|
clown show https://twitter.com/jedisct1/status/951215576474685440
|
# ? Jan 10, 2018 23:40 |
|
|
# ? Jun 4, 2024 18:23 |
|
https://twitter.com/mik235/status/951217727422611456
|
# ? Jan 10, 2018 23:42 |
|
hard to miss when the last post talking about it was two whole posts before yours
|
# ? Jan 10, 2018 23:43 |
|
hi. i play derby and i love it a lot https://twitter.com/KateLibc/status/951211904482951168 this is a problem for me directly
|
# ? Jan 10, 2018 23:43 |
|
I'm sure the rest of the payments system is perfectly secure once you get past that pesky lack of TLS.
|
# ? Jan 11, 2018 06:18 |
|
edit: never mind
FlapYoJacks fucked around with this message at 07:01 on Jan 11, 2018 |
# ? Jan 11, 2018 06:49 |
|
Lain Iwakura posted:hi. i play derby and i love it a lot isn't this a pci violation i mean not that that has any teeth
|
# ? Jan 11, 2018 08:04 |
|
people who are using telegram aren’t using it for group chats, right? https://twitter.com/tqbf/status/951231270025158657
|
# ? Jan 11, 2018 13:19 |
Subjunctive posted:people who are using telegram aren’t using it for group chats, right? much like people using whatsapp or signal if the headlines are to be believed?
|
|
# ? Jan 11, 2018 13:58 |
|
I’m pretty sure those encrypt group chats.
|
# ? Jan 11, 2018 14:05 |
|
cinci zoo sniper posted:much like people using whatsapp or signal if the headlines are to be believed? RE: signal, are you talking about the patched bug in the Android version that let someone attach random bits to the end of an encrypted attachment? https://pwnaccelerator.github.io/2016/signal-part1.html https://pwnaccelerator.github.io/2016/signal-part2.html Or the dubious CIA claim? Subjunctive posted:I’m pretty sure those encrypt group chats.
|
# ? Jan 11, 2018 14:07 |
Subjunctive posted:I’m pretty sure those encrypt group chats. so was i
|
|
# ? Jan 11, 2018 14:09 |
|
This has been making the rounds: WhatsApp Security Flaws Could Allow Snoops to Slide Into Group Chats:quote:The German researchers say their WhatsApp attack takes advantage of a simple bug. Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof. So the server can simply add a new member to a group with no interaction on the part of the administrator, and the phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages. (Messages sent prior to an illicit invitation, fortunately, still can't be decrypted.)
|
# ? Jan 11, 2018 14:31 |
|
Subjunctive posted:people who are using telegram aren’t using it for group chats, right? everyone i know uses it almost exclusively for group chats lol
|
# ? Jan 11, 2018 14:35 |
|
also that's sorta wrong, it does at least SSL the connection to the server, it's just nothing's encrypted other than that. everyone i know who uses it already knows that so
|
# ? Jan 11, 2018 14:37 |
Proteus Jones posted:RE: signal, are you talking about the patched bug in the Android version that let someone attach random bits to the end of an encrypted attachment? https://eprint.iacr.org/2017/713.pdf
|
|
# ? Jan 11, 2018 14:42 |
|
Thanks, that one flew under my radar due to all the Meltdown and Spectre poo poo last week.
|
# ? Jan 11, 2018 14:47 |
|
Kassad posted:This has been making the rounds: WhatsApp Security Flaws Could Allow Snoops to Slide Into Group Chats: nowhere in there does it say that the chats aren't encrypted? in fact, it pretty much explicitly says they are
|
# ? Jan 11, 2018 14:48 |
|
vOv posted:isn't this a pci violation PCI does have teeth and there's a website where you can report poo poo like that
|
# ? Jan 11, 2018 15:12 |
|
This popped up on my radar in regards to discussion - Attack of the Week: Group Messaging in WhatsApp and Signal vvv Different article in regards to the same subject canis minor fucked around with this message at 15:33 on Jan 11, 2018 |
# ? Jan 11, 2018 15:26 |
|
canis minor posted:This popped up on my radar in regards to discussion - Attack of the Week: Group Messaging in WhatsApp and Signal did it pop up on your radar from two posts earlier? 30 TO 50 FERAL HOG fucked around with this message at 15:35 on Jan 11, 2018 |
# ? Jan 11, 2018 15:29 |
crossing from the tech bubble thread good security idea: deploy something that lets you instantly remotely lock and encrypt any system and train overseas office managers on how to quickly trigger it if a bunch of unauthorized people force their way into the office to gain access to sensitive data. bad security idea: defining "police with a search warrant" as unauthorized. quote:Like managers at Uber’s hundreds of offices abroad, they’d been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.
