|
someone compromised an email provider's primary and backup servers, formatted them, and destroyed 20 years of data. the company apparently had no cold storage backups. https://arstechnica.com/information...ZigasqormT3brUE
|
#
?
Feb 13, 2019 01:15
|
|
|
|
| # ? Jun 12, 2024 14:26 |
|
|
Blinkz0rz posted:tbh i don't like apples 2fa implementation because afaik you can't assign a primary device so if you have a whole bunch of apple devices it's a crapshoot as to which one to auth from Apple does have the advantage over standard TOTP by showing you a map of where the login attempt is coming from before showing you the OTP code
|
|
#
?
Feb 13, 2019 01:40
|
|
|
Blinkz0rz posted:tbh i don't like apples 2fa implementation because afaik you can't assign a primary device so if you have a whole bunch of apple devices it's a crapshoot as to which one to auth from how do you teach a billion people to totp on their phone that they’re setting up for the first time with no other computer access?
|
|
#
?
Feb 13, 2019 01:41
|
|
|
i get why it exists the way it does i just want something a little more standardized than having to have my apple device with me whenever i need to login
|
|
#
?
Feb 13, 2019 01:43
|
|
|
our internal 2fa is just totp afaik fwiw lol iiuc jfc fubar ftw
|
|
#
?
Feb 13, 2019 02:26
|
|
|
GWBBQ posted:someone compromised an email provider's primary and backup servers, formatted them, and destroyed 20 years of data. the company apparently had no cold storage backups. This is wild
|
|
#
?
Feb 13, 2019 02:32
|
|
|
GWBBQ posted:someone compromised an email provider's primary and backup servers, formatted them, and destroyed 20 years of data. the company apparently had no cold storage backups. did them a favour really, 20 years of data is a GDPR nightmare
|
|
#
?
Feb 13, 2019 02:43
|
|
|
GWBBQ posted:someone compromised an email provider's primary and backup servers, formatted them, and destroyed 20 years of data. the company apparently had no cold storage backups. somebody wanted that provider eradicated, impressive.
|
|
#
?
Feb 13, 2019 03:23
|
|
|
even keeping 20 years of data seems like a gross ediscovery liability. did them a favor
|
|
#
?
Feb 13, 2019 04:17
|
|
|
Diva Cupcake posted:did themselves a favor
|
|
#
?
Feb 13, 2019 04:23
|
|
|
Blinkz0rz posted:i get why it exists the way it does i just want something a little more standardized than having to have my apple device with me whenever i need to login that seems pretty standardized imo
|
|
#
?
Feb 13, 2019 04:33
|
|
|
this isn't a secfuck on its own but may be setting up some people for one with the list of trustworthy tlds: yup, definitely never seen bullshit hosted on a .org or .com
|
|
#
?
Feb 13, 2019 04:58
|
|
|
Diva Cupcake posted:even keeping 20 years of data seems like a gross ediscovery liability. the gently caress is this nonsense people are paying you to hold onto their email however long they want it, it's not the email host's responsibility to act like everyone is a crimed up business account
|
|
#
?
Feb 13, 2019 05:02
|
|
|
Good Sphere posted:
It's loving stupid. It's a straight up suit that "omg this security improving thing makes my life slightly harder let's sue", that's awful. Good secure UX is hard, suing because you have to hit a few more buttons is embarrassing and doesn't help. If they won (which they won't) it would set one hell of a counter productive precedence.
|
|
#
?
Feb 13, 2019 07:44
|
|
|
Diva Cupcake posted:even keeping 20 years of data seems like a gross ediscovery liability. did you know... gmails holding like 15 years of email by now???????
|
|
#
?
Feb 13, 2019 07:50
|
|
|
that's one way to get to inbox zero
|
|
#
?
Feb 13, 2019 09:36
|
|
|
Jeoh posted:that's one way to get to inbox zero 
|
|
#
?
Feb 13, 2019 15:00
|
|
|
Jeoh posted:that's one way to get to inbox zero Yikes
|
|
#
?
Feb 13, 2019 15:45
|
|
|
apseudonym posted:It's a straight up suit that "omg this security improving thing makes my life slightly harder let's sue", that's awful. the security improvements to windows vista were necessary and it was just that kind of thinking made people reject them outright My job is to make ordinary people act like they aren't trying to actively compromise their own security on an hourly basis. It's just not possible to make "a typical user" give a gently caress about security. A toddler in an abandoned amusement park has better survival instincts.
|
|
#
?
Feb 13, 2019 17:12
|
|
|
i got a low-effort spam message today from an email address at "gmayl dot com" which I thought was quite 
|
|
#
?
Feb 13, 2019 17:41
|
|
|
lol https://twitter.com/surferdave_sec/status/1095320679803686912
|
|
#
?
Feb 13, 2019 17:53
|
|
|
idgi
|
|
#
?
Feb 13, 2019 18:31
|
|
|
 .....well, YOLO I guess.
|
|
#
?
Feb 13, 2019 18:32
|
|
|
|
|
#
?
Feb 13, 2019 18:39
|
|
|
I guess there's info disclosure there? although I can't spot what it is, all I see are internal IPs and half of an aws subdomain
|
|
#
?
