|
I use 1Pass at home and work. It's good. Can't compare it to Bitwarden, as I have never needed to use anything else.
|
# ? Feb 21, 2024 20:16 |
|
|
# ? May 30, 2024 13:34 |
|
Rescue Toaster posted:I'm dealing with a lovely device that has ancient HTTPS and modern firefox is officially reporting "gently caress You" when connecting to it. 'gently caress you' is a bit vague, but my heart says check the cert is presenting a value in Subject Alternative Name (SAN). Ye olde certs just presented a Common Name and that's been deprecated for a few years. Ancient devices might be using an ancient cert process that is deprecated.
|
# ? Feb 21, 2024 23:53 |
|
Nukelear v.2 posted:'gently caress you' is a bit vague, but my heart says check the cert is presenting a value in Subject Alternative Name (SAN). Ye olde certs just presented a Common Name and that's been deprecated for a few years. It's NO_CIPHER_OVERLAP iirc. Pretty sure TLS 1.0 3DES is what is straight up compiled out and cannot be enabled by any switches. It does not even get to the point of receiving the server cert to look at it.
|
# ? Feb 22, 2024 00:39 |
|
It's not a surprise that 3DES is compiled out of Firefox given that known unmaintained hairball OpenSSL dumped it in 2016.
|
# ? Feb 22, 2024 00:51 |
|
3DES was something you kept around for IE6 on XP. It hasn't been relevant for like a decade. Whenever I have problems like this I use a socat compiled against an old version of OpenSSL.
|
# ? Feb 22, 2024 01:10 |
|
Shumagorath posted:It's not a surprise that 3DES is compiled out of Firefox given that known unmaintained hairball OpenSSL dumped it in 2016. What's weird just from the perspective of this thread, is I can't find good info on when stuff like this was disabled, or at least it's conflicting. Everything implies this stuff was gone as far back as like, Firefox 44, and certainly by 76/77. But I definitely have a VM with a firefox 88 in it that still supports it. It's also hard to know sometimes, ok this algorithm is deprecated. Is that because it's not considered 'strong enough' anymore? For what type of attacks? Or is it completely blown open, totally worthless, might as well just run unencrypted http. That sort of thing. Yes I too would love to throw every piece of equipment in the trash bin the second openssl/firefox/whoever decides it's no longer good enough encryption to operate over the open internet, even though it lives on its own VLAN. EDIT: To be clear, that's not even really sarcasm. I would totally chuck out anything I could immediately if it's not getting updates and is using old crypto. For another example, I have/had some smart switches that are good but the management interface is getting old and no more updates and I wouldn't be surprised if I start running into similar problems, I'm trying to figure out what to do with those too. I bought another more recent model, and... the web interface is ONLY http and cannot be disabled, or configure via some godawful windows app that uses entirely unknown crypto (if any) to configure it. It's somehow even worse than the old no-longer-being-updated poo poo. Rescue Toaster fucked around with this message at 02:58 on Feb 22, 2024 |
# ? Feb 22, 2024 02:23 |
|
A major health care system provider got hacked today and I am chuckling. I am chuckling because they quoted us 25k to rotate the weak crypto we have on a vpn connection we have with their systems. Get hosed.
|
# ? Feb 22, 2024 03:01 |
|
Rescue Toaster posted:EDIT: To be clear, that's not even really sarcasm. I would totally chuck out anything I could immediately if it's not getting updates and is using old crypto. For another example, I have/had some smart switches that are good but the management interface is getting old and no more updates and I wouldn't be surprised if I start running into similar problems, I'm trying to figure out what to do with those too. I bought another more recent model, and... the web interface is ONLY http and cannot be disabled, or configure via some godawful windows app that uses entirely unknown crypto (if any) to configure it. It's somehow even worse than the old no-longer-being-updated poo poo.
|
# ? Feb 22, 2024 03:09 |
|
Sickening posted:A major health care system provider got hacked today and I am chuckling. I am chuckling because they quoted us 25k to rotate the weak crypto we have on a vpn connection we have with their systems. Get hosed. Ooh? Who got popped?
