|
"what do you do to relax" is definitely a more loaded question than most i didn't even mention the person who wrote "furiously masturbate" in the top corner edit: a respectable snipe
|
#
?
Jan 16, 2019 20:49
|
|
|
|
| # ? May 20, 2024 11:50 |
|
|
CRIP EATIN BREAD posted:unfettered write access to a publicly available display seems like a infosec fuckup imho
|
|
#
?
Jan 16, 2019 21:00
|
|
|
rjmccall posted:"what do you do to relax" is definitely a more loaded question than most did someone actually write that? 
|
|
#
?
Jan 16, 2019 21:06
|
|
|
i gather you have no experience dealing with people in security outside of professional environments?
|
|
#
?
Jan 16, 2019 21:09
|
|
|
Loky11 posted:being told "you don't get LGBT issues" while being LGBT myself and growing up not ever talking about it with people outside my close friends is frustrating. Maybe it's a generational thing. Good luck bringing up things on social media. It's just not my style and try maybe, to at least give people the benefit of the doubt. I will too. just as a reminder, i am in the LGBTQ+ community myself and i will not ever speak on behalf of those who are not me. heck i will not even talk on behalf of all lesbians or transgender women because that is not what i am here for (i describe myself as "queer woman" and typically refrain from talking about my being trans because it's irrelevant to who i am daily). it's usually poor form to speak on behalf of the whole community when these matters affect a small subset. we're talking about the treatment of non-men at conferences and not specifically anything else here. i have a problem with infosec because i work in it and have to deal with all sorts of nonsense with it being transphobic, sexist, or just outright ignorance you may get the issues that you face as part of the LGBTQ+ community but your views do not necessitate everyone as a whole. i am not asexual so i never talk on behalf of those who are aces nor am i bisexual so i cannot comment on their challenges either. this is something that should always remain in mind for anyone under our colourful umbrella as it helps not step on toes Lain Iwakura fucked around with this message at 21:13 on Jan 16, 2019 |
|
#
?
Jan 16, 2019 21:10
|
|
|
Shame Boy posted:maybe we should have a queer questions thread explicitly for exploring this poo poo? idk i get why people should put in a little effort to figure stuff out on their own and not expect others to have to explain it to them and all, but sometimes you do genuinely wanna ask / talk it through with others. it's just the security thread isn't the best place, and the yosqueer thread isn't the best place since it's meant to be safe / relaxing... i know a bunch of people were wandering into the yosqueer thread a while ago asking earnestly how they should go about doing [x] better and we kinda shuffled them out since it's not really the place for it, so maybe there should be a place explicitly for it? there's the Great Race Space subforum under D&D that's kind of a dedicated space for these sorts of discussions, a lot of knowledgeable people hang out there, and there's a couple threads set aside for asking questions and stuff. it's pretty slow, though --- also, personal secfuck news: i got an email containing one of my passwords and a blackmail note saying that they hacked my webcam and my facebook, and that if I don't send them eight hundred bucks in bitcoin they'll send nudes of me to all my contacts except I don't have a webcam and my facebook uses a different password. the password they had was an old one that I never use on anything remotely important. so they probably got their hands on passwords from some crappy old forum or something, then decided trying to scam password-reusers with fake blackmail threats was more time-efficient than trying to break into people's accounts directly
|
|
#
?
Jan 16, 2019 21:20
|
|
)
|
in sec news on my end, i am finally starting my years long security orchestration project
|
|
#
?
Jan 16, 2019 21:22
|
|
|
Lain Iwakura posted:in sec news on my end, i am finally starting my years long security orchestration project global rm -rf / job on puppet
|
|
#
?
Jan 16, 2019 21:24
|
|
|
BangersInMyKnickers posted:global rm -rf / job on puppet you have no idea how tempting that is
|
|
#
?
Jan 16, 2019 21:27
|
|
|
Main Paineframe posted:also, personal secfuck news: i got an email containing one of my passwords and a blackmail note saying that they hacked my webcam and my facebook, and that if I don't send them eight hundred bucks in bitcoin they'll send nudes of me to all my contacts yeah those have been going around, i posted a few in the last thread. did it say you have ~UNBRIDLED FANTASY~ 'cuz that's my favorite one 
|
|
#
?
Jan 16, 2019 21:35
|
|
|
Main Paineframe posted:also, personal secfuck news: i got an email containing one of my passwords and a blackmail note saying that they hacked my webcam and my facebook, and that if I don't send them eight hundred bucks in bitcoin they'll send nudes of me to all my contacts Recently this has been a common tactic. They use passwords from leaked dumps that are available all over the internet to make the threat look credibile. It's also a very clever threat because it works on people's shame and most aren't savvy enough to figure how the scam works.
|
|
#
?
