|
Even if there's edge cases, the worst case is presumably that you get tested and it's negative, which hopefully is better than the alternative of spreading.
|
# ? Jun 21, 2020 13:25 |
|
|
# ? Jun 7, 2024 23:05 |
|
I was wondering what prevented someone from getting a burner and wandering around downtown then reporting positive. Well the only two apps I could find are for RI and the dakotas, the RI one straight up doesn't work for me (as in, it thinks I'm offline for some reason and refuses to work), and the dakotas one requires a health authority to enable the reporting button. I'm thinking that there's a chance you could still send the request some other way though, and it wouldn't be checked against whether you're allowed. Both apps still require location permissions, so the bluetooth data is just additional info to confirm proximity. Doesn't solve the 'passing in a car' problem though. Either way, getting tested from that sort of false positive doesn't seem harmful. Seems better to use the app data to narrow down the scope of who needs tested rather than shotgunning them out. ~Coxy posted:Even if there's edge cases, the worst case is presumably that you get tested and it's negative, which hopefully is better than the alternative of spreading.
|
# ? Jun 21, 2020 16:10 |
|
there are lots of regional apps that don’t use the google/apple api and instead do actual location tracking on their own which gets sent to the cloud and nsa
|
# ? Jun 21, 2020 16:24 |
|
I’m not too concerned about podunkville’s app siphoning location data to the NSA when the dozen ad networks in candy crush collect location data and tower data aggregators are available to any LEO or bail bondsman? https://thehill.com/homenews/senate/503760-irs-used-cell-phone-data-to-try-to-track-potential-suspects-report?amp I expect the governor’s cousin’s app shop leaking unanonymized travel history through unsecured S3 buckets is an inevitability, though.
|
# ? Jun 21, 2020 16:45 |
|
what the gently caress is the point of the authenticator app??
|
# ? Jun 21, 2020 20:13 |
|
I’d hope high scrutiny of any case that invokes the recovery phone, but hope is not a strategy really.
|
# ? Jun 21, 2020 20:24 |
|
Jenny Agutter posted:what the gently caress is the point of the authenticator app?? i think when you implement this kinda thing you either need to accept that because you're going to have a lot of people who lose their phone you have to have a system set up where you can properly verify their identity via a good customer support team, or you have to just give up and make it trivially easy to defeat the whole thing. being ubisoft it's unsurprising they chose the cheaper easier option
|
# ? Jun 21, 2020 21:12 |
yeah, i yelled at ubisoft support on twitter about it (to no surprise, they apparently don't care to do something about it when you're just a nobody like me), but they could at least give the option of giving people recover keys if people think they're smart enough to handle it?
|
|
# ? Jun 22, 2020 13:24 |
|
D. Ebdrup posted:yeah, i yelled at ubisoft support on twitter about it (to no surprise, they apparently don't care to do something about it when you're just a nobody like me), but they could at least give the option of giving people recover keys if people think they're smart enough to handle it? Think of the dumbest person you know who plays video games, then imagine someone even dumber. That's who they have to design for.
|
# ? Jun 22, 2020 17:28 |
|
Volmarias posted:Think of the dumbest person you know who plays video games, then imagine someone even dumber. my monitor is already off
|
# ? Jun 22, 2020 21:16 |
|
you see, Availability is one third of the CIA triad, so when you compromise security to prioritize availability to users, you are actually doing the right thing
|
# ? Jun 22, 2020 21:44 |
|
Shame Boy posted:i think when you implement this kinda thing you either need to accept that because you're going to have a lot of people who lose their phone you have to have a system set up where you can properly verify their identity via a good customer support team, or you have to just give up and make it trivially easy to defeat the whole thing. being ubisoft it's unsurprising they chose the cheaper easier option doesnt google do the exact same thing with their stuff?
|
# ? Jun 22, 2020 22:32 |
|
spankmeister posted:radio waves can do weird things. yeah like give you COVID
|
# ? Jun 23, 2020 18:44 |
|
Shame Boy posted:i think when you implement this kinda thing you either need to accept that because you're going to have a lot of people who lose their phone you have to have a system set up where you can properly verify their identity via a good customer support team, or you have to just give up and make it trivially easy to defeat the whole thing. being ubisoft it's unsurprising they chose the cheaper easier option ok sure but you just know the phone number they provided is gonna be the phone they lost
|
# ? Jun 23, 2020 19:58 |
|
a Ubisoft account is the kind of thing you could leave out on the curb and only the trash collectors would take it
|
# ? Jun 23, 2020 20:13 |
|
Lain Iwakura posted:Oh. It's just another "crazy, lying bitch". He's innocent, everybody.
