|
doxx 'em and toxx 'em the crews doxxing white nationalists in public spaces and informing their employers are saving lives every day they make someone pause and think twice before signal boosting a death's head meme or genocidal manifesto Potato Salad fucked around with this message at 12:32 on Aug 13, 2019 |
#
?
Aug 13, 2019 12:24
|
|
|
|
| # ? May 25, 2024 05:31 |
|
|
Potato Salad posted:doxx 'em and toxx 'em Yeah, agreed. That is a good use of doxxing. Bryan Krebs just chose to use it to be petty.
|
|
#
?
Aug 13, 2019 12:37
|
|
|
Rufus Ping posted:Think this was two separate incidents. Doxed notdan over spamhaus and also some other person who left a bad review I'm gonna make a shirt that says Dont krebs me bro for the next infosec thing I go to.
|
|
#
?
Aug 13, 2019 13:46
|
|
|
A while back I posted about how our CC company has the most useless 2FA implementation.. Well they made a small edit:  Now it specifically tells you that you can click on the Email or Phone number to update it. Changing the email address this way still changes the email on the account with no notification or verification. But you still don't have to bother with any of that.. Just click User Settings and it will go right into the account with no 2FA needed.
|
|
#
?
Aug 13, 2019 14:45
|
|
|
stevewm posted:A while back I posted about how our CC company has the most useless 2FA implementation..
|
|
#
?
Aug 13, 2019 17:12
|
|
|
stevewm posted:Just click User Settings and it will go right into the account with no 2FA needed. Wiggly Wayne DDS posted:this is well into name and publicly shame territory now
|
|
#
?
Aug 13, 2019 17:19
|
|
|
Wiggly Wayne DDS posted:this is well into name and publicly shame territory now Let us help you FORCE change. This can get handled by twitter in about 24 hours.
|
|
#
?
Aug 13, 2019 17:28
|
|
|
Taviso hitting out of the park again https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1859 My favorite part: quote:Perhaps that means they're supremely confident they completely understand all facets of the issue and have an airtight solution, and were just flexing by wasting the first 30 days of their embargo. TLDR, full privilege elevation from 0 to system using CTF and Microsoft doesn't have a full fix for it yet. edit: for the partial fix: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1162 The Fool fucked around with this message at 18:36 on Aug 13, 2019 |
|
#
?
Aug 13, 2019 18:08
|
|
|
stevewm posted:A while back I posted about how our CC company has the most useless 2FA implementation.. Name and shame please. This is horrible
|
|
#
?
Aug 13, 2019 20:09
|
|
|
Lain Iwakura posted:Name and shame please. This is horrible Not quite ready to do that yet... I have reported it somewhere else, that will likely get results instead of their first line people that don't know poo poo.
|
|
#
?
Aug 13, 2019 20:15
|
|
|
stevewm posted:Not quite ready to do that yet... poo poo won't really change until Visa realizes this is a thing. They will threaten to terminate their contract.
|
|
#
?
Aug 13, 2019 20:16
|
|
|
stevewm posted:Not quite ready to do that yet... Are you a customer? It's easier to just get them publicly shamed to get anything dealt with. First-line people will be ignored. I know this first-hand.
|
|
#
?
Aug 13, 2019 20:18
|
|
|
The Fool posted:Taviso hitting out of the park again Jesus Christ. Technology was a mistake.
|
|
#
?
Aug 13, 2019 20:36
|
|
|
"Microsoft" posted:To exploit this vulnerability, an attacker would first have to log on to the system. If they have gotten this far, you already have more problems than this vulnerability.
|
|
#
?
Aug 13, 2019 20:42
|
|
|
stevewm posted:If they have gotten this far, you already have more problems than this vulnerability. Ah... I'd classify any application being run under any context getting root as being pretty serious.
|
|
#
?