Jan 16, 2019 21:44
|
|
|
Loky11 posted:did someone actually write that? i misremembered, it was "rag https://twitter.com/deborahlindseyl/status/1048401891913334785/
|
|
#
?
Jan 16, 2019 21:45
|
|
|
yeah. i got one of those e-mails and it had my password from the lastfm breach. it shook me to my bones 
|
|
#
?
Jan 16, 2019 21:45
|
|
|
spankmeister posted:Recently this has been a common tactic. They use passwords from leaked dumps that are available all over the internet to make the threat look credibile. It's also a very clever threat because it works on people's shame and most aren't savvy enough to figure how the scam works. on top of that all the ones i've gotten set the From header (or similar) to make it look like it was sent from your own account, which they point out multiple times in the text, because obviously you can only do that if you've hacked the account for real!!!
|
|
#
?
Jan 16, 2019 21:48
|
|
|
Lain Iwakura posted:yeah. i got one of those e-mails and it had my password from the lastfm breach. it shook me to my bones oh poo poo that's where they got mine from i bet too, thinking about it that was the last time i used that password...
|
|
#
?
Jan 16, 2019 21:49
|
|
|
rjmccall posted:i misremembered, it was "rag did someone write NEDM? is this from loving 2005?
|
|
#
?
Jan 16, 2019 21:51
|
|
|
if someone wants to send out nude videos of me I’m the one that should be getting paid
|
|
#
?
Jan 16, 2019 21:58
|
|
|
Shame Boy posted:yeah those have been going around, i posted a few in the last thread. did it say you have ~UNBRIDLED FANTASY~ 'cuz that's my favorite one unfortunately not the only part that's amusing is the one where it goes out of its way to assure me that absolutely no one is paying them to do it
|
|
#
?
Jan 16, 2019 22:06
|
|
|
Shame Boy posted:maybe we should have a queer questions thread explicitly for exploring this poo poo? idk i get why people should put in a little effort to figure stuff out on their own and not expect others to have to explain it to them and all, but sometimes you do genuinely wanna ask / talk it through with others. it's just the security thread isn't the best place, and the yosqueer thread isn't the best place since it's meant to be safe / relaxing... i know a bunch of people were wandering into the yosqueer thread a while ago asking earnestly how they should go about doing [x] better and we kinda shuffled them out since it's not really the place for it, so maybe there should be a place explicitly for it? i mean, I'm down with having a specific queer-square alliance thread or whatever where people can come ask questions (because yes the yeerk pool is meant to be for queer folk to talk amongst themselves), but I feel like at that point we'd need an IK just for the queer threads because graph only has so many hours in the day to probe disingenuous morons and I don't want to kill him!
|
|
#
?
Jan 16, 2019 22:09
|
|
|
spankmeister posted:Recently this has been a common tactic. They use passwords from leaked dumps that are available all over the internet to make the threat look credibile. It's also a very clever threat because it works on people's shame and most aren't savvy enough to figure how the scam works. yeah i think it's pretty genius because not everyone is knowledgeable of the fact that password dumps get leaked onto things like pastebin. i know a lot of people who would fall for that kind of thing.
|
|
#
?
Jan 16, 2019 22:14
|
|
|
CRIP EATIN BREAD posted:yeah i think it's pretty genius because not everyone is knowledgeable of the fact that password dumps get leaked onto things like pastebin. i know a lot of people who would fall for that kind of thing. There's a big wave of these apparently because a bunch of people were talking about receiving them in the break room today. one guy was like "there's hundreds of pictures of me in nothing but a harness at Folsom, wtf kind of lame threat is this "
|
|
#
?
Jan 16, 2019 22:15
|
|
|
rjmccall posted:alright, straight white dude here to explain everything and render judgement, be warned im glad you wrote this because everything between the initial tweet and the announcement they're going to not have a con anymore was a mess of barely readable tweet arguments that made it really hard to follow what happened when with who tbh
|
|
#
?
Jan 16, 2019 22:16
|
|
|
RE Symantec IPS vulnerability: I don't think its been properly fixed in the IPS module. I'm seeing evidence in the logs of clients getting popped all over the place (not servers) and the ones that don't throw SEHOP errors have their SONAR module uploading copies of their ccSvcHst process to Symantec for analysis
|
|
#
?
