|
Volmarias posted:This is definitely some kind of gently caress up That is a fuckup on an impressive number of levels, but pretty par for the course. Casino threat models are like 99% physical.
|
#
?
Feb 6, 2019 20:04
|
|
|
|
| # ? May 20, 2024 02:22 |
|
|
looks like they think "physical threat model" is the guy manning their booth at the convention
|
|
#
?
Feb 6, 2019 20:09
|
|
|
Also, lolquote:They even found Atrient's third party contractors (based in India) posting Atrient's source code on Github and asking stack overflow questions about it, an indicator which made it obvious to the researchers that security was not being taken seriously.
|
|
#
?
Feb 6, 2019 20:14
|
|
|
https://www.bleepingcomputer.com/news/security/researcher-declines-to-share-zero-day-macos-keychain-exploit-with-apple/ not disclosing due to lack of bug bounties, ostensibly
|
|
#
?
Feb 6, 2019 21:35
|
|
|
that rules, i'd hold out, too.
|
|
#
?
Feb 6, 2019 21:43
|
|
|
Volmarias posted:This is definitely some kind of gently caress up I wonder if the "researcher's" mother is still in jail.
|
|
#
?
Feb 7, 2019 00:25
|
|
|
"He was also charged with possession of child pornography, an offensive weapon and drugs. He remains overseas." so uh. yeah.
|
|
#
?
Feb 7, 2019 01:26
|
|
|
i was shodan surfing and came across someone with an unsecured NAS that has enormous amounts of personal information on it. i kind of feel like i should contact them and let them know, but i also don't want to creep them out by being some random guy contacting them about computer security. thoughts?
|
|
#
?
Feb 7, 2019 01:53
|
|
|
wipe it
|
|
#
?
Feb 7, 2019 01:58
|
|
|
yoloer420 posted:I wonder if the "researcher's" mother is still in jail. Oh, it's that dude. How the gently caress did he manage to attend a security conference in the UK without being insta-extradited to Australia the moment he touched British soil?
|
|
#
?
Feb 7, 2019 02:56
|
|
|
ugh i seriously don’t get our resistance to run a bounty program across the product line
|
|
#
?
Feb 7, 2019 03:31
|
|
|
rjmccall posted:ugh i seriously don’t get our resistance to run a bounty program across the product line probably because things are not uniformly open-source across the company and different orgs have different legal folks with different positions on this stuff.
|
|
#
?
Feb 7, 2019 03:34
|
|
|
CRIP EATIN BREAD posted:"He was also charged with possession of child pornography, an offensive weapon and drugs. He remains overseas." 
|
|
#
?
Feb 7, 2019 04:25
|
|
|
GWBBQ posted:i was shodan surfing and came across someone with an unsecured NAS that has enormous amounts of personal information on it. i kind of feel like i should contact them and let them know, but i also don't want to creep them out by being some random guy contacting them about computer security. thoughts? the official position of this thread is "do not touch the poop"
|
|
#
?
Feb 7, 2019 04:35
|
|
|
Apparently the February Android update includes a fix for a code execution via PNG vulnerability. Since, you know, surely all Android devices have received their regular monthly security updates by now. (Hey, mine has!) https://threatpost.com/google-patches-critical-png-image-bug/141524/
|
|
#
?
Feb 7, 2019 06:34
|
|
|
yoloer420 posted:I wonder if the "researcher's" mother is still in jail. CRIP EATIN BREAD posted:"He was also charged with possession of child pornography, an offensive weapon and drugs. He remains overseas." the most offensive part of that article is referencing Czechoslovakia. what year is it Australia??
|
|
#
?
Feb 7, 2019 07:17
|
|
|
rjmccall posted:ugh i seriously don’t get our resistance to run a bounty program across the product line It takes a LOT of effort to run a good bounty program, and running a lovely one is a lot worse than not running one at all. I'm sure that's not the reason though 
|
|
#
?
Feb 7, 2019 08:16
|
|
|
yoloer420 posted:I wonder if the "researcher's" mother is still in jail. at least her baby boy is safe in czechoslovakia
|
|
#
?
Feb 7, 2019 08:44
|
|
|
he’s on twitter goin “don’t try to paint me as a bad guy” with the replies being “don’t let them drag you we all make mistakes!” https://twitter.com/xormalware/status/1093269096970534914?s=21 Phone fucked around with this message at 10:53 on Feb 7, 2019 |
|
#
?
Feb 7, 2019 10:49
|
|
|
salted hash browns posted:Like people at Apple had to look at each other and say "Yes we will hand over iCloud encryption keys to a PRC owned organization" for this to happen. Friend, Facebook marketing reps have been literally holding seminars on using data exfiltration loopholes as added value of their ad products. They can burn in hell and are at least as bad.
|
|
#
?
Feb 7, 2019 12:17
|
|
|
GWBBQ posted:i was shodan surfing and came across someone with an unsecured NAS that has enormous amounts of personal information on it. i kind of feel like i should contact them and let them know, but i also don't want to creep them out by being some random guy contacting them about computer security. thoughts? You have no surefire safe way to report this to the owner. Two
|
|
#
?
