-kim-jong-un-681414quote:According to Rhee, the ministry still has to identify the content of about 80 percent of the 235 gigabytes of data that was stolen.
|
# ? Oct 10, 2017 15:33 |
CommieGIR posted:http://www.newsweek.com/north-korea-cyber-army-hacked-us-south-korea-plans-decapitate-kim-jong-un-681414 im ready to bet the secret plans are carpetbombing north korean civilians, or japanese civilians, to kill/befried best leader
|
|
# ? Oct 10, 2017 15:37 |
|
lomarf JavaScript https://twitter.com/aemkei/status/917094611419566081
|
# ? Oct 10, 2017 16:13 |
|
Chris Knight posted:lomarf JavaScript i want a js brainfuck interpreter for christmas
|
# ? Oct 10, 2017 16:39 |
|
ate all the Oreos posted:i wrote a program to try a bunch of different variations of my password (and variations of the variations of the variations...) and managed to recover it after only 38,509 attempts This is actually pretty cool and good, thanks for sharing
|
# ? Oct 10, 2017 16:45 |
CommieGIR posted:http://www.newsweek.com/north-korea-cyber-army-hacked-us-south-korea-plans-decapitate-kim-jong-un-681414 200GB of that is actually just generic power points with stupid embeded video content that has been copied to personal folders imagine putting a 50 minute 1080p training video in a slide deck, then scaling it down to quarter resolution, then clicking through it during the presentation because nobody is paying attention anyway high speed low brains
|
|
# ? Oct 10, 2017 17:01 |
|
M_Gargantua posted:200GB of that is actually just generic power points with stupid embeded video content that has been copied to personal folders i see you too have become responsible for curating user data
|
# ? Oct 10, 2017 17:03 |
|
Chris Knight posted:lomarf JavaScript yeah, weirdo subsets of js aren't super fresh http://www.jsfuck.com/
|
# ? Oct 10, 2017 17:26 |
|
https://twitter.com/chesh/status/917791425210830848 https://twitter.com/chesh/status/917791692404723712
|
# ? Oct 10, 2017 19:05 |
|
win8+ dns client rce patched oct 2017: https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/
|
# ? Oct 10, 2017 19:38 |
|
CommieGIR posted:Nah, its bad then too, especially NSA asking for back doors and hiding bugs/developer left-in back doors.
|
# ? Oct 10, 2017 20:17 |
|
anthonypants posted:remember when the nsa would intercept shipments of cisco equipment so they could install their own backdoors or whatever you make it sound like they stopped
|
# ? Oct 10, 2017 20:21 |
|
ate all the Oreos posted:you make it sound like they stopped why bother doing it themselves when they can get cisco to do it?
|
# ? Oct 10, 2017 20:24 |
|
https://www.infineon.com/cms/en/product/promopages/tpm-update/ https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update quote:A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. After you have installed software and/or firmware updates, you will need to re-enroll in any security services you are running to remediate those services. For more details contact the TPM manufacturer TPM keygen is hard. edit: enjoy resetting your tpm, everyone!
|
# ? Oct 10, 2017 20:47 |
|
https://www.theverge.com/2017/10/10/16447264/prison-hacker-recycled-computer-fraud-ohio-marion-transkiy good poo poo
|
# ? Oct 10, 2017 21:02 |
|
Just-In-Timeberlake posted:https://www.theverge.com/2017/10/10/16447264/prison-hacker-recycled-computer-fraud-ohio-marion-transkiy quote:He said he stole the personal inmate information from an internal system called DOTS. That information was redacted, but Johnston simply viewed the code on the page. yeah, that sounds like the quality ive seen in jms software
|
# ? Oct 10, 2017 21:26 |
|
mrmcd posted:https://www.infineon.com/cms/en/product/promopages/tpm-update/ Nice.
|
# ? Oct 10, 2017 21:27 |
|
Just-In-Timeberlake posted:https://www.theverge.com/2017/10/10/16447264/prison-hacker-recycled-computer-fraud-ohio-marion-transkiy quote:He said he stole the personal inmate information from an internal system called DOTS. That information was redacted, but Johnston simply viewed the code on the page Lol Edit: damnit
|
# ? Oct 10, 2017 21:28 |
|
quote:As the interrogation went on, the investigators pushed harder. “What’s the worst thing you’ve ever been in trouble for?” the trooper asked. lmbo prison investigations are always such an utter hamfisted shitshow hmmmmmmmm wonder why
|
# ? Oct 10, 2017 21:54 |
|
[quote="“Tatsujin”" post="“477251575”"] lmbo prison investigations are always such an utter hamfisted shitshow hmmmmmmmm wonder why [/quote] unless there's a recording i wouldn't take it too literally i guaranteed the cops mentioned that it was a serious felony though. because it is, I'm not sure what she was expecting?
|
# ? Oct 10, 2017 22:04 |
|
hobbesmaster posted:unless there's a recording i wouldn't take it too literally eh it was just a choice quote. the issue with prison investigations is that the guards/officials gently caress up everything by the time the state police and prosecutors get involved.
|
# ? Oct 10, 2017 22:09 |
|
well the entire reason it got that far is that they didn't have an it department knowing state governments they probably only had one it guy for the entire facility and paid them $30k/year
|
# ? Oct 10, 2017 22:10 |
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
|
|
# ? Oct 10, 2017 22:26 |
|
Just-In-Timeberlake posted:https://www.theverge.com/2017/10/10/16447264/prison-hacker-recycled-computer-fraud-ohio-marion-transkiy this is awesome
|
# ? Oct 10, 2017 22:40 |
|
cinci zoo sniper posted:https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking neat, but lol at the man with kinda bad english writing thinking that putting a period inside the quotes at the end of a sentence was incorrect and worth putting in his FAQ.
|
# ? Oct 10, 2017 22:52 |
|
i'm pretty sure that's mostly an american style
|
# ? Oct 10, 2017 22:54 |
|
looking up to the example set by equifax microsoft decided to also just stop bothering with their flagship product https://twitter.com/gossithedog/status/917885384658481152
|
# ? Oct 11, 2017 00:04 |
|
|
# ? May 14, 2024 19:19 |
|
Bulgogi Hoagie posted:looking up to the example set by equifax microsoft decided to also just stop bothering with their flagship product lol they're re-creating the bug on outlook 2010
|
# ? Oct 11, 2017 00:09 |