Jan 16, 2019 23:02
|
|
|
Sometimes I'm glad the networks I manage aren't connected to the internet
|
|
#
?
Jan 16, 2019 23:56
|
|
|
CRIP EATIN BREAD posted:unfettered write access to a publicly available display seems like a infosec fuckup imho Well put.
|
|
#
?
Jan 17, 2019 00:43
|
|
|
Raere posted:Sometimes I'm glad the networks I manage aren't connected to the internet that you know of. 
|
|
#
?
Jan 17, 2019 01:04
|
|
|
jit bull transpile posted:graph only has so many hours in the day to probe disingenuous morons i check the report queue often, just mash that button
|
|
#
?
Jan 17, 2019 03:40
|
|
|
BangersInMyKnickers posted:Symantec I found the problem
|
|
#
?
Jan 17, 2019 03:44
|
|
|
Shame Boy posted:yeah those have been going around, i posted a few in the last thread. did it say you have ~UNBRIDLED FANTASY~ 'cuz that's my favorite one when i read about this scam i'm always reminded of the story about when the cia tried to blackmail sukarno with a fake sex film and he thought it was awesome and asked them for copies to send to his friends.
|
|
#
?
Jan 17, 2019 04:03
|
|
|
Wiggly Wayne DDS posted:i gather you have no experience dealing with people in security outside of professional environments? I wasn't going to write anything, but as it's all here so why not. I spent a lot of my early life doing reverse engineering stuff, specifically x86 binary reverse engineering, started with games cracking same as everyone else - I'm not infosec, too old, we didn't really care about networks. Back in the day I was involved with lots of groups on the net doing it, but maybe 10 years ago I backed off because it was so toxic, specifically seeing my transgender friends getting attacked (and it was always them). It's definitely a thing. Still do the odd RE contract to keep my maths in it and I enjoy it, but there is no way I'd be involved with the community again or ever go to a conference.
|
|
#
?
Jan 17, 2019 04:41
|
|
|
sadus posted:the java autoupdater now shows this handy dialog - why yes, don't mind if I do does it also uninstall the ask toolbar it originally shipped with?
|
|
#
?
Jan 17, 2019 05:08
|
|
|
Shame Boy posted:oh poo poo that's where they got mine from i bet too, thinking about it that was the last time i used that password...
|
|
#
?
Jan 17, 2019 05:46
|
|
|
e whoops
Lutha Mahtin fucked around with this message at 05:52 on Jan 17, 2019 |
|
#
?
Jan 17, 2019 05:49
|
|
|
e whoops
|
|
#
?
Jan 17, 2019 05:51
|
|
|
BangersInMyKnickers posted:Symantec says its something in the wild hitting against the IPS engine but it should be resolved with the latest def set. They're not really sure who's doing it or what the payload is, so I suspect its a bandaid fix evil_bunnY fucked around with this message at 08:01 on Jan 17, 2019 |
|
#
?
Jan 17, 2019 07:58
|
|
|
Hexyflexy posted:I wasn't going to write anything, but as it's all here so why not. the post wasn't directed at you, more at any lack of awareness at how a loud portion of the industry acts
|
|
#
?
Jan 17, 2019 08:31
|
|
|
CRIP EATIN BREAD posted:unfettered write access to a publicly available display seems like a infosec fuckup imho who was it that goatse’d the RSA conference tweet wall again?
|
|
#
?
Jan 17, 2019 08:51
|
|
|
just wanted to thank everyone for talking about what happened to Derbycon. my boss shared around the big tearful goodbye notice and I could clearly see the fingerprint of "our mods hosed up, and we would rather implode than admit it" but I could only remember the fuckup at lambdacon, not this whiteboard thing
|
|
#
?
Jan 17, 2019 08:59
|
|
|
Shame Boy posted:lmao i think this is the first time i've seen a company admit you're better off without their product got to get that "java is installed on 9 trillion device, even your car!" count up somehow and making people remove it and add it again would do it
|
|
#
?
Jan 17, 2019 10:52
|
|
|
|
| # ? May 20, 2024 11:50 |
|
|
Main Paineframe posted:except I don't have a webcam and my facebook uses a different password. the password they had was an old one that I never use on anything remotely important. so they probably got their hands on passwords from some crappy old forum or something, then decided trying to scam password-reusers with fake blackmail threats was more time-efficient than trying to break into people's accounts directly remember kids, use a password manager and different randomly generated password for every service you use.
|
|
#
?
Jan 17, 2019 11:27
|
|
