|
Wiggly Wayne DDS posted:good luck trying to get someone to argue with you over implicit vs explicit protections so you admit your post was invalid, great
|
#
?
Feb 16, 2019 18:28
|
|
|
|
| # ? May 19, 2024 23:20 |
|
|
Is it insane to think that the NSA has started VPN companies to log all traffic or just have more sample data to work on deanonymizing/breaking encyption
|
|
#
?
Feb 16, 2019 18:38
|
|
|
no more than any other intel agency, really it'd be cheaper than tapping points and filtering traffic down to interesting targets if they'll pay you to do it themselves
|
|
#
?
Feb 16, 2019 18:52
|
|
|
although if you want to get in-depth on that question there's operational costs where your passive monitoring will cover those targets anyway and you won't gain more data by popping up random vpns vs just inspecting existing ones. then there's the underlying tech shared across projects and balancing putting those on external entities and connecting to them which puts additional risk on other projects that share resources so for a large intel agency you'd hit diminishing returns, but it'd be cost-effective on small-mid especially if you're targeting them on forums with discounts and the like
|
|
#
?
Feb 16, 2019 18:59
|
|
|
Wiggly Wayne DDS posted:no more than any other intel agency, really it'd be cheaper than tapping points and filtering traffic down to interesting targets if they'll pay you to do it themselves the difficulty there is persuading the interesting targets to use the vpn you own. I doubt the nsa actually has much interest in people who just want to block ads or bypass geographic blocks or w/e, and the russian government and isis probably run their own vpns people in like iran or china wanting to use a vpn to bypass govt censorship may be at risk from this kind of attack tho
|
|
#
?
Feb 16, 2019 19:26
|
|
|
Lain Iwakura posted:we've got a genius in the sec help thread I recommend this VPN service that cannot be assed to update your ipv6 routes despite that protocol being enabled by default since Vista
|
|
#
?
Feb 16, 2019 19:55
|
|
|
Soricidus posted:the difficulty there is persuading the interesting targets to use the vpn you own. I doubt the nsa actually has much interest in people who just want to block ads or bypass geographic blocks or w/e, and the russian government and isis probably run their own vpns what if they offered you 10% off if you use the coupon code from your favorite podcaster
|
|
#
?
Feb 16, 2019 21:56
|
|
|
fishmech posted:printers are portals between the computer realm and the flesh realm, of course the diagrams for how they work are horrific sigils and they constantly break printers are just disobedient little robots
|
|
#
?
Feb 17, 2019 02:29
|
|
|
Farmer Crack-rear end posted:What is a printer?
|
|
#
?
Feb 17, 2019 03:00
|
|
|
now post the stellaris mod
|
|
#
?
Feb 17, 2019 03:02
|
|
|
My friends want me to play apex with them which requires an EA account. An EA account password cannot be longer than 16 characters. I found this thread: https://answers.ea.com/t5/EA-General-Questions/Why-limit-max-password-to-16/m-p/5803599 Barry, an EA community manager, helpfully explains internet security basics: quote:At a minimum, there are 26+10 possible characters per position, of which there can be 16. My napkin math shows
|
|
#
?
Feb 17, 2019 06:53
|
|
|
Salt Fish posted:My friends want me to play apex with them which requires an EA account. An EA account password cannot be longer than 16 characters. I found this thread: thanks for making sure there's "enough" passwords for everyone barry
|
|
#
?
Feb 17, 2019 07:24
|
|
|
Salt Fish posted:My friends want me to play apex with them which requires an EA account. An EA account password cannot be longer than 16 characters. I found this thread: When the Xbox 360 was a thing you could have a microsoft account password that was too long for the console to use, so you would have to shorten it to play your games.
|
|
#
?
Feb 17, 2019 07:27
|
|
|
i think there is a world market for maybe five passwords
|
|
#
?
Feb 17, 2019 08:57
|
|
|
Krankenstyle posted:i think there is a world market for maybe five passwords
|
|
#
?
Feb 17, 2019 09:04
|
|
|
mystes posted:Just have everyone in the world have the same password, but make sure to change it every thirty days and include punctuation so it's secure. look at this idiot everyone knows you put a number on the end and increment by 1 each time
|
|
#
?
Feb 17, 2019 10:41
|
|
|
Powerful Two-Hander posted:
I worked with a guy a long time ago who, when he had to change his password, immediately changed it 7 times in a row or w/e so he could bypass AD’s “you can’t use the last 7 passwords” rule and keep the same password.
|
|
#
?
Feb 17, 2019 11:03
|
|
|
Feisty-Cadaver posted:I worked with a guy a long time ago who, when he had to change his password, immediately changed it 7 times in a row or w/e so he could bypass AD’s “you can’t use the last 7 passwords” rule and keep the same password. you can set that up to 99 last passwords if you particularly hate your users or at least guarantee they get all the way up to hunter100
|
|
#
?
Feb 17, 2019 11:14
|
|
|
I think the "can only change pw once every 24 hours" is common if not default on modern AD it's very annoying that windows doesn't have the correct error message for that one...
|
|
#
?
Feb 17, 2019 11:48
|
|
|
~Coxy posted:I think the "can only change pw once every 24 hours" is common if not default on modern AD o k yeah if we wanna be super pedantic it was technically whatever Novell Netware used for LDAP 15 years ago not AD.
|
|
#
?
Feb 17, 2019 11:55
|
|
|
Doom Mathematic posted:Is it NPR where they say "Sorry, due to EU privacy laws you can't view our regular site" and then... offer you a link to the same article on their text-only site instead, which loads instantaneously and has no content on it other than the text of the article and is a hundred times better than any other current news site? Goddamn europe does get everything better than america. Also how do you access this stateside. Do i need a vpn
|
|
#
?
