|
https://arstechnica.com/information-technology/2017/10/equifax-rival-transunion-also-sends-site-visitors-to-malicious-pages/ https://twitter.com/sarahjeong/status/918604097183346688 Just-In-Timeberlake fucked around with this message at 19:37 on Oct 13, 2017 |
#
?
Oct 13, 2017 19:15
|
|
|
|
| # ? May 15, 2024 01:12 |
|
|
https://twitter.com/infinite_scream/status/918916821436256256 
|
|
#
?
Oct 13, 2017 20:12
|
|
|
Just-In-Timeberlake posted:https://arstechnica.com/information-technology/2017/10/equifax-rival-transunion-also-sends-site-visitors-to-malicious-pages/ isn't that tweet in reference to the "hacker" guy who raped a bunch of women and is now being memory-holed from the EFF and the other orgs he was on
|
|
#
?
Oct 13, 2017 20:12
|
|
|
security questions are the worst thing. idk if make your own security questions is better or worse. i mean then you can basically make it a custom recovery key set.
|
|
#
?
Oct 13, 2017 20:14
|
|
|
Lutha Mahtin posted:isn't that tweet in reference to the "hacker" guy who raped a bunch of women and is now being memory-holed from the EFF and the other orgs he was on
|
|
#
?
Oct 13, 2017 20:16
|
|
|
cant believe glenn greenwald replaced morgan m-b with 2 brazilian orphans
|
|
#
?
Oct 13, 2017 21:04
|
|
|
cjs: just had to explain to my boss that we can't just replace the ca certificate on our website, and also that sha1 is totally fine for a ca certificate
|
|
#
?
Oct 13, 2017 21:06
|
|
|
Shaggar posted:security questions are the worst thing. idk if make your own security questions is better or worse. i mean then you can basically make it a custom recovery key set. when I did tech support I had one guy who used the word 'pomegranate' as the answer to every secret question seems like a good idea until you start telling everyone how smart you are for doing it
|
|
#
?
Oct 13, 2017 21:49
|
|
|
RFC2324 posted:when I did tech support I had one guy who used the word 'pomegranate' as the answer to every secret question Why not circumvent all secret questions by using one phrase for all of them? How is this different from using the same passphrase everywhere?
|
|
#
?
Oct 13, 2017 21:51
|
|
|
at my last company we set all the secret questions and secret answers by default to something that i can only assume was thought up by our alcoholic old lead dev on one of his during-work-hours drinking sprees i won't say what it actually is because i loving guarantee they haven't done poo poo to fix it but it was some bizarre kinda-sorta-not-really sensical thing like "question: house / answer: live in"
|
|
#
?
Oct 13, 2017 22:01
|
|
|
this was the same place that stored all the passwords as unsalted md5 in tyool 2015 (and, again, I guarantee they still do) but actually managed to make it slightly harder than trivial to reverse them, entirely by accident - the database column they were stored in was like 3 characters too short (cuz it used to be stored in plaintext and they couldn't be assed to change the table at all lol), so before inserting it they'd truncate the hash string by 3 characters. as a result you actually couldn't pull up any google results for the hash since google doesn't seem to do partial matches on long random-letter words like that. secure! 
|
|
#
?
Oct 13, 2017 22:05
|
|
|
lol (it's been taken down) https://twitter.com/briankrebs/status/918910436053012480
|
|
#
?
Oct 13, 2017 22:35
|
|
|
Grassy Knowles posted:Why not circumvent all secret questions by using one phrase for all of them? better than using something that is a matter of public record like your mothers maiden name
|
|
#
?
Oct 13, 2017 22:36
|
|
|
anthonypants posted:cjs: just had to explain to my boss that we can't just replace the ca certificate on our website, and also that sha1 is totally fine for a ca certificate chaos reigns
|
|
#
?
Oct 13, 2017 22:46
|
|
|
RFC2324 posted:better than using something that is a matter of public record like your mothers maiden name seriously "so that just leaves all my mom's siblings, their kids, my uncle's kids and my dad, fantastic plan"
|
|
#
?
Oct 13, 2017 23:17
|
|
|
anthonypants posted:lol (it's been taken down) https://twitter.com/briankrebs/status/918910436053012480 ad/analytics networks are a cancer on the web hmm, let me just display arbitrary third-party content I didn't vet on my website, this is a good idea
|
|
#
?
Oct 13, 2017 23:30
|
|
|
flakeloaf posted:seriously I love that a common alternative I have seen is siblings middle name... Also a matter of public record that is pretty trivial to look up.
|
|
#
?
Oct 13, 2017 23:43
|
|
|
anthonypants posted:cjs: just had to explain to my boss that we can't just replace the ca certificate on our website, and also that sha1 is totally fine for a ca certificate have they asked a random tool to scan your site and are bringing you the results?
|
|
#
?