Feb 7, 2019 12:20
|
|
|
Captain Foo posted:the official position of this thread is "do not touch the poop" Potato Salad posted:You have no surefire safe way to report this to the owner.
|
|
#
?
Feb 7, 2019 16:32
|
|
|
CRIP EATIN BREAD posted:my first programming-related class in community college I had a professor that requested code be printed out and handed in. it was java, and he didn't want comments in the code, emphasized that the code be "self-documenting". people would turn stuff in and he could look at it and immediately say "this doesn't compile". "Self-documenting" code for a homework assignment is basically just encouraging good variable names and structure, but that is the only place it should exist.
|
|
#
?
Feb 7, 2019 17:12
|
|
|
Phone posted:he’s on twitter goin “don’t try to paint me as a bad guy” with the replies being “don’t let them drag you we all make mistakes!” lol ah yes, whomst among us hasnt copped a child pornography charge
|
|
#
?
Feb 7, 2019 19:19
|
|
|
ate poo poo on live tv posted:"Self-documenting" code for a homework assignment is basically just encouraging good variable names and structure, but that is the only place it should exist. well yeah. he was trying to get people to absorb the fact that you should name stuff in a sane way. it was obviously education focused. he also used to tell a story when he was working for some big company where they undertook a huge project. he was the project lead, and they sat in a meeting room and drew up design documents. they had little cards with operations on them all over the wall. they were given something like 6 months to do it. the management kept asking "how much is written" and he kept replying with "nothing yet, still designing". weeks passed. management asked again, "how much is written?", "nothing yet, still design stage". kept going, using humans as virtual actors in the system. management started panicking because nobody was writing code. they used 4 months to do the design phase. development began, and they knocked it out the implementation in a month because all the operations/classes were defined before any code was written. they had a whole month of testing to work with at that point. that story always stuck with me. it's too bad you rarely see that.
|
|
#
?
Feb 7, 2019 19:40
|
|
|
Not China or Facebook news https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/ quote:“This lets Air Canada employees — and anyone else capable of accessing the screenshot database — see unencrypted credit card and password information,” he told TechCrunch.
|
|
#
?
Feb 7, 2019 20:06
|
|
|
chemosh6969 posted:Not China or Facebook news "Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers." so we're just using screenshot to mean every form of recording now???
|
|
#
?
Feb 7, 2019 20:31
|
|
|
what is logging, alex.
|
|
#
?
Feb 7, 2019 21:30
|
|
|
glassbox's selling point is that they take the recorded taps and keystrokes and combine them with a mockup of your app/site to reconstitute what the screen looked like during the session. whether this counts as "screen recording" is a semantic argument so expect it to go on for another five pages
|
|
#
?
Feb 7, 2019 21:37
|
|
|
haveblue posted:glassbox's selling point is that they take the recorded taps and keystrokes and combine them with a mockup of your app/site to reconstitute what the screen looked like during the session. whether this counts as "screen recording" is a semantic argument so expect it to go on for another five pages did you know, log4j can turn your pii into a bomb???
|
|
#
?
Feb 7, 2019 22:00
|
|
|
fishmech posted:"Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers." yeah it’s like “bricked” meaning any inconvenience
|
|
#
?
Feb 7, 2019 22:44
|
|
|
chemosh6969 posted:Not China or Facebook news Annnnd banned https://techcrunch.com/2019/02/07/apple-glassbox-apps/
|
|
#
?
Feb 8, 2019 01:43
|
|
|
Glassbox's response is layered with salt that apple may have just killed their product on ios lolquote:
|
|
#
?
Feb 8, 2019 01:50
|
|
|
Compliant except for that minor "user concent" bit
|
|
#
?
Feb 8, 2019 02:10
|
|
|
apple wants them to use official apple analytics so nobody else can get that sweet, sweet data
|
|
#
?
Feb 8, 2019 02:19
|
|
|
we believe everyone using our spyware should inform users they are being spied on, but uh, that's up to them
|
|
#
?
Feb 8, 2019 02:20
|
|
|
i wonder if in the future, if app stores crack down enough on privacy-invading apps, companies will migrate off apps back to webpages/pwa. especially as mobile apis become more supported in mainstream browsers. ok apple says you're not allowed to record peoples' screens anymore, but you can embed this javascript that will do the same thing and nobody will stop you (provided you're outside the EU)
|
|
#
?
Feb 8, 2019 02:26
|
|
|
Analytics are a loving privacy dumpster fire
|
|
#
?
Feb 8, 2019 02:30
|
|
|
man i love it when marketing at a completely transparently evil company has to try to make themselves sound not-awful  it always feels so uncomfortable, like they don't even believe it themselvessadus posted:Compliant except for that minor "user concent" bit hey now they clearly say they give their customers the option to mask that information so clearly it's on them 
|
|
#
?
Feb 8, 2019 03:14
|
|
|
|
| # ? May 20, 2024 02:22 |
|
|
also i'm the word """"enriched"""" in the 4th paragraph e: and the sentiment of "we don't just spy on you, we spy on you to make lawsuits against you easier!" in the last paragraph that i didn't pick up on until reading it again
|
|
#
?
Feb 8, 2019 03:17
|
|