|
bring back hayesing
|
# ? Jun 18, 2018 15:52 |
|
|
# ? Jun 9, 2024 01:01 |
|
Krankenstyle posted:are you saying app A can pop over app B?! nah but iOS can pop over everything and so it isn't too uncommon to see system prompts over the app you happen to be using so an app asking for your gmail password can look similar enough to the real prompt that someone might not realize it's the app asking and not core iOS things
|
# ? Jun 18, 2018 15:56 |
|
or a web site doing the asking. there are PoCs out there that look believable
|
# ? Jun 18, 2018 16:03 |
|
lol https://twitter.com/briankrebs/status/1008728266184777729
|
# ? Jun 18, 2018 16:09 |
|
your first mistake was putting the internet in your house
|
# ? Jun 18, 2018 16:22 |
|
Meat Beat Agent posted:your first mistake was putting the internet in your house yeah anyone who's anyone knows the only proper place for the internet is in your butt
|
# ? Jun 18, 2018 16:26 |
|
"When Young first reached out to Google in May about his findings, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices." [inhales deeply] lomarf
|
# ? Jun 18, 2018 16:30 |
|
Meat Beat Agent posted:"When Young first reached out to Google in May about his findings, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices." gently caress google
|
# ? Jun 18, 2018 17:22 |
|
One day we'll all learn that "being on the local network means you're safe" is a dumb concept. But not today
|
# ? Jun 18, 2018 18:23 |
|
what are secgoons using for appsec tools? i found some $$ in our software budget and i'm doing an evaluation of software composition analysis and static analysis tools. super bonus points for cross-ecosystem/language as our software stack covers java, python, ruby, javascript, go, and erlang.
|
# ? Jun 18, 2018 22:50 |
|
Last Chance posted:gently caress google lol but i mean who is surprised that the default mode for browser requests for location is to accept them on any google device
|
# ? Jun 18, 2018 23:17 |
|
Agile Vector posted:lol but i mean who is surprised that the default mode for browser requests for location is to accept them on any google device
|
# ? Jun 18, 2018 23:27 |
|
anthonypants posted:maybe you should check out the android dyp thread some time i legitimately stopped after s but because it was everyone there had stockrom syndrome, but maybe its time for a return
|
# ? Jun 18, 2018 23:32 |
|
Agile Vector posted:lol but i mean who is surprised that the default mode for browser requests for location is to accept them on any google device the chromecast isn't actually providing location it's just providing a list of nearby wifi networks and their signal strengths... ...and then sends it to Google Maps, which triangulates the position using the detailed database of WiFi locations that every location-enabled Google device sends to Google
|
# ? Jun 19, 2018 00:05 |
|
it is partly concerning but also impressive how effective that kind of triangulation is
|
# ? Jun 19, 2018 00:08 |
|
Main Paineframe posted:the chromecast isn't actually providing location also it's providing location in a way arbitrary js running in a browser that can see the chomecast can get it
|
# ? Jun 19, 2018 00:17 |
|
I just had to update the firmware on my electrical outlet to patch security issues, presumably so my appliances don't catch a nasty case of the cryptos or something. Even though it was easy and went off without a hitch I still want to go on record as saying the future is dumb as hell.
|
# ? Jun 19, 2018 02:36 |
|
Wasn’t there something about people bricking smart lightbulbs not too long ago? Bricking. loving. Lightbulbs. I give it 20 years until civilization is destroyed by firmware updates.
|
# ? Jun 19, 2018 03:21 |
|
better than that https://twitter.com/internetofshit/status/999619364541394944
|
# ? Jun 19, 2018 03:29 |
|
mrmcd posted:I just had to update the firmware on my electrical outlet to patch security issues, presumably so my appliances don't catch a nasty case of the cryptos or something. OK but presumably you bought and installed an internet connected outlet?
|
# ? Jun 19, 2018 04:40 |
|
mrmcd posted:I just had to update the firmware on my electrical outlet to patch security issues, presumably so my appliances don't catch a nasty case of the cryptos or something.
|
# ? Jun 19, 2018 09:38 |
|
kind reminder that companies will treat your phone, car, home router, etc also as connected devices and they tend to send more info home than you'd like it's just the term iot that makes it worse
|
# ? Jun 19, 2018 10:31 |
|
even the Samsung tvs that threw everything you said near it back to Samsung comes to mind. its nuts
|
# ? Jun 19, 2018 10:32 |
|
Munkeymon posted:OK but presumably you bought and installed an internet connected outlet? Yeah because I'm a pampered baby who wants to switch on my AC when I leave the office so my apartment is cool and comfortable when I get home. Like the failure mode is my apartment is warm and then I plug my dumb AC into the dumb electrical outlet again.
