|
fisting by many posted:about 18 months ago they were basically giving that to anyone who had an app, i'm sure cambridge analytica isn't the only company that's done close to mirror facebook's database facebook says an ongoing investigation has so far found no indication that anyones ever had unlimited graph api access, probably
|
#
?
Mar 22, 2019 03:24
|
|
|
|
| # ? May 20, 2024 08:32 |
|
|
Lol https://twitter.com/iblueconnection/status/1107702203349979136
|
|
#
?
Mar 22, 2019 03:41
|
|
|
My buddy says that doesnt work on our ruby stuff cause our version is too old
|
|
#
?
Mar 22, 2019 04:00
|
|
|
Volmarias posted:The 5x only just stopped getting security updates at the end of 2018, after launching in 2015. It's not iPhone levels of support but it's the best you'll get for Android, for now. i mean, all 5 people left with a nexus 5x that hasn't selfdestructed via heat yet
|
|
#
?
Mar 22, 2019 05:15
|
|
|
This just popped up from 'Kee', the Keepass plugin for Firefox: https://forum.kee.pm/t/kee-vault-and-kee-version-3-0/2025
|
|
#
?
Mar 22, 2019 08:02
|
|
|
Carbon dioxide posted:This just popped up from 'Kee', the Keepass plugin for Firefox: Why would you use a Keepass plugin for a browser? If you're going to do that you may as well just use 1Password.
|
|
#
?
Mar 22, 2019 09:59
|
|
|
Grace Baiting posted:facebook says an ongoing investigation has so far found no indication that anyones ever had unlimited graph api access, probably https://twitter.com/zackwhittaker/status/1108818391324872704
|
|
#
?
Mar 22, 2019 11:38
|
|
|
request logging is a hell of a drug
|
|
#
?
Mar 22, 2019 12:10
|
|
|
Cybernetic Vermin posted:they are so loving expensive mostly. nokia has a good combo in being pretty cheap, getting updates, and mostly not being terrible my wife also got a pixel 3 and she managed to get it on sale for $600 though that is still p expensive imo
|
|
#
?
Mar 22, 2019 15:09
|
|
|
ErIog posted:Why would you use a Keepass plugin for a browser? If you're going to do that you may as well just use 1Password. because it lets me right click and automatically fill out the password fields without having to copy/paste everything  afaik it's actually implemented reasonably well on the keepass side, like you have to confirm the browser before it'll allow requests for passwords and it does it with a public/private key thingy I think. idk about the browser plugins themselves I'm sure they're probably awful e: wait the thing linked is actually some kind of browser-based UI? yeah ok that's kinda dumb
|
|
#
?
Mar 22, 2019 15:11
|
|
|
it would be cheaper to buy two sgs10+s with cash and flush one down the toilet than it would be to "upgrade" my cell plan to buy one  cheaper still to just plug the sgs6 i have now into the wall more often
|
|
#
?
Mar 22, 2019 15:12
|
|
|
Cybernetic Vermin posted:super-weird at first since they should be running a clean google image outside of the driver layer, but it seens most likely it is a qualcomm driver doing the call "home" https://raw.githubusercontent.com/b...rationTask.java
|
|
#
?
Mar 22, 2019 16:15
|
|
|
please rename thread to Linux on phones? it's worse than you thought... (page 1 of 500000)
|
|
#
?
Mar 22, 2019 16:20
|
|
|
Shame Boy posted:because it lets me right click and automatically fill out the password fields without having to copy/paste everything Do you not use CTRL+ALT+A to just auto-type your passwords? neutral milf hotel posted:please rename thread to I'm actually kind of considering getting the Librem 5 if initial reviews look promising. 
|
|
#
?
Mar 22, 2019 17:18
|
|
|
pseudorandom posted:Do you not use CTRL+ALT+A to just auto-type your passwords? you still have to search for and pick the thing first right? this matches based on the URL and picks the right one for you also i thought auto-type was Bad and you Shouldn't Use It because things were finding ways to hijack it, but maybe i'm thinking of something else e: yeah I think I was thinking of the auto-fill browser mode where it doesn't wait for you to like, tell it to enter the password, it just goes ahead and does it whenever it feels like it, which is a hilariously bad idea
|
|
#
?
