|
also more PW’s came out https://twitter.com/campuscodi/status/1086061689190170624?s=20
|
#
?
Jan 18, 2019 02:41
|
|
|
|
| # ? May 12, 2024 13:46 |
|
|
EMILY BLUNTS posted:YOSPOS › Security Fuckup Megathread - v18.0 - the thread title says “security fuckups” not “insecurity fuckups” Mods, plz do the needful &c. &c.
|
|
#
?
Jan 18, 2019 02:43
|
|
|
EMILY BLUNTS posted:the thread title says “security fuckups” not “insecurity fuckups”
|
|
#
?
Jan 18, 2019 04:04
|
|
|
it won't fit and it would be v17.1, not v18.0 thanks
|
|
#
?
Jan 18, 2019 04:12
|
|
|
anyone going to shmoocon in d/c this weekend? I think I can get a ticket, and if not, I’ll be around for hallwaycon lol
|
|
#
?
Jan 18, 2019 05:21
|
|
|
EMILY BLUNTS posted:the thread title says “security fuckups” not “insecurity fuckups” holy poo poo lmao
|
|
#
?
Jan 18, 2019 06:03
|
|
|
sadus posted:Not a sec-gently caress but on topic as of late, this person SLEEPYCATT had another Minecraft music festival with donations going to the Trevor Project, kind of neat https://minecraft.xxx/. Second festival of theirs I've heard of but there might have been more. Luckily no second life style goons have infiltrated their events yet as far as I know with flying dicks and the like. yeah apparently the mirai guy got rich operating a booter/extortion racket solely for minecraft servers (krebs did a huge exposé on it) that's crazy
|
|
#
?
Jan 18, 2019 06:19
|
|
|
Lain Iwakura posted:it won't fit and it would be v17.1, not v18.0 thanks perhaps code:
|
|
#
?
Jan 18, 2019 07:11
|
|
|
fisting by many posted:yeah apparently the mirai guy got rich operating a booter/extortion racket solely for minecraft servers (krebs did a huge exposé on it) Yep. The biggest DDoS in history was done by Minecraft kids.
|
|
#
?
Jan 18, 2019 08:11
|
|
|
turns out the internet is a piece of poo poo
|
|
#
?
Jan 18, 2019 09:40
|
|
|
EMILY BLUNTS posted:also more PW’s came out jesus loving christ
|
|
#
?
Jan 18, 2019 09:41
|
|
|
meh, its being blown out of proportion
|
|
#
?
Jan 18, 2019 12:11
|
|
|
evil_bunnY posted:do you have some kind of exec logging? some parts of our org are still on Symantec, I’ll ask if they’ve seen crashes. Not at the moment, still waiting on approval for a sysmon rollout. Not sure if it would have given us anything if the heap is being modified in-memory. Hopefully is just some manner of memory leak that’s being inadvertently triggered and overwriting nonsense to the heap but I don’t have confirmation yet.
|
|
#
?
Jan 18, 2019 14:31
|
|
|
EMILY BLUNTS posted:the thread title says “security fuckups” not “insecurity fuckups”
|
|
#
?
Jan 18, 2019 16:14
|
|
|
https://twitter.com/RGB_Lights/status/1086328344327507968 im sure it can be trusted
|
|
#
?
Jan 18, 2019 22:40
|
|
|
Unironically tho, it's gonna be fine.
|
|
#
?
Jan 18, 2019 22:44
|
|
|
https://twitter.com/magen_wu/status/1086394054265458689
|
|
#
?
Jan 18, 2019 23:46
|
|
|
hey. if you're gonna go murdering people... https://www.runnersworld.com/news/a25924256/mark-fellows-runner-hitman-murder/ quote:A British runner, cyclist, and mob hitman has been convicted for the murders of two rival gangsters, in part, because of his GPS watch. Mark “Iceman” Fellows, 39, was found guilty by a jury at Liverpool Crown Court of killing organized crime leader Paul “Mr. Big” Massey and his associate John Kinsella, 55 and 53 at the time of their deaths. Massey and Kinsella were also career criminals, part of a gang scene near Manchester, England, with a reputation known across Europe, according to the Manchester Evening News.
|
|
#
?
