|
Kassad posted:Can't this be defeated just by using something other than Chrome Why on earth should some lovely addon developer for an old rear end video game dictate what browser I use?
|
#
?
Feb 19, 2018 18:33
|
|
|
|
| # ? Jun 8, 2024 21:10 |
|
|
a sec fuckup in a flight sim? finally a real digital 9/11
|
|
#
?
Feb 19, 2018 18:39
|
|
|
akadajet posted:Why on earth should some lovely addon developer for an old rear end video game dictate what browser I use? Oh no, it shouldn't. I meant that it sounds like it wouldn't even be effective in a bunch of cases.
|
|
#
?
Feb 19, 2018 18:41
|
|
|
Midjack posted:flight sim labs is based in the EU, so good luck with that. This is against US law, and it's *hideously* against EU law in ways that do get reactions.
|
|
#
?
Feb 19, 2018 18:41
|
|
|
Ur Getting Fatter posted:a sec fuckup in a flight sim? finally a real digital 9/11 a flight sim addon.
|
|
#
?
Feb 19, 2018 18:46
|
|
|
Ur Getting Fatter posted:a sec fuckup in a flight sim? finally a real digital 9/11 Unfortunately it's an airbus addon, not a 737 one
|
|
#
?
Feb 19, 2018 18:56
|
|
|
lol that microsoft gave up on flight sims, and people still cling to fsx because nothing good has come out since.
|
|
#
?
Feb 19, 2018 20:49
|
|
|
akadajet posted:lol that microsoft gave up on flight sims, and people still cling to fsx because nothing good has come out since. prepar3d is the continuation of it, but its FOR EDUCATIONAL USE ONLY (because it was a condition of the sale of the FSX codebase)
|
|
#
?
Feb 19, 2018 21:09
|
|
|
https://twitter.com/Eccitaze/status/965657532722176000
|
|
#
?
Feb 19, 2018 22:27
|
|
|
I shouldn't laugh on principle but.. https://twitter.com/Eccitaze/status/965658096172392448
|
|
#
?
Feb 19, 2018 22:53
|
|
|
mrmcd posted:I shouldn't laugh on principle but.. lol owned
|
|
#
?
Feb 19, 2018 23:10
|
|
|
There’s a joke about Tails somewhere in all of this
|
|
#
?
Feb 19, 2018 23:45
|
|
|
furry communities are historically really bad at infosec but i don't know enough details to tell any interesting stories here aside from the fact that one of the big art sites supposedly had its entire source code leaked and passed around at a convention, though idk if that actually happened or if it was just a trick to get people to plug in usb drives from strangers
|
|
#
?
Feb 19, 2018 23:47
|
|
|
vOv posted:furry communities are historically really bad at infosec but enough about "infosec taylor swift"
|
|
#
?
Feb 19, 2018 23:51
|
|
|
the fact that it basically does typo recognition when you're looking a name up and helpfully offers every name that's close to what you punched in makes me wonder if this is long-con malice and not just incompetence either way holy loly rip a bunch of furries
|
|
#
?
Feb 19, 2018 23:58
|
|
|
yeah hope you didn’t publish your sonic/aero fan fiction under the same name you registered in yiffcon because some angry sonic/knuckles shipper is gonna doxx you
|
|
#
?
Feb 20, 2018 00:29
|
|
|
vOv posted:furry communities are historically really bad at infosec but i don't know enough details to tell any interesting stories here this is the incident you're thinking of: https://motherboard.vice.com/en_us/article/vv77d3/another-day-another-hack-furry-site-hacked-content-deleted "According to Fender, the problems started at the beginning of May, when researchers disclosed a vulnerability in the ImageMagick library that allows attackers to execute arbitrary code on websites. In this case, hackers downloaded Fur Affinity's source code before the administrators had patched the site. Over a week later, Fur Affinity heard that people at an unnamed convention were handing out USB sticks containing that source code. The same day, the site was attacked again, and this time hackers deleted content. They were stopped before things such as journals and notes could be wiped, an administrator who calls themselves Dragoneer wrote last week on the Fur Affinity forums. "While we were investigating [the USB sticks], somebody launched a second attack against the site using information gleaned from the source code," Dragoneer said. "
|
|
#
?
Feb 20, 2018 00:37
|
|
|
fishmech posted:this is the incident you're thinking of: yeah this was it i seem to remember also hearing that furaffinity got exploited before the vulnerability was public which implies they didn't just get popped by some rando but my memory is similarly hazy
|
|
#
?
Feb 20, 2018 00:41
|
|
|
unsurprising that a furry website would get secfucked through lots of holes
|
|
#
?
Feb 20, 2018 02:45
|
|
|
Zamujasa posted:unsurprising that a furry website would get secfucked through lots of holes idgi
|
|
#
?
Feb 20, 2018 02:47
|
|
|
Zamujasa posted:unsurprising that a furry website would get secfucked through lots of holes 
|
|
#
?
Feb 20, 2018 02:49
|
|
|
Zamujasa posted:unsurprising that a furry website would get secfucked through lots of holes advanced fursistent threat
|
|
#
?
Feb 20, 2018 02:55
|
|
|
vOv posted:advanced fursistent threat cross site yiffing
|
|
#
?