Mar 22, 2019 17:36
|
|
|
Shame Boy posted:you still have to search for and pick the thing first right? this matches based on the URL and picks the right one for you Autotype exists because the clipboard and browser plugins are not secure.
|
|
#
?
Mar 22, 2019 17:38
|
|
|
neutral milf hotel posted:please rename thread to eh there's already an android thread
|
|
#
?
Mar 22, 2019 17:40
|
|
|
Shame Boy posted:you still have to search for and pick the thing first right? this matches based on the URL and picks the right one for you The native application's auto-type works by reading the title of the application, eg "Security Fuckup Megathread - The Something Awful Forums - Mozilla Firefox". So yes, someone could spoof a page title, but you still have to fall for the trick. This works great most of the time and requires no manual searching for the entry. The only time I need to manually search are for the terrible websites that omit any identifiers from their login page, <title>Log In</title>, so there's no context about what website is active in the browser title.
|
|
#
?
Mar 22, 2019 17:43
|
|
|
pseudorandom posted:The native application's auto-type works by reading the title of the application, eg "Security Fuckup Megathread - The Something Awful Forums - Mozilla Firefox" Jesus christ lol just use 1password
|
|
#
?
Mar 22, 2019 17:59
|
|
|
Absolute clown tier password management
|
|
#
?
Mar 22, 2019 18:00
|
|
|
Volmarias posted:The 5x only just stopped getting security updates at the end of 2018, after launching in 2015. It's not iPhone levels of support but it's the best you'll get for Android, for now. yeah and until my 5x died (lol thanks LG) i was still getting updates faster than my co-workers with brand new Samsungs
|
|
#
?
Mar 22, 2019 18:58
|
|
|
Lutha Mahtin posted:the current iteration of Android One (it's one of those names Google has used for multiple unrelated projects over the years) is supposedly some kind of actual contract that the device manufacturer has to sign in order to use the branding. it hasn't been around very long though so i am interested to see if any manufacturers try and weasel out of it i've got a nokia 7.1 so i may get to find this out first hand!
|
|
#
?
Mar 22, 2019 19:02
|
|
|
The Fool posted:Autotype exists because the clipboard and browser plugins are not secure. Just started a new job and went to set up my retirement plan today, and hit this:  Name and shame: Transamerica
|
|
#
?
Mar 22, 2019 21:41
|
|
|
pseudorandom posted:The native application's auto-type works by reading the title of the application, eg "Security Fuckup Megathread - The Something Awful Forums - Mozilla Firefox". So yes, someone could spoof a page title, but you still have to fall for the trick. If only there was some other way to identify what the site is, something that could be used in a uniform way, for whatever location you've gone to. Sadly, the web doesn't have such a resource.
|
|
#
?
Mar 22, 2019 21:48
|
|
|
COACHS SPORT BAR posted:Just started a new job and went to set up my retirement plan today, and hit this: the icing on the poo poo cake is that they do this by blocking the ctrl+v keyboard shortcut. going to the menu item edit > paste still works.
|
|
#
?
Mar 22, 2019 21:59
|
|
|
Kuvo posted:the icing on the poo poo cake is that they do this by blocking the ctrl+v keyboard shortcut. going to the menu item edit > paste still works. For sites that do this dumb stuff, I've ended up just opening the dev console and removing event bindings for the input element.
|
|
#
?
Mar 22, 2019 23:32
|
|
|
CommieGIR posted:So my company is implementing Stealth to microsegment parts of our DC and network, and I've talked about this previously, but my big concern is lack of info on known weaknesses to Stealth and I'm kinda pissed we are not just doing proper segmenting via VLANs and 802.1x certs. I wanted to respond to this because I had not heard of Stealth but god drat after poking around on their web site I can't understand what this software suite purports to do other than the word salad slick sheets they have. You're right to be skeptical and ask the questions you have. My big thing would be how they protect the integrity of the controller and in relation to your MITM question how do they ensure communications integrity at all layers. Doing some dot1x as you point out would be a good start, but also as a common refrain what are you trying to protect against?
|
|
#
?
