|
you need an iot id to sign into an id:iot account
|
# ? Dec 15, 2017 03:32 |
|
|
# ? May 14, 2024 07:29 |
|
RFC2324 posted:at some point i started reading iot as idiot of things I can't unsee it now.
|
# ? Dec 15, 2017 03:51 |
|
Jabor posted:you need an iot id to sign into an id:iot account heh
|
# ? Dec 15, 2017 08:00 |
|
Potato Salad posted:Well, he didn't, because I have something very very vulnerable exposed in a terrifying way text me
|
# ? Dec 15, 2017 09:58 |
|
someone claims to have stolen the registered voter database for the state of california (it's a mongoDB), and is demanding a bitcoin ransom
|
# ? Dec 15, 2017 16:46 |
|
infernal machines posted:someone claims to have stolen the registered voter database for the state of california (it's a mongoDB), and is demanding a bitcoin ransom what information of any use to criminals would actually be in there? it might be interesting to someone if it had party affiliations, but otherwise it's just names and addresses, information which is generally publicly available.
|
# ? Dec 15, 2017 17:20 |
|
lots of states charge money for those public records tho so CA would lose out on that revenue stream. maybe they have poo poo in there they aren't supposed to like SS #s
|
# ? Dec 15, 2017 17:24 |
|
For ransom: list of names and addresses freely (as in freedom) given out to everybody involved in politics at the relevant level, mostly overlapping other existing public records. Good luck with that.
|
# ? Dec 15, 2017 17:29 |
|
the voter database itself is probably already publicly available from the state
|
# ? Dec 15, 2017 17:31 |
|
wtf? https://twitter.com/taviso/status/941710362717470720 apparently microsoft are bundling a vulnerable version of keeper with win10 because...?
|
# ? Dec 15, 2017 17:49 |
|
cheese-cube posted:apparently microsoft are bundling a vulnerable version of keeper with win10 because...? because cross promotion synergy install base uh.... please use apps, we have apps now, here are some of our apps but yeah, the pro version of windows now includes oob bundleware straight from microsoft
|
# ? Dec 15, 2017 18:07 |
|
hopefully there's some way to get an enterprise image stipped of that garbage?
|
# ? Dec 15, 2017 18:10 |
|
yeah, you can still sysprep images and create gpos to disable the pre-install crap, but some of it is per user so it'll try to download it again for every new user that logs in to the machine also the rolling updates regularly break the gpos and will just ignore some settings supposedly the enterprise sku is better about that, idk though since we're not using it anywhere
|
# ? Dec 15, 2017 18:40 |
|
it is better but still garbage in many ways.
|
# ? Dec 15, 2017 18:49 |
|
firefox installed an opt-out force-installed addon containing an arg for a tv show https://twitter.com/steveklabnik/status/941709050718416897 https://twitter.com/ra6bit/status/941715498609373184
|
# ? Dec 15, 2017 18:51 |
|
evil_bunnY posted:it is better but still garbage in many ways. at work we're on the cusp of developing a win10 SOE (pending PO and funding) and from all the poo poo i've read i get exactly the same impression. win10 has heaps of desirable features, especially in the sec space, but lol there's still heaps of garbage in there. i guess at the end of the day it's really just the same poo poo as previous windows releases.
|
# ? Dec 15, 2017 18:56 |
|
pseudorandom name posted:the voter database itself is probably already publicly available from the state It depends on the county, but you’re supposed to be associated with a campaign of some sort, but it’s a joke in practice. Also the cost to obtain these lists are so low as to be negligible.
|
# ? Dec 15, 2017 19:01 |
|
Jewel posted:firefox installed an opt-out force-installed addon containing an arg for a tv show what the gently caress guess i need to disable shield studies mozilla: Shield Studies is a function of the Shield project that prompts a random population of users to help us try out new products, features, and ideas. This feedback helps Mozilla to make more informed product decisions based on actual user needs. so i guess an unrequested marketing add-on tied to a media property is an actual user need?
|
# ? Dec 15, 2017 19:21 |
|
WAR DOGS OF SOCHI posted:It depends on the county, but you’re supposed to be associated with a campaign of some sort, but it’s a joke in practice. Also the cost to obtain these lists are so low as to be negligible. A person seeking to obtain all voters databases in the country need only file to run a presidential campaign and spend $150,000 in total to buy access to all the databases and be authorized to do so. Most expensive state is Arizona for some reason - $30,000
|
# ? Dec 15, 2017 19:46 |
|
Jewel posted:firefox installed an opt-out force-installed addon containing an arg for a tv show
|
# ? Dec 15, 2017 20:17 |
|
*chome
|
# ? Dec 15, 2017 20:23 |
|
cheese-cube posted:wtf?
|
# ? Dec 15, 2017 20:23 |
|
chrome feeds your entire browsing history into google adsense
|
# ? Dec 15, 2017 20:29 |
|
pseudorandom name posted:chrome feeds your entire browsing history into google adsense
|
# ? Dec 15, 2017 20:37 |
|
pseudorandom name posted:chrome feeds your entire browsing history into google adsense No, they don't.
