|
i guess they should accept that pull request then
|
# ? Oct 15, 2017 21:40 |
|
|
# ? May 30, 2024 17:02 |
|
what could go wrong https://www.theregister.co.uk/2017/10/13/us_hack_back_law/?mt=1508102664099
|
# ? Oct 15, 2017 22:26 |
|
that rules
|
# ? Oct 15, 2017 22:28 |
Just-In-Timeberlake posted:what could go wrong dont be late to our conceal carry cryptominer sale!
|
|
# ? Oct 15, 2017 22:29 |
|
Just-In-Timeberlake posted:what could go wrong
|
# ? Oct 15, 2017 22:48 |
|
anthonypants posted:google authenticator can't be that hard to implement tell that to twitter and facebook who will still default to sms 2fa as the most trusted method even if you use authenticator codes
|
# ? Oct 16, 2017 00:15 |
|
Bulgogi Hoagie posted:tell that to twitter and facebook who will still default to sms 2fa as the most trusted method even if you use authenticator codes
|
# ? Oct 16, 2017 00:19 |
|
Do you think Trump uses sms 2fa for twitter?
|
# ? Oct 16, 2017 00:27 |
|
Bulgogi Hoagie posted:tell that to twitter and facebook who will still default to sms 2fa as the most trusted method even if you use authenticator codes even google loving does. I had to set it up with SMS 2fa before I was able to flip it to OTP
|
# ? Oct 16, 2017 01:11 |
|
ohgodwhat posted:Do you think Trump uses sms 2fa for twitter? p sure trump just has someone else do all the hard "log me in" bullshit because he can't be assed
|
# ? Oct 16, 2017 01:14 |
|
ate all the Oreos posted:p sure trump just has someone else do all the hard "log me in" bullshit because he can't be assed god i hope so that way his password is hard to guess if it was up to him it would be trumproolzobamadroolz
|
# ? Oct 16, 2017 01:17 |
|
minivanmegafun posted:even google loving does. I had to set it up with SMS 2fa before I was able to flip it to OTP twitter is worse in that you have to set it up with sms first but even after that it still sends sms no matter what which defeats the whole point
|
# ? Oct 16, 2017 01:32 |
|
google you can delete the phone number from your account after setting up 2fa. They make you put one in to turn on 2fa because a lot of users are all "ooohh errp I just dropped my phone in the toilet and now can't access my account" but if you care enough to go back and remove the phone number after it's assumed you know what you're doing and have printed out backup codes, etc. edit: I just checked facebook you can disable sms codes too if you dig down through the security > 2fa settings. mrmcd fucked around with this message at 01:48 on Oct 16, 2017 |
# ? Oct 16, 2017 01:42 |
|
mrmcd posted:google you can delete the phone number from your account after setting up 2fa. They make you put one in to turn on 2fa because a lot of users are all "ooohh errp I just dropped my phone in the toilet and now can't access my account" but if you care enough to go back and remove the phone number after it's assumed you know what you're doing and have printed out backup codes, etc. facebook you can only disable phone codes if you opt to use a code generator combined with U2F e: and considering U2F is only supported by chrome natively so far it’s not a great solution really Bulgogi Hoagie fucked around with this message at 02:05 on Oct 16, 2017 |
# ? Oct 16, 2017 01:59 |
|
https://twitter.com/JGamblin/status/919606576486453249/photo/1
|
# ? Oct 16, 2017 01:59 |
|
|
# ? Oct 16, 2017 02:10 |
|
idgi
|
# ? Oct 16, 2017 02:37 |
|
mod saas posted:idgi presumably it spams deauth packets, making it rather difficult for the wireless camera to send data
|
# ? Oct 16, 2017 02:46 |
|
anatoliy pltkrvkay posted:presumably it spams deauth packets, making it rather difficult for the wireless camera to send data
|
# ? Oct 16, 2017 02:48 |
|
this krack thing is going to suck, isn't it? ughhhh
|
# ? Oct 16, 2017 03:04 |
|
Pardot posted:this krack thing is going to suck, isn't it? ughhhh Eh, enterprises will want to patch appropriately, but only high value targets need rush and why are they using wifi and insecure protocols for things that matter? James Baud fucked around with this message at 04:21 on Oct 16, 2017 |
# ? Oct 16, 2017 04:14 |
|
Just-In-Timeberlake posted:what could go wrong Every day, we inch closer to full corporate sovereignty.
|
# ? Oct 16, 2017 04:31 |
|
Maybe due process exists to, ya know, protect the innocent.
