e: wrongthread
|
|
# ? Nov 21, 2017 00:51 |
|
|
# ? Jun 10, 2024 12:06 |
|
devmd01 posted:Just wrote a group policy and built out a plan to migrate all of our server local admin access to be completely managed by group policy, with access only granted through a serveradmin_%servername% security group for service accounts and support staff. drat that's some nice cjing.
|
# ? Nov 21, 2017 03:24 |
|
cinci zoo sniper posted:so whats up with aws secret region and aws top secret airgapped region or whatever aws can run a computer cheaper than most anyone else and even with a huge markup to pay for dealing with government bullshit and cage codes and poo poo it's price competitive for us government stuff
|
# ? Nov 21, 2017 04:27 |
|
also fedramp is big and using govcloud checkboxes a lot of things
|
# ? Nov 21, 2017 04:28 |
|
quote:
Security fuckup?
|
# ? Nov 21, 2017 05:42 |
|
Bhodi posted:also fedramp is big and using govcloud checkboxes a lot of things reading the fedramp reports in o365 seccom is interesting as they have some pretty indepth deets on the architecture of GFS and azure. also lots of ticked boxes
|
# ? Nov 21, 2017 05:43 |
|
ate poo poo on live tv posted:Security fuckup? umatrix is much better than noscript, i've found
|
# ? Nov 21, 2017 05:44 |
|
Farmer Crack-rear end posted:so do you guys have phone anxiety or what
|
# ? Nov 21, 2017 06:00 |
|
so, am i about to have the joys of daily firmware updates of my cpu? or can i count on my vendor just not bothering and my cpu having a ton of open backdoors for hackers to abuse?
|
# ? Nov 21, 2017 06:02 |
|
Condiv posted:so, am i about to have the joys of daily firmware updates of my cpu? or can i count on my vendor just not bothering and my cpu having a ton of open backdoors for hackers to abuse? depends on the vendor i suspect that apple, microsoft surfaces, and chrome os boxes will get updates, and intel will make something for windows users available but it's a flip of the coin if they'll get msft to push it
|
# ? Nov 21, 2017 06:07 |
|
spit on my clit posted:umatrix is much better than noscript, i've found noscript is great for hijacking new browser windows to tell you about itself, which is like, irony or something
|
# ? Nov 21, 2017 06:44 |
|
Cocoa Crispies posted:depends on the vendor
|
# ? Nov 21, 2017 07:43 |
|
Cocoa Crispies posted:or the drunkenly speed changing nokia ringer from "Crank" so *thats* where that annoying ringtone came from Rufus Ping posted:classic Mr Hands lomarf
|
# ? Nov 21, 2017 12:26 |
|
ate poo poo on live tv posted:Security fuckup? lol no script
|
# ? Nov 21, 2017 13:44 |
|
anthonypants posted:didn't they push the last updates? and linux will continue to get intel-firmware packages so i don't think delivery is an issue yes, microsoft routinely pushes intel and amd microcode updates through windows update on supported systems, don't see why they wouldn't push this at the appointed time. of course some of the affected cpus are ones explicitly not supported for say someone insisting on running windows 7 on the latest hardware, but thats that user's own fault for doing that
|
# ? Nov 21, 2017 16:18 |
|
anthonypants posted:didn't they push the last updates? and linux will continue to get intel-firmware packages so i don't think delivery is an issue idk windows is trash and i don't use it
|
# ? Nov 21, 2017 16:41 |
Cocoa Crispies posted:aws can run a computer cheaper than most anyone else and even with a huge markup to pay for dealing with government bullshit and cage codes and poo poo it's price competitive for us government stuff oic cheese-cube posted:reading the fedramp reports in o365 seccom is interesting as they have some pretty indepth deets on the architecture of GFS and azure. also lots of ticked boxes gps not the positioning system, right?
|
|
# ? Nov 21, 2017 18:16 |
|
cinci zoo sniper posted:oic gfs
|
# ? Nov 21, 2017 18:24 |
|
uber is a trashorg #7864 https://twitter.com/TheStalwart/status/933092923259760640 e: lol quote:Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers. Diva Cupcake fucked around with this message at 23:14 on Nov 21, 2017 |
# ? Nov 21, 2017 23:04 |
|
Cool, so they 1. pay ransoms to hackers and 2. keep the hackers' identities secret. This is useful to know.
|
# ? Nov 21, 2017 23:33 |
|
Diva Cupcake posted:uber is a trashorg #7864 ahahahhahaha
|
# ? Nov 21, 2017 23:45 |
|
lmaoquote:Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.
|
# ? Nov 22, 2017 03:05 |
|
Your not a real startup bro until you've committed at least a dozen aws secrets to GitHub.
