|
https://twitter.com/AlecMuffett/status/950699975767482370
|
#
?
Jan 10, 2018 06:53
|
|
|
|
| # ? Jun 4, 2024 16:32 |
|
|
Bulgogi Hoagie posted:whatsapp is definitely more kgb secure than telegram if only because telegram doesn’t encrypt chats by default i care much less about kgb security than i do about sharing any information with facebook
|
|
#
?
Jan 10, 2018 06:56
|
|
|
Wiggly Wayne DDS posted:i'm the implication that telegram encryption isn't broken by said agency how on earth were you reading my post
|
|
#
?
Jan 10, 2018 06:57
|
|
|
are you an iranian, or are you a furry
|
|
#
?
Jan 10, 2018 07:13
|
|
|
Easy mistake to make, not verifying the password. Happens to the best of 'em.
|
|
#
?
Jan 10, 2018 07:32
|
|
|
SardonicTyrant posted:Are there any good security-related magazines out there? I'm having a hard time keeping track of https://risky.biz
|
|
#
?
Jan 10, 2018 07:48
|
|
|
cinci zoo sniper posted:i care much less about kgb security than i do about sharing any information with facebook this a bit of a stretch to fear this though, as the content/chats themselves are encrypted, and it is a bit tinfoily to assume that facebook straight up lies about the encryption setup used, as it'd be a real pr blow when (and it likely is 'when', since the binary is there to be observed) found out
|
|
#
?
Jan 10, 2018 08:43
|
|
|
Cybernetic Vermin posted:this a bit of a stretch to fear this though, as the content/chats themselves are encrypted, and it is a bit tinfoily to assume that facebook straight up lies about the encryption setup used, as it'd be a real pr blow when (and it likely is 'when', since the binary is there to be observed) found out i dont think they read my chats or whatever, not do i care about security of cat pictures and video game chat specifically. i just don't like installing fb affiliated apps after ive seen some interesting "privacy" wonders on an absolutely unrelated to anything else i have throwaway instragram account, which did shamelessly recommend me all my real facebook friends straight away
|
|
#
?
Jan 10, 2018 09:02
|
|
|
teledildonic secfucks will never get old https://twitter.com/SarahJamieLewis/status/950974881155375104
|
|
#
?
Jan 10, 2018 09:23
|
|
|
ios 11.2.2 includes a spectre fix
|
|
#
?
Jan 10, 2018 10:49
|
|
|
anthonypants posted:ios 11.2.2 includes a spectre fix cool, I can’t wait to experience more random slowdowns because Apple can’t control what code gets executed on their platform thanks Apple, dapple
|
|
#
?
Jan 10, 2018 11:48
|
|
|
Max Facetime posted:cool, I can’t wait to experience more random slowdowns because Apple can’t control what code gets executed on their platform i wish ios didn’t run javascript but alas cest la vie
|
|
#
?
Jan 10, 2018 11:54
|
|
|
eversion posted:LetsEncrypt has disabled tls-sni challenges due to "strong credibility of a vulnerability report": https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5a55777ed9a9c1024c00b241 and this is out now: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 on some shared hosts, if you're on the same server as a site you can upload certs that pass the tls-sni challenges for that site quote:Over the next 48 hours we will be building a list of vulnerable providers and their associated IP addresses. Our tentative plan, once the list is completed, is to re-enable the TLS-SNI-01 challenge type with vulnerable providers blocked from using it.
|
|
#
?
Jan 10, 2018 12:43
|
|
|
looks like some estonian medical institution paid its way out of ransomware
|
|
#
?
Jan 10, 2018 13:40
|
|
|
Shinku ABOOKEN posted:i wish ios didn’t run javascript but alas cest la vie it’s too bad JavaScript is so fast and runs so close to the metal that accurate high-precision clocks are unavoidable, we’ll have to slow down everything else to compensate - every OS vendor
|
|
#
?
Jan 10, 2018 13:45
|
|
|
cinci zoo sniper posted:looks like some estonian medical institution paid its way out of ransomware laughing all the way to the eestibank what's the rate of reinfection on folks who pay
|
|
#
?
Jan 10, 2018 13:50
|
|
|
post the actual details of your proposed scheme for preventing javascript from being able to figure out this sort of thing, so everyone else can laugh at how dumb you are
|
|
#
?
Jan 10, 2018 13:51
|
|
|
Jabor posted:post the actual details of your proposed scheme for preventing javascript from being able to figure out this sort of thing, so everyone else can laugh at how dumb you are for most of its existence (changed in ios 8 iirc) ios did not let apps run javascript with jit, by disallowing embedding scripting engines and only providing interpreted execution in the ui toolkit webview. as the interpreter most likely does every indirect branch from the same code (the code implementing that bytecode) it will not be possible to seed branch prediction. steve saw this coming~
|
|
#
?
