|
Chris Knight posted:would you like to make sec gently caress
|
# ? Mar 20, 2018 00:10 |
|
|
# ? Jun 8, 2024 01:49 |
|
Chris Knight posted:would you like to make sec gently caress
|
# ? Mar 20, 2018 00:24 |
|
Alex out at fb, security split to product and infra lol
|
# ? Mar 20, 2018 00:26 |
|
that’s how it was split until about 18 months ago, ish (I was on the infra side) if it’s really split the way you say, I wonder where a few groups will end up!
|
# ? Mar 20, 2018 00:36 |
|
Chris Knight posted:would you like to make sec gently caress
|
# ? Mar 20, 2018 00:57 |
|
PCjr sidecar posted:Alex out at fb, security split to product and infra lol Alex says he’s still at FB. who will prevail?
|
# ? Mar 20, 2018 01:13 |
|
Subjunctive posted:Alex says he’s still at FB. who will prevail? i guess we'll see in august given nytimes said that's when he would be leaving
|
# ? Mar 20, 2018 01:24 |
|
yeah, he hasn’t replied to my message yet. busy day I guess
|
# ? Mar 20, 2018 01:39 |
|
vOv posted:https://twitter.com/0x736A/status/974298906329862149 http://eab.abime.net/showpost.php?p=51185&postcount=1
|
# ? Mar 20, 2018 01:42 |
|
rip stamos https://twitter.com/bcrypt/status/975867714475515904
|
# ? Mar 20, 2018 02:14 |
|
Found something worse than Keepass https://www.bleepingcomputer.com/news/security/firefox-master-password-system-has-been-poorly-secured-for-the-past-9-years/ quote:"I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."
|
# ? Mar 20, 2018 02:36 |
|
Raere posted:Found something worse than Keepass
|
# ? Mar 20, 2018 02:46 |
|
9 years jfc
|
# ? Mar 20, 2018 02:54 |
|
Raere posted:Found something worse than Keepass That is no where near as bad as Keepass you still have to do a second preimage attack
|
# ? Mar 20, 2018 03:02 |
|
8 year old me found this message irl while extracting the music from that game (mad professor mariarti) but never mentioned it to anyone at the time. So it feels slightly weird to see it become a meme and do the rounds online decades later thanks to TCRF and people on twitter who likely never played it or heard the music that contained that message or possibly were even born when it happened
|
# ? Mar 20, 2018 03:03 |
|
apseudonym posted:That is no where near as bad as Keepass you still have to do a second preimage attack wait what is the thing wrong with keepass that everyone suddenly knows about but me
|
# ? Mar 20, 2018 03:04 |
|
Subjunctive posted:that’s how it was split until about 18 months ago, ish (I was on the infra side) https://www.nytimes.com/2018/03/19/technology/facebook-alex-stamos.html this article says there are only 3 people left in his group. i wonder if he will stick it out for the full time he'd promised
|
# ? Mar 20, 2018 03:07 |
|
ate all the Oreos posted:wait what is the thing wrong with keepass that everyone suddenly knows about but me Was it keepass that was bad? I can't keep password manager terribleness straight in my head
|
# ? Mar 20, 2018 03:40 |
|
Chris Knight posted:would you like to make sec gently caress
|
# ? Mar 20, 2018 03:40 |
|
I think something happened with keeper recently but can’t remember. and lastpass of course has bad things happen p regularly. I’m guessing they got jumbled in somebody’s head somewhere and keepass was the result (which afaik is fine)
|
# ? Mar 20, 2018 03:43 |
|
Chris Knight posted:would you like to make sec gently caress
|
# ? Mar 20, 2018 04:05 |
|
apseudonym posted:Was it keepass that was bad? I can't keep password manager terribleness straight in my head pretty sure that was lastpass or 1pass
|
# ? Mar 20, 2018 04:29 |
|
jesus guys don't freak me out about keepass here
|
# ? Mar 20, 2018 04:36 |
|
Farmer Crack-rear end posted:jesus guys don't freak me out about keepass here
|
# ? Mar 20, 2018 05:18 |
|
Mo_Steel posted:pretty sure that was lastpass or 1pass my bad
|
# ? Mar 20, 2018 05:53 |
|
https://twitter.com/Viss/status/975879337516806144
|
# ? Mar 20, 2018 06:17 |
|
as far as i know: - keepass is One Of The Good Ones, though it's a bit clunky and you have to janitor your own files - 1password is also One Of The Good Ones, has an actual design team so is nice to use but costs money - Lastpass is a garbage fire - Windows / OSX built in trust stores are Fine if you're into that sort of thing - Everything else is worse than lastpass did I get that right?
