|
Phone guys are the worst
|
#
?
May 9, 2018 21:54
|
|
|
|
| # ? May 28, 2024 09:40 |
|
|
Thanks Ants posted:Phone guys are the worst Printers < Time < Phones
|
|
#
?
May 10, 2018 19:23
|
|
|
lmfao https://twitter.com/klout/status/994634099431165952?s=19 Subtle
|
|
#
?
May 10, 2018 21:38
|
|
|
whoops. lost my business model.
|
|
#
?
May 10, 2018 23:44
|
|
|
What on Earth is/was Klout?
|
|
#
?
May 11, 2018 04:58
|
|
|
Absurd Alhazred posted:What on Earth is/was Klout?
|
|
#
?
May 11, 2018 05:04
|
|
|
anthonypants posted:You gave it access to your social media platforms and it would say you're really influential on things you posted about and then they let #brands contact you to give you free things in order for you to most more about #brands The "getting all your personal data for marginal utility so we can sell it at profit" model isn't always a unicorn, apparently.
|
|
#
?
May 11, 2018 05:11
|
|
|
Absurd Alhazred posted:The "getting all your personal data for marginal utility so we can sell it at profit" model isn't always a unicorn, apparently.
|
|
#
?
May 11, 2018 15:19
|
|
|
anthonypants posted:No, it's shutting down because of GDPR. Lots of internet services are going to shut down on May 25. Is anything actually good getting shut down?
|
|
#
?
May 11, 2018 19:45
|
|
|
astral posted:Is anything actually good getting shut down?
|
|
#
?
May 11, 2018 20:38
|
|
|
|
|
#
?
May 12, 2018 02:47
|
|
|
Do people have a preferred ACME client for IIS?
|
|
#
?
May 12, 2018 15:24
|
|
|
Thanks Ants posted:Do people have a preferred ACME client for IIS? Good question. I've been meaning to look into exactly that as I'd like to use a Let's Encrypt certificate with NPS.
|
|
#
?
May 12, 2018 15:27
|
|
|
I use the win-simple client: https://github.com/PKISharp/win-acme
|
|
#
?
May 12, 2018 21:46
|
|
|
https://twitter.com/MalwareTechBlog/status/995340443607973893
|
|
#
?
May 13, 2018 02:06
|
|
|
Still hosed up that that British newspaper thought it was cool to casually doxx him for saving everyone's collective asses.
|
|
#
?
May 13, 2018 02:09
|
|
|
Still hosed up that at the time, no one knew what registering those domains would do, especially including that guy, but the ends justify the means so people continue to spread the idea that he saved everyone's collective asses.
|
|
#
?
May 13, 2018 02:12
|
|
|
It's less "the ends justify the means" and more "hindsight is 20/20." He did save everyone's asses, that's a stone cold fact. Nothing bad happened to anyone except the malware dev as a result of what he did. It was a rash decision in hindsight, but that doesn't make it hosed up that people lauded him for it. It's simply worth noting that registering the domain could have done something way worse than disabling it, like irretrievably delete everyone's data. Do you believe he deserved to be doxxed for making that decision?
|
|
#
?
May 13, 2018 02:20
|
|
|
Cup Runneth Over posted:It's less "the ends justify the means" and more "hindsight is 20/20." He did save everyone's asses, that's a stone cold fact. Nothing bad happened to anyone except the malware dev as a result of what he did. It was a rash decision in hindsight, but that doesn't make it hosed up that people lauded him for it. It's simply worth noting that registering the domain could have done something way worse than disabling it, like irretrievably delete everyone's data.
|
|
#
?
May 13, 2018 02:30
|
|
|
Is he employed
|
|
#
?
May 13, 2018 02:39
|
|
|
anthonypants posted:I said he's not Malware Jesus. I didn't say he deserved to be doxxed. Ok cool, so we agree that what I referenced is hosed up and what you referenced isn't hosed up. I also agree that he's not Malware Jesus, but it's not like he shot a dog in order to deactivate WannaCry.
|
|
#
?
May 13, 2018 02:53
|
|
|
That would have been pretty hosed up if he had shot a dog. Not even sure how that would work to stop ransomware from spreading.
|
|
#
?
May 13, 2018 03:47
|
|
|
I imagine it would be some SAW-like scenario where the distorted voice of the malware's creator informs him that a chip in the dog monitors its vital signs and communicates with the virus to stop it from spreading if it dies. It would be super hosed up.
|
|
#
?
