|
Cup Runneth Over posted:I trust the report that was linked on the vulnerability that says that the vulnerability has been patched What about other new vulnerabilities being introduced, which is exactly what happened with the first patch?
|
#
?
Mar 28, 2018 15:21
|
|
|
|
| # ? May 20, 2024 18:49 |
|
|
As another poster said, you could say that about literally any patch. It's a pretty meaningless thing to say and has nothing to do with this vulnerability, which was addressed and fixed before you guys even found out about it. Funny as hell but of little impact.
|
|
#
?
Mar 28, 2018 15:27
|
|
|
What if KB42069 trades a known exploit for one that nobody's discovered and leveraged yet 
|
|
#
?
Mar 28, 2018 15:30
|
|
|
Cup Runneth Over posted:As another poster said, you could say that about literally any patch. It's a pretty meaningless thing to say and has nothing to do with this vulnerability, which was addressed and fixed before you guys even found out about it. Funny as hell but of little impact. Ahh I see, you're not bitter at this industry yet, give it time.
|
|
#
?
Mar 28, 2018 15:46
|
|
|
Yeah I'm green as hell
|
|
#
?
Mar 28, 2018 15:52
|
|
|
Potato Salad posted:What if KB42069 trades a known exploit for one that nobody's discovered and leveraged yet Wait I thought this was the whole point of patching.
|
|
#
?
Mar 28, 2018 17:02
|
|
|
ChubbyThePhat posted:Wait I thought this was the whole point of patching. that's my point 
|
|
#
?
Mar 28, 2018 17:07
|
|
|
I know, I just wanted to post and couldn't come up with anything better 
|
|
#
?
Mar 28, 2018 17:12
|
|
|
|
|
#
?
Mar 28, 2018 17:16
|
|
|
Cup Runneth Over posted:Yeah I'm green as hell Give it time. You'll soon discover the fundamental axiom of Info Sec: The most cynical take is the correct one.
|
|
#
?
Mar 28, 2018 18:46
|
|
|
Cup Runneth Over posted:I trust the report that was linked on the vulnerability that says that the vulnerability has been patched We apologise again for the fault in the patch. Those responsible for sacking the people who have just been sacked, have been sacked.
|
|
#
?
Mar 28, 2018 18:58
|
|
|
Powered Descent posted:We apologise again for the fault in the patch. Those responsible for sacking the people who have just been sacked, have been sacked. The sackings will continue until infosec improves.
|
|
#
?
Mar 28, 2018 19:22
|
|
|
New thread title right there
|
|
#
?
Mar 28, 2018 21:32
|
|
|
Kassad posted:The sackings will continue until infosec improves. Every time I hear sacking, I'm picturing a full on 3 step run-up punt to the junk. Which to be fair, the programmers who came up with that patch also need.
|
|
#
?
Mar 28, 2018 23:38
|
|
|
So this might be old news but Boeing just got WannaCry'ed internally and it may impact production https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/
|
|
#
?
Mar 29, 2018 02:15
|
|
|
gently caress’s sake.
|
|
#
?
Mar 29, 2018 02:31
|
|
|
Methylethylaldehyde posted:Every time I hear sacking, I'm picturing a full on 3 step run-up punt to the junk. Which to be fair, the programmers who came up with that patch also need. For me, it's a football term. And I'm sure most of us have wished this commercial was real life at some point https://www.youtube.com/watch?v=RzToNo7A-94
|
|
#
?
Mar 29, 2018 14:18
|
|
|
It.. isn't patched? https://twitter.com/JDCyberSec/status/979417452370112512?s=19
|
|
#
?
Mar 29, 2018 19:00
|
|
|
It's gotten to the point where I don't really care about all these security exploit patches. They'll get applied on a regular basis with the rest of the patches, that's about it. I'm not going to do out of band patching maintenance 3x a month.
|
|
#
?
Mar 29, 2018 19:10
|
|
|
orange sky posted:It.. isn't patched? Lol, sorry guy from earlier who said he had faith MS fixed it. Lol. This loving industry.
|
|
#
?
Mar 29, 2018 19:24
|
|
|
I didn't say I had faith. I said that the link which described and explained the vulnerability and how to do it said that it was fixed in the 2018-03 patch.
|
|
#
?
Mar 29, 2018 19:49
|
|
|
I'm just cynical as poo poo I guess and didn't believe him at all. Especially given the
|
|
#
?
Mar 29, 2018 19:53
|
|
|
CLAM DOWN posted:I'm just cynical as poo poo I guess and didn't believe him at all. Especially given the That early patches were straight up swept off the stage by the clowns from the Amateur Nights at the Apollo.
|
|
#
?
