|
Notorious b.s.d. posted:median income in latvia is like $400 a month dude twice that number in euro
|
#
?
Oct 17, 2017 04:21
|
|
|
|
| # ? May 15, 2024 15:26 |
|
|
AggressivelyStupid posted:speaking of Tavis, 
|
|
#
?
Oct 17, 2017 07:50
|
|
|
KRACK WPA2 attack paper is out: https://papers.mathyvanhoef.com/ccs2017.pdf good laymans writeup from matt green that correctly throws the IEEE under a bus as well: https://blog.cryptographyengineering.com/2017/10/16/falling-through-the-kracks/
|
|
#
?
Oct 17, 2017 14:58
|
|
|
Daman posted:https://twitter.com/esetglobal/status/919974497926766593 should have gone with kaspersky
|
|
#
?
Oct 17, 2017 15:11
|
|
|
Top figure of the year
|
|
#
?
Oct 17, 2017 16:09
|
|
|
GMail now lets you turn on Advanced Security for consumer accounts aka FIDO token required for login and they make you jump through more hoops for the account reset process https://blog.google/topics/safety-security/googles-strongest-security-those-who-need-it-most/
|
|
#
?
Oct 17, 2017 16:12
|
|
|
apseudonym posted:Top figure of the year it's a little weird to compare things that are clearly generating normal distributions to things that aren't though, unless I'm missing something here e: wait no I didn't see that it's generating primes not just random numbers lol
|
|
#
?
Oct 17, 2017 17:33
|
|
|
ate all the Oreos posted:it's a little weird to compare things that are clearly generating normal distributions to things that aren't though, unless I'm missing something here yeah, i guess the ideal would be the area above the curve being uniformly filled. microsoft probably coming out the best, but as long as it is uniform and large enough to be visible i figure it is good the non-uniform distributions are a bit scary since one starts to wonder whether there are higher peaks hiding in whatever causes them
|
|
#
?
Oct 17, 2017 17:45
|
|
|
apseudonym posted:Top figure of the year title: “Microsoft is good?  ”
|
|
#
?
Oct 17, 2017 17:47
|
|
|
hobbesmaster posted:title: “Microsoft is good? Microsoft has been pretty good on infosec stuff for a while now.
|
|
#
?
Oct 17, 2017 17:59
|
|
|
yeah it was only 2013 when msrc was compromised
|
|
#
?
Oct 17, 2017 19:27
|
|
|
hobbesmaster posted:title: “Microsoft is good? Good compared to that TPM vendor at least.
|
|
#
?
Oct 17, 2017 19:48
|
|
|
Please don't construe OpenSSL's one instance of doing something right with an endorsement of that garbage fire
|
|
#
?
Oct 17, 2017 20:26
|
|
|
The NXP card is bizarre. Seems like they blocked it out to fill the greatest possible area between the curve and the line, but still hosed up and massively favor one small area
|
|
#
?
Oct 17, 2017 20:28
|
|
|
COACHS SPORT BAR posted:The NXP card is bizarre. Seems like they blocked it out to fill the greatest possible area between the curve and the line, but still hosed up and massively favor one small area if you don't have a shitload of power/cpu to work with picking a random small region of your space to hunt in makes sense, and i'd bet that none of the validation testing for this poo poo included minding their ps and qs this much
|
|
#
?
Oct 17, 2017 20:32
|
|
|
Cocoa Crispies posted:if you don't have a shitload of power/cpu to work with picking a random small region of your space to hunt in makes sense, and i'd bet that none of the validation testing for this poo poo included minding their ps and qs this much
|
|
#
?
Oct 17, 2017 20:36
|
|
|
Cocoa Crispies posted:if you don't have a shitload of power/cpu to work with picking a random small region of your space to hunt in makes sense, and i'd bet that none of the validation testing for this poo poo included minding their ps and qs this much hurr hurrrr
|
|
#
?
Oct 17, 2017 20:37
|
|
|
BangersInMyKnickers posted:Please don't construe OpenSSL's one instance of doing something right with an endorsement of that garbage fire Openssl sucks but everything else sucks more
|
|
#
?
Oct 17, 2017 20:37
|
|
|
Windows Schannel/CryptoAPI is excellent and the rest of the world is poo poo
|
|
#
?
Oct 17, 2017 20:40
|
|
|
Cocoa Crispies posted:if you don't have a shitload of power/cpu to work with picking a random small region of your space to hunt in makes sense, and i'd bet that none of the validation testing for this poo poo included minding their ps and qs this much lol
|
|
#
?
Oct 17, 2017 20:55
|
|
|
What exactly does that curve on the RNG graph even mean? I don't get the significance of it.
|
|
#
?
Oct 17, 2017 21:00
|
|
|
EssOEss posted:What exactly does that curve on the RNG graph even mean? I don't get the significance of it. Cocoa Crispies posted:if you don't have a shitload of power/cpu to work with picking a random small region of your space to hunt in makes sense, and i'd bet that none of the validation testing for this poo poo included minding their ps and qs this much
|
|
#
?
Oct 17, 2017 21:09
|
|
|
Cocoa Crispies posted:if you don't have a shitload of power/cpu to work with picking a random small region of your space to hunt in makes sense, and i'd bet that none of the validation testing for this poo poo included minding their ps and qs this much NICE!
|
|
#
?