|
# ? Oct 16, 2017 04:32 |
|
anatoliy pltkrvkay posted:presumably it spams deauth packets, making it rather difficult for the wireless camera to send data yeah, you can be marriott starting at $30 Cocoa Crispies fucked around with this message at 04:48 on Oct 16, 2017 |
# ? Oct 16, 2017 04:38 |
|
James Baud posted:Eh, enterprises will want to patch appropriately, but only high value targets need rush and why are they using wifi and insecure protocols for things that matter? WPA2 was known to be insecure prior to this? lol at using wifi at all for anything that matters, but most places I have been everyone who mattered used a laptop, which means being on wifi at least sometimes.
|
# ? Oct 16, 2017 04:39 |
|
Cocoa Crispies posted:yeah, you can be marriott starting at $30
|
# ? Oct 16, 2017 04:45 |
|
anthonypants posted:idgi gently caress, crossed the streams: https://boingboing.net/2014/10/03/fcc-fines-marriott-for-jamming.html
|
# ? Oct 16, 2017 04:48 |
|
RFC2324 posted:WPA2 was known to be insecure prior to this? By "insecure protocols", I was meaning things like credentials and other fun traffic via unencrypted pop/imap/http/etc.
|
# ? Oct 16, 2017 04:50 |
|
mrmcd posted:https://www.infineon.com/cms/en/product/promopages/tpm-update/ Oh, I bet this is exactly what was wrong with the Estonian digital identity cards, too! These are also Infineon products that probably share the majority of the codebase with their TPMs. Can't firmware patch them, though! The FAQ is very vague but it does sound like an RNG issue. They closed the public key registry so that you could not brute force key pairs until you got a match thanks to the broken RNG. EssOEss fucked around with this message at 05:35 on Oct 16, 2017 |
# ? Oct 16, 2017 05:29 |
|
anthonypants posted:idgi Marriott got hit with a $600,000 fine by the FCC for knocking customer's personal hotspots out of the air because they wanted to force conferences using their facilities to use their Guest connections (which they charged for) using wireless IPS. While you *can* use deauth/disassoc packets to maintain your wireless security, you have to be really, really sure what you're knocking off the air. The FCC takes a real dim view of interfering with unlicensed spectrum and can hit with up to $50K per occurrence. It was only a matter of time. I know for a fact Marriott was advised to NOT do what they ended up doing by people who knew the minefield of using de-auth as a defensive measure. e; poo poo. fb. Proteus Jones fucked around with this message at 05:49 on Oct 16, 2017 |
# ? Oct 16, 2017 05:47 |
|
i use WPA2-Enterprise with PEAP at home because lol why not. is that affected by this krackhole dealio or does that only affect TKIP/AES-CCMP?
|
# ? Oct 16, 2017 06:15 |
|
cheese-cube posted:i use WPA2-Enterprise with PEAP at home because lol why not. is that affected by this krackhole dealio or does that only affect TKIP/AES-CCMP? Nope you're affected. Also, who's calling it krackhole? I haven't seen a reference to it outside of here.
|
# ? Oct 16, 2017 06:17 |
|
Proteus Jones posted:Nope you're affected.
|
# ? Oct 16, 2017 06:20 |
|
anthonypants posted:there was a github link with the html page it looks like they'll be using for the #branding of this latest exploit gently caress it. It's late, I'm cranky and started tilting windmills.
|
# ? Oct 16, 2017 06:21 |
|
Proteus Jones posted:Nope you're affected. lol cool. was planning on buying a new WAP anyway as my current one doesn't do 802.11ac also yeah as anthonypants pointed it out they've branded it as "KRACK" but i've decided to call it krackhole which is better Edit: should clarify, i the KRACK hashtag and poo poo is already showing up on the tweeter Proteus Jones posted:
i made this exact same gripe in the greythread last week when drunkposting. pretty soon you'll be able to detect impending disclosure by closely watching domain registrations...
|
# ? Oct 16, 2017 06:28 |
|
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
|
# ? Oct 16, 2017 07:07 |
|
sooo still no advisement as to ease and practicality of such an attack?
|
# ? Oct 16, 2017 07:11 |
|
I suspect https://www.krackattacks.com will go live within the next hour or so. It's 8:15 am in Leuven.
|
# ? Oct 16, 2017 07:13 |
|
lol in addition to the WPA2 stuff: https://twitter.com/dangoodin001/status/919798487776034817
|
# ? Oct 16, 2017 07:40 |
|
|
# ? May 30, 2024 17:02 |
|
pls don't post my keys. also related, affordable access to protocol specs has hampered research so a lot of this poo poo has prolly (deffo) been known for ages by well-funded actors: https://twitter.com/nikitab/status/919751347901046789
|
# ? Oct 16, 2017 07:48 |