|
Mors Principiu Est
|
#
?
Nov 15, 2018 17:31
|
|
|
|
| # ? Jun 8, 2024 22:31 |
|
|
didn't radium end up with a cybersecurity defense contractor after getting the boot
|
|
#
?
Nov 15, 2018 19:15
|
|
|
Grace Baiting posted:airgapped wizsec minister
|
|
#
?
Nov 15, 2018 19:27
|
|
|
dragon enthusiast posted:didn't radium end up with a cybersecurity defense contractor after getting the boot It's ok he changed his passwords to kjs600
|
|
#
?
Nov 15, 2018 19:50
|
|
|
dragon enthusiast posted:didn't radium end up with a cybersecurity defense contractor after getting the boot He was already working for a bank as his day job fyi
|
|
#
?
Nov 15, 2018 21:08
|
|
|
Researchers Created Fake 'Master' Fingerprints to Unlock Smartphones they claim a 76% global unlock rate with these "master key" fingerprints, HOWEVER, it's vice, and they also use a lot of buzzwords like machine learning and neural network, so uh, maybe?
|
|
#
?
Nov 15, 2018 21:12
|
|
|
graph posted:thats on purpose btw exceedingly poor practice appropriate for the secfuck thread. not deactivating a high privilege user account when no longer necessary? for shame. please remediate at once; i take the security of the Something Awful Dot Com forums extremely seriously
|
|
#
?
Nov 15, 2018 21:20
|
|
|
fishmech posted:He was already working for a bank as his day job fyi Hows his shoe game?
|
|
#
?
Nov 16, 2018 00:57
|
|
|
|
|
#
?
Nov 16, 2018 02:44
|
|
|
https://twitter.com/skabooshka/status/1063247809841836037 it's a good read tl;dr: you need to be listed as a "tesla owner" to make more than one post a day on the tesla forums. he called customer support and asked to be made an owner on the forums and support passed that request on to IT...
|
|
#
?
Nov 16, 2018 03:26
|
|
|
FCKGW posted:https://twitter.com/skabooshka/status/1063247809841836037  :
|
|
#
?
Nov 16, 2018 04:10
|
|
|
https://twitter.com/zackwhittaker/status/1063228922618363904
|
|
#
?
Nov 16, 2018 04:48
|
|
|
what is that picture even supposed to be, the magic hand of cybergod opening your radioactive ghost monitor?
|
|
#
?
Nov 16, 2018 14:49
|
|
|
good of them to provide a frontend for all that live data any idea how long this has been available for, or geographics of those affected/countries
|
|
#
?
Nov 16, 2018 14:57
|
|
|
Shame Boy posted:what is that picture even supposed to be, the magic hand of cybergod opening your radioactive ghost monitor? i think its stealing the laptop's soul
|
|
#
?
Nov 16, 2018 15:01
|
|
|
i was looking up a particular SSL cipher suite and stumbled across this site: https://ciphersuite.info/ anyone know if it's any good? it seems useful, you plug in something and it gives you info on it and also tells you if its "recommended" or not, but I'm not really sure what criteria it's using to decide that... e: quote:Where does the data come from? i guess that's legit enough 
|
|
#
?
Nov 16, 2018 17:16
|
|
|
*ahem* 
|
|
#
?
Nov 16, 2018 17:24
|
|
|
https://twitter.com/424f424f/status/1063439301147537408?s=19 April fools comes early this year
|
|
#
?
Nov 16, 2018 18:02
|
|
|
and no one of value was affected
|
|
#
?
Nov 16, 2018 19:24
|
|
|
Shame Boy posted:i was looking up a particular SSL cipher suite and stumbled across this site: Looking through the full listing at https://ciphersuite.info/cs/ I thought it looked okay at first but I've found some quibbles. My understanding here is probably incomplete, but I don't see how it can consider any CBC-using PSK suite "secure" but also dinging every non-PSK suite that has non-ephemeral keys down to "weak". Aren't all PSK suites going to be non-ephemeral unless they use the PSK-DHE key-exchange available in TLS 1.3? As for where the list came from: it's not so much that each cipher has been individually ranked and tagged, so much as an expression of a dozen rules like: - does it have a non-ephemeral key exchange? cap it at "weak" - does it have a criminally weak component like Export DES or MD5? Mark it "insecure" - else does it have a broken component like SHA1, or an insufficiently large keysize? Mark it "weak" - else is it an AEAD algorithm constructed with components not currently believed to be broken (AES, SHA2)? mark it "recommended" - else mark it "secure" As an aside: every single suite on the "recommended" list is an AEAD mode (GCM, CCM, and ChaCha20-Poly1305) because they're well studied and because they define how to integrate your encryption and authentication in a way that's hard for implementers to screw up and introduce timing side channels. In TLS 1.3 every non-AEAD cipher suite is gone, leaving only the following 5:
* TLS_AES_256_GCM_SHA384 * TLS_CHACHA20_POLY1305_SHA256 * TLS_AES_128_CCM_SHA256 * TLS_AES_128_CCM_8_SHA256 TLS 1.3 has also pulled the key-exchange (the "RSA" / "DH" / "ECDHE" / "PSK" etc) and the certificate signature out of the cipher suite, which greatly reduces the combinatorial explosion of terms we have to put into our cipherlist configs. I know that doesn't help us now in a world of TLS 1.2 but it's good to know that in the not-distant future a lot of this garbage gets thrown out and becomes legacy.
|
|
#
?
