|
at least in the specific case of "sending all the W2's over email" there should be training so that even if the actual CEO legit tells you to do that, you don't automatically do it
|
# ? Nov 13, 2017 16:47 |
|
|
# ? May 15, 2024 04:21 |
|
email should never be used for task management and only for notification from a real task management system to prevent that kind of thing from ever happening. so if CEO sends a request you don't do it unless theres a ticket for it.
|
# ? Nov 13, 2017 17:00 |
|
BangersInMyKnickers posted:They're running the in-house wifi and the control network over the same switches with vlan segregation (weight/space savings) and possibly other additional controls with I assume none of the management interfaces being exposed on the in-house side which is where the APs would live. There's been a bunch of speculation but I don't believe anything conclusive has been published on how they jumped in to the control network and the avionics systems. Owning the AP itself probably won't get you there but it might expose you to some kind of management port on the switches to compromise and pivot to. Just victims of the in-house wifi They say hack, you say sky high
|
# ? Nov 13, 2017 17:00 |
|
https://twitter.com/0XDEDBEEF/status/929911025595551744
|
# ? Nov 13, 2017 17:06 |
|
this owns
|
# ? Nov 13, 2017 17:28 |
|
Shinku ABOOKEN posted:am i the only one who feels phishing tests are worthless. the way i see it used is mainly secops being shitheads. “haha gotcha u dummy”. it sucks rear end for morale and the tools don’t care if the user didn’t interact with the phish. Our IT dept sends out test phishing emails that kinda sorta look like they come from HR and then follows it up with a "You could have Putin on your pc now if you clicked on that link in real life, you dumb idiot!" message later in the day. An hour after that, HR will invariably send out a legit important firmwide email w/attachment an hour or two later and then get mad because no one opened it and read it. Every loving time.
|
# ? Nov 13, 2017 17:38 |
|
i think the solution here is to get rid of email
|
# ? Nov 13, 2017 17:39 |
|
infernal machines posted:i think the solution here is to get rid of email it is at least a huge historical mistake to conflate internal and external communication in one interface, at least for 99% of employees
|
# ? Nov 13, 2017 17:54 |
|
Extremely good.
|
# ? Nov 13, 2017 17:58 |
|
wrote her real name on it tho, smh
|
# ? Nov 13, 2017 18:00 |
|
how do you know its her real name though...
|
# ? Nov 13, 2017 18:11 |
|
same way you know the kid's name is joe_brown_1985 and not commemorating the death of the american figurative sculptor
|
# ? Nov 13, 2017 19:09 |
|
infernal machines posted:i think the solution here is to get rid of email
|
# ? Nov 13, 2017 19:14 |
|
http://www.bbc.com/news/technology-41969061 quote:During the Huddle sign-in process, the customer's device requests an authorisation code.
|
# ? Nov 13, 2017 19:33 |
|
srand(0) or a near equivalent strikes again!
|
# ? Nov 13, 2017 19:45 |
|
https://twitter.com/TheHackersNews/status/930133662141689856
|
# ? Nov 13, 2017 19:55 |
|
this one doesn't surprise me too much, but i would be interested to know how much variation faceid is willing to allow
|
# ? Nov 13, 2017 20:21 |
|
Reminds me of the Japanese cigarette vending machines that looked at your face to determine your age, which could be defeated by... a magazine cover.
|
# ? Nov 13, 2017 20:29 |
|
I'm curious how much the phone's owner participated in that, the writeup and video don't make it clear. high rez face photos and 3D scans would not be easy to do on the sly and would be totally infeasible if you don't know who the owner is in the first place (phone obtained through street crime etc)anthonypants posted:this one doesn't surprise me too much, but i would be interested to know how much variation faceid is willing to allow there's an apple white paper somewhere that talks about how faceid dynamically updates to keep track of your face changing. like if you let it scan you, validation fails, but then you immediately enter the correct pin the phone assumes that's just what you look like now and integrates the data from the failed scan into its internal model. this is how it handles haircuts, glasses, etc
|
# ? Nov 13, 2017 20:32 |
|
haveblue posted:there's an apple white paper somewhere that talks about how faceid dynamically updates to keep track of your face changing. like if you let it scan you, validation fails, but then you immediately enter the correct pin the phone assumes that's just what you look like now and integrates the data from the failed scan into its internal model. this is how it handles haircuts, glasses, etc
|
# ? Nov 13, 2017 20:42 |
|
minato posted:Reminds me of the Japanese cigarette vending machines that looked at your face to determine your age, which could be defeated by... a magazine cover. so long as it passes the legal tick box
|
# ? Nov 13, 2017 20:43 |
From that thread
|
|
# ? Nov 13, 2017 20:48 |
|
anthonypants posted:hmm, i wear glasses when i'm at home and contacts when i go out so i wonder how that'll work i have two very different pairs of glasses (some smaller rectangle ones and some big rear end ray-bans) and trying faceid for maybe the first time without either pair of glasses just now didn't work but then i entered my passcode and it worked so…
|
# ? Nov 13, 2017 22:50 |
|
haveblue posted:I'm curious how much the phone's owner participated in that, the writeup and video don't make it clear. high rez face photos and 3D scans would not be easy to do on the sly and would be totally infeasible if you don't know who the owner is in the first place (phone obtained through street crime etc) Face is a stupid unlock mode and Apple users are gonna get bit in so many terrible ways but people will keep defending it .