|
# ? Dec 15, 2017 20:45 |
|
well, i mean, it largely does, by way of tracking cookies, but that is true of all browsers
|
# ? Dec 15, 2017 20:46 |
|
the starbucks bitcoin thing turned out to be someone had hacked the local ISP https://motherboard.vice.com/en_us/...ource=mbtwitter
|
# ? Dec 15, 2017 20:48 |
|
Chrome subtly breaks things between updates but nothing so egregious iirc
|
# ? Dec 15, 2017 20:49 |
|
microsoft sent me a scary email at 7pm last night telling me about this terrible vulnerability in their azure/office 365 integration tool but it looks like the issue is "someone on your helpdesk who has the ability to change passwords could change the password of the service account running dirsync"
|
# ? Dec 15, 2017 20:49 |
|
spankmeister posted:Chrome subtly breaks things between updates but nothing so egregious iirc
|
# ? Dec 15, 2017 20:53 |
|
RFC2324 posted:i just realized that at some point i started reading iot as idiot of things i prefer to read it as "internet of trash"
|
# ? Dec 15, 2017 20:55 |
|
idiots of trash is such an easy compromise
|
# ? Dec 15, 2017 20:56 |
|
anthonypants posted:microsoft sent me a scary email at 7pm last night telling me about this terrible vulnerability in their azure/office 365 integration tool but it looks like the issue is "someone on your helpdesk who has the ability to change passwords could change the password of the service account running dirsync" yeah, it's basically just about hardening your AADC service account. the account is highly-privileged by design, more or less so depending on what AADC features you have enabled. even if you delegate following principle of least privilege the AADC service account still ends up with pretty dangerous permissions so to mitigate the account itself needs to be hardened. more recent versions of the AADC setup wizard will do the hardening for you however those who deployed AADC prior to that update need to implement the hardening manually.
|
# ? Dec 15, 2017 20:59 |
|
anthonypants posted:are you saying there was an abrupt change to that model at some point they started feeding your synced browser history into the targeted advertising with the usual mealy mouthed "better user experience" PR bullshit fairly recently
|
# ? Dec 15, 2017 21:03 |
|
Cybernetic Vermin posted:idiots of trash is such an easy compromise Internet of Turds really bridges the Internet of poo poo naming divide nicely.
|
# ? Dec 15, 2017 21:45 |
|
pseudorandom name posted:they started feeding your synced browser history into the targeted advertising with the usual mealy mouthed "better user experience" PR bullshit fairly recently link?
|
# ? Dec 15, 2017 21:51 |
|
anthonypants posted:microsoft sent me a scary email at 7pm last night telling me about this terrible vulnerability in their azure/office 365 integration tool but it looks like the issue is "someone on your helpdesk who has the ability to change passwords could change the password of the service account running dirsync" technically yes its not a vulnerability because its all working by design. If you give a user the ability to reset everyone's passwords they'll be able to login as any user, of course. But the issue is that if you used the Azure AD connect wizard to create the sync user its probably getting defaulted to the Users container which, by default, can have their passwords reset by Account Operators. This isn't going to affect anyone who understands how to safeguard service accounts, but for those who just clicked next, next, next, finish on it they could be in trouble. Also, Microsoft should really have azure ad connect run as a managed service account so the password is entirely managed by AD and the account cant be used outside of the computer and/or service its assigned to.
|
# ? Dec 15, 2017 22:00 |
|
pseudorandom name posted:chrome feeds your entire browsing history into google adsense Thanks for posting chrome eula v 0.0.1 (INITIAL ALPHA RELEASE)
|
# ? Dec 15, 2017 22:01 |
|
pseudorandom name posted:they started feeding your synced browser history into the targeted advertising with the usual mealy mouthed "better user experience" PR bullshit fairly recently hasn't the tos for google services/chrome pretty much always been "expect your data to go to ads"? thats literally their business model for the free stuff so what else would you expect?
|
# ? Dec 15, 2017 22:22 |
|
|
# ? May 14, 2024 07:29 |
|
eversion posted:link? quote:"Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google." "your activity on other sites and apps" is underlined, if you mouse over it or click on it you get a popup which starts with this: https://www.google.com/policies/privacy/example/your-activity-on-other-sites-and-apps.html quote:"This activity might come from your use of Google products like Chrome Sync or from your visits to sites and apps that partner with Google." necrotic posted:hasn't the tos for google services/chrome pretty much always been "expect your data to go to ads"? thats literally their business model for the free stuff so what else would you expect? Chrome Sync browser history used to be excluded from this, they announced the reversal of this policy fairly recently and then proceeded to make the explanation on https://privacy.google.com (which isn't actually their privacy policy) and the configuration preferences controlling this on https://accounts.google.com as misleading as possible.
|
# ? Dec 15, 2017 22:32 |