|
Progressive JPEG posted:is Bitwarden (password manager) good? I just started using it, and it seems OK. you have to buy a premium account ($10/yr) to do TOTP, and due to apple policies they can’t tell you that anywhere in the app. eventually I’ll probably self-host just to try it
|
#
?
Oct 12, 2019 03:26
|
|
|
|
| # ? Jun 7, 2024 17:46 |
|
|
Subjunctive posted:I just started using it, and it seems OK. you have to buy a premium account ($10/yr) to do TOTP, and due to apple policies they can’t tell you that anywhere in the app. from digging around the dashboard as a free user it looks like the 2FA situation is: - totp for logging into bitwarden itself: free - u2f or duo-prompt for logging into bitwarden itself: premium - totp codes against logins stored in bitwarden: premium ive been storing totp codes in my current 1password account and it feels gross so I was planning on moving those to a separate dedicated totp app anyway. but at the same time I don’t mind giving bitwarden 10/yr either I might self host on my rasppi cluster someday but it’d probably be a pain to get it working on arm. the self host docs specifically list x64 in the requirements
|
|
#
?
Oct 12, 2019 07:29
|
|
|
Progressive JPEG posted:I might self host on my rasppi cluster someday but it’d probably be a pain to get it working on arm. the self host docs specifically list x64 in the requirements yeah, I don’t think mssql comes built for arm, does it? there are other implementations of the protocol, like bitwarden_rs, but I don’t know much about them.
|
|
#
?
Oct 12, 2019 09:23
|
|
|
So, we had some training money to spend, so I got to go take the CEH class prior to Hacker Halted in Atlanta, and the company that runs EC Council sells a little portable "Pen Testing Tool" What is it you ask? Well, they sell it for $700. Its a $35 Raspberry Pi 3+ with a 7 Inch LCD touchscreen. Its about $100 worth of parts you can get off Amazon. Nice.
|
|
#
?
Oct 12, 2019 17:01
|
|
|
for as much as I’ve read about it the ec council seems the biggest ripoff for everything they do
|
|
#
?
Oct 12, 2019 17:04
|
|
|
geonetix posted:for as much as I’ve read about it the ec council seems the biggest ripoff for everything they do Cram a bunch of open source pen-testing tools into a budget SBC computer: Profit!
|
|
#
?
Oct 12, 2019 17:06
|
|
|
CommieGIR posted:So, we had some training money to spend, so I got to go take the CEH class prior to Hacker Halted in Atlanta, and the company that runs EC Council sells a little portable "Pen Testing Tool" taking as much money as possible from people spending money on ethical hacking certifications is the most ethical action
|
|
#
?
Oct 12, 2019 17:15
|
|
|
https://twitter.com/cybergibbons/status/1182989623133396992?s=21 it’s gonna be eero
|
|
#
?
Oct 13, 2019 04:36
|
|
|
Ur Getting Fatter posted:it’s gonna be all of them
|
|
#
?
Oct 13, 2019 04:45
|
|
|
as someone that has google Wifi in their house, I am waiting with baited breath
|
|
#
?
Oct 13, 2019 04:58
|
|
|
Ur Getting Fatter posted:https://twitter.com/cybergibbons/status/1182989623133396992?s=21 what's the bet that the sidechannel wireless link between WAPs is unencrypted
|
|
#
?
Oct 13, 2019 06:38
|
|
|
I think he posted later it’s cloud related
|
|
#
?
Oct 13, 2019 07:51
|
|
|
|
|
#
?
Oct 13, 2019 09:57
|
|
|
|
|
#
?
Oct 13, 2019 11:00
|
|
|
that sounds extra powerfully lazy what system(s) don’t have even the most basic of secure sync mechanism between authorized stations?
|
|
#
?
Oct 13, 2019 11:36
|
|
|
but you see user journey first experience frictionless onboarding therefore...
|
|
#
?
Oct 13, 2019 11:44
|
|
|
Bulgakov posted:that sounds extra powerfully lazy
|
|
#
?
