|
can't be worse than paypal
|
# ? Feb 19, 2019 20:00 |
|
|
# ? May 19, 2024 19:24 |
|
fivehead posted:late to the UPS chat (is high availability fixing a security fuckup?) - what are the good brands to use for yosposting? what brand has not sabotaged it’s own products with cheap components and lovely controllers I got a refurb APC thinger to run my router and water heater damper/ignition and it seems very knees-suiting
|
# ? Feb 19, 2019 20:03 |
|
Several password managers leave traces of their master password or individually accessed passwords in the Windows 10 memory, sometimes even after they've been locked. Someone with access to the computer could potentially extract those passwords from memory. https://www.securityevaluators.com/casestudies/password-manager-hacking/ Dashlane and Keepass seem to be doing relatively well on this test. Note: this is a rather esoteric way of attack and is not at all a reason to not use password managers. If someone installs a keylogger to your computer they can get access whether you have a password manager or not. Carbon dioxide fucked around with this message at 23:39 on Feb 19, 2019 |
# ? Feb 19, 2019 23:36 |
|
Carbon dioxide posted:Several password managers leave traces of their master password or individually accessed passwords in the Windows 10 memory, sometimes even after they've been locked. Someone with access to the computer could potentially extract those passwords from memory.
|
# ? Feb 19, 2019 23:57 |
|
Ok cool an extra 8 bits
|
# ? Feb 20, 2019 00:58 |
|
mystes posted:Basically the only situation where it would matter would be having a laptop stolen while it's suspended. how would it being suspended (s3) help? (cf. hibernation (s4) which would dump ram to disk)
|
# ? Feb 20, 2019 01:45 |
|
Carbon dioxide posted:Several password managers leave traces of their master password or individually accessed passwords in the Windows 10 memory, sometimes even after they've been locked. Someone with access to the computer could potentially extract those passwords from memory. physical access trumps everything
|
# ? Feb 20, 2019 02:00 |
|
if you let your laptop "sleep" or "hibernate". Pull the battery, hold down the power button to discharge the capacitors, turn 360 degrees and walk the gently caress away. Not for any security reason, mind you. Just because: gently caress you laptops! If "on" and "off" is good enough for every other computer you don't get special power states just because you're skinny.
|
# ? Feb 20, 2019 02:05 |
|
Schadenboner posted:turn 360 degrees and walk the gently caress away.
|
# ? Feb 20, 2019 02:08 |
|
Carbon dioxide posted:Several password managers leave traces of their master password or individually accessed passwords in the Windows 10 memory, sometimes even after they've been locked. Someone with access to the computer could potentially extract those passwords from memory. Pearl clutching over things being in ram is dumb and misguided.
|
# ? Feb 20, 2019 02:11 |
|
if you're not just constantly moonwalking everywhere. Like, how can you expect people to take you seriously if you can't even manage that?
|
# ? Feb 20, 2019 02:26 |
|
Rufus Ping posted:how would it being suspended (s3) help? Also, on many laptops when you tell windows to sleep it is configured to use hybrid sleep which also writes the memory to disk in case the battery dies, but even assuming that isn't the case and assuming the computer locked itself before it went into S3 there are still lots of ways to get the memory out of the computer when you wake it up: dumping the memory through a thunderbolt device, cold boot attacks, etc. This obviously assumes that whoever steals your laptop is specifically targeting your information, but if they aren't they aren't going to bother trying to extract your key from the hard drive if the laptop is put into S4 either. mystes fucked around with this message at 02:33 on Feb 20, 2019 |
# ? Feb 20, 2019 02:30 |
|
Carbon dioxide posted:Several password managers leave traces of their master password or individually accessed passwords in the Windows 10 memory, sometimes even after they've been locked. Someone with access to the computer could potentially extract those passwords from memory. now lets see excel
|
# ? Feb 20, 2019 05:20 |
Shaggar posted:now lets see excel speaking or, i recently had the realisation that im most likely one of the two people in office who don’t use an excel spreadsheet to track all their passwords for various poo poo
|
|
# ? Feb 20, 2019 06:10 |
|
apseudonym posted:Pearl clutching over things being in ram is dumb and misguided. Yeah this is one of those "you can get code exec if you have code exec" things. I mean, it's bad that some of them leave plaintext in memory after the database is locked but really now. Just install a keylogger.