Feb 13, 2019 19:31
|
|
|
oh hey that dave keene dude's in indiatlantic, i used to live right across the river from that place years ago, neato also i just found out that if you click where someone lives on twitter it takes you to a list of tweets from people who presumably also have that listed as their city so i got a nice shotgun blast to the face of garbage trump opinions coming from people i probably passed at the grocery store or w/e, thanks twitter
|
|
#
?
Feb 13, 2019 19:37
|
|
|
also more in line with this thread, this dude who loves him some smart homes: https://twitter.com/skofarrell/status/1093941092574203908 https://twitter.com/skofarrell/status/1093945767243497474 https://twitter.com/skofarrell/status/1093949552112082945
|
|
#
?
Feb 13, 2019 19:45
|
|
|
curse security teams that blindly forward security scanner reports to vendors demanding urgent fixes v important to address a BIND DoS vector for a container image that (a) never runs BIND and (b) doesnt even have BIND installed, but does have the BIND license in /usr/share/doc, because the centos image includes it for some reason
|
|
#
?
Feb 13, 2019 20:09
|
|
|
Shame Boy posted:i got a low-effort spam message today from an email address at "gmayl dot com" which I thought was quite i used to worry that people would think I had an email address of "@hotmale.com" and was super arrogant so I was quite glad when they changed the name to outlook also gently caress lol at this: quote:A Web cache shows that VFEmail was founded in 2001 in response to the ILOVEYOU virus that infected tens of millions of Windows computers all around the world a year earlier. The virus got its name because it was transmitted in emails with the subject “I love you.” The service aimed to offer a better email experience by scanning messages for malware on the server. "instead of having our eggs in one basket, we have a load balanced network of baskets that your eggs are distributed amongst. what do you mean 'but are they in the same henhouse'?"
|
|
#
?
Feb 13, 2019 20:50
|
|
|
Jeff atwood backup on the vm itself
|
|
#
?
Feb 13, 2019 20:57
|
|
|
flakeloaf posted:the security improvements to windows vista were necessary and it was just that kind of thinking made people reject them outright UAC is a case study in how not to do security UX
|
|
#
?
Feb 13, 2019 21:13
|
|
|
apseudonym posted:UAC is a case study in how not to do security UX
|
|
#
?
Feb 13, 2019 21:15
|
|
|
mystes posted:Vista UAC was intentionally designed to suck because its purpose was to get developers to change their software. That went well
|
|
#
?
Feb 13, 2019 21:21
|
|
|
apseudonym posted:That went well It did
|
|
#
?
Feb 13, 2019 21:27
|
|
|
Everyone hated vista but it did achieve the desired result, so yeah.
|
|
#
?
Feb 13, 2019 21:29
|
|
|
microsoft was willing to burn a major release to get people to fix their lovely code
|
|
#
?
Feb 13, 2019 21:54
|
|
|
basically yeah. same for drivers, everyone blamed ms but it really just highlighted what an absolute pile of garbage most drivers were. like who remembers reinstalling gpu drivers multiple times a year because they'd always gently caress up? I can't remember the last time I had to do that printer drivers are still shite though
|
|
#
?
Feb 13, 2019 22:09
|
|
|
duz posted:microsoft was willing to burn a major release to get people to fix their lovely code and it god-drat worked too 7 wasn't even too different from vista but a different name and simply existing after the bandaid was ripped off did wonders for its image Powerful Two-Hander posted:printer drivers are still shite though everything about printers is hell-garbage from satan's rear end in a top hat and are a major reason I'm glad I'm not in IT anymore BattleMaster fucked around with this message at 22:16 on Feb 13, 2019 |
|
#
?
Feb 13, 2019 22:13
|
|
|
I think I've already talked about this, but in pre-UAC windows XP, I solved the issue on my dad's computer by giving him two accounts: a regular user account for everyday use, and an administrator account I named "setup". when he needed to install applications, he switched to the "setup" account. that alone kept him 100% clean and safe for years *without an antivirus* that said, UAC is extremely good and well thought out. it introduced a whole UI lexicon and syntax around privileged operations, *and* internally it's true privilege elevation, not "do as super user", which isn't privilege elevation, it's impersonating a privileged user with all that it entails. the only thing that doesn't make sense is showing the confirmation dialog on a secure desktop, because UI privilege separation would be sufficient to protect the dialog from unprivileged processes, and even with secure desktop you can "click" the buttons from an rdp connection to the current session, so it's just pointless inconvenience (if you really care about security, use a regular user account but also create a local admin, and UAC will act as runas instead, which compartmentalizes better) I had no issue with UAC in windows vista and I have no idea what people did that triggered it so often. the gently caress were y'all doing all day, copying titty jpegs to a secret stash in the printer drivers directory?
|
|
#
?
Feb 13, 2019 22:23
|
|
|
|
| # ? Jun 12, 2024 14:26 |
|
|
Shame Boy posted:also more in line with this thread, this dude who loves him some smart homes: "Power could be out" ...even assuming the drat fridge has a battery backup inside to keep the computer running to send ALERT: POWER CUT, how many people are going to have their router and modem on battery backup? And what am I supposed to do, run home in the middle of the day to throw food into an ice chest? also gigantic lols at "if you have a vacation home" get hosed
|
|
#
?
Feb 13, 2019 22:28
|
|