May 13, 2018 04:13
|
|
|
That malware tech guy shot a dog for no reason? Pretty hosed up if true.
|
|
#
?
May 13, 2018 04:52
|
|
|
Cup Runneth Over posted:It's simply worth noting that registering the domain could have done something way worse than disabling it, like irretrievably delete everyone's data. We should not live in a society of fear. If you suspect you can make the world a better better place by registering a domain, please do so, even if there is a chance it might work out the other way. There is far too much fearmongering in information security and seeing the world in absolutes.
|
|
#
?
May 13, 2018 14:33
|
|
|
EssOEss posted:We should not live in a society of fear. If you suspect you can make the world a better better place by registering a domain, please do so, even if there is a chance it might work out the other way. There is far too much fearmongering in information security and seeing the world in absolutes. Fearmongering... right, that’s what it was. LOL
|
|
#
?
May 13, 2018 22:36
|
|
|
If you uncover a domain that is being used in malware code then how much more time would it take up to try and figure out what it does before just YOLO-ing a registration?
|
|
#
?
May 13, 2018 22:48
|
|
|
Thanks Ants posted:If you uncover a domain that is being used in malware code then how much more time would it take up to try and figure out what it does before just YOLO-ing a registration? Exactly this. Malwarebytes tripped all over himself to register it before trying to analyze what throwing up a domain that resolves, but does nothing in response to C&C queries would cause the malware to do. He got extremely lucky this particular piece turned out to be half-baked in terms of its anti-analysis countermeasures.
|
|
#
?
May 13, 2018 22:52
|
|
|
I’m more a shoot first ask questions later kinda guy
|
|
#
?
May 13, 2018 23:32
|
|
|
Never tell me the odds
|
|
#
?
May 14, 2018 00:12
|
|
|
All's well that ends well?
|
|
#
?
May 14, 2018 01:33
|
|
|
Uhh, is this as bad as it sounds? https://arstechnica.com/information-technology/2018/05/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now/ quote:The Internet’s two most widely used methods for encrypting e-mail--PGP and S/Mime--are vulnerable to hacks that can reveal the plaintext of encrypted messages, a researcher warned late Sunday night. He went on to say there are no reliable fixes and to advise anyone who uses either encryption standard for sensitive communications to remove them immediately from e-mail clients. https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
|
|
#
?
May 14, 2018 07:10
|
|
|
That's loving bad
|
|
#
?
May 14, 2018 07:31
|
|
|
Boris Galerkin posted:https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now "Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email." That makes it sound like the vulnerability is in the decryption step? That sounds more like an implementation flaw ("oops, this popular program re-uses a memory buffer and will accidentally send out your private key the next time it sends a HELO"), but they seem to be saying this affects all PGP software, not PopularPGPPlugin versions 3.2 through 4.5. I'll be really interested to see what the heck this turns out to be.
|
|
#
?
May 14, 2018 07:35
|
|
|
Ah, lovely. A bug where the result is encryption being so broken the workaround is to send things in plaintext because you're hosed anyways.
|
|
#
?
May 14, 2018 08:31
|
|
|
GnuPG who weren't contacted by the original team but have seen the paper hath spoken... https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html The EmbargoFAIL website is now up.... http://email.de Pablo Bluth fucked around with this message at 11:14 on May 14, 2018 |
|
#
?
May 14, 2018 09:55
|
|
|
Boris Galerkin posted:Uhh, is this as bad as it sounds? No VVV Nothing wrong with OpenPGP / GnuPG specifically but with broken MUAs and html email. VVV lmao Storm One fucked around with this message at 12:00 on May 14, 2018 |
|
#
?
May 14, 2018 11:22
|
|
|
In which a "security researcher" tells a vendor to keep quiet about something. And in case he deletes it, one of the freebsd developers and former security officers screencapped it:  Pablo Bluth posted:The EmbargoFAIL website is now up.... BlankSystemDaemon fucked around with this message at 11:57 on May 14, 2018 |
|
#
?
May 14, 2018 11:53
|
|
|
My dumbass take is that's it's a very real concern for people facing adversarial third parties, but it's not like they've opened pandora's chest.
|
|
#
?
May 14, 2018 13:16
|
|
|
|
| # ? May 28, 2024 09:40 |
|
|
Benign 3rd parties have never really been much of a problem in security.
|
|
#
?
May 14, 2018 14:05
|
|