Feb 20, 2018 03:01
|
|
|
Cocoa Crispies posted:cross site yiffing fursonally identifiable information
|
|
#
?
Feb 20, 2018 03:27
|
|
|
google's project zero notified microsoft about a vulnerability in edge back in november, microsoft hasn't yet fixed it, and so it's been disclosed some very stupid people are very upset at google https://twitter.com/cnoanalysis/status/965654558763401216
|
|
#
?
Feb 20, 2018 03:53
|
|
|
You know how utterly incompetent Microsoft is when their security team completely ignores taviso. What did they think would happen? STOP HURTING US
|
|
#
?
Feb 20, 2018 04:31
|
|
|
that one wasn't tavis 
|
|
#
?
Feb 20, 2018 04:40
|
|
|
anthonypants posted:google's project zero notified microsoft about a vulnerability in edge back in november, microsoft hasn't yet fixed it, and so it's been disclosed Oh no a fix didn't make a disclosure window, for a moderate issue, must be Tuesday.
|
|
#
?
Feb 20, 2018 04:44
|
|
|
If I understand infosec properly (which I probably don’t) disclosures for vulnerabilities is good so that people can mitigate and protect as possible, no? Having 0-days is generally worse?
|
|
#
?
Feb 20, 2018 05:41
|
|
|
Avenging_Mikon posted:If I understand infosec properly (which I probably don’t) disclosures for vulnerabilities is good so that people can mitigate and protect as possible, no? Having 0-days is generally worse? 0days are exploits in the wild with 0 days of notice, hence the name. These aren't 0days. Giving an infinite amount of time to fix an issue is also irresponsible, project zero rarely deviates from their disclosure window and only for big things. apseudonym fucked around with this message at 06:29 on Feb 20, 2018 |
|
#
?
Feb 20, 2018 05:47
|
|
|
vOv posted:yeah this was it i seem to remember there was some other site that got so owned they just shut down for like weeks and came back with a completely rewritten different website with a bunch of the data missing because the latest backup was months old
|
|
#
?
Feb 20, 2018 06:00
|
|
|
Penisface posted:fursonally identifiable information
|
|
#
?
Feb 20, 2018 06:16
|
|
|
apseudonym posted:0days are exploits in the wild with 0 days of notice, hence the name. These aren't 0days. a) alert the vendor's customers that the vendor has an unresolved security issue with their product b) name and shame the vendor who won't or can't patch their poo poo c) incentivize the vendor to hurry up and fix their poo poo
|
|
#
?
Feb 20, 2018 06:27
|
|
|
anthonypants posted:yeah, if researchers discover that an issue exists for an unpatched product, it's reasonable to assume that someone else could similarly discover and exploit the same bug. for most companies, patching these bugs is a matter of capitalism; corporations already see security as a massive time and money sink, and if it's not being actively exploited there's even less of an incentive to fix it. public disclosures allow the researchers to: d) it shows the quality of these products, lots of amateur hours bugs even if they're patched shouldn't be a thing people can get away with without shame
|
|
#
?
Feb 20, 2018 06:31
|
|
|
every product or every website ever will always have amateur hour bugs due to many reasons, assuming people will stop introducing sqli or whatever is naive, especially the larger a thing becomes the more opportunity there is for one of those things to pop up, so that’s not really an argument. the refusal to fix them knowing it’ll be published, that’s the real amateur hour
|
|
#
?
Feb 20, 2018 07:47
|
|
|
apseudonym posted:d) it shows the quality of these products, lots of amateur hours bugs even if they're patched shouldn't be a thing people can get away with without shame Ah yes the LastPass scenario
|
|
#
?
Feb 20, 2018 07:52
|
|
|
Raere posted:You know how utterly incompetent Microsoft is when their security team completely ignores taviso. What did they think would happen? also off the top of my head i'm fairly sure android failed to meet a p0 deadline and it went public, also microsoft have been looking into google's products publicly recently
|
|
#
?
Feb 20, 2018 08:41
|
|
|
geonetix posted:every product or every website ever will always have amateur hour bugs due to many reasons, assuming people will stop introducing sqli or whatever is naive, especially the larger a thing becomes the more opportunity there is for one of those things to pop up, so that’s not really an argument. the refusal to fix them knowing it’ll be published, that’s the real amateur hour This is toxic if we ever want to actually make secure things as opposed to just loling about fuckups and taking contractor  , patching bugs is important but we actually have to build systems, languages, and tools from the ground up so that devs and users aren't off shooting themselves in the face everytime they try and do something.Wiggly Wayne DDS posted:https://twitter.com/taviso/status/965661603579314176 I think you're right but can't remember any specific time that happened. 
|
|
#
?
Feb 20, 2018 09:12
|
|
|
the guys who used a password stealer trojan as "drm" have an update https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/
|
|
#
?
Feb 20, 2018 09:51
|
|
|
|
| # ? Jun 8, 2024 21:10 |
|
|
apseudonym posted:This is toxic if we ever want to actually make secure things as opposed to just loling about fuckups and taking contractor 100% we know how to fix memory corruption vulns, it’s called "don’t use c or c++" we know how to fix sqli, it’s some kind of abstraction layer like an ORM many weaknesses have corresponding silver bullets, and for ones that don’t, we need to work harder
|
|
#
?
Feb 20, 2018 10:17
|
|