|
Wiggly Wayne DDS posted:there's a set of locks that are really easy for beginners, i think they call them master locks? lol
|
# ? Jun 4, 2018 01:36 |
|
|
# ? Jun 9, 2024 00:17 |
|
One time I spent like 5 hours reading about padlocks and watching youtube videos about them, and I found the best one but it was a hundred dollars or something. I was going to buy it but I was like, wait I don't need a padlocks for anything.
|
# ? Jun 4, 2018 01:50 |
|
Mr.Radar posted:lol, im sure this will work well: A Case for Safe Eval. tl;dr: im too lazy to write a proper dsl so i'll just use this magic regex to "sanitize" the input to the js eval() function instead.
|
# ? Jun 4, 2018 01:56 |
|
bob dobbs is dead posted:get an easier progressive lock. but not a transparent one. you can get a pin lock with two tumblers if you're willing to pay you can make your own progressive set if you can carefully disassemble an off the shelf cylinder.
|
# ? Jun 4, 2018 02:51 |
|
On that note is there a set of picks people recommend when practicing?
|
# ? Jun 4, 2018 04:08 |
|
ErIog posted:I had to do this last year to chase down something stupid a previous sysadmin did in order to prove something wasn't malicious during an audit. Yeah, I ended up getting a user ID that issued the job and it was some disk cleanup script that they decided to start running. I'm going to dump Sysmon on every single server in the environment so this isn't an issue again. It's a bit poo poo that this thing doesn't dump a log file somewhere of what commands came through it. Sure you could clean that up after yourself, but no logging by default seems ill-advised. BangersInMyKnickers fucked around with this message at 14:46 on Jun 4, 2018 |
# ? Jun 4, 2018 14:41 |
|
anthonypants posted:jesus christ This reminds me of a charity website where the amount you were pledging was calculated as eval(document.getElementById('amount').value+" * "+document.getElementById('value').value)
|
# ? Jun 4, 2018 15:14 |
|
that sort of thing is very common
|
# ? Jun 4, 2018 15:15 |
|
you'll be surprised to learn this was not an android, but instead, https://twitter.com/laforgia_/status/1003619629355413504
|
# ? Jun 4, 2018 17:05 |
|
I cannot believe this Corporate Zero Privacy Phone has Zero Privacy
|
# ? Jun 4, 2018 17:11 |
|
BangersInMyKnickers posted:I cannot believe this Corporate Zero Privacy Phone has Zero Privacy i think the takeaway is that said zero privacy phone is utilizing apis that were supposed to have been closed years ago
|
# ? Jun 4, 2018 17:24 |
|
no, the APIs for native apps are different from the platform APIs
|
# ? Jun 4, 2018 17:35 |
|
Subjunctive posted:no, the APIs for native apps are different from the platform APIs not sure what your point is, here
|
# ? Jun 4, 2018 17:54 |
|
Rex-Goliath posted:not sure what your point is, here the APIs that were supposed to be closed off in 2014 are different from the APIs in question here. afaik there was never any impetus to close off the wire APIs the BlackBerry app uses, because it would also have disabled the iOS and Android apps
|
# ? Jun 4, 2018 17:57 |
|
ZeusCannon posted:On that note is there a set of picks people recommend when practicing? every recommendation from toool is good https://toool.us/ (tremendous twelve tookit)
|
# ? Jun 4, 2018 18:24 |
|
literally a non story, the facebook app you give your credentials to can access whatever it wants. surprise? if you log into the Facebook dot com you can also see it pull information about you and your friends LIVE and render it ON YOUR SCREEN for some kind of timeline... 😱😱😱
|
# ? Jun 4, 2018 18:24 |
|
Daman posted:literally a non story, the facebook app you give your credentials to can access whatever it wants. surprise? i think they should have mentioned that they had 295k direct-contacts if that were the case
|
# ? Jun 4, 2018 18:27 |
|
i mean correct me if i'm wrong but i thought the whole 'friend of a friend' stuff was supposed to have been closed off a while ago, right?
|
# ? Jun 4, 2018 18:38 |
|
this isn’t the platform APIs used by Cambridge. this is (roughly) the set of APIs used by the Facebook apps themselves
|
# ? Jun 4, 2018 19:23 |
|
why does that give you friend-of-a-friend info though?