Aug 13, 2019 20:44
|
|
|
Internet Explorer posted:Ah... I'd classify any application being run under any context getting root as being pretty serious. Ugh yeah... Guess I should have read the page more thoroughly. I thought it was talking about the one also announced today with Remote Desktop... (https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/) Please don't expose RDP to the internet people...
|
|
#
?
Aug 13, 2019 20:47
|
|
|
stevewm posted:A while back I posted about how our CC company has the most useless 2FA implementation.. stevewm posted:Not quite ready to do that yet... at least i'm pretty sure they're using netteller e: also how many of your banks outsource authentication to secureinternetbank[.]com? Wiggly Wayne DDS fucked around with this message at 21:14 on Aug 13, 2019 |
|
#
?
Aug 13, 2019 21:12
|
|
|
Wiggly Wayne DDS posted:if we're down to guessing based off of the colour scheme, indiana, photo watermarks and general incompetence... state bank of lizton? Nah......
|
|
#
?
Aug 13, 2019 21:30
|
|
|
well i'm not digging through every netteller bank there, they're all as equally lovely
|
|
#
?
Aug 13, 2019 21:32
|
|
|
Password managers have too many similar names. The ones other than 1Pass should be forced to rename themselves "The one you shouldn't use" and "The other one you shouldn't use", IMO? E: Wait, 1Pass is the good one right? 
|
|
#
?
Aug 14, 2019 13:47
|
|
|
KeepAss is a very memorable name 
|
|
#
?
Aug 14, 2019 14:00
|
|
|
Kassad posted:KeepAss is a very memorable name well, its obviously not either of the alternatives he was thinking, since it is the superior solution
|
|
#
?
Aug 14, 2019 16:36
|
|
|
I made my thumb drive's partition into an encrypted volume with a hidden volume inside, and I can mount the outer volume fine, but whenever I try to mount the hidden volume (by doing the exact same thing as mounting the outer volume except with the other password) I get this error message  Anybody know what could be causing this? Its Coke fucked around with this message at 19:11 on Aug 14, 2019 |
|
#
?
Aug 14, 2019 19:06
|
|
|
Kassad posted:KeepAss is a very memorable name Expert Sex Change recommends KeepAss
|
|
#
?
Aug 14, 2019 20:13
|
|
|
Its Coke posted:I made my thumb drive's partition into an encrypted volume with a hidden volume inside, and I can mount the outer volume fine, but whenever I try to mount the hidden volume (by doing the exact same thing as mounting the outer volume except with the other password) I get this error message Did you make any changes in the outer (non-hidden) volume while it was mounted normally? If so, you may have overwritten part of the the empty space that was hosting the hidden volume. If you need to make any changes in the outer volume, there's a special way to mount it safely where you give it both passwords, so that VeraCrypt knows what areas to leave alone. (If it did that when the outer volume was just mounted normally, it'd give away the secret that there's a hidden volume in there.)
|
|
#
?
Aug 14, 2019 23:09
|
|
|
CommieGIR posted:Keepass for local DB. I like Keepass. KeePass chat regarding some auto type issues people had a few pages back— Some of the best features aren’t super intuitive at first, but the ctrl+v autotype that pumps credentials wherever the cursor bar is (eg messaging window or browser url bar) can be fixed with ctrl+alt+a autotype, which is locked to a specific window. You just have to set this up with each credential by going into the auto fill tab for each credential and selecting the source from the drop down menu of active windows. This way, so long as KeePass is open in the background, you can single press keyboard shortcut auto log in to whatever and this works ridiculously well. Another great feature if your domain doesn’t have a seamless SSO, you can insert field references for passwords. That way, you only have to have one set of credentials to update for your work domain, and everything can populate off that.
|
|
#
?
Aug 15, 2019 03:45
|
|
|
OSU_Matthew posted:KeePass chat regarding some auto type issues people had a few pages back— CTRL+ALT+A autotype by default will look to see if any window titles contains the words of the entry's title. You don't HAVE to pick the specific window title in the entry unless you turn that option off or if you want different auto-type sequences for different individual windows. But I would try to avoid auto-type if you can and just use the Kee browser plugin. The only time I use auto-type anymore is using it to log into video game accounts.
|
|
#
?