Jan 18, 2019 23:52
|
|
|
Nuh uh! Sometimes I use Bing!
|
|
#
?
Jan 18, 2019 23:59
|
|
|
thats one way to set a personal best
|
|
#
?
Jan 19, 2019 00:00
|
|
|
spankmeister posted:Nuh uh! Sometimes I use Bing! only when I forget to change the default search option in vivaldi browser.
|
|
#
?
Jan 19, 2019 00:13
|
|
|
osint is being intellegent about operating systems
|
|
#
?
Jan 19, 2019 00:14
|
|
|
Lain Iwakura posted:hey. if you're gonna go murdering people... not turning off, or only turning off location features intermittently, is a great way to reveal illicit behavior and it never stops being amusing how people trap themselves by their own devices
|
|
#
?
Jan 19, 2019 00:35
|
|
|
Raere posted:osint is being intellegent about operating systems Your Operating System Is Not Trash
|
|
#
?
Jan 19, 2019 00:36
|
|
|
https://kotaku.com/atlas-player-gets-into-admins-account-summons-swarm-of-1831870230 “To be clear this was not caused by a hack, third party program, or exploit. We have taken the appropriate steps to ensure this does not happen again.” aka some admin for a video game reuses his passwords.
|
|
#
?
Jan 19, 2019 00:41
|
|
|
Lain Iwakura posted:hey. if you're gonna go murdering people... good to see the speed running community are still setting new times in Hitman
|
|
#
?
Jan 19, 2019 01:34
|
|
|
Powerful Two-Hander posted:good to see the speed running community are still setting new times in Hitman
|
|
#
?
Jan 19, 2019 03:28
|
|
|
Powerful Two-Hander posted:good to see the speed running community are still setting new times in Hitman awful chavs done quick
|
|
#
?
Jan 19, 2019 05:14
|
|
|
Powerful Two-Hander posted:good to see the speed running community are still setting new times in Hitman
|
|
#
?
Jan 19, 2019 06:37
|
|
|
Powerful Two-Hander posted:good to see the speed running community are still setting new times in Hitman
|
|
#
?
Jan 19, 2019 07:55
|
|
|
Powerful Two-Hander posted:good to see the speed running community are still setting new times in Hitman
|
|
#
?
Jan 19, 2019 08:25
|
|
|
https://twitter.com/11rcombs/status/1086531879178829824 They verify against a PGP key that they download over HTTP. Edit: It gets better, apparently they roll their own PGP implementation too. And they don't think they're doing anything wrong. Carbon dioxide fucked around with this message at 09:02 on Jan 19, 2019 |
|
#
?
Jan 19, 2019 08:58
|
|
|
Carbon dioxide posted:https://twitter.com/11rcombs/status/1086531879178829824 No threat model, no security bug. This is your last warning.
|
|
#
?
Jan 19, 2019 09:07
|
|
|
Celexi posted:No threat model, no security bug. This is your last warning. New thread title? Anyway, the hardcoded key is 1024-bit DSA.
|
|
#
?
Jan 19, 2019 09:08
|
|
|
Carbon dioxide posted:https://twitter.com/11rcombs/status/1086531879178829824 admittedly this went over my head but I find a lot of open source software is rather lax about security. Like brew (the goto osx shell package manager) up until 2017?2016? had you use admin access for installing packages.
|
|
#
?
Jan 19, 2019 09:12
|
|
|
how are you going to install system packages when you're not an admin though? a problem would be those packages not being signed, not the requiring admin access bit.
|
|
#
?
Jan 19, 2019 09:26
|
|
|
quote:No threat model, no security bug. This is your last warning. those VLC guys sure are friendly.
|
|
#
?
Jan 19, 2019 10:20
|
|
|
https://twitter.com/11rcombs/status/1086559891542687744
|
|
#
?
Jan 19, 2019 10:45
|
|
|
security fuckup thread 17.1 - YDGKJFTQDFGQWYFTDUKYWQG loving HELL
|
|
#
?
Jan 19, 2019 10:49
|
|
|
|
| # ? May 12, 2024 13:46 |
|
|
Celexi posted:No threat model, no security bug. This is your last warning. 
|
|
#
?
Jan 19, 2019 10:55
|
|