Oct 13, 2019 12:05
|
|
|
amateur hour, not including “attacker has the device open and a logic analyzer hooked up to the motherboard” in the threat model
|
|
#
?
Oct 13, 2019 12:15
|
|
|
i heard that an attacker that knows your disk encryption password can unlock it, sounds like a big security flaw if so
|
|
#
?
Oct 13, 2019 12:21
|
|
|
Cocoa Crispies posted:amateur hour, not including “attacker has the device open and a logic analyzer hooked up to the motherboard” in the threat model
|
|
#
?
Oct 13, 2019 12:43
|
|
|
Bulgakov posted:that sounds extra powerfully lazy if I had to guess it's to make buying additional extended stations seamless
|
|
#
?
Oct 13, 2019 13:08
|
|
|
Ur Getting Fatter posted:https://twitter.com/cybergibbons/status/1182989623133396992?s=21 all the best parts about Facebook vagueposting, but with public comments! 
|
|
#
?
Oct 13, 2019 17:55
|
|
|
Can't wait to find out whose AP system it is...
|
|
#
?
Oct 13, 2019 18:32
|
|
|
https://twitter.com/cybergibbons/status/1183367739060166657
|
|
#
?
Oct 13, 2019 19:12
|
|
|
Niiiiice.
|
|
#
?
Oct 13, 2019 19:21
|
|
|
why the gently caress would you ask this over twitter rather than just contacting them directly? like secfucks should be exposed and all but some of these Twitter threads read like teacher's pet running excitedly to teacher to tell on the naughty kid
|
|
#
?
Oct 13, 2019 20:00
|
|
|
toiletbrush posted:why the gently caress would you ask this over twitter rather than just contacting them directly? I assume because there's no way to contact them directly or because they've ignored prior attempts at direct contact, is the usual story here.
|
|
#
?
Oct 13, 2019 20:11
|
|
|
calling them forward is the best way to shame them, which is the whole point
|
|
#
?
Oct 13, 2019 20:23
|
|
|
not very subtle i love it
|
|
#
?
Oct 13, 2019 20:27
|
|
|
yeah if there’s no listed security contact and he can’t get an answer through private channels, try a public one
|
|
#
?
Oct 13, 2019 20:32
|
|
|
https://twitter.com/cybergibbons/status/1183335014538170368?s=21 https://twitter.com/cybergibbons/status/1183430737359523840?s=21
|
|
#
?
Oct 13, 2019 20:53
|
|
|
yeah ya boi travis did that for cloudflare 'cause their security contact didn't get back in 30 minutes on a saturday night
|
|
#
?
Oct 13, 2019 20:56
|
|
|
if i learned anything from muddy waters it would be to short the stocks then release the vuln report to the public 
|
|
#
?
Oct 13, 2019 21:00
|
|
|
Shinku ABOOKEN posted:if i learned anything from muddy waters it would be to short the stocks then release the vuln report to the public didn't that internet nazi say he was going to do that?
|
|
#
?
Oct 13, 2019 21:11
|
|
|
poo poo, gotta narrow it down probably, weev i think?
|
|
#
?
Oct 13, 2019 21:11
|
|
|
Yes that was the idea with TRO LLC, but it's not clear whether they actually did anything
|
|
#
?
Oct 14, 2019 00:33
|
|
|
whos gonna be debugging that secfuck with the hookers
|
|
#
?
Oct 14, 2019 05:14
|
|
|
Computer Serf posted:whos gonna be debugging that secfuck with the hookers The doctor
|
|
#
?
Oct 14, 2019 05:59
|
|
|
Shinku ABOOKEN posted:if i learned anything from muddy waters it would be to short the stocks then release the vuln report to the public my takeaway was more that, while my eyes do keep me in trouble, it's still true that i can't never be satisfied, and anyway you can't spend what you ain't got
|
|
#
?
Oct 14, 2019 06:50
|
|
|
|
| # ? Jun 7, 2024 17:46 |
|
|
toiletbrush posted:why the gently caress would you ask this over twitter rather than just contacting them directly?
|
|
#
?
Oct 14, 2019 11:10
|
|