|
# ? Mar 20, 2018 06:25 |
|
ate all the Oreos posted:as far as i know:
|
# ? Mar 20, 2018 06:39 |
|
ate all the Oreos posted:as far as i know: You skipped 'password protected excel file' which is marginally better than all of these
|
# ? Mar 20, 2018 06:48 |
|
Optimus_Rhyme posted:You skipped 'password protected excel file' which is marginally better than all of these the mind boggles that this is actually relatively sound advice. the horror. the horror.
|
# ? Mar 20, 2018 06:55 |
|
and writing them down in a notebook is even better
|
# ? Mar 20, 2018 07:22 |
What is the yospinion on keybase? My teaching assistant union is looking for a way to centralize our online discussions, and I suggested Slack, but a couple of the more tech-minded people in the union think we should use keybase instead since its end-to-end encrypted.
|
|
# ? Mar 20, 2018 07:27 |
|
VikingofRock posted:My teaching assistant union This does not sound like the sort of usage that requires an end-to-end encrypted security model. If you are not afraid of Slack Inc. misusing your secret communications, go with the popular nonfancypants option and use Slack like everyone in the world does.
|
# ? Mar 20, 2018 07:39 |
EssOEss posted:This does not sound like the sort of usage that requires an end-to-end encrypted security model. If you are not afraid of Slack Inc. misusing your secret communications, go with the popular nonfancypants option and use Slack like everyone in the world does. Yeah that's sort of what I was thinking. I feel like if our threat model is "the university administration, bad actors within the union, and maybe the campus police if we are planning a strike or something", then end-to-end encryption doesn't really do much to help against the threats we would face. But if our threat model is "the full force of the US government, or another state actor who wishes to keep tabs on their activist-y graduate students abroad", then we are screwed anyways because we aren't really trained to have very good cybersecurity practices and also anyone can join the union with basically no scrutiny so a state actor could probably just get an informant on the inside. But I am not a security expert, so what do I know? I'm mostly worried that Keybase will be less user-friendly than Slack due to its nature, and so people just won't use it and we'll be stuck chaotically sending each other text messages and having huge noisy email chains for our organizing.
|
|
# ? Mar 20, 2018 07:50 |
|
yeah it's a good thing intel agencies don't have a history with unions
|
# ? Mar 20, 2018 08:12 |
|
ate all the Oreos posted:wait what is the thing wrong with keepass that everyone suddenly knows about but me the only recent flaw in keepass that i'm aware of is that by default its iteration count is pretty low. but you can change both the algorithm and the iteration count
|
# ? Mar 20, 2018 08:39 |
|
ate all the Oreos posted:as far as i know: what about password safe? it doesn't get mentioned much because honestly it has little in the way of features compared to keepass but i use it because i'm a simpleton and apparently it's not terrible?
|
# ? Mar 20, 2018 11:19 |
|
VikingofRock posted:What is the yospinion on keybase? My teaching assistant union is looking for a way to centralize our online discussions, and I suggested Slack, but a couple of the more tech-minded people in the union think we should use keybase instead since its end-to-end encrypted. to the best of my knowledge so is Cisco spark. if you are a paying customer you can setup a key store where you hold all your keys as well.
|
# ? Mar 20, 2018 11:48 |
|
What is the yospinion on the Chrome password store?
|
# ? Mar 20, 2018 17:41 |
|
|
# ? Jun 8, 2024 01:49 |
|
browser-based password stores are bad and should not be used
|
# ? Mar 20, 2018 17:46 |