|
# ? Nov 13, 2017 23:32 |
|
can someone confirm my memory re: wikileaks circa 2010ish, iirc they showed a real world example of using ss7 to track a mobile phone across the globe - an actual example involving a journalist, not just tools/docs from other groups. i'm extremely sure this happened but i can't find any evidence. it wasn't big news at the time, just snuck into the announcement of another leak.
|
# ? Nov 14, 2017 00:07 |
|
quote:Just before the stroke of midnight on September 20, 2016, at the height of last year’s presidential election, the Wikileaks Twitter account sent a private direct message to Donald Trump Jr., the Republican nominee’s oldest son and campaign surrogate. “A PAC run anti-Trump site putintrump.org is about to launch,” Wikileaks wrote. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?” (The site, which has since become a joint project with Mother Jones, was founded by Rob Glaser, a tech entrepreneur, and was funded by Progress for USA Political Action Committee.)
|
# ? Nov 14, 2017 01:00 |
|
lmao someone else did a 'ehh a guid() is good enough for this' I see edit:wait wait hang on are they using a shared session state across users or using the id as the session key or something? because even my lovely "send a guid to the browser and back to check that they actually viewed the page before hitting an action" process would maintain user segregation if the same guid was used Powerful Two-Hander fucked around with this message at 01:35 on Nov 14, 2017 |
# ? Nov 14, 2017 01:31 |
|
I wish WikiLeaks actually delivered what it used to promise and wasn't just a weak sauce mouthpiece for Russian poo poo.
|
# ? Nov 14, 2017 01:33 |
|
don jr did a trumpism https://twitter.com/DonaldJTrumpJr/status/930228239494209536 https://twitter.com/DonaldJTrumpJr/status/930228342774816769 https://twitter.com/DonaldJTrumpJr/status/930228511343865858
|
# ? Nov 14, 2017 01:38 |
|
It's fine, there's no collision here. Everything is fine.
|
# ? Nov 14, 2017 01:38 |
|
Volmarias posted:It's fine, there's no collision here.
|
# ? Nov 14, 2017 01:40 |
|
anthonypants posted:what are you going to do about it
|
# ? Nov 14, 2017 01:53 |
|
Powerful Two-Hander posted:lmao someone else did a 'ehh a guid() is good enough for this' I see
|
# ? Nov 14, 2017 02:17 |
|
https://twitter.com/xkeepah/status/930232899042869248
|
# ? Nov 14, 2017 02:23 |
|
yospos, twithc
|
# ? Nov 14, 2017 03:43 |
|
isn’t this all public info just by typing in a user into the url bar? like you can’t actually edit right? if you can’t edit it’s not a goof it’s fine e: filing a bug report anyway cuz the ui behavior is unexpected even if benign, should still get fixed Sniep fucked around with this message at 05:23 on Nov 14, 2017 |
# ? Nov 14, 2017 05:01 |
|
yeah literally no private info or security implication insecurity fuckup
|
# ? Nov 14, 2017 05:43 |
|
Wiggly Wayne DDS posted:can someone confirm my memory re: wikileaks circa 2010ish, iirc they showed a real world example of using ss7 to track a mobile phone across the globe - an actual example involving a journalist, not just tools/docs from other groups. i'm extremely sure this happened but i can't find any evidence. it wasn't big news at the time, just snuck into the announcement of another leak.
|
# ? Nov 14, 2017 06:33 |
|
minato posted:Reminds me of the Japanese cigarette vending machines that looked at your face to determine your age, which could be defeated by... a magazine cover. That's working as designed though.
|
# ? Nov 14, 2017 17:19 |
|
|
# ? May 15, 2024 04:21 |
|
https://arstechnica.com/gadgets/2017/11/oneplus-engineering-apk-exposes-backdoor-to-root-access/ anroid still bad
|
# ? Nov 14, 2017 21:27 |