|
# ? Nov 22, 2017 03:47 |
|
pseudorandom name posted:secure loving fuckup: sarah is cool irl fyi
|
# ? Nov 22, 2017 03:52 |
|
pseudorandom name posted:secure loving fuckup:
|
# ? Nov 22, 2017 04:03 |
|
mrmcd posted:Your not a real startup bro until you've committed at least a dozen aws secrets to GitHub. i do this constantly with toy or demo applications, gah
|
# ? Nov 22, 2017 04:03 |
|
anthonypants posted:i thought this was going to be "men started emailing blowjobs to women, harassing them" but it's not that so i'm not sure i understand what they're saying Signature based identification of someone based on their custom blowjob, I think? I don't know, I started getting confused around the idea of a blowjob device and sending people blowjob choreography. I'm not sure that was a market need going unfulfilled.
|
# ? Nov 22, 2017 04:05 |
|
anthonypants posted:i thought this was going to be "men started emailing blowjobs to women, harassing them" but it's not that so i'm not sure i understand what they're saying for some reason pseudorandom left out the tweet that actually gets to the point: https://twitter.com/SarahJamieLewis/status/933156388745895936
|
# ? Nov 22, 2017 04:14 |
|
I was expecting mangled dicks from malformed blowjob data edit: hey look at that
|
# ? Nov 22, 2017 04:14 |
|
BattleMaster posted:I was expecting mangled dicks from malformed blowjob data thread title
|
# ? Nov 22, 2017 04:25 |
|
one thing i don't get is that if the email data was just the base64-encoded json data from your create-a-blowjob, why would that site need to keep a copy of your create-a-blowjob after it was emailed out, or did their xss allow them to generate a feed from all subsequent create-a-blowjobs
|
# ? Nov 22, 2017 04:30 |
|
this is why in holding out for quantum blowjobs
|
# ? Nov 22, 2017 04:31 |
|
this wouldn't have been a problem if they'd used the block chain or rather, the blow chain
|
# ? Nov 22, 2017 04:35 |
|
Main Paineframe posted:for some reason pseudorandom left out the tweet that actually gets to the point: I was trying to edit it down to something a little more manageable and it turns out its hard to keep track of which tweets you've copied and pasted
|
# ? Nov 22, 2017 04:38 |
|
anthonypants posted:one thing i don't get is that if the email data was just the base64-encoded json data from your create-a-blowjob, why would that site need to keep a copy of your create-a-blowjob after it was emailed out, or did their xss allow them to generate a feed from all subsequent create-a-blowjobs guessing how it works is that the interpreter for the base64 lives on their web service and the link invokes it with the base64 as an argument. then the client displays the unpacked blowjob profile in a web app where it's exploitable. no online storage needed, it lives only in the email but has to pass through the server and js frontend before being uploaded to the blowjob bot haveblue fucked around with this message at 04:43 on Nov 22, 2017 |
# ? Nov 22, 2017 04:40 |
|
Security Fuckup Megathread - v14.1 - the client displays the unpacked blowjob profile
|
# ? Nov 22, 2017 04:41 |
|
anthonypants posted:one thing i don't get is that if the email data was just the base64-encoded json data from your create-a-blowjob, why would that site need to keep a copy of your create-a-blowjob after it was emailed out, or did their xss allow them to generate a feed from all subsequent create-a-blowjobs judging from the way she describes it, I think the blowjob machine is controlled from the browser via the website. the base64 is just a parameter in the link that the site parses into instructions for the machine, which it then forwards to the machine probably via a plugin or something. naturally, no validation is done on those directions, so there's nothing to stop an attacker from base64-encoding dick_destroyer.js and sending it out as a blowjob link if I'm reading those tweets right, it gets worse. because if the parsing encounters an illegal character, it just stops and dumps the rest of the decoded content into the page. so you could easily exploit that to insert an iframe into the page, and then load arbitrary scripts into that iframe. this could potentially be used to hijack however the site connects to the blowjob machine, and directly control it without needing to go through the site's code at all that's my read on it
|
# ? Nov 22, 2017 04:46 |
|
Main Paineframe posted:judging from the way she describes it, I think the blowjob machine is controlled from the browser via the website. the base64 is just a parameter in the link that the site parses into instructions for the machine, which it then forwards to the machine probably via a plugin or something. naturally, no validation is done on those directions, so there's nothing to stop an attacker from base64-encoding dick_destroyer.js and sending it out as a blowjob link dick_destroyer.js Mods? Name change please?
|
# ? Nov 22, 2017 04:48 |
|
|
# ? Jun 10, 2024 12:06 |
|
Main Paineframe posted:judging from the way she describes it, I think the blowjob machine is controlled from the browser via the website. the base64 is just a parameter in the link that the site parses into instructions for the machine, which it then forwards to the machine probably via a plugin or something. naturally, no validation is done on those directions, so there's nothing to stop an attacker from base64-encoding dick_destroyer.js and sending it out as a blowjob link
|
# ? Nov 22, 2017 04:50 |