Oct 17, 2017 21:41
|
|
|
Dylan16807 posted:does it actually use less power to go any smaller than the microsoft box, though? possibly, the gemalto and nxp hardware is about the size of a grain of kosher salt and has pretty tight power and thermal constraints
|
|
#
?
Oct 17, 2017 22:14
|
|
|
We sent out a generic advisory about Krack to our users and told them to do important poo poo on a wired connection. And I know Microsoft put out a patch about it, but most of our laptops right now are still Windows 7. How hosed are our users above and beyond the usual hosed-ness?
|
|
#
?
Oct 17, 2017 22:16
|
|
|
Cocoa Crispies posted:possibly, the gemalto and nxp hardware is about the size of a grain of kosher salt and has pretty tight power and thermal constraints you aren’t kidding 
|
|
#
?
Oct 17, 2017 22:25
|
|
|
hobbesmaster posted:you aren’t kidding
|
|
#
?
Oct 17, 2017 22:28
|
|
|
anthonypants posted:holy poo poo you can also buy wafers if that’s too much packaging
|
|
#
?
Oct 17, 2017 22:29
|
|
|
The real wtf is that common attacks for these kinds of chips is decapping them and shooting lasers at specific parts of the chip
|
|
#
?
Oct 17, 2017 22:58
|
|
|
hobbesmaster posted:you aren’t kidding yeah next time you have a chip card that gets replaced, delaminate the old one and rip it apart and try to find the chip without losing it, it's surprisingly hard i rooted around in my shredder's output bin for the last card i ran through it to take a picture but couldn't find it
|
|
#
?
Oct 17, 2017 23:02
|
|
|
Avenging_Mikon posted:We sent out a generic advisory about Krack to our users and told them to do important poo poo on a wired connection. And I know Microsoft put out a patch about it, but most of our laptops right now are still Windows 7. How hosed are our users above and beyond the usual hosed-ness? If you've got enterprise apps that run over an un-encrypted channel you're probably hosed anyway
|
|
#
?
Oct 17, 2017 23:20
|
|
|
Avenging_Mikon posted:We sent out a generic advisory about Krack to our users and told them to do important poo poo on a wired connection. And I know Microsoft put out a patch about it, but most of our laptops right now are still Windows 7. How hosed are our users above and beyond the usual hosed-ness? i *think* windows clients weren't vulnerable from the start to the worst bits (repeating nonces in the normal handshakes), so you may be in luck. i am not sure what realistic impact the multicast stuff which may have an effect on windows can have though. may be one of those moments where actually asking microsoft may be the best job-preserving move
|
|
#
?
Oct 17, 2017 23:30
|
|
|
Avenging_Mikon posted:We sent out a generic advisory about Krack to our users and told them to do important poo poo on a wired connection. And I know Microsoft put out a patch about it, but most of our laptops right now are still Windows 7. How hosed are our users above and beyond the usual hosed-ness? Not that hosed probably, as much as we're all loathe to admit it shaggar was right, the MS implementation was largely unaffected by krack and the more minor issues were fixed last patch Tuesday anyway. However, abigserve posted:If you've got enterprise apps that run over an un-encrypted channel you're probably hosed anyway
|
|
#
?
Oct 17, 2017 23:30
|
|
|
all the important stuff like banking etc is hosed but your facebook and twitter data is still very secure
|
|
#
?
Oct 17, 2017 23:31
|
|
|
cinci zoo sniper posted:50k is beyond fantastic, basically the limit for non-managers. my rent right now is 250/mo for a 2br in decent area 
|
|
#
?
Oct 17, 2017 23:52
|
|
|
Bulgogi Hoagie posted:all the important stuff like banking etc is hosed but your facebook and twitter data is still very secure sad but true
|
|
#
?
Oct 18, 2017 00:05
|
|
|
Bulgogi Hoagie posted:all the important stuff like banking etc is hosed but your facebook and twitter data is still very secure This is the motto for 2017 infosec right here
|
|
#
?
Oct 18, 2017 00:35
|
|
|
there was a flash update to fix an 0day https://helpx.adobe.com/security/products/flash-player/apsb17-32.html except it breaks the vmware flash client, and the recommended fix from vmware is to roll back to the old version of flash https://kb.vmware.com/kb/2151945
|
|
#
?
Oct 18, 2017 00:38
|
|
|
I use a combination of the j# vsphere client and the html5 vsphere client.
|
|
#
?
Oct 18, 2017 00:48
|
|
|
|
| # ? May 15, 2024 15:26 |
|
|
Avenging_Mikon posted:We sent out a generic advisory about Krack to our users and told them to do important poo poo on a wired connection. And I know Microsoft put out a patch about it, but most of our laptops right now are still Windows 7. How hosed are our users above and beyond the usual hosed-ness? Question 1: If their corporate WiFi network were suddenly transformed into a Starbucks wifi, how hosed would they be? I.e. How much of their security depends strongly on network trust? If the answer is "quite hosed", proceed to question 2. Question 2: How easy is it for a hypothetical attacker to physically place equipment within the corp wifi bubble for an extended period of time without being detected? If the answer is "quiet easy" proceed to question 3. Question 3: How likely is it anyone cares enough about their poo poo corp to get around to targeting them specifically before all the laptops and phones get patched?
|
|
#
?
Oct 18, 2017 00:59
|
|