|
# ? Feb 22, 2024 05:12 |
|
navyjack posted:Ooh? Who got popped? Change Healthcare
|
# ? Feb 22, 2024 05:20 |
|
Sickening posted:Change Healthcare Seems like a reasonable idea, on the surface.
|
# ? Feb 22, 2024 13:04 |
|
spankmeister posted:3DES was something you kept around for IE6 on XP. It hasn't been relevant for like a decade. My friend, let me tell you about this little hellhole called electronic payments and emv lmao
|
# ? Feb 22, 2024 15:11 |
spankmeister posted:3DES was something you kept around for IE6 on XP. It hasn't been relevant for like a decade.
|
|
# ? Feb 22, 2024 16:35 |
|
There's a bit of a bell curve where stuff that is ancient has a serial port and you can still manage it easily in TYOOL 2024, then there's new stuff that has a management interface that a modern device can access, and in the middle is stuff from about 15 years ago that you might as well throw in a bin.
|
# ? Feb 22, 2024 17:02 |
|
Speaking of cipher suites, Apple is upgrading iMessage to Kyber with forward secrecy. https://twitter.com/matthew_d_green/status/1760324355991498999?s=20
|
# ? Feb 22, 2024 17:13 |
|
Thanks Ants posted:There's a bit of a bell curve where stuff that is ancient has a serial port and you can still manage it easily in TYOOL 2024, then there's new stuff that has a management interface that a modern device can access, and in the middle is stuff from about 15 years ago that you might as well throw in a bin. iLO and DRAC, I'm looking at you
|
# ? Feb 22, 2024 18:29 |
|
Diva Cupcake posted:Speaking of cipher suites, Apple is upgrading iMessage to Kyber with forward secrecy. ... we're still working under the presumption that iMessage is compromised in the Chinese market right?
|
# ? Feb 22, 2024 18:53 |
|
some kinda jackal posted:iLO and DRAC, I'm looking at you loving Supermicro IPMI with their loving java
|
# ? Feb 22, 2024 19:02 |
|
spankmeister posted:loving Supermicro IPMI with their loving java My favorite part was I had one Supermicro board where you seriously couldn't turn the IPMI off. And if you fail to plug in the special IPMI ethernet port, it just somehow becomes available on whatever ethernet port you DO plug in. So I connected the IPMI port to a switch that put it on a dead-end VLAN that connects to nothing, and it seemed happy with that.
|
# ? Feb 22, 2024 19:11 |
|
Diva Cupcake posted:Speaking of cipher suites, Apple is upgrading iMessage to Kyber with forward secrecy. The secret being - if its available in China, Apple absolutely has already handed the keys to the government, because they are required to by law or China would absolutely not let them operate it. This has come up previously - Apple's privacy stuff is largely only really effective in the US/EU Elsewhere in Asia. China has already made deals with Apple. some kinda jackal posted:iLO and DRAC, I'm looking at you Hey, at least on the modern iDRAC its HTML5 for the front end and remote console stuff. Rescue Toaster posted:My favorite part was I had one Supermicro board where you seriously couldn't turn the IPMI off. And if you fail to plug in the special IPMI ethernet port, it just somehow becomes available on whatever ethernet port you DO plug in. So I connected the IPMI port to a switch that put it on a dead-end VLAN that connects to nothing, and it seemed happy with that. Ah yes, the 'Management Network' CommieGIR fucked around with this message at 19:25 on Feb 22, 2024 |
# ? Feb 22, 2024 19:23 |
|
Potato Salad posted:... we're still working under the presumption that iMessage is compromised in the Chinese market right? Absolutely.
|
# ? Feb 22, 2024 19:24 |
spankmeister posted:loving Supermicro IPMI with their loving java
|
|
# ? Feb 22, 2024 21:04 |
|
spankmeister posted:loving Supermicro IPMI with their loving java
|
# ? Feb 22, 2024 23:05 |
Rescue Toaster posted:My favorite part was I had one Supermicro board where you seriously couldn't turn the IPMI off. And if you fail to plug in the special IPMI ethernet port, it just somehow becomes available on whatever ethernet port you DO plug in. So I connected the IPMI port to a switch that put it on a dead-end VLAN that connects to nothing, and it seemed happy with that.