Nov 16, 2018 20:59
|
|
|
https://www.youtube.com/watch?v=2GtbY1XWGlQ
|
|
#
?
Nov 16, 2018 22:57
|
|
|
twitch plays xss
|
|
#
?
Nov 16, 2018 23:14
|
|
|
there was that time at agdq '14 tassers thought they'd invented arbitrary code execution. it was very weird as they were extending memory manipulation but for videogames, so it needed all new terminology
|
|
#
?
Nov 16, 2018 23:33
|
|
|
not enough talk on the recent bellingcat allegations https://www.bellingcat.com/news/uk-and-europe/2018/11/16/spies-without-borders-fsb-infiltrated-international-visa-system/
|
|
#
?
Nov 17, 2018 01:43
|
|
|
yikes, I use protonmail bc id like to avoid being datamined to hell and the interface/app are Good Enough. I dont want to janitor my own mail server. Im also not really into using a host whose reputation is for catering to turbocreeps (which some of the comments above seem to indicate), so whats a better alternative? I dont mind paying maybe I should just pay for gmail on my personal domain? would they be using my emails for advertising stuff in that case?
|
|
#
?
Nov 17, 2018 01:55
|
|
|
Gsuite doesn't do ads with your emails. Ive been happy with fastmail for my personal email, it's cheap and doesnt feed the beast.
|
|
#
?
Nov 17, 2018 03:02
|
|
|
Ad blockers also don't do ads with your email
|
|
#
?
Nov 17, 2018 03:33
|
|
|
Im not worried about ads being displayed, Im annoyed by a user profile being generated from the contents of my emails. Ad blockers dont (and cant) do anything about that Ill look into fastmail and gsuite, thanks yall!
|
|
#
?
Nov 17, 2018 04:43
|
|
|
The in-chat rickroll was pretty cute.
|
|
#
?
Nov 17, 2018 07:36
|
|
|
Achmed Jones posted:I’m annoyed by a user profile being generated from the contents of my emails. gmail doesn't do this anymore
|
|
#
?
Nov 17, 2018 08:04
|
|
|
Illusive gently caress Man posted:gmail doesn't do this anymore Whats the point of gmail then for google
|
|
#
?
Nov 17, 2018 08:09
|
|
|
stops other people from doing it
|
|
#
?
Nov 17, 2018 08:16
|
|
|
Jabor posted:stops other people from doing it and upselling google drive because nobody wants to delete their old mails or phone photos
|
|
#
?
Nov 17, 2018 09:04
|
|
|
Ulf posted:Looking through the full listing at https://ciphersuite.info/cs/ I thought it looked okay at first but I've found some quibbles. My understanding here is probably incomplete, but I don't see how it can consider any CBC-using PSK suite "secure" but also dinging every non-PSK suite that has non-ephemeral keys down to "weak". Aren't all PSK suites going to be non-ephemeral unless they use the PSK-DHE key-exchange available in TLS 1.3? ulf looking to dethrone bangers in TLS supremacy :P but seriously, very informative. to contribute, i think that ciphersuite.info website is over-emphasising the security of TLS-PSK because it conveniently ignores the implications of performing key exchange in advance using a side-channel that may not necessarily be encrypted or secure. also the site isn't particularly easy to use lol, would be nice if the list included protocol and some indication of whether it's sorted by preference. edit: was trying to think of things that actually use TLS-PSK and the only one i came up with is microsoft lync/skype for business lol Pile Of Garbage fucked around with this message at 11:22 on Nov 17, 2018 |
|
#
?
Nov 17, 2018 11:16
|
|
|
cinci zoo sniper posted:i first read this as lawnmowers and had to double take https://www.youtube.com/watch?v=hmwkNLu0Pzc REVEAL YOURSELF
|
|
#
?
Nov 17, 2018 11:57
|
|
|
spankmeister posted:It's ok he changed his passwords to kjs600 you forgot the needed ! at the end to deal with the new hacker proof one symbol requirements 
|
|
#
?
Nov 17, 2018 12:00
|
|
|
|
|
#
?
Nov 17, 2018 13:15
|
|
|
seems correct, whats the fuckup?
|
|
#
?
Nov 17, 2018 19:37
|
|
|
I feel like Isaac Asimov would have something to say about this. (I'll put the over-under at four sentences before he would use the phrase First Law of Robotics.)
|
|
#
?
Nov 17, 2018 19:56
|
|
|
|
| # ? Jun 8, 2024 22:31 |
|
|
Ulf posted:Looking through the full listing at https://ciphersuite.info/cs/ I thought it looked okay at first but I've found some quibbles. My understanding here is probably incomplete, but I don't see how it can consider any CBC-using PSK suite "secure" but also dinging every non-PSK suite that has non-ephemeral keys down to "weak". Aren't all PSK suites going to be non-ephemeral unless they use the PSK-DHE key-exchange available in TLS 1.3? oh hey I almost missed this post somehow, thanks a bunch for looking into it, you continue to be a solid gold contribution to this thread 
|
|
#
?
Nov 18, 2018 05:52
|
|