Jan 10, 2018 14:02
|
|
|
Cybernetic Vermin posted:jobs knew~
|
|
#
?
Jan 10, 2018 14:09
|
|
|
cinci zoo sniper posted:looks like some estonian medical institution paid its way out of ransomware hey, can you point to any links? curious to know what fuckup my brave compatriots have managed to do 
|
|
#
?
Jan 10, 2018 14:26
|
|
|
Jabor posted:post the actual details of your proposed scheme for preventing javascript from being able to figure out this sort of thing, so everyone else can laugh at how dumb you are don’t JIT third-party JavaScript nor run it without throttling easy peasy cheesy on my peeny
|
|
#
?
Jan 10, 2018 15:05
|
|
|
tbqh the coolest thing apple has done since the iphone is that they committed to an actually vetted software ecosystem. not uncontroversial, and without outside pressures would no doubt have been a truly repressive horrorshow, but it is a pretty good point of reference to judge the rest of the jungle by. does not matter too much for spectre, but it is sort of easy to imagine an alternative take where apple would have put themselves in a situation where they could truly rule out the attacks running rather than defend against them
|
|
#
?
Jan 10, 2018 15:24
|
|
|
Idea: make a "check your computer for meltdown" script that also roots the machine. Put on GitHub. Tell people in the instructions to clone and run as administrator/root. Seed in various Facebooks and other social media channels.
|
|
#
?
Jan 10, 2018 20:43
|
|
|
this poo poo again? https://twitter.com/MacRumors/status/951133444909580288
|
|
#
?
Jan 10, 2018 20:45
|
|
|
mrmcd posted:Idea: make a "check your computer for meltdown" script that also roots the machine. Put on GitHub. Tell people in the instructions to clone and run as administrator/root. Seed in various Facebooks and other social media channels. I'll make the wiki!
|
|
#
?
Jan 10, 2018 20:46
|
|
|
akadajet posted:this poo poo again? mac security: anyone can log into a small, carefully curated number of programs
|
|
#
?
Jan 10, 2018 20:48
|
|
|
akadajet posted:this poo poo again? was just about to post this. tried it out and startled the whole office from how loud I snorted with laughter
|
|
#
?
Jan 10, 2018 20:49
|
|
|
Yeah, I tried it too. It's exactly as straight forward as putting in any garbage and hitting "unlock".
|
|
#
?
Jan 10, 2018 20:52
|
|
|
mrmcd posted:Idea: make a "check your computer for meltdown" script that also roots the machine. Put on GitHub. Tell people in the instructions to clone and run as administrator/root. Seed in various Facebooks and other social media channels. just make a medium post about how you did this and infected a million computers in under a day (send me  to get the number of Google boxes owned) and optionally include a comment about this being a fiction to make you think
|
|
#
?
Jan 10, 2018 21:21
|
|
|
But, I mean, you have to be an admin already and you can only change super important functions like Automatically Check for Updates.
|
|
#
?
Jan 10, 2018 21:21
|
|
|
Not a security fuckup, but a literal SecFuck https://twitter.com/matt_levine/status/951147744772743168
|
|
#
?
Jan 10, 2018 21:35
|
|
|
akadajet posted:this poo poo again? Lol Apple
|
|
#
?
Jan 10, 2018 21:59
|
|
|
akadajet posted:this poo poo again? shouldn't the dialog be the same as for any other elevation prompt? Did they write a different one for just the app store?
|
|
#
?
Jan 10, 2018 22:01
|
|
|
https://twitter.com/daviottenheimer/status/949348043744309248 loool
|
|
#
?
Jan 10, 2018 22:03
|
|
|
Excellent job... *squints* France.
|
|
#
?
Jan 10, 2018 22:05
|
|
|
lmao
|
|
#
?
Jan 10, 2018 22:16
|
|
|
Diva Cupcake posted:But, I mean, you have to be an admin already and you can only change super important functions like Automatically Check for Updates. https://twitter.com/lintile/status/951192859272761345
|
|
#
?
Jan 10, 2018 22:18
|
|
|
https://twitter.com/lintile/status/951199657245446144
|
|
#
?
Jan 10, 2018 22:20
|
|
|
lol
|
|
#
?
Jan 10, 2018 22:20
|
|
|
|
| # ? Jun 4, 2024 16:32 |
|
|
minato posted:Not a security fuckup, but a literal SecFuck computers were a mistake
|
|
#
?
Jan 10, 2018 22:28
|
|
