|
boop the snoot posted:What’s the point of encrypting passwords if they can be stolen anyway Encryption just slows down how long it takes to get the actual password (by decrypting it), it's never foolproof. It is basically there to buy time for everyone to reset passwords so that the data is outdated by the time it is decrypted.
|
# ? Oct 6, 2021 16:56 |
|
|
# ? May 28, 2024 09:33 |
|
boop the snoot posted:This is going to be a rabbit hole conversation because now my question is why even require passwords in 2021 if they’re not encrypted? Because alot of developers are idiots who feel the need to reinvent the wheel, badly, every time they do a thing, and encryption is actually pretty hard to do right. And as to how... Did anyone stop to check? Twitch has an appealing product, and security was never advertised as part of it E: do you think they encrypt your password recovery questions? The answer is no
|
# ? Oct 6, 2021 17:02 |
|
RFC2324 posted:Good chance they didn't encrypt if the paswords were stolen, Its amazon, I'm sure they mean hashed passwords. API keys for OBS/whatever though...
|
# ? Oct 6, 2021 17:08 |
|
the russian space program has just been hurled into a cone of silence https://arstechnica.com/science/2021/10/russia-tells-its-space-reporters-to-stop-reporting-on-the-space-program/
|
# ? Oct 6, 2021 17:08 |
|
boop the snoot posted:This is going to be a rabbit hole conversation because now my question is why even require passwords in 2021 if they’re not encrypted? Because passwords work fine until someone steals all of them and the monetary impact to a business from a data breach is less severe than the expense of protecting themselves against it. Edit- also am pretty sure every CS student at any school is taught to hash and salt passwords. So hopefully it’s not as simple as using a hash table to decrypt everything. Hekk fucked around with this message at 17:11 on Oct 6, 2021 |
# ? Oct 6, 2021 17:09 |
|
Floodkiller posted:Encryption just slows down how long it takes to get the actual password (by decrypting it), it's never foolproof. It is basically there to buy time for everyone to reset passwords so that the data is outdated by the time it is decrypted. To clarify, if you force your users to use caps, specials, and numbers, AND your users don't tend to reuse passwords AND your users aren't using pre-cracked passwords [password123,admin,etc,etc] AND you are using a "secure" encryption algorithm AND salting your hash it can take an extremely long time to crack a password. Without shortcuts even if your password is somewhere in RockYou.txt it can take a really really long time to crack. If you're a big time streamer though, lol get wrekt because you're the first one anyones gonna try to crack. Defenestrategy fucked around with this message at 17:22 on Oct 6, 2021 |
# ? Oct 6, 2021 17:19 |
|
This is just pure speculation based off of personal professional observation, but the push for full stack devs everywhere and the phasing out of network and server specialists means that most of the stuff being developed in TYOL2021 is even more held together with paper clips and rubber bands than the years proceeding it. Just like everything on this planet, everything gets made shittier every year in the pursuit of making it cheaper with fewer employees.
|
# ? Oct 6, 2021 17:22 |
|
Defenestrategy posted:To clarify, if you force your users to use caps, specials, and numbers, AND your users don't tend to reuse passwords AND your users aren't using pre-cracked passwords [password123,admin,etc,etc] AND you are using a "secure" encryption algorithm AND salting your hash it can take an extremely long time to crack a password. This depends heavily though. If they used bcrypt properly this could take centuries. If they used md5 they've all already been decrypted.
|
# ? Oct 6, 2021 17:27 |
|
working in IT i cannot tell you just how prevalent re-inventing the wheel is in relation to all things security
|
# ? Oct 6, 2021 17:35 |
|
boop the snoot posted:This is going to be a rabbit hole conversation because now my question is why even require passwords in 2021 if they’re not encrypted? There is a case to be made that passwords, in the way they are now, need to go. Also, does twitch do 2FA? If more people used things like that we would have way better security. Queue the security expert telling me I am wrong and freaking me out with horror stories in 3....2....1...
|
# ? Oct 6, 2021 17:35 |
|
Proud Christian Mom posted:working in IT i cannot tell you just how prevalent re-inventing the wheel is in relation to all things security Its the first thing every cs grad tries after graduation, as far as I can tell. And then they implement it in the random start up they got hired at because they were cheap, the startup strikes it big, and you have bubblegum for security on a major site that everyone uses. Never trust a company that has never been hacked. Either they are lying, or the holes in their security are still unknowns
|
# ? Oct 6, 2021 17:40 |
|
ASAPI posted:There is a case to be made that passwords, in the way they are now, need to go. No, 2FA is good, so long as it isn't SMS based.