Feb 17, 2019 13:57
|
|
|
https://text.npr.org
|
|
#
?
Feb 17, 2019 13:59
|
|
|
power botton posted:Is it insane to think that the NSA has started VPN companies to log all traffic or just have more sample data to work on deanonymizing/breaking encyption Wiggly Wayne DDS posted:no more than any other intel agency, really it'd be cheaper than tapping points and filtering traffic down to interesting targets if they'll pay you to do it themselves Wiggly Wayne DDS posted:although if you want to get in-depth on that question there's operational costs where your passive monitoring will cover those targets anyway and you won't gain more data by popping up random vpns vs just inspecting existing ones. then there's the underlying tech shared across projects and balancing putting those on external entities and connecting to them which puts additional risk on other projects that share resources  yesssssssfor any vpn host which keeps podcasts alive, now that the mattress glut is slowing, I assume all the agencies have the common keys needed to intercept it all (they don’t care about telling Netflix or Hulu or amazon that you’re naughty)
|
|
#
?
Feb 17, 2019 14:02
|
|
|
Salt Fish posted:My friends want me to play apex with them which requires an EA account. An EA account password cannot be longer than 16 characters. I found this thread: But but but, if they are hashing and salting their passwords, then they should all be the same length in the database????
|
|
#
?
Feb 17, 2019 14:03
|
|
|
just log off
|
|
#
?
Feb 17, 2019 15:54
|
|
|
late to the UPS chat (is high availability fixing a security fuckup?) - what are the good brands to use for yosposting? what brand has not sabotaged it’s own products with cheap components and lovely controllers
|
|
#
?
Feb 17, 2019 18:50
|
|
|
Salt Fish posted:My friends want me to play apex with them which requires an EA account. An EA account password cannot be longer than 16 characters. I found this thread: But how many passwords are enough, Barry? I'll use maybe 1000 in my lifetime? If we have 20 trillion available passwords (enough for everyone without repetition!) we're good with 9 characters. Your overlords will be displeased with your wastefulness. 
|
|
#
?
Feb 17, 2019 19:01
|
|
|
https://img-9gag-fun.9cache.com/photo/aOY2OE2_460svvp9.webm
|
|
#
?
Feb 17, 2019 21:36
|
|
|
This is amazing.
|
|
#
?
Feb 17, 2019 22:11
|
|
|
I'm dying
|
|
#
?
Feb 17, 2019 22:16
|
|
|
ayyyyyy
|
|
#
?
Feb 18, 2019 03:54
|
|
|
in other news; Sweden is still poo poo at this computer thing there's this service here in sweden where you call to ask about your embarrassing medical conditions and a nurse will tell you it's ok and to stop worrying (or tell you to go to a hospital you idiot!) turns out that some contractor subsidiary has dumped all phone calls since 2013 as audio recordings on a public web server exposed to the internet with no authentication. i like how they exposed it on port 443 but serve cleartext http. best quote is from the CEO of the main contractor "It is not so easy today that you only have one server with everything on it is a single jox (swedish for mumbo-jumbo) with a lot of parts involved", drat right everything is poo poo nowadays google translated article: quote:Computer Sweden can today reveal one of the biggest accidents ever when it comes to Swedish patient safety and personal privacy. On an open web server, completely without password protection or other security, we have found 2.7 million recorded calls to the advisory number 1177. The conversations extend back to 2013 and it is about 170,000 hours of sensitive calls that anyone has been able to download or listen to.
|
|
#
?
Feb 18, 2019 16:02
|
|
|
One-Man-Bucket posted:
That's the good stuff right there.
|
|
#
?
Feb 18, 2019 17:24
|
|
|
that can't have happened and if it did happen it wasn't our fault YOU ARE HERE and if it was our fault i didn't know
|
|
#
?
Feb 18, 2019 17:26
|
|
|
oh i just checked my spam and turns out i did receive an email 21/1quote:SUBJECT: EMAIL_ADDR : CLAIMED_PASS also good luck getting me to pay %}. {%ROT :i have %}VNgbCy16Td
|
|
#
?
Feb 18, 2019 18:24
|
|
|
okay
|
|
#
?
Feb 18, 2019 18:28
|
|
|
They just said on the radio that the EU passed a law that says that third party companies are allowed to ask a bank account holder for permission to get access to their bank data, and in that case the bank must provide this data. This includes all money transfers and card payment information (date, time, amount, company you paid to). It is supposed to help out startups that offer online personal finance management apps. And they supposedly have all kinds of checks in place where companies using the bank data get regularly audited and stuff. I can't see any way this could possibly go wrong...
|
|
#
?
Feb 18, 2019 18:43
|
|
|
imagine all those bank accounts with personal details of people (recipients/senders) who did not agree to access
|
|
#
?
Feb 18, 2019 18:56
|
|
|
i have professional experience with that kind of information in eu, and the real extent of information banks provide, even comparing different banks within a single member state, differs from each other and also from what it says in the post, very often.
|
|
#
?
Feb 18, 2019 18:59
|
|
|
|
| # ? May 19, 2024 23:20 |
|
|
a lot of bigger banks, that have some clout, basically are like “yeah, cool, but you see, this central bank ordnance 69-420 based on the degree of Minister Foo Bar from 2017-15-16 stipulates is that the data requests are subject to the national law on third party permittance upon monetary whereabouts of permanent residents...” and so on and so on with pages of legal drivel, and most fintechs just throw their hands up and mark “bank xyz of republic baz is a gaggle of assholes” in their docs, as none of them have enough time, money, and lunacy to get into a legal fight with a foreign bank on a foreign soil
|
|
#
?
Feb 18, 2019 19:03
|
|