|
i can't recommend an online service as that kind of defeats the purpose of not giving a single service access rights over all of your accounts. at the least with a software or hardware manager you're mitigating the risk to physical access and can contain it if exposure attacks became feasible
|
# ? Apr 6, 2018 23:41 |
|
|
# ? Jun 8, 2024 07:35 |
|
Ciaphas posted:thanks, yeah, this affirms what i've learned through googling around for the last hour or so. no specific context in mind, really, i'm just a hopeless neophyte when it comes to security and what I Should Be Doing when the question goes beyond "strong passwords and 2FA are nice" Migrating from LastPass to 1Password is really easy, Google it. Enable MFA. Keep only a physical copy of your access key. Still commit the extremely important/dangerous passwords like your core email and bank only to memory. Potato Salad fucked around with this message at 23:45 on Apr 6, 2018 |
# ? Apr 6, 2018 23:43 |
|
Potato Salad posted:Migrating from LastPass to 1Password is really easy, Google it Is 1Password better regarded than LastPass then? I completely understand where Wiggly Wayne DDS is coming from, but in this case I'm further to the left on the Convenience<---->Security scale than they are, I think.
|
# ? Apr 6, 2018 23:45 |
|
i can't comment on 1password's new online service, but their old service was good and they've had a good approach to security
|
# ? Apr 6, 2018 23:47 |
|
Alright, I'll do that this weekend then. Thanks for humoring me!
|
# ? Apr 6, 2018 23:48 |
|
Ciaphas posted:Is 1Password better regarded than LastPass then? KeepAss and 1 rear end Word are generally more responsible/proactive than lastpass, yes. Now, on the token side, I've sat down with sec researchers who defeat physical tokens you can buy on Amazon for a living, so you have to thoroughly research any solution. Wiggly, I'd actually like to hear of your recommendations on tokens
|
# ? Apr 6, 2018 23:49 |
|
just use a password protected xlsx on ur one drive.
|
# ? Apr 6, 2018 23:51 |
|
BangersInMyKnickers posted:I wish dipshits would stop farting over 3DES on TLS1.0. Its the only thing left that XP/IE6 can support and it isn't broken despite qualys making scary red marks next to it. It's stupid that we live in a world were we have to still consider those clients but well Microsoft kinda hosed us all over on that. keep finding these vulns until use of non-latest browser is made illegal
|
# ? Apr 7, 2018 00:04 |
|
Potato Salad posted:KeepAss and 1 rear end Word are generally more responsible/proactive than lastpass, yes.
|
# ? Apr 7, 2018 00:18 |
|
Shaggar posted:yeah its confusing cause you'd think fips mode would be the greatest. Quoting this cause it's the best
|
# ? Apr 7, 2018 00:34 |
|
Main Paineframe posted:i like how every tweet is signed with the name of the customer service agent who made it so they know exactly who to fire if someone complains, without having to keep track of it themselves if they're using delegated access i'm pretty sure twitter saves the account that made the tweet but if they're amazingly secure they probably just give every intern the password
|
# ? Apr 7, 2018 02:14 |
|
ErIog posted:This reminds me of how Anaconda Cloud very "helpfully" injects a newline when you copy package install commands from a package page to the clipboard so that it auto-executes when you paste it to a terminal. It's one of the dumbest convenience features I've seen. it is also trivially easy to hide commands in the middle of lines of text with css fuckery so that what you think you copy isn’t actually what you paste. always copypaste commands to a text editor first.
|
# ? Apr 7, 2018 05:37 |
|
i sit and type out the command by hand usually. dork alert!!
|
# ? Apr 7, 2018 05:44 |
|
Ciaphas posted:gonna be honest i forgot javascript was even a thing for local processing when i asked. i am the worst computertron toucher and should not be trusted I absolve you of your sins. go, my son, you may touch a computer again.
|
# ? Apr 7, 2018 06:30 |
|
mrmcd posted:A bit late to this, but the pricier model YubiKey will let you upload (or even generate right on the hardware) a keypair you can use for ssh. yeah it 100% involves gpg, but it’s extremely good
|
# ? Apr 7, 2018 14:15 |
|
BangersInMyKnickers posted:Every time I've seen it, it has been because there is some business-critical thing that was abandoned by the creators long ago and they don't feel like paying the money to having it re-developed. lovely old code on commodity hardware makes the world go round. I'm not terribly sympathetic to that position but it exists and plenty of places just decided to accept the risk and live with it. it exists a lot in the military as well. plenty of navy ships were still on xp on almost all of their shipboard workstations in 2013 and there were multiple systems on the ship that ran on standalone NT or 2000 boxes.
|
# ? Apr 7, 2018 14:38 |
|
isn't the US military payroll system still a monolithic cobol application? and over the years they've made multiple attempts to upgrade it at the cost of hundreds of millions of dollars and every single attempt failed? edit: just remembered that the US navy used (still uses?) IRC for vessel and fleet communications. not really a secfuck as it's all on internal servers but still funny
|
# ? Apr 7, 2018 15:06 |
|
Lutha Mahtin posted:i sit and type out the command by hand usually. dork alert!! Same
|
# ? Apr 7, 2018 15:30 |
|
cheese-cube posted:isn't the US military payroll system still a monolithic cobol application? and over the years they've made multiple attempts to upgrade it at the cost of hundreds of millions of dollars and every single attempt failed? secret irc is great. everyone thought i was a wizard since i knew how to skin mirc. i was like nah i was just a nerd in the 90s. but, yeah, it's super good for navy comms. and yeah dfas is still on an ancient cobol mainframe afaik Mr. Nice! fucked around with this message at 15:53 on Apr 7, 2018 |
# ? Apr 7, 2018 15:50 |
|
how do you folks keep up with security news? i follow a few accounts on twitter but i'm not an active user so i don't read them that much. beyond that it's basically this thread and the occasional article that comes up at work.