|
# ? Jun 19, 2018 11:16 |
|
my ac that cost under 500 euros has a clock and a timer feature where I can set when it turns on.
|
# ? Jun 19, 2018 11:21 |
|
mrmcd posted:Yeah because I'm a pampered baby who wants to switch on my AC when I leave the office so my apartment is cool and comfortable when I get home. I like the idea of IoT stuff except that the level of security I would want would probably make them too expensive. Andohz fucked around with this message at 11:28 on Jun 19, 2018 |
# ? Jun 19, 2018 11:24 |
|
mrmcd posted:Yeah because I'm a pampered baby who wants to switch on my AC when I leave the office so my apartment is cool and comfortable when I get home. geonetix posted:kind reminder that companies will treat your phone, car, home router, etc also as connected devices and they tend to send more info home than you'd like
|
# ? Jun 19, 2018 11:37 |
|
evil_bunnY posted:Can you not like use a mechanical 24H timer? We use them for xmas lights and stuff, they work great. Yeah but sometimes I go do things after work and don't come home until later, or travel for a week, etc. Like I said it's not actually necessary, I'm just a big dumb pampered tech baby and it was only like $30 (plus the wifi native smart AC units are like +$150 and all have dogshit reviews).
|
# ? Jun 19, 2018 12:20 |
|
mrmcd posted:Like I said it's not actually necessary, I'm just a big dumb pampered tech baby and it was only like $30 (plus the wifi native smart AC units are like +$150 and all have dogshit reviews).
|
# ? Jun 19, 2018 13:11 |
|
If you're gonna leak national security stuff, at least do the basics of opsec https://motherboard.vice.com/en_us/article/qvn83q/joshua-schulte-cia-vault-7-wikileaks-opsec or the govt will get you on kiddie porn charges while they wait for the treason case to be built
|
# ? Jun 19, 2018 15:27 |
|
Loky11 posted:If you're gonna leak national security stuff, at least do the basics of opsec they learned nothing from reality winner
|
# ? Jun 19, 2018 15:29 |
|
Andohz posted:I like the idea of IoT stuff except that the level of security I would want would probably make them too expensive. become a jtag juggler and hack up others devices?
|
# ? Jun 19, 2018 15:49 |
|
not a secfuck by itself but https://twitter.com/marcan42/status/1009014925493075969 ooooh boy does this bode well, javascript instructions directly on our cpus, the future so bright like nukular hellfire
|
# ? Jun 19, 2018 15:57 |
|
other than the name, what does it have to do with JavaScript?
|
# ? Jun 19, 2018 16:01 |
|
Truga posted:not a secfuck by itself but jazellescript?
|
# ? Jun 19, 2018 16:03 |
|
Subjunctive posted:other than the name, what does it have to do with JavaScript? I think it means like the asm.js optimised stuff that tries to use normal integers rather than JavaScript's native love of double-precision floating point. The "fixed-point" shouldn't have been in that message.
|
# ? Jun 19, 2018 16:11 |
|
Who cares, as long as it makes websites run faster on my device
|
# ? Jun 19, 2018 16:12 |
|
Raere posted:Who cares, as long as it makes websites run faster on my device A processor which is totally incapable of running javascript would do a better job by this metric.
|
# ? Jun 19, 2018 16:13 |
|
MrMoo posted:I think it means like the asm.js optimised stuff that tries to use normal integers rather than JavaScript's native love of double-precision floating point. The "fixed-point" shouldn't have been in that message. it’s also in the description on the site
|
# ? Jun 19, 2018 16:14 |
|
|
# ? Jun 9, 2024 01:01 |
|
MrMoo posted:I think it means like the asm.js optimised stuff that tries to use normal integers rather than JavaScript's native love of double-precision floating point. The "fixed-point" shouldn't have been in that message. It's not asm.js-optimized stuff. Any bitwise operation first converts the float to a 32-bit integer. It does this by lopping off the fractional component, and then setting the rest to be the whole component mod 2^32. That's all this operation does. It could probably be used by a lot of C programs, too.
|
# ? Jun 19, 2018 16:21 |