Mar 23, 2019 02:09
|
|
|
micro segmentation in the network is an incredibly dumb idea at best and actively detrimental to security at worst. I can make an effort post if required on this. the only things in that space that looks like it could work atm is something like Consul which is, effectively, a bunch of ssl tunnels between your application components secured by client certs (as I understand it). is anyone else here getting hammered by "data sovereignty" at work lately? Literally every meeting about a new architecture or application is stalled with 20 minutes of "where is the data located. why does it have to be located there. can we not have the data there???" for some stuff it makes sense definitely but it's literally anything, we had a meeting about loving github get held up like that. I've tried requesting the paperwork on where, when, and why it's important but I never hear anything back besides very vague theoretical situations that border on conspiracy theories and in some cases literal xenophobia.
|
|
#
?
Mar 23, 2019 04:14
|
|
|
Kuvo posted:the icing on the poo poo cake is that they do this by blocking the ctrl+v keyboard shortcut. going to the menu item edit > paste still works. lol how about shift+insert
|
|
#
?
Mar 23, 2019 05:44
|
|
|
Violently Car posted:lol how about shift+insert I just used don't gently caress with paste
|
|
#
?
Mar 23, 2019 06:18
|
|
|
Kuvo posted:the icing on the poo poo cake is that they do this by blocking the ctrl+v keyboard shortcut. going to the menu item edit > paste still works. There is a scary number of users who don’t know about keyboard shortcuts. They usually only know right click > paste. ctrl+v is done black magic hacker poo poo to them. Of course they won’t use a password manager anyway. They just have all of their passwords muffins12 or similar.
|
|
#
?
Mar 23, 2019 08:29
|
|
|
So apparently the Nokia thing was a small batch of phones "meant for another market" were released into the global stream. So Nokia just told us (as if we need confirmation) that they modify their products to facilitate the surveillance of citizens by that countries government. In completely unrelated news, the server the info was sent to was a Chinese ISP
|
|
#
?
Mar 23, 2019 08:42
|
|
|
abigserve posted:is anyone else here getting hammered by "data sovereignty" at work lately? Literally every meeting about a new architecture or application is stalled with 20 minutes of "where is the data located. why does it have to be located there. can we not have the data there???" I’ve been to a poo poo ton of meetings covering this but all because of gdpr which is very specific when it comes to the how and the why
|
|
#
?
Mar 23, 2019 10:26
|
|
|
Boiled Water posted:I’ve been to a poo poo ton of meetings covering this but all because of gdpr which is very specific when it comes to the how and the why same here but we also operate in a range of countries where governments have extra restrictions on top of that (also data governance shite is literally part of job responsibilites)
|
|
#
?
Mar 23, 2019 10:33
|
|
|
exmachina posted:So apparently the Nokia thing was a small batch of phones "meant for another market" were released into the global stream. So Nokia just told us (as if we need confirmation) that they modify their products to facilitate the surveillance of citizens by that countries government. This isn't new for the China market. Remember when the flag of Taiwan made iPhones reboot? abigserve posted:I can make an effort post ... on this. 
|
|
#
?
Mar 23, 2019 13:01
|
|
|
 yes please
|
|
#
?
Mar 23, 2019 23:04
|
|
|
abigserve posted:micro segmentation in the network is an incredibly dumb idea at best and actively detrimental to security at worst. I can make an effort post if required on this. don't US/EU/China all have very different implications for your application and data retention?
|
|
#
?
Mar 23, 2019 23:52
|
|
|
Mercifully it wasn't my job to know or care, but I understood from smarter/more important people at a previous gig that ITAR means it sometimes matters very much where your data is stored.
|
|
#
?
Mar 24, 2019 01:11
|
|
|
I've only really encountered that with certain swiss/european banks who don't want any data leaving the borders. Nothing like providing support for your software when the guys won't send logs or share their screen. Its fun when you're dealing with multiple teams and the NY guys will give you keyboard and mouse control to do poo poo logged in as domain admin, and the Swiss data governance guys try to describe what button they're looking at right now.
|
|
#
?
Mar 24, 2019 02:21
|
|
|
|
| # ? May 20, 2024 08:32 |
|
|
jammyozzy posted:Mercifully it wasn't my job to know or care, but I understood from smarter/more important people at a previous gig that ITAR means it sometimes matters very much where your data is stored. when i computer touched 10 years ago in canada, some business clients’ data were required to never get stored in the us since that would make them vulnerable to the use of the patriot act to look at their data, precluding many cloud solutions of the time.
|
|
#
?
Mar 24, 2019 04:17
|
|