Aug 15, 2019 17:47
|
|
|
Powered Descent posted:Did you make any changes in the outer (non-hidden) volume while it was mounted normally? If so, you may have overwritten part of the the empty space that was hosting the hidden volume. If you need to make any changes in the outer volume, there's a special way to mount it safely where you give it both passwords, so that VeraCrypt knows what areas to leave alone. (If it did that when the outer volume was just mounted normally, it'd give away the secret that there's a hidden volume in there.) No, I didn't make any changes. I created the outer volume first, put things on it, then created the hidden volume and immediately tried to access it but couldn't.
|
|
#
?
Aug 17, 2019 18:20
|
|
|
Its Coke posted:No, I didn't make any changes. I created the outer volume first, put things on it, then created the hidden volume and immediately tried to access it but couldn't. So it sounds like you didn't lose any data on the hidden volume, since you never got the chance to put anything in there in the first place. That's good news. But I'm not sure what to tell you now. I've just loaded up Veracrypt and repeated your experiment on an old flash drive, and everything worked perfectly. Have you tried re-doing it from scratch? (It might have been something as simple as typo-ing the password when creating it.)
|
|
#
?
Aug 17, 2019 19:31
|
|
|
It turns out it had nothing to do with VeraCrypt, it was just the unbelievable shittiness of my flash drive.
|
|
#
?
Aug 18, 2019 02:04
|
|
|
I dunno I can believe a lot of things about the shitiness of a thumb drive.
|
|
#
?
Aug 18, 2019 15:25
|
|
|
Thread of horror. https://twitter.com/_Freakyclown_/status/1162749017337544709
|
|
#
?
Aug 18, 2019 17:08
|
|
|
The replies are horrifying too. They HAVE made improvements to their security -- they now mail the password to you instead of just reading it out over the phone. For over 6 years.
|
|
#
?
Aug 18, 2019 17:27
|
|
|
Nothing could surprise me about how awful Virgin Media's internal systems are
|
|
#
?
Aug 18, 2019 18:09
|
|
|
Thanks Ants posted:Nothing could surprise me about how awful Virgin Media's internal systems are Let alone most ISP internal systems.
|
|
#
?
Aug 18, 2019 19:10
|
|
|
Cup Runneth Over posted:The replies are horrifying too. They HAVE made improvements to their security -- they now mail the password to you instead of just reading it out over the phone. For over 6 years. When I reset my password with my ISP, they read it out over the phone - I take it this isn't great infosec then?
|
|
#
?
Aug 18, 2019 19:38
|
|
|
tight aspirations posted:When I reset my password with my ISP, they read it out over the phone - I take it this isn't great infosec then? What if it wasn't you on the other end? Remember the weakest link in information security is the person on the other end of the keyboard.
|
|
#
?
Aug 18, 2019 19:43
|
|
|
tight aspirations posted:When I reset my password with my ISP, they read it out over the phone - I take it this isn't great infosec then? Social engineering is a thing. I call up, say I'm you, say oh it's so terrible I can't find it anywhere, can you give it to me? A surprising number of times people can successfully con the underpaid ISP front-end people.
|
|
#
?
Aug 18, 2019 19:43
|
|
|
When I worked at an ISP over a decade ago, we stored all the passwords in plaintext due to having to synchronize our systems. Billing had the same password as your POP3/IMAP access. 🙃
|
|
#
?
Aug 18, 2019 19:47
|
|
|
|
| # ? May 25, 2024 05:31 |
|
|
We're in the middle of auditing all our production DBs for non-encrypted user tables. We've found more than a few. Thankfully we've put governance in place that forces them to fix it.
|
|
#
?
Aug 18, 2019 20:01
|
|