|
# ? Feb 20, 2019 08:17 |
|
cinci zoo sniper posted:speaking or, i recently had the realisation that im most likely one of the two people in office who don’t use an excel spreadsheet to track all their passwords for various poo poo do you need us to teach you excel
|
# ? Feb 20, 2019 08:36 |
|
I use keep rear end op
|
# ? Feb 20, 2019 09:15 |
Sniep posted:do you need us to teach you excel no, im not a savage and thus spankmeister posted:I use keep rear end op ,for work
|
|
# ? Feb 20, 2019 09:46 |
|
keep asses represent
|
# ? Feb 20, 2019 13:18 |
|
DrPossum posted:keep asses represent they toss it and leave it and I pull up quick to retrieve it
|
# ? Feb 20, 2019 13:37 |
|
i'm the one dingus still using password safe how does it rate?
|
# ? Feb 20, 2019 15:10 |
Pile Of Garbage posted:i'm the one dingus still using password safe how does it rate? nice post/username combo
|
|
# ? Feb 20, 2019 15:23 |
no idea about password safe, just to be clear
|
|
# ? Feb 20, 2019 15:24 |
|
if you want to take an apple's password from scratch ram, you must first create the universal system-level process
|
# ? Feb 20, 2019 15:32 |
|
I feel conflicted about using 1password because the linux app is a browser extension. I don't really know anything about the browser extension security model but it doesn't make me extremely confident that cloud2butt isn't going to run off with all my passwords at some point. Am I being stupid here?
|
# ? Feb 20, 2019 15:34 |
|
One-Man-Bucket posted:in other news; Sweden is still poo poo at this computer thing The CEO and others keep answering questions from the press for some reason, even though it's obvious they don't know what they're talking about : https://medium.com/@rikardhjort/2-7...7j4K9fo4l4JulhI CEO of Company posted:A regular person can’t do it, but those who are knowledgeable about these things could perform some sort of special command move [sic] and sneak in through the back.
|
# ? Feb 20, 2019 16:15 |
|
love to perform a special command move and shoryuken my way into a complete stranger's medical records
|
# ? Feb 20, 2019 16:34 |
|
“ceo” posted:special command move mods, please
|
# ? Feb 20, 2019 16:40 |
|
*opens browser, types an address* I'm in.
|
# ? Feb 20, 2019 16:44 |
|
Meat Beat Agent posted:love to perform a special command move and shoryuken my way into a complete stranger's medical records are you the hacker in my mandated online security training who tries to hack our network by powering up to super saiyijin and throwing fireballs at the server
|
# ? Feb 20, 2019 16:59 |
|
On that subject, the cto is talking up putting all the passwords in a big google spreadsheet cuz google is better at security than all the password manager guys (They probably are but lol at the spreadsheet) What do, security thread
|
# ? Feb 20, 2019 17:04 |
|
bob dobbs is dead posted:On that subject, the cto is talking up putting all the passwords in a big google spreadsheet cuz google is better at security than all the password manager guys maybe say that keeping the passwords with a company whose business is specifically indexing, repackaging and selling data about its users isn't a great idea?
|
# ? Feb 20, 2019 17:09 |
|
or ask why chrome has a password manager built in if google expects you to use spreadsheets for this?
|
# ? Feb 20, 2019 17:10 |
|
or register your complaint on the blockchain and start looking for a new job?
|
# ? Feb 20, 2019 17:11 |
|
bob dobbs is dead posted:On that subject, the cto is talking up putting all the passwords in a big google spreadsheet cuz google is better at security than all the password manager guys actually show him a password manager
|
# ? Feb 20, 2019 17:15 |
|
fisting by many posted:actually show him a password manager "This is going to be too complicated for
|
# ? Feb 20, 2019 17:16 |
|
https://twitter.com/KateLibc/status/1098258502714183680
|
# ? Feb 20, 2019 17:31 |
|
Raere posted:
I mean, they could be doing it with some goofy asymm ecc cipher but I doubt it
|
# ? Feb 20, 2019 17:35 |
|
is it normal for CTO's to be morons, because ours thinks SHA-256 is the "most secure encryption" and we should use it to hash passwords because "it's what bitcoin uses" i mean at least he actually listened to me when i told him very nicely what an idiot he was and now we use bcrypt if we have to handle passwords at all
|
# ? Feb 20, 2019 17:37 |
|
|
# ? May 19, 2024 19:24 |
|
apseudonym posted:Pearl clutching over things being in ram is dumb and misguided. ram is writing to disk during standby on most systems now but any password manager worth a poo poo should be locking on S3/S4 and purging key material from memory BangersInMyKnickers fucked around with this message at 17:56 on Feb 20, 2019 |
# ? Feb 20, 2019 17:37 |