|
# ? Oct 6, 2021 17:41 |
|
Arven posted:This is just pure speculation based off of personal professional observation, but the push for full stack devs everywhere and the phasing out of network and server specialists means that most of the stuff being developed in TYOL2021 is even more held together with paper clips and rubber bands than the years proceeding it. Just like everything on this planet, everything gets made shittier every year in the pursuit of making it cheaper with fewer employees. Ehhhhh... You've drawn the correct conclusion from the wrong premise. Full stack developers are more popular because IT as a whole is moving towards hyper converged services for everything. For example a decade ago you would buy a SAN array for big storage, maintain a cluster of servers on prem, and pay employees to manage it all. Nowadays you can simply host in the cloud, and some platforms are all in one packages that you simply have off site support for. Most of the stuff you see getting owned nowadays isn't some strange new never before seen attack vector - it's one or more attackers using either a vulnerability that the company wasn't patching to close, or someone with privileged rights was compromised (phishing, reused passwords, etc). Since there's no real consequences beyond loss of public trust (and if you're big enough like Twitch is, you basically don't have to give a gently caress at all), it's not going to get any better until something puts the fear of God in companies.
|
# ? Oct 6, 2021 17:43 |
|
Defenestrategy posted:To clarify, if you force your users to use caps, specials, and numbers, AND your users don't tend to reuse passwords AND your users aren't using pre-cracked passwords [password123,admin,etc,etc] AND you are using a "secure" encryption algorithm AND salting your hash it can take an extremely long time to crack a password. Also just fyi but the must use upper and lower case, numbers, and special characters is depreciated guidance. It turns out the psychology of human memory being what it is most people comply in easily predictable ways and it ends up juts aggravating people while at best not actually adding security.
|
# ? Oct 6, 2021 17:43 |
|
Not a fan of Twitch asking me to download yet another 2FA app if I want that on my account.
|
# ? Oct 6, 2021 17:44 |
|
Raerlynn posted:Since there's no real consequences beyond loss of public trust (and if you're big enough like Twitch is, you basically don't have to give a gently caress at all), it's not going to get any better until something puts the fear of God in companies. its going to take insurance companies saying 'nope' to cyberinsurance claims since everyone is just punting on security and letting them eat the ransomware cost
|
# ? Oct 6, 2021 17:45 |
|
A Bad Poster posted:Not a fan of Twitch asking me to download yet another 2FA app if I want that on my account. It supports either SMS or google autheticator/whatever other app you want. https://help.twitch.tv/s/article/two-factor-authentication?language=en_US
|
# ? Oct 6, 2021 17:47 |
|
Soylent Pudding posted:Also just fyi but the must use upper and lower case, numbers, and special characters is depreciated guidance. It turns out the psychology of human memory being what it is most people comply in easily predictable ways and it ends up juts aggravating people while at best not actually adding security. Passphrases are the way to go, since adding punctuation and spaces helps technical cracking aspect while still remaining usable. The downside is some devices don't handle spaces in passwords, which sucks.
|
# ? Oct 6, 2021 17:47 |
|
ASAPI posted:There is a case to be made that passwords, in the way they are now, need to go. twitch does have 2FA but i just checked and there is an option on the 2FA prompt to bypass the auth and get an SMS code, so rip.
|
# ? Oct 6, 2021 17:49 |
|
ATTENTION If you work/worked in the public service sector and you still have student loans, look into this: https://www.cnbc.com/2021/10/06/dept-of-ed-announces-public-service-loan-forgiveness-program-changes.html https://studentaid.gov/announcements-events/pslf-limited-waiver Bottom line: the Public Service Loan Forgiveness program has always been a pile of bullshit. It required you to make 10 years of very specific payments against very specific student loans to get your loans forgiven. Nobody ever made those kinds of payments (either splitting the payments into 20 years, or income-graduated). Apparently, they no longer give a gently caress and any payment at all counts. So if you're a career fed, or served a lot in the military, look into this poo poo. quote:Qualifying for PSLF So by my reading, I need to get my loving money and some of y'all also likely need to.