Oct 13, 2017 23:43
|
|
|
Main Paineframe posted:ad/analytics networks are a cancer on the web ads are a cancer on society
|
|
#
?
Oct 13, 2017 23:45
|
|
|
RFC2324 posted:better than using something that is a matter of public record like your mothers maiden name ugh, sure--but you should already be using a password manager and just create passwords for those questions.
|
|
#
?
Oct 13, 2017 23:57
|
|
|
Main Paineframe posted:ad/analytics networks are a cancer on the web but check out the mad dosh you get from it
|
|
#
?
Oct 13, 2017 23:59
|
|
|
Grassy Knowles posted:ugh, sure--but you should already be using a password manager and just create passwords for those questions. Let me convince the general public to ignore the instructions their bank gives them in favor of using something WAY more complicated. I'm not saying its a good practice, or that a professional who does it should be taken seriously, but for my 72 year old mom, or my school teacher sister, its better than actually giving valid answers and is a FAR easier sell(meaning its possible to get them on board with it at all)
|
|
#
?
Oct 14, 2017 00:02
|
|
|
Thanks Ants posted:have they asked a random tool to scan your site and are bringing you the results?
|
|
#
?
Oct 14, 2017 00:07
|
|
|
isn't this just the usual conversion/cart tracking garbage that literally every ecommerce site has?
|
|
#
?
Oct 14, 2017 03:34
|
|
|
redleader posted:isn't this just the usual conversion/cart tracking garbage that literally every ecommerce site has? yeah it's not particularly shocking that that's happening, it's the oblivious canned reply that makes it though
|
|
#
?
Oct 14, 2017 03:57
|
|
|
https://twitter.com/johnofa/status/918941635387338752quote:On Tuesday, a South Korean lawmaker said North Korean hackers had accessed a military database and stolen top-secret files, including a plan for a decapitation strike against top leaders in Pyongyang. That followed reports that hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends its own.
|
|
#
?
Oct 14, 2017 07:08
|
|
|
ratbert90 posted:Security Fuckup Megathread - v14.1 - Hello, is this a delivery order? Nice!
|
|
#
?
Oct 14, 2017 07:17
|
|
|
quote:The hacker used a variety of malware, including an internet Trojan tool known as a “China Chopper,” identified in 2012 and favored by Chinese hackers as well as cybercriminal networks and other nations. The China Chopper enables an attacker to use brute-force password guessing against login portals, then upload and download files on victim devices after gaining access. "ok, guess this could take awhile, just gonna go make some....you've got to be kidding me"
|
|
#
?
Oct 14, 2017 13:28
|
|
|
ate all the Oreos posted:yeah it's not particularly shocking that that's happening, it's the oblivious canned reply that makes it though of course they are selling every ounce of their data they can. if the company you work for sells your salary to equifax you better believe pizza hut is selling the fact you like pineapple on pizza to someone Bhodi fucked around with this message at 17:09 on Oct 14, 2017 |
|
#
?
Oct 14, 2017 17:05
|
|
|
Bhodi posted:honestly thought it was the random social media employee's version of "Sir, this is a macdonald's drive-through" and chuckled appropriately So it turns out that the entirety of Twitter is, in fact, a fast food drive-through?
|
|
#
?
Oct 14, 2017 18:59
|
|
|
now I’m wondering if Intuit payroll or other small biz processors do that by default
|
|
#
?
Oct 14, 2017 19:10
|
|
|
Hed posted:now I’m wondering if Intuit payroll or other small biz processors do that by default
|
|
#
?
Oct 14, 2017 19:33
|
|
|
Bhodi posted:you better believe pizza hut is selling the fact you like pineapple on pizza to someone hopefully interpol
|
|
#
?
Oct 14, 2017 20:11
|
|
|
do never sms 2fa: https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number
|
|
#
?
Oct 14, 2017 20:32
|
|
|
Mr.Radar posted:do never sms 2fa: https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number but how else will [older person here] be able to do 2fa because other forms are Too Hard so we should just let this slide
|
|
#
?
Oct 14, 2017 20:34
|
|
|
google authenticator can't be that hard to implement
|
|
#
?
Oct 14, 2017 20:42
|
|
|
anthonypants posted:google authenticator can't be that hard to implement but what about iphone users 
|
|
#
?
Oct 14, 2017 20:46
|
|
|
Mr.Radar posted:do never sms 2fa: https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number "Hey what's your response to this evidence that even my own account was affected?" "We've found no evidence any accounts were affected" Not confidence inspiring.
|
|
#
?
Oct 14, 2017 21:47
|
|
|
Haquer posted:but what about iphone users it would actually be extremely cool if apple would open their 2FA API since its integrated and has those popups
|
|
#
?
Oct 14, 2017 21:53
|
|
|
|
| # ? May 15, 2024 01:12 |
|
|
Haquer posted:but what about iphone users I have google authenticator on my iphone 
|
|
#
?
Oct 14, 2017 23:38
|
|
