|
someone should register the .local gTLD
|
# ? Dec 20, 2017 18:29 |
|
|
# ? May 30, 2024 12:41 |
|
https://www.law360.com/cases/5a3988a7bb15e84b4f000001?article_sidebar=1 Ars is being sued over articles about that password manager in Windows.
|
# ? Dec 20, 2017 18:33 |
|
spankmeister posted:someone should register the .local gTLD can't it's reserved for mdns
|
# ? Dec 20, 2017 18:37 |
|
it is misleading to call them a cybersecurity company e: complaint https://www.documentcloud.org/documents/4333677-Keeper-Security-Inc-v-Goodin-et-al.html they're currently making the target on their back as large as possible going by twitter and every researcher focusing on them e2: main point of the complaint is this insanity: Wiggly Wayne DDS fucked around with this message at 18:58 on Dec 20, 2017 |
# ? Dec 20, 2017 18:38 |
|
spankmeister posted:someone should register the .local gTLD i think microsoft started telling people not to use that for internal domains about 17 years ago, naturally i still see it everywhere
|
# ? Dec 20, 2017 19:30 |
|
infernal machines posted:i think microsoft started telling people not to use that for internal domains about 17 years ago, naturally i still see it everywhere it's specifically required by mDNS as part of the IETF standard so e: actually microsoft seems real conflicted on whether you should or should not use it lol https://en.wikipedia.org/wiki/.local
|
# ? Dec 20, 2017 19:31 |
|
when i say everywhere i mean in business AD networks with name servers, i.e. places where mDNS should not be in use
|
# ? Dec 20, 2017 19:33 |
|
mDNS is good and righteous in all environments
|
# ? Dec 20, 2017 19:35 |
|
Wiggly Wayne DDS posted:do they notify for all potentially vulnerable configurations? Subjunctive posted:is the vulnerability “your data isn’t encrypted”, or something else that is revealed by that configuration change? no idea and it's not something I use so I have no clue why I got sent it idk if this is going to be a thing now but seeing as we were running unsupported. Net versions in production until recently I'm guessing someone just got really excited about it and decided to blast it at all of IT and everything else is still as disorganised as before
|
# ? Dec 20, 2017 19:44 |
|
spankmeister posted:someone should register the .local gTLD didn't Google register .dev recently which caused some weird stuff for people using the domain for environment settings?
|
# ? Dec 20, 2017 19:46 |
|
Yup https://www.iana.org/domains/root/db/dev.html
|
# ? Dec 20, 2017 19:58 |
|
Is .example still reserved for documentation? You could always use companyname.example
|
# ? Dec 20, 2017 20:07 |
|
thebigcow posted:Is .example still reserved for documentation? You could always use companyname.example yes
|
# ? Dec 20, 2017 20:09 |
|
infernal machines posted:i think microsoft started telling people not to use that for internal domains about 17 years ago, naturally i still see it everywhere Server essentials was still using it in at least 2012R2. In fact the build domain tool in it asked for a name, then automatically tacked .local to the end.