|
|
# ? Feb 22, 2024 23:26 |
|
Oh hell yes, do you have the wiring diagram for that? It would be pretty useful for an old box I've repurposed as a home file server.
|
# ? Feb 22, 2024 23:47 |
|
https://www.juniper.net/documentati...ernet-interface
|
# ? Feb 22, 2024 23:55 |
|
Thank you!
|
# ? Feb 23, 2024 00:01 |
loving hell, I just had a flashback to rootcausing FastEthernet using this, way back when it was new.
|
|
# ? Feb 23, 2024 00:36 |
|
MustardFacial posted:I use mine to emulate amiibo’s. It's not that these attacks are using solely the Flipper, and potentially are using multiples. This is a pretty well known "relay attack" which basically is just a proxy of the RF back to a valid keyfob; so in other words, don't store your car keys near your car or better yet just put them in a faraday cage.
|
# ? Feb 23, 2024 02:07 |
|
drunk mutt posted:It's not that these attacks are using solely the Flipper, and potentially are using multiples. This is a pretty well known "relay attack" which basically is just a proxy of the RF back to a valid keyfob; so in other words, don't store your car keys near your car or better yet just put them in a faraday cage. Regardless the issue remains that the issue is the car manufacturers, not the Flipper Zero. Also - Relay attacks are usually carried out with specific tools, not little hacking toys.
|
# ? Feb 23, 2024 03:26 |
|
I’d say car keys should move to UWB, but there are attacks against that too. Still better in that there’s no relay attack that works across the world, just from tens of meters away.
|
# ? Feb 23, 2024 03:27 |
|
So yeah, the issue I was mentioning earlier is a big deal because for the US, there are 3 pharmacy payment routing systems and its 1 of them. Its causing massive chaos and might end up affecting you if you use medications. The pharmacy systems ecosystem is among the oldest and least secure on the planet. Its a house of cards ripe to collapse at any time.
|
# ? Feb 23, 2024 18:13 |
|
Cup Runneth Over posted:I use 1Pass at home and work. It's good. Can't compare it to Bitwarden, as I have never needed to use anything else. +1 for 1Password. My less tech savvy ex-girlfriend also used Bitwarden without issues, but she used it by just copy pasting everything from the browser. I guess they probably have an app or browser extension as well?
|
# ? Feb 23, 2024 19:16 |
|
1password has been set up, based on thread recommendation. For anyone not already onboard, if you're coming from a browser, you can mass import your saved passwords from there. Then the little watchtower feature yells at you because you're a lazy dick and deserve it.
|
# ? Feb 23, 2024 19:58 |
|
watchtower is the primary reason to pay for the 1pass subscription
|
# ? Feb 23, 2024 21:06 |
|
https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-optum-hack-behind-us-healthcare-billing-outage/
|
# ? Feb 24, 2024 00:02 |
|
Flyndre posted:+1 for 1Password. They do, I've been using the browser plugin on several machines and the app on my phone without issue for a while. I like the plugin because when you fill in a username / password it does a little zoom in effect on the text field and it makes me feel high tech
|
# ? Feb 24, 2024 09:38 |
|
Pretty much every major password management solution has web browser integration these days. Even KeePass has browser extensions.
|
# ? Feb 24, 2024 19:12 |
Nalin posted:Pretty much every major password management solution has web browser integration these days. Even KeePass has browser extensions.
|
|
# ? Feb 24, 2024 21:25 |
|
|
# ? May 30, 2024 13:34 |
|
some kinda jackal posted:iLO and DRAC, I'm looking at you My home lab is made of t and r610s and idrac6 is basically worthless if you don't know how to use ipmitool
|
# ? Feb 25, 2024 19:10 |