|
Caganer posted:so fb is opting everyone into facial recognition they already were and just not telling you 
|
#
?
Feb 27, 2018 19:59
|
|
|
|
| # ? Jun 7, 2024 17:12 |
|
|
ate all the Oreos posted:they already were and were telling you years ago
|
|
#
?
Feb 27, 2018 20:15
|
|
|
yeah I feel like Facebook was auto tagging my face years ago
|
|
#
?
Feb 27, 2018 20:15
|
|
|
for like, a decade, at least.
|
|
#
?
Feb 27, 2018 20:22
|
|
|
looking forward to facebook telling people their own faces aren't theirs because a stranger's fake profile looked more appealing to a neural network
|
|
#
?
Feb 27, 2018 20:32
|
|
|
My PIN is 4826 posted:looking forward to facebook telling people their own faces aren't theirs because a stranger's fake profile looked more appealing to a neural network Will this lead to a deadly face off? 
|
|
#
?
Feb 27, 2018 20:42
|
|
|
Only if you're John Travolta.
|
|
#
?
Feb 27, 2018 21:44
|
|
|
or nic cage
|
|
#
?
Feb 27, 2018 22:10
|
|
|
Duo Finds SAML Vulnerabilities Affecting Multiple Implementationscode:
|
|
#
?
Feb 27, 2018 23:31
|
|
|
that's so obviously dumb i'm surprised it wasn't fully documented as a feature
|
|
#
?
Feb 27, 2018 23:47
|
|
|
lol https://twitter.com/mattifestation/status/968656685765046272
|
|
#
?
Feb 28, 2018 02:21
|
|
|
Yes, being able to read the documentation, a high level technique practiced by l33t hackers.
|
|
#
?
Feb 28, 2018 02:30
|
|
|
well it's certainly not practiced by developers
|
|
#
?
Feb 28, 2018 02:32
|
|
|
infernal machines posted:well it's certainly not practiced by developers
|
|
#
?
Feb 28, 2018 02:42
|
|
|
sadus posted:Duo Finds SAML Vulnerabilities Affecting Multiple Implementations Nobody thought of XML canonicalization 
|
|
#
?
Feb 28, 2018 04:42
|
|
|
Truga posted:https://randomascii.wordpress.com/2018/02/25/compiler-bug-linker-bug-windows-kernel-bug/ this isn't a secfuck but it's pretty funny
|
|
#
?
Feb 28, 2018 09:02
|
|
|
My PIN is 4826 posted:looking forward to facebook telling people their own faces aren't theirs because a stranger's fake profile looked more appealing to a neural network Oh no, i would be devastated if facebook mistook me for someone else. Just like i make absolutely sure to keep my interests accurate and up to date in google's ad preferences.
|
|
#
?
Feb 28, 2018 09:15
|
|
|
The grey thread has been attracting a lot of flies lately.
|
|
#
?
Feb 28, 2018 16:47
|
|
|
my (fairly large) apartment complex company got bought out by an (even larger) other company and they just updated the rent paying portal to a completely new version. i noticed they were doing that bullshit where they catch paste events and prevent you from pasting in your account number so i went into the code to disable that and captured some of the POST's just to check em' out and hoo boy, the line item prices and total that i paid in rent are being sent in the POST body  i'm not sure if it would actually change anything if i edited them (and I'm not going to try because I don't want to be loving evicted) but lmao
|
|
#
?
Feb 28, 2018 17:15
|
|
|
Lain Iwakura posted:The grey thread has been attracting a lot of flies lately. I tried to be nice and helpful 
|
|
#
?
Feb 28, 2018 17:46
|
|
|
ate all the Oreos posted:my (fairly large) apartment complex company got bought out by an (even larger) other company and they just updated the rent paying portal to a completely new version. i noticed they were doing that bullshit where they catch paste events and prevent you from pasting in your account number so i went into the code to disable that and captured some of the POST's just to check em' out and hoo boy, the line item prices and total that i paid in rent are being sent in the POST body You could try to overpay by a cent or something like that to see if it works.
|
|
#
?
Feb 28, 2018 18:07
|
|
|
apseudonym posted:I tried to be nice and helpful Some are beyond help.
|
|
#
?
Feb 28, 2018 18:09
|
|
|
ate all the Oreos posted:my (fairly large) apartment complex company got bought out by an (even larger) other company and they just updated the rent paying portal to a completely new version. i noticed they were doing that bullshit where they catch paste events and prevent you from pasting in your account number so i went into the code to disable that and captured some of the POST's just to check em' out and hoo boy, the line item prices and total that i paid in rent are being sent in the POST body overpay by a couple of hundred dollars, then take them to your local renter disputes court or whatever
|
|
#
?