|
# ? Jun 24, 2020 15:09 |
|
we've had the irc running forever but if anyone cares to have a dedicated discord yell about it even if it's just to keep in touch for a migration or whatever
|
# ? Jun 24, 2020 15:31 |
|
Wiggly Wayne DDS posted:we've had the irc running forever but if anyone cares to have a dedicated discord yell about it https://forums.somethingawful.com/showthread.php?threadid=3919429 someone beat you to it
|
# ? Jun 24, 2020 15:49 |
|
Shame Boy posted:https://forums.somethingawful.com/showthread.php?threadid=3919429 ty for the link
|
# ? Jun 24, 2020 17:15 |
|
echi woke up and made some mods so the discord is getting a bit more bearable fyi there's even a secfuck channel now
|
# ? Jun 24, 2020 19:21 |
|
Shame Boy posted:echi woke up and made some mods so the discord is getting a bit more bearable fyi they should call it the side channel
|
# ? Jun 24, 2020 22:01 |
|
Agile Vector posted:they should call it the side channel
|
# ? Jun 25, 2020 05:58 |
|
Agile Vector posted:they should call it the side channel
|
# ? Jun 25, 2020 06:24 |
Shame Boy posted:echi woke up and made some mods so the discord is getting a bit more bearable fyi
|
|
# ? Jun 25, 2020 11:52 |
|
dogfooding the secfucks
|
# ? Jun 25, 2020 12:28 |
|
Agile Vector posted:they should call it the side channel
|
# ? Jun 25, 2020 12:58 |
|
https://discord.gg/7sm9xN
|
# ? Jun 25, 2020 14:14 |
|
this somehow seems appropriate for this thread
|
# ? Jun 25, 2020 19:28 |
|
narrator: the phones themselves are tracking apps, no installation needed
|
# ? Jun 25, 2020 19:45 |
|
Agile Vector posted:they should call it the side channel
|
# ? Jun 26, 2020 01:52 |
|
I remember seeing a secfuck presentation video here on industrial systems that was basically a guy scanning for unsecured networks and seeing what kind of scada systems popped out. Some of the memorable ones included a refinery in canada and a foundry in france. But I'm not finding the video anymore. Anyone else remember this video?
|
# ? Jun 26, 2020 06:47 |
|
Brute Squad posted:I remember seeing a secfuck presentation video here on industrial systems that was basically a guy scanning for unsecured networks and seeing what kind of scada systems popped out. Some of the memorable ones included a refinery in canada and a foundry in france. But I'm not finding the video anymore. Anyone else remember this video? there was a vnc roulette thing that got one of the earlier secfuck threads closed.
|
# ? Jun 26, 2020 06:56 |
|
Serious and sadly relevant secfuck https://techcrunch.com/2020/06/25/aspire-app-dr-phil/ quote:
|
# ? Jun 26, 2020 12:05 |
|
Midjack posted:there was a vnc roulette thing that got one of the earlier secfuck threads closed. that had a twitter and everything, didn't it? it was hilarious and also a terrible idea.
|
# ? Jun 26, 2020 13:13 |
|
there's still posts in the older threads covering some of the vnc roulettes that popped up
|
# ? Jun 26, 2020 13:15 |
|
ewiley posted:Serious and sadly relevant secfuck ugh
|
# ? Jun 26, 2020 13:40 |
|
ewiley posted:Serious and sadly relevant secfuck ugh at least maybe an abusers name got leaked i guess.
|
# ? Jun 26, 2020 15:02 |
|
https://developer.apple.com/videos/play/wwdc2020/10047 App control for DOH. That's neat.
|
# ? Jun 26, 2020 15:35 |
|
D. Ebdrup posted:yeah, i yelled at ubisoft support on twitter about it (to no surprise, they apparently don't care to do something about it when you're just a nobody like me), but they could at least give the option of giving people recover keys if people think they're smart enough to handle it? that's what they used to do, they only added the phone number stuff relatively recently
|
# ? Jun 26, 2020 16:21 |
|
|
# ? Jun 7, 2024 23:05 |
|
Brute Squad posted:I remember seeing a secfuck presentation video here on industrial systems that was basically a guy scanning for unsecured networks and seeing what kind of scada systems popped out. Some of the memorable ones included a refinery in canada and a foundry in france. But I'm not finding the video anymore. Anyone else remember this video? wayback machine didn't save much from vncroulette, but here's some choice ones from a similar site from the era, compliments archive.org bonus link from when vncroulette got hacked https://web.archive.org/web/20160401213748/http://vncroulette.com/ e: one of the above seems like it's still up. whilst i'll ping the poop, I aint touching it.
|
# ? Jun 26, 2020 17:25 |