|
# ? Jun 4, 2018 20:27 |
|
public profile information found through friend-visible links, if I had to guess
|
# ? Jun 4, 2018 20:29 |
|
sure but it shouldn't immediately slurp those 526k contacts down, should it?
|
# ? Jun 4, 2018 20:34 |
|
well, FB provides address book integration on different OSes. I’m pretty sure the in-house variants for iOS and Android only did the friends list, but if Blackberry hosed up then they could have been pulling transitively either on purpose or by accident. their testing was bad enough that “an extra 500K contacts in the list” could plausibly have escaped their notice I wanted to kill that app the whole time I was there because it was such a lovely experience, but the contracts had long clocks on them
|
# ? Jun 4, 2018 20:40 |
|
what's stopping someone from reverse engineering those apis to pull contact data. you'd probably say "monitoring" but they were able to grab 500k more contacts than they should so thats clearly a lie
|
# ? Jun 4, 2018 20:41 |
|
nothing, if they have the user’s credentials. same as with any API, any game, etc. you can’t authenticate the identity of client software, just the user credentials. all the rest is client-side data, lost before the fight began
|
# ? Jun 4, 2018 20:45 |
|
Speaking of different APIs is missing the forest for the trees. The point is that Facebook gave the public the impression they were disabling sharing of your deep details for 3rd parties - yet here we see just that happening. Sure, there may be reasons for it from Facebook perspective and they might never have explicitly said they would turn off this path but it seems rather disingenuous of them to treat access to personal info differently for "platform" and "other" 3rd party companies.
|
# ? Jun 4, 2018 20:53 |
|
this is collection of publicly available information, rather than “deep details”, as far as I’ve read, but I admit that I haven’t read very far
|
# ? Jun 4, 2018 20:56 |
|
sometimes i feel like i'm paranoid about my data privacy but then something like this comes along that i'd never even considered
|
# ? Jun 4, 2018 22:25 |
|
anthonypants posted:you'll be surprised to learn this was not an android, but instead, https://twitter.com/laforgia_/status/1003619629355413504 wow, the blackberry finally has a niche
|
# ? Jun 4, 2018 22:36 |
|
on the topic of phone forensics, guess what owns insanely hard https://twitter.com/lorenzoFB/status/1003749479441412096
|
# ? Jun 4, 2018 22:36 |
|
Bulgogi Hoagie posted:on the topic of phone forensics, guess what owns insanely hard
|
# ? Jun 4, 2018 22:43 |
|
anthonypants posted:ahh that must be why i got a "you need to unlock your phone to use accessories" popup when i plugged my phone in at work this morning that's the seven day limit that's already been implemented kicking in, but apparently they're taking a step further in the next update
|
# ? Jun 4, 2018 22:44 |
|
Bulgogi Hoagie posted:on the topic of phone forensics, guess what owns insanely hard rip feds
|
# ? Jun 4, 2018 22:46 |
|
Bulgogi Hoagie posted:that's the seven day limit that's already been implemented kicking in, but apparently they're taking a step further in the next update
|
# ? Jun 4, 2018 22:47 |
|
that’s excellent
|
# ? Jun 4, 2018 22:58 |
|
Bulgogi Hoagie posted:on the topic of phone forensics, guess what owns insanely hard
|
# ? Jun 4, 2018 23:05 |
|
You know I have to wonder if there's not some kind of bypass for that because they have some kind of jailbreak to run their code and they're already bypassing the pin counters anyway.
|
# ? Jun 4, 2018 23:06 |
|
iirc the way the current ios pin enumeration works is by interrupting the 10x and you're out policy by killing the power to reset the counter. this is separate from law enforcement agencies having magic boxes that they plug your phone into and it basically does an entire dump of the phone including stuff that isn't accessible in user space. 1 hour USB timer throws a wrench in both, i think
|
# ? Jun 4, 2018 23:12 |
|
|
# ? Jun 9, 2024 00:17 |
|
like someobdy in that twitter thread, i also wonder how this affects wiping / factory resetting a phone is the phone now a brick if you forget the passcode and dont have the "wipe phone after 10 attempts" thing turned on?
|
# ? Jun 4, 2018 23:37 |