|
|
# ? Jan 11, 2018 19:12 |
|
Proteus Jones posted:RE: signal, are you talking about the patched bug in the Android version that let someone attach random bits to the end of an encrypted attachment? whatsapp encrypts end-to-end, in groups as well, yeah. the issue reported is that all clients will trust the whatsapp server when it says "client xyz joined the group chat", so they will add the key, report the join to all users, and the joined clients gets all messages from there on (they get no access to history) does not seem hugely serious (hard to see how it'd get abused) , but one could indeed require the client(s) which are admins to sign the join for other clients to accept it, where the enforcement is apparently only server-side for that now (likely to enable multiple join scenarios like mailed invites etc.)
|
# ? Jan 11, 2018 19:23 |
|
https://twitter.com/taviso/status/951526615145566208
|
# ? Jan 11, 2018 19:50 |
|
LOL. FBI still trying to wage a "woe is me" PR war against encryption. https://motherboard.vice.com/en_us/article/59wkkk/fbi-hacker-says-apple-are-jerks-and-evil-geniuses-for-encrypting-iphones quote:For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.
|
# ? Jan 11, 2018 19:54 |
|
looking forward to the FBI issuing a formal tantrum about how anyone under investigation should just turn themselves in and immediately confess to anything and everything because otherwise they're a total meanie buttface jerk!!
|
# ? Jan 11, 2018 20:10 |
|
Proteus Jones posted:LOL. FBI still trying to wage a "woe is me" PR war against encryption. First they said we helped pedophiles with encryption and now they just call us jerks
|
# ? Jan 11, 2018 20:15 |
|
jerkophiles
|
# ? Jan 11, 2018 20:25 |
|
going to the Jerk Store today to get my battery swapped
|
# ? Jan 11, 2018 21:21 |
|
This is the same FBI that says they can't find any good Computer Security guys because they all smoke pot.
|
# ? Jan 11, 2018 21:34 |
|
well, the jerk store called, and your iphone is ready for pickup
|
# ? Jan 11, 2018 21:37 |
|
any updates on twitter storing passwords thing? google search results in a surprising amount of radio silence
|
# ? Jan 11, 2018 23:11 |
|
LP0 ON FIRE posted:any updates on twitter storing passwords thing? google search results in a surprising amount of radio silence
|
# ? Jan 11, 2018 23:13 |
|
Shifty Pony posted:crossing from the tech bubble thread I mean if your business is literally “operate an obviously illegal unlicensed taxi service” and therefore your threat model explicitly includes law enforcement, this doesn’t seem like that bad a security idea at least until local law enforcement gets wise and just takes bolt cutters to the ISP lines into your building before raiding you and/or decides to prosecute for obstruction
|
# ? Jan 11, 2018 23:15 |
|
Arcsech posted:I mean if your business is literally “operate an obviously illegal unlicensed taxi service” and therefore your threat model explicitly includes law enforcement, this doesn’t seem like that bad a security idea
|
# ? Jan 11, 2018 23:21 |
|
anthonypants posted:the what https://www.projectveritas.com/2018...ate-dms-to-doj/
|
# ? Jan 11, 2018 23:33 |
|
LP0 ON FIRE posted:any updates on twitter storing passwords thing? google search results in a surprising amount of radio silence you're seeing radio silence because the source isn't exactly known for its reliability
|
# ? Jan 11, 2018 23:40 |
|
what the hell, why are they attacking twitter? their god-emperor LOVES the site.
|
# ? Jan 11, 2018 23:41 |
|
for the non-Americans, project veritas is well known for making poo poo up
|
# ? Jan 11, 2018 23:41 |
|
|
# ? Jun 4, 2024 18:23 |
|
and none of that should be surprising given they mean password hash
|
# ? Jan 11, 2018 23:45 |