Mar 29, 2018 19:55
|
|
|
Microsoft released a patch for it today https://support.microsoft.com/en-us/help/4100480/windows-kernel-update-for-cve-2018-1038 https://www.catalog.update.microsoft.com/Search.aspx?q=4100480 Here's their article about it https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038
|
|
#
?
Mar 29, 2018 22:32
|
|
|
https://twitter.com/theregister/status/979472597157949440?s=21
|
|
#
?
Mar 29, 2018 22:54
|
|
|
Lol meanwhile a shitload of critical infrastructure was wide open Don't worry about it guys, everything's ok, the world is definitely not gonna be completely hosed when state actors let their pets off the leash
|
|
#
?
Mar 29, 2018 23:30
|
|
|
I know we ain't got a DumpsterFire emoticon yet, but surely we've got one for "slumped above keyboard, banging head on desk/keyboard," right?
|
|
#
?
Mar 30, 2018 01:26
|
|
|
150 million user accounts with email addresses and mostly bcrypt hashed passwords lost by Under Armour's myfitnesspal website: https://www.theverge.com/2018/3/29/17177848/under-armour-myfitnesspal-data-breach-150-million-accounts-security Lost back in Feb, they found out on 25 March but didn't announce until yesterday.
|
|
#
?
Mar 30, 2018 09:39
|
|
|
Tapedump posted:I know we ain't got a DumpsterFire emoticon yet, but surely we've got one for "slumped above keyboard, banging head on desk/keyboard," right? We have 
|
|
#
?
Mar 30, 2018 10:48
|
|
|
Frivolous Sam posted:mostly bcrypt hashed passwords Mostly? 
|
|
#
?
Mar 30, 2018 12:56
|
|
|
Cup Runneth Over posted:Mostly? Cross posting the good answer Lysidas posted:yeah thats p reasonable, after you upgrade to bcrypt there isnt much you can do to the old passwords* and you update users passwords to the newer hasher/params after they log in next, if a user hasnt used the service since you updated the password hashing you will probably have the password stored in the old format still Invalidating the old passwords eventually is the way to go but there's no info on when they switched to bcrypt.
|
|
#
?
Mar 30, 2018 13:36
|
|
|
Cup Runneth Over posted:Mostly? quote:The MyFitnessPal account information that was not protected using bcrypt was protected with SHA-1, a 160-bit hashing function. Volmarias posted:Invalidating the old passwords eventually is the way to go but there's no info on when they switched to bcrypt. They're all invalid now. Frivolous Sam fucked around with this message at 13:40 on Mar 30, 2018 |
|
#
?
Mar 30, 2018 13:37
|
|
|
Frivolous Sam posted:Lost back in Feb, they found out on 25 March but didn't announce until yesterday. This is probably the quickest turnaround for a data breach I've heard of.
|
|
#
?
Mar 30, 2018 17:07
|
|
|
Yeah, it takes that long to get the lawyers to approve the press release.
|
|
#
?
Mar 30, 2018 17:20
|
|
|
Why is the de-facto argument of people who don't care about privacy, "I have nothing to hide"? It's the most tiring conversation to have since literally ever.
|
|
#
?
Mar 30, 2018 22:12
|
|
|
Especially as it’s not true. Any request for them to let you borrow their unlocked phone would be met with resistance.
|
|
#
?
Mar 30, 2018 22:21
|
|
|
Thanks Ants posted:Especially as it’s not true. Any request for them to let you borrow their unlocked phone would be met with resistance. Holy gently caress your new AV lmao
|
|
#
?
Mar 30, 2018 22:21
|
|
|
ChubbyThePhat posted:Why is the de-facto argument of people who don't care about privacy, "I have nothing to hide"? It's the most tiring conversation to have since literally ever. Because they are unthinking and/or stupid. Usually the best answer is to show them something they should have hidden, but that takes effort and is probably illegal in a lot of examples.
|
|
#
?
Mar 30, 2018 22:23
|
|
|
ChubbyThePhat posted:Holy gently caress your new AV lmao Yeah it’s a spicy one
|
|
#
?
Mar 30, 2018 22:24
|
|
|
|
| # ? May 20, 2024 18:49 |
|
|
Thanks Ants posted:Especially as it’s not true. Any request for them to let you borrow their unlocked phone would be met with resistance. "Nothing to hide" meets "keep swiping on their pictures"
|
|
#
?
Mar 31, 2018 00:00
|
|