Feb 28, 2018 19:30
|
|
|
mozilla.dev.security.policy > How do you handle mass revocation requests?
|
|
#
?
Feb 28, 2018 21:51
|
|
|
it's fine it's only 23k private keys, and they emailed it to digicert to prove they needed revoking
|
|
#
?
Feb 28, 2018 21:52
|
|
|
Caganer posted:so fb is opting everyone into facial recognition not europeans
|
|
#
?
Feb 28, 2018 22:09
|
|
|
not currently available to you 
|
|
#
?
Feb 28, 2018 22:10
|
|
|
incredible
|
|
#
?
Feb 28, 2018 23:11
|
|
|
Wiggly Wayne DDS posted:it's fine it's only 23k private keys, and they emailed it to digicert to prove they needed revoking Well, they sure as poo poo need it now.
|
|
#
?
Feb 28, 2018 23:55
|
|
|
my boss wondered why i was sighing loudly earlier today...
|
|
#
?
Mar 1, 2018 00:05
|
|
|
i want to believe there was some lovely discussion between the security engineers at trustico trying to explain why they didn't need to revoke the Symantec certs, just issue new ones from another provider and the CEO was like "nope im in charge and im taking this into my own hands" and welp
|
|
#
?
Mar 1, 2018 01:31
|
|
|
so uh... I'm gonna ask the dumb question here and say "why the gently caress would my SSL reseller have a copy of my private key to even email in the first place?" If you're sending your private key along with the CSR, you're doing it wrong. Edit: https://twitter.com/GossiTheDog/status/968936949221294081  well then.. jfc don't generate your private keys via a web form
SeaborneClink fucked around with this message at 01:38 on Mar 1, 2018 |
|
#
?
Mar 1, 2018 01:34
|
|
|
SeaborneClink posted:so uh... I'm gonna ask the dumb question here and say "why the gently caress would my SSL reseller have a copy of my private key to even email in the first place?" because apparently they generate it in the browser and hold it "in cold storage" for "revocation". also they have 3rd party js on the page that generates the keys
|
|
#
?
Mar 1, 2018 01:36
|
|
|
either because they've collected them from compromised locations or their service was bad and required access to the private key for issuance which means they were compromised immediately.
|
|
#
?
Mar 1, 2018 01:37
|
|
|
EVGA Longoria posted:because apparently they generate it in the browser and hold it "in cold storage" for "revocation". lol that's so bad. javascript is the worst thing to ever happen to the internet.
|
|
#
?
Mar 1, 2018 01:38
|
|
|
Trustico with some hot cognitive dissonance takes on the micquote:We didn't authorise DigiCert to contact our customers and we didn't approve the content of their e-mail. At no time had any private keys been compromised, nor had we ever informed to you that any private keys had been compromised. quote:Unfortunately, things didn't go very well for us today and we are extremely sorry for all the confusion and inconvenience that has been caused. We were relying on systems that would easily replace and issue SSL Certificates automatically, though that didn't occur and we ended up in quite a mess. DigiCert didn't work with us to understand the issues and resolve them, we felt we were at a dead end. Edit: 4.9.1.1.3 cited as reason for revocation in the original email, for the curious email to mozilla.dev.security.policy posted:On 2/27/2018, at my request for proof of compromise, we received a file with quote:4.9.1 Circumstances for revocation SeaborneClink fucked around with this message at 02:12 on Mar 1, 2018 |
|
#
?
Mar 1, 2018 01:53
|
|
|
SeaborneClink posted:Trustico with some hot cognitive dissonance takes on the mic That whole thread is a great read with the dawning realization of what a trash fire Trustico was with the “cold storage” of PSKs. Seems that was done without obtaining customer consent. There was also no indication of it being a technical reason (what that would be? No idea) since they also processed submitted CSRs just fine in addition to having the generator.
|
|
#
?
Mar 1, 2018 02:49
|
|
|
quote:And given that there's no evidence that Trustico has acknowledged this fact, or indicated any intent to change their business practices, then I believe it's appropriate for all CAs to immediately suspend or terminate their relationship with Trustico -- as any CA who continued doing business with Trustico would now be knowingly allowing Trustico to compromise the keys of the certificates issued under their hierarchy. gif of the wrestling man falling over
|
|
#
?
Mar 1, 2018 05:10
|
|
|
CA's being bad? Oh poo poo it must be...any given day
|
|
#
?
Mar 1, 2018 05:19
|
|
|
|
| # ? Jun 7, 2024 17:12 |
|
|
Raere posted:CA's being bad? Oh poo poo it must be...any given day yeah but watching literal cartel members loving up and getting put out to pasture by their fellow oligopolists is kinda cool
|
|
#
?
Mar 1, 2018 05:28
|
|