|
4lokos basilisk posted:i thought you guys were not supposed to use your work machines!
|
# ? Nov 25, 2023 13:17 |
|
|
# ? Jun 8, 2024 05:51 |
|
dpkg chopra posted:three factor authentication doesn’t work if all factors are the same heh
|
# ? Nov 25, 2023 17:51 |
|
HELLOMYNAMEIS___ posted:https://twitter.com/atc1441/status/1728128683733577955/ These loss images are just getting more and more abstract.
|
# ? Nov 25, 2023 23:18 |
|
more like windows goodbye (security) tl;dr: windows hello security devices are, in general, insecure in a bunch of ways that allow either bypassing them or generating valid tokens without the actual biometric factor. none of it is completely trivial, and you still have to have access to the device, but lol nonetheless.
|
# ? Nov 27, 2023 21:01 |
|
windows hello.jpg
|
# ? Nov 27, 2023 21:08 |
|
haveblue posted:windows hello.jpg
|
# ? Nov 27, 2023 21:30 |
|
haveblue posted:windows hello.jpg
|
# ? Nov 27, 2023 22:01 |
|
you might say there's a wide open back door into your system
|
# ? Nov 28, 2023 05:14 |
|
Hackers can turn your computer into a bum
|
# ? Nov 28, 2023 05:30 |
|
haveblue posted:windows hello.jpg
|
# ? Nov 28, 2023 05:32 |
|
haveblue posted:windows hello.jpg my brain already adds the .jpg every time i see "windows hello" which makes me giggle
|
# ? Nov 28, 2023 05:45 |
|
Windows Hello For Buttocks
|
# ? Nov 28, 2023 07:25 |
|
haveblue posted:windows hello.jpg
|
# ? Nov 28, 2023 07:32 |
|
infernal machines posted:more like windows goodbye (security) between this and drive manufacturers constantly being found faithlessly implementing hardware level encryption, I don't know if you can trust hardware-anything for security critical applications is a yubikey still safe or did they gently caress a duck too
|
# ? Nov 28, 2023 07:49 |
|
haveblue posted:windows hello.jpg oh my god what's that man doing to his Asus?
|
# ? Nov 28, 2023 09:41 |
|
attn:satan, you've hosed up your certs
|
# ? Nov 28, 2023 10:21 |
|
Powerful Two-Hander posted:attn:satan, you've hosed up your certs peeved they aren’t using port 666
|
# ? Nov 28, 2023 11:23 |
|
Crazy Achmed posted:you might say there's a wide open back door into your system I thought modern CPU architectures use rings to prevent these kinds of issues?
|
# ? Nov 28, 2023 12:34 |
|
Potato Salad posted:between this and drive manufacturers constantly being found faithlessly implementing hardware level encryption, I don't know if you can trust hardware-anything for security critical applications to their credit, yubikeys just do one thing and they do it well
|
# ? Nov 28, 2023 13:57 |
|
sb hermit posted:to their credit, yubikeys just do one thing and they do it well they do a bunch of things and they already had one vulnerability that led to them shipping me an entirely new one after sending them a picture of my vulnerable one's serial number
|
# ? Nov 28, 2023 14:48 |
|
Carbon dioxide posted:I thought modern CPU architectures use rings to prevent these kinds of issues?
|
# ? Nov 28, 2023 15:58 |
|
Powerful Two-Hander posted:oh my god what's that man doing to his Asus?
|
# ? Nov 28, 2023 16:38 |
|
Carbon dioxide posted:I thought modern CPU architectures use rings to prevent these kinds of issues?
|
# ? Nov 28, 2023 17:34 |
|
seems like a gaping security flaw
|
# ? Nov 28, 2023 17:55 |
|
sb hermit posted:to their credit, yubikeys just do one thing and they do it well
|
# ? Nov 28, 2023 17:55 |
|
Powerful Two-Hander posted:oh my god what's that man doing to his Asus?
|
# ? Nov 28, 2023 18:12 |
|
Powerful Two-Hander posted:oh my god what's that man doing to his Asus?
|
# ? Nov 28, 2023 19:27 |
|
Potato Salad posted:between this and drive manufacturers constantly being found faithlessly implementing hardware level encryption, I don't know if you can trust hardware-anything for security critical applications not yubico but someone hosed up and put bluetooth in a security key design and had feitian manufacture it https://security.googleblog.com/2019/05/titan-keys-update.html
|
# ? Nov 28, 2023 22:31 |
|
quote:An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly. I think my threat model is OK with me taking on that risk
|
# ? Nov 28, 2023 22:39 |
|
Powerful Two-Hander posted:oh my god what's that man doing to his Asus?
|
# ? Nov 28, 2023 22:49 |
|
Powerful Two-Hander posted:oh my god what's that man doing to his Asus? cock solid, part/clutching
|
# ? Nov 28, 2023 22:59 |
|
Potato Salad posted:is a yubikey still safe or did they gently caress a duck too NXP just notified the world that they got hacked and the attacker kept accessing data, searching for chip schematics and microcode for several years. https://arstechnica.com/security/2023/11/hackers-spent-2-years-looting-secrets-of-chipmaker-nxp-before-being-detected/ Several FIDO2 key makers, yubico included, uses NXP chips.
|
# ? Nov 28, 2023 23:01 |
|
Subjunctive posted:I think my threat model is OK with me taking on that risk are you now or have you ever been ross ulbricht?
|
# ? Nov 28, 2023 23:10 |
|
SlowBloke posted:NXP just notified the world that they got hacked and the attacker kept accessing data, searching for chip schematics and microcode for several years. extremely lol
|
# ? Nov 28, 2023 23:26 |
|
infernal machines posted:are you now or have you ever been ross ulbricht? god that poo poo was funny
|
# ? Nov 29, 2023 00:43 |
|
https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/quote:Delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. Additionally, we disabled the phpinfo function Classic.
|
# ? Nov 29, 2023 17:49 |
|
own cloud indeed
|
# ? Nov 29, 2023 17:52 |
|
lmao @ getphpinfo, that is something most people sorted in like 2004. great job everyone
|
# ? Nov 29, 2023 18:08 |
|
I thought owncloud had been migrating away from php
|
# ? Nov 29, 2023 18:10 |
|
|
# ? Jun 8, 2024 05:51 |
|
Antigravitas posted:https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/ Lol.. does this mean that the unit tests are just like sitting in the instance ready to be accessed from the web?
|
# ? Nov 29, 2023 18:23 |