|
# ? Oct 6, 2021 17:49 |
|
Proud Christian Mom posted:its going to take insurance companies saying 'nope' to cyberinsurance claims since everyone is just punting on security and letting them eat the ransomware cost Even that's probably not enough - it probably becomes a calculated expense. It's really going to take getting poo poo on legally from such a height that you'd think it was God himself dropping that deuce to change that. To put it in perspective - the Equifax breach was literally a case of being behind like 6 months on OS updates.
|
# ? Oct 6, 2021 17:50 |
|
Oh look, more reasons not to use AT&T https://www.reuters.com/investigates/special-report/usa-oneamerica-att/ quote:A Reuters review of court records shows the role AT&T played in creating and funding OAN, a network that continues to spread conspiracy theories about the 2020 election and the COVID-19 pandemic.
|
# ? Oct 6, 2021 17:57 |
|
https://twitter.com/bradheath/status/1445720929775067138?s=10 So basically AT&T created OANN. I wonder if they will still be funding it in the near future? Efb
|
# ? Oct 6, 2021 17:59 |
|
Friend of mine just said she saw news of a school shooting in Texas. Also an oil tank in Texas City is busted and is spilling hundreds of thousands of gallons of crude onto the ground.
|
# ? Oct 6, 2021 18:11 |
Mr. Nice! posted:Friend of mine just said she saw news of a school shooting in Texas. So Wednesday.
|
|
# ? Oct 6, 2021 18:12 |
|
Mr. Nice! posted:Friend of mine just said she saw news of a school shooting in Texas. Apparently the school shooting started as a "normal" fight: https://www.nbcdfw.com/news/local/lockdown-issued-at-timberview-high-in-arlington-possible-shots-fired/2759727/ RE: AT&T, They are my only option for internet in my neighborhood, so have to stick with them...
|
# ? Oct 6, 2021 18:17 |
|
ASAPI posted:
Nice to see them going from one monopoly to another.
|
# ? Oct 6, 2021 18:23 |
|
Raerlynn posted:Even that's probably not enough - it probably becomes a calculated expense. It's really going to take getting poo poo on legally from such a height that you'd think it was God himself dropping that deuce to change that. My company just onboarded a major telecom client, and when we saw how old the internet facing application we are managing for them was everyone collectively poo poo a brick and started screaming at sales for doing it
|
# ? Oct 6, 2021 18:23 |
|
Only sprint and AT&T will let me use my phone number from Puerto Rico, its one of the few things i have left from the island and i dont want to drop it
|
# ? Oct 6, 2021 18:27 |
lmao https://twitter.com/bradheath/status/1445730199635701760?s=20
|
|
# ? Oct 6, 2021 18:33 |
|
Isn't OAN being sued by Dominion? I'd like to see Dominion go after ATT when they're done with OAN.
|
# ? Oct 6, 2021 18:35 |
https://twitter.com/nytimes/status/1444029375272325124
|
|
# ? Oct 6, 2021 18:54 |
|
loving
|
# ? Oct 6, 2021 19:09 |
|
I’m not sure what a more effective statement would look like.
|
# ? Oct 6, 2021 19:13 |
What is that woman staring at?
|
|
# ? Oct 6, 2021 19:15 |
|
1) Accept deal, give $ value equivalent to Trump Tax Cuts https://twitter.com/LauraLitvan/status/1445814152598102019 2) In BBB Reconciliation package, set Debt Ceiling at eleventy trillion facialimpediment fucked around with this message at 19:18 on Oct 6, 2021 |
# ? Oct 6, 2021 19:16 |
|
When I heard about this I thought it was a joke. Holy poo poo he pulled it off!
|
# ? Oct 6, 2021 19:18 |
|
boop the snoot posted:What is that woman staring at? Art
|
# ? Oct 6, 2021 19:21 |
|
boop the snoot posted:What is that woman staring at? "Take the money and run" - Nothing on canvas, 2021
|
# ? Oct 6, 2021 19:24 |
|
|
# ? May 28, 2024 09:33 |
|
Duzzy Funlop posted:"Take the money and run" - Nothing on canvas, 2021 Everyone's been Reenlisted - No DD-214, 2021
|
# ? Oct 6, 2021 19:33 |