|
# ? Apr 7, 2018 16:02 |
|
Blinkz0rz posted:how do you folks keep up with security news? Basically twitter, this thread, and colleagues and friends in the industry.
|
# ? Apr 7, 2018 16:18 |
|
Mr. Nice! posted:secret irc is great. everyone thought i was a wizard since i knew how to skin mirc. i was like nah i was just a nerd in the 90s. but, yeah, it's super good for navy comms. i don't post in or really read GiP except for the "Let's Talk About Idiots!" thread where i'm certain i read an amazing story about people loving up on the channels for some fleet during an exercise. also depressing stories about people getting owned simultaneously by dfas and veteran services edit: Blinkz0rz posted:how do you folks keep up with security news? what do you do for a job (if you don't mind me asking)? i personally am not in a direct security role however i like to stay abreast of things so i'm doing basically what you're already doing at the moment. Pile Of Garbage fucked around with this message at 16:42 on Apr 7, 2018 |
# ? Apr 7, 2018 16:36 |
|
Mr. Nice! posted:and yeah dfas is still on an ancient cobol mainframe afaik Lol that mainframe and cobol is more modern than the xp/2000 boxes on the ships.
|
# ? Apr 7, 2018 17:13 |
|
cheese-cube posted:isn't the US military payroll system still a monolithic cobol application? and over the years they've made multiple attempts to upgrade it at the cost of hundreds of millions of dollars and every single attempt failed? every single attempt was successful at spending the money which was the goal
|
# ? Apr 7, 2018 17:52 |
|
Blinkz0rz posted:how do you folks keep up with security news? risky.biz podcast news section. skip the second half
|
# ? Apr 7, 2018 17:56 |
|
Shaggar posted:every single attempt was successful at spending the money which was the goal defense spending in a nutshell the only penalty for blowing the budget or the schedule is getting more money and time
|
# ? Apr 7, 2018 18:06 |
|
Shaggar posted:every single attempt was successful at spending the money which was the goal yes i am aware of the military industrial complex shaggar
|
# ? Apr 7, 2018 18:06 |
|
Cocoa Crispies posted:defense spending in a nutshell no you see it's simply "early operation support" / "capability extension" / "extended protocol testing" "integration facilitation" / "phase/block 2"
|
# ? Apr 7, 2018 18:11 |
|
https://uk.reuters.com/article/uk-u...E96818K20130709quote:"At last count, there were 167 "manual workarounds" for the 40-year-old pay system used by DFAS and all the services except the Marines, he said. As a result, staff members often must write down information from one system, carry it to another office and hand it off to other workers who then manually enter it into other systems - a process called "finger-gapping" that Wallace faults as a further source of errors.
|
# ? Apr 7, 2018 19:23 |
|
Imho similar measures should be encouraged in industry to encourage fraud and decrease accountability
|
# ? Apr 7, 2018 19:30 |
|
when i was in the air force 10+ years ago it was commonly assumed that if you had to go to finance for any reason, they would gently caress up your paycheck somehow
|
# ? Apr 7, 2018 20:08 |
|
cheese-cube posted:i don't post in or really read GiP except for the "Let's Talk About Idiots!" thread where i'm certain i read an amazing story about people loving up on the channels for some fleet during an exercise. also depressing stories about people getting owned simultaneously by dfas and veteran services honestly gip is pretty decent all in all. most of the alt-right types bailed 5 years ago or so and it’s been mostly chill. i’ve had to tell more than one vet goon that, but seriously come on down and join the party.
|
# ? Apr 7, 2018 22:50 |
|
Raere posted:risky.biz podcast news section. skip the second half this is the only podcast i listen to reliably the day it comes out, every week, it's great i'm going to get hate from this thread now, but security now is also good for getting more technical details if you're prepared to skip a lot and can tolerate listening to stebe gibson
|
# ? Apr 7, 2018 23:09 |
|
My PIN is 4826 posted:this is the only podcast i listen to reliably the day it comes out, every week, it's great I’d like to take a moment and talk to you about SpinRite.
|
# ? Apr 7, 2018 23:19 |
|
Raere posted:risky.biz podcast news section. skip the second half they sometimes do have good feature interviews
|
# ? Apr 7, 2018 23:28 |
|
Yeah the feature interviews are p great sometimes. The sponsor interviews you can skip.
|
# ? Apr 8, 2018 00:32 |
|
unethical penetration testing on public infrastructure results in security hole
|
# ? Apr 9, 2018 06:35 |
|
Hahaha - http://www.abc.net.au/news/2018-04-06/porn-displayed-on-screen-at-yagan-square/9625808
|
# ? Apr 9, 2018 06:55 |
|
ElZilcho posted:
Wow someone really put some time into writing that article
|
# ? Apr 9, 2018 07:00 |
|
|
# ? Jun 8, 2024 07:35 |
|
Chalks posted:Wow someone really put some time into writing that article My bad, I linked the photo caption page. Proper link - http://www.abc.net.au/news/2018-04-06/porn-site-pornhub-displayed-on-perth-yagan-square-touchscreen/9624428
|
# ? Apr 9, 2018 07:44 |