|
same but also the next anno game is already announced as 1800
|
#
?
Jan 4, 2019 03:25
|
|
|
|
| # ? May 20, 2024 05:47 |
|
|
lol the wife has a lovely sarnsung WiFi tablet for work and I noticed the clock on the lock screen was wildly wrong and I looked in to it and it supports an NTP Daemon but will only sync if you manually force it there is no scheduler for it
|
|
#
?
Jan 4, 2019 05:23
|
|
|
Wiggly Wayne DDS posted:well this went under the radar https://twitter.com/dragosr/status/1001114342958317568?lang=en
|
|
#
?
Jan 4, 2019 05:50
|
|
|
spankmeister posted:I'm sorry I usually only read dragos tweets if I want to laugh at a crazy person and then feel bad about myself for laughing at a person with obvious mental illness. it's a bit weird because some of the security people i follow online, people who seem to have their heads screwed on straight, sometimes do boost/reshare him. i don't know what to believe anymore 
|
|
#
?
Jan 4, 2019 06:08
|
|
|
Lutha Mahtin posted:it's a bit weird because some of the security people i follow online, people who seem to have their heads screwed on straight, sometimes do boost/reshare him. i don't know what to believe anymore even a broken clock finds a grain
|
|
#
?
Jan 4, 2019 06:16
|
|
|
its probably because outside of his random bursts he's well versed and still a good source? there's a difference between other people's research he's highlighting and the times he's digging into something that isn't there now anyone care about that 7 month old bug in a wifi chipset covering a ton of consumer appliances in the wild with no known public patch yet? the one with a private poc for an unauthed rce?
|
|
#
?
Jan 4, 2019 06:22
|
|
|
i guess i don't know how the security community operates. but these same folks i follow seem generally pretty hip to social issues, and so i sorta assume they know it's not good to directly boost someone who clearly needs a bit of help
|
|
#
?
Jan 4, 2019 06:24
|
|
|
Wiggly Wayne DDS posted:now anyone care about that 7 month old bug in a wifi chipset covering a ton of consumer appliances in the wild with no known public patch yet? the one with a private poc for an unauthed rce? it looks like i might actually buy a home console if it bears fruit tbh.
|
|
#
?
Jan 4, 2019 06:39
|
|
|
Wiggly Wayne DDS posted:its probably because outside of his random bursts he's well versed and still a good source? there's a difference between other people's research he's highlighting and the times he's digging into something that isn't there Yeah I'm sorry I should have looked at it more carefully. Like I said I saw it was dragos and my eyes glazed over and I didn't even see the source. My bad.
|
|
#
?
Jan 4, 2019 08:42
|
|
|
Lutha Mahtin posted:i guess i don't know how the security community operates. I guess you don't know how the security community operates.
|
|
#
?
Jan 4, 2019 10:59
|
|
|
geonetix posted:yes. yes it is. Turns out that no, Chromecast is fine and this is just lovely routers being lovely: https://twitter.com/SwiftOnSecurity/status/1081000904688656386
|
|
#
?
Jan 4, 2019 12:06
|
|
|
http://www.bloomberg.com/news/articles/2019-01-04/hackers-release-personal-data-of-hundreds-of-german-politicians oops
|
|
#
?
Jan 4, 2019 13:34
|
|
|
EssOEss posted:Turns out that no, Chromecast is fine and this is just lovely routers being lovely: https://twitter.com/SwiftOnSecurity/status/1081000904688656386 fyi swift is just an unaccomplished CJ who obsessively tweets about infosec and because of their gimmick they got popular so now they punch above their weight as some kind of authority. consumer routers having UPnP enabled on the WAN interface (or at all) by default: secfuck chomecast having UPnP enabled by default: secfuck hurr: https://twitter.com/SwiftOnSecurity/status/1081003077912719362
|
|
#
?
Jan 4, 2019 13:54
|
|
|
Pile Of Garbage posted:chomecast having UPnP enabled by default: secfuck No, not necessarily. What you say about Switft is true but he does address this - UPnP is a wide-ranging suite of standards and he says Chromecast does not use the "open a port" variant that the lay audience might normally associate with UPnP. Unless he is flat out wrong in his facts, Chromecast is in the clear here. Other uses of UPnP are "media player" features. The Windows "Play To Device" function is UPnP, for example. I bet Chromecast does something in that style (Swift mentions SSDP, which is for finding devices).
|
|
#
?
Jan 4, 2019 14:34
|
|
|
if a device on your internal network asks your router about what other devices on your internal network it can talk to, and your router then decides to open that device up to external connections from anywhere on the internet, it's the router that's the secfuck
|
|
#
?
Jan 4, 2019 14:36
|
|
|
the truth is still that domestic routers are generally terrible even if chromecast wasn't upnping its way onto the world wide web
|
|
#
?
Jan 4, 2019 14:39
|
|
|
clearly a router secfuck, but people messing with peoples chromecasts are on the level of driving down the road with an ir blaster loving with peoples tv settings to demonstrate the insecure nature of window glass or something
|
|
#
?
Jan 4, 2019 15:16
|
|
|
cinci zoo sniper posted:http://www.bloomberg.com/news/articles/2019-01-04/hackers-release-personal-data-of-hundreds-of-german-politicians oops heard about this on the radio this morning. apparently everyone except the nazis got their data released 
|
|
#
?
Jan 4, 2019 15:58
|
|
|
Shame Boy posted:heard about this on the radio this morning. apparently everyone except the nazis got their data released real right there
|
|
#
?