|
# ? Dec 20, 2017 20:25 |
|
server 2016 essentials does this too microsoft is real schizophrenic about it, but their ad best practices have been relatively consistent re: don't do it the fact that a small business product explicitly contravenes their own best practices is the least surprising thing ever, for example, every release of small business server and server essentials
|
# ? Dec 20, 2017 20:30 |
|
Powerful Two-Hander posted:didn't Google register .dev recently which caused some weird stuff for people using the domain for environment settings? and for everyone using http://pow.cx/ which defaults to .dev, since chrome requires .dev urls to be https
|
# ? Dec 20, 2017 20:42 |
|
their sample text uses .test
|
# ? Dec 20, 2017 20:45 |
|
infernal machines posted:their sample text uses .test yeah they changed a month ago, since the last time i looked
|
# ? Dec 20, 2017 20:46 |
|
imo use the poop emoji for your internal tld
|
# ? Dec 20, 2017 21:11 |
|
intranet of poo poo
|
# ? Dec 20, 2017 21:17 |
|
minato posted:intranet.poo poo
|
# ? Dec 20, 2017 21:37 |
|
Powaqoatse posted:imo use the poop emoji for your internal tld please don't disrespect #sirpatstew like that fe: https://www.youtube.com/watch?v=qkJYy9byRmg
|
# ? Dec 20, 2017 21:55 |
|
Wiggly Wayne DDS posted:it is misleading to call them a cybersecurity company "Goodin knew these statements were false" lol i'd love to see their argument for that one
|
# ? Dec 20, 2017 22:00 |
|
infernal machines posted:i think microsoft started telling people not to use that for internal domains about 17 years ago, naturally i still see it everywhere yeah but they have, of course, provided no way to easily change a domain name so were gonna be using .local forever because lmao at creating a new domain and migrating stuff over
|
# ? Dec 20, 2017 22:18 |
|
NEED MORE MILK posted:yeah but they have, of course, provided no way to easily change a domain name so were gonna be using .local forever because lmao at creating a new domain and migrating stuff over yeah, i had to modernize an old single label domain a couple years ago and welp, the process is to make a new domain modern windows server does not like single label domain names. neither does anything else
|
# ? Dec 20, 2017 22:33 |
|
cheese-cube posted:wtf? good to know that Keeper made the same mistake as that guy in sh/sc who wrote his own password manager that runs its js in the context of the page youre trying to log into
|
# ? Dec 21, 2017 00:34 |
|
Farmer Crack-rear end posted:"Goodin knew these statements were false" lol i'd love to see their argument for that one are they suing tavis too?
|
# ? Dec 21, 2017 00:35 |
|
Rufus Ping posted:good to know that Keeper made the same mistake as that guy in sh/sc who wrote his own password manager that runs its js in the context of the page youre trying to log into poo poo, *that* dude. I had forgotten about his helpful tool. I love that it's configuration had a setting for "7 primes" (all under 10000) and one of the defaults was the square of 11 or 12 or something.
|
# ? Dec 21, 2017 00:43 |
|
Use .contoso for internal stuff
|
# ? Dec 21, 2017 02:30 |
|
dot enormous prime number that changes weekly for security purposes
|
# ? Dec 21, 2017 03:03 |
|
01189998819991197253
|
# ? Dec 21, 2017 07:07 |
|
infernal machines posted:are they suing tavis too? they're not gonna sue google lol
|
# ? Dec 21, 2017 07:43 |
|
https://twitter.com/briankrebs/status/943862578740113409 i love how that error message is "SOMEONE IS HACKING YOUR GIBSON" but we all interpret it as "lol this idiot company hosed the hell up again lol" anthonypants fucked around with this message at 16:20 on Dec 21, 2017 |
# ? Dec 21, 2017 16:17 |
|
Did anyone post this yet? https://twitter.com/bleidl/status/943714277403357185
|
# ? Dec 21, 2017 16:27 |
|
maskenfreiheit posted:Did anyone post this yet? anthonypants fucked around with this message at 16:37 on Dec 21, 2017 |
# ? Dec 21, 2017 16:32 |
|
why do linux security people hate each other and also mainline devs
|
# ? Dec 21, 2017 16:50 |
|
Maximum Leader posted:why do linux security people hate each other and also mainline devs maybe it’s linux people in general hating things, people, themselves
|
# ? Dec 21, 2017 16:53 |
|
Maximum Leader posted:why do linux security people hate each other and also mainline devs ugh this is already on the man page why are you bothering me
|
# ? Dec 21, 2017 17:00 |
|
Boiled Water posted:maybe it’s linux people in general hating things, people, themselves practically a shaggar-level post
|
# ? Dec 21, 2017 17:11 |
|
|
# ? May 30, 2024 12:41 |
|
Maximum Leader posted:why do linux security people hate each other and also mainline devs linus probably saw one too many “root access allows you to run arbitrary commands” vulns and blew up at them can’t blame him tbh, maintaining the kernel must be painful
|
# ? Dec 21, 2017 17:13 |