Jan 4, 2019 16:04
|
|
|
https://twitter.com/thegrugq/status/1081191019993915392 (thread)
|
|
#
?
Jan 4, 2019 16:09
|
|
|
Just went to try Windows 2019 for the first time and kicked off Windows updates, hmmm  Hmmmmm  Hmmmmmmm?  HMMMMM  How much did Adobe pay for this poo poo
|
|
#
?
Jan 4, 2019 16:10
|
|
|
Shame Boy posted:heard about this on the radio this morning. apparently everyone except the nazis got their data released does anybody know what timespan the data covers? afd only entered the bundestag in september 2017. i mean, i wouldn’t put it past certain actors to exclude them as they have been getting pretty cozy with them and there are already investigations into shady afd behavior going on
|
|
#
?
Jan 4, 2019 16:22
|
|
|
sadus posted:Just went to try Windows 2019 for the first time and kicked off Windows updates, hmmm flash for chrome and edge are built and distributed by google and microsoft, respectively, so it is just standard and in both (requiring approval to run though)
|
|
#
?
Jan 4, 2019 16:27
|
|
|
"adobe flash player for windows server" is the best worst thing I've heard of all week
|
|
#
?
Jan 4, 2019 16:29
|
|
|
Shame Boy posted:"adobe flash player for windows server" is the best worst thing I've heard of all week well yeah you need it to use the more recent vcenter web interfaces lol
|
|
#
?
Jan 4, 2019 16:37
|
|
|
EssOEss posted:No, not necessarily. What you say about Switft is true but he does address this - UPnP is a wide-ranging suite of standards and he says Chromecast does not use the "open a port" variant that the lay audience might normally associate with UPnP. Unless he is flat out wrong in his facts, Chromecast is in the clear here. UPnP is straight garbage and i thought i was already dead in tyool 2019. i don't care how chomecast uses UPnP, the fact that it uses it at all is a huge loving red flag, even if it apparently "doesn't use it in a bad way." Shame Boy posted:"adobe flash player for windows server" is the best worst thing I've heard of all week it's for RDS sessions, not unusual at all.
|
|
#
?
Jan 4, 2019 16:40
|
|
|
sadus posted:Just went to try Windows 2019 for the first time and kicked off Windows updates, hmmm Its embedded in legacy IE (not edge) for backwards support since Win10 was released. Flash's native updater sucks rear end, doesn't work properly, and MS decided to tell them to gently caress off and are pushing the updates themselves. This is well-documented and generally only of the only good decisions MS has made in the last 5 years.
|
|
#
?
Jan 4, 2019 17:06
|
|
|
Pile Of Garbage posted:UPnP is straight garbage and i thought i was already dead in tyool 2019. i don't care how chomecast uses UPnP, the fact that it uses it at all is a huge loving red flag, even if it apparently "doesn't use it in a bad way." its a large protocol suite designed to do broadcast discovery and happens to have some ability to request port forwards from a upstream NAT. some kind of discovery protocol is a requirement for any kind of soho environment without proper DNS infrastructure. you're tilting at windmills and being an idiot. the problem are the routers enabling the port forward functionality by default, implementing in a shoddy manner, and not updating/supporting their poo poo in the field.
|
|
#
?
Jan 4, 2019 17:10
|
|
|
graph posted:well yeah you need it to use the more recent vcenter web interfaces the most recent versions are html5 and are so much better
|
|
#
?
Jan 4, 2019 17:11
|
|
|
Captain Foo posted:the most recent versions are html5 and are so much better oh it finally came out? which version is it now
|
|
#
?
Jan 4, 2019 17:12
|
|
|
Pile Of Garbage posted:UPnP is straight garbage and i thought i was already dead in tyool 2019. i don't care how chomecast uses UPnP, the fact that it uses it at all is a huge loving red flag, even if it apparently "doesn't use it in a bad way." everything intended for home use uses upnp so this is a battle you lost a long time ago
|
|
#
?
Jan 4, 2019 17:13
|
|
|
graph posted:oh it finally came out? which version is it now html5 client is first available on 6.0u3, mostly feature complete on 6.5, and i think standard on 6.7
|
|
#
?
Jan 4, 2019 17:19
|
|
|
like... what do you want? netbios discovery? I guess they could use mdns but that's not secure either and pretty much none of these discovery protocols ever will be. are you going to advocate home kerb-based auth and service advertisement for ever single home network?
|
|
#
?
Jan 4, 2019 17:19
|
|
|
yes
|
|
#
?
Jan 4, 2019 17:22
|
|
|
I agree that would own
|
|
#
?
Jan 4, 2019 17:26
|
|
|
Captain Foo posted:the most recent versions are html5 and are so much better it still doesn't have all the features of the flash client. also the flash client doesn't work most of the time because of security patches to flash/ie.
|
|
#
?
Jan 4, 2019 17:29
|
|
|
Shaggar posted:also the flash client doesn't work most of the time because of security patches to flash/ie. i only got it to work in recent versions of firefox and realllllly had to shoehorn in security exceptions for it
|
|
#
?
Jan 4, 2019 17:31
|
|
|
still using the vsphere desktop client while we slowly migrate to clod + hyperv
|
|
#
?
Jan 4, 2019 17:33
|
|
|
how they hell do you manage that they lock you out of practically everything unless your vcenter server is old as dirt
|
|
#
?
Jan 4, 2019 17:41
|
|
|
|
| # ? May 20, 2024 05:47 |
|
|
BangersInMyKnickers posted:how they hell do you manage that they lock you out of practically everything unless your vcenter server is old as dirt very carefully
|
|
#
?
Jan 4, 2019 17:42
|
|