|
Ground floor has anime and Sulk. We are off to a great start, people.
|
# ? Nov 29, 2014 03:10 |
|
|
# ? May 17, 2024 13:10 |
|
Subjunctive posted:can we continue the discussion about why security people tend towards being dicks? Because they tend to look like
|
# ? Nov 29, 2014 03:13 |
|
"security people" and the "security mindset" both reward pedantry
|
# ? Nov 29, 2014 03:14 |
|
Ireland Sucks posted:Because they tend to look like not sure why people are hating on this guy...
|
# ? Nov 29, 2014 03:15 |
|
Sharktopus posted:"security people" and the "security mindset" both reward pedantry if we've learned anything it's that software absolutely needs to be pedantic to not get exploited
|
# ? Nov 29, 2014 03:36 |
|
Captain Foo posted:if we've learned anything it's that software absolutely needs to be pedantic to take longer to get exploited ftfy
|
# ? Nov 29, 2014 03:48 |
|
Sharktopus posted:"security people" and the "security mindset" both reward pederasty
|
# ? Nov 29, 2014 03:56 |
|
hey guys, I just want to announce that I am lurking the security thread as usual I can answer questions about running a CA i guess. the secret is a lot of auditing and record keeping.
|
# ? Nov 29, 2014 04:05 |
|
minivanmegafun posted:hey guys, I just want to announce that I am lurking the security thread as usual I would like to know more
|
# ? Nov 29, 2014 04:07 |
|
yeah, I think it's probably related to the gotcha/adversarial nature of a lot of the work. now-wife noticed when I stopped doing security stuff full-time, back when dinosaurs and fwtk roamed the earth, because I was nicer to be around. I stopped basically because the security space (mostly firewalls at the time; IDS was the motion detector in the server room) was toxic enough that I was grumpy all day. I can't help but think that we'd be in a better state security-wise if it was more pleasant to interact with the average security professional. pr0zac is p chill, though, which is true of the FB team as a whole AFAICT.
|
# ? Nov 29, 2014 04:10 |
|
minivanmegafun posted:I can answer questions about running a CA i guess. the secret is a lot of auditing and record keeping. what do you think of the let's encrypt stuff?
|
# ? Nov 29, 2014 04:11 |
|
an adversarial process is necessary for security in any sense. diversification being the only free lunch running this process in more than one brain is typically beneficial. add egos, lack of tact, and lack of argumentative charity and you get a pretty good idea why security people are the way they are
|
# ? Nov 29, 2014 04:33 |
|
Captain Foo posted:I would like to know more Subjunctive posted:what do you think of the let's encrypt stuff? i think it's pretty cool, though automated certificate approval has its own possible headaches. consideration has to be taken as to how to validate that a given domain name belongs to a certain party before signing a CSR, though it's not like the way most CAs handle it ("Here, take this random string and put it in caprovider.txt in your webroot and we'll fetch it over HTTP in the clear!) is a whole lot better. there's a possible conflict of interest between web browser distributors being closely linked to a CA, but it's not like that situation doesn't already exist. if this has legs, it could possibly allow let's encrypt to say "lol f u" to webtrust's regulations, which may or may not be a good thing. I imagine most extant CAs will stay in business as EV certs ("green bars") can't be subjected to automated approval; some human has to actually review business records and validate contact information to make sure you are who you say you are. I guess Let's Encrypt could generate revenue from that aspect if they wanted to. the SSL CA stuff is a rather small part of our business so we don't really see it as a threat to our revenue as far as i am aware. though, to be entirely honest, i'm not sure dumbing down the certificate process is A Good Thing. I haven't read deeply into ACME yet, but really for an end-user server operator the entire process of getting a key generated, a cert signed, and installed really isn't all that complex.
|
# ? Nov 29, 2014 04:36 |
|
what kinda security do you have the actual signing material under
|
# ? Nov 29, 2014 04:40 |
|
vOv posted:what kinda security do you have the actual signing material under stored on a hardware HSM, behind a locked door that needs two keycards to open that are held by a very small subset of people, system has no outside access other than an API that signs certs. e: and "outside" in this context is "outside of the CA's network, where the application that process CSR requests from the UI application that end users use is", not the outside world minivanmegafun fucked around with this message at 04:56 on Nov 29, 2014 |
# ? Nov 29, 2014 04:49 |
|
is it like those bank boxes so the cards have to be slid through simultaneously? thatd be cool
|
# ? Nov 29, 2014 04:57 |
|
|
# ? Nov 29, 2014 05:41 |
|
lmao quote:The film was tentatively titled Cyber also i'm trying to figure out how they go from 3.5 minutes for an 8-character password to 15 hours for 8 characters + 1 uppercase vOv fucked around with this message at 05:49 on Nov 29, 2014 |
# ? Nov 29, 2014 05:42 |
|
cyber in theaters this cyber monday
|
# ? Nov 29, 2014 05:46 |
|
please dont cyber in public
|
# ? Nov 29, 2014 05:53 |
|
.
Sassafras fucked around with this message at 21:37 on Nov 29, 2014 |
# ? Nov 29, 2014 06:01 |
|
Sassafras posted:26^8 vs 52^8, the latter is 256 times the former, and so is 15 hrs vs 3.5 mins ah they're including any number of uppercase characters
|
# ? Nov 29, 2014 06:03 |
|
Peanut and the Gang posted:+---------------------------------------------------+
|
# ? Nov 29, 2014 07:23 |
|
Remember that zpanel guy http://forums.somethingawful.com/showthread.php?threadid=3289126&pagenumber=91&perpage=40#post438278615
|
# ? Nov 29, 2014 07:26 |
|
Lol
|
# ? Nov 29, 2014 07:28 |
|
Peanut and the Gang posted:Good job linux! you saved the day! Lol
|
# ? Nov 29, 2014 07:30 |
|
in 17 years I change my password to P@ssword2
|
# ? Nov 29, 2014 07:41 |
|
Rufus Ping posted:Remember that zpanel guy lol gold
|
# ? Nov 29, 2014 08:05 |
|
Super Dangar Ronpa
|
# ? Nov 29, 2014 08:06 |
|
syscall girl posted:it was just a google search that highlighted routers that had default passwords sounds about par for the course op
|
# ? Nov 29, 2014 08:13 |
|
i think security people are dicks because they're generally either payed to be ignored or to fix things when something goes really wrong. fwiw osi been dip is a nice guy irl.
|
# ? Nov 29, 2014 08:15 |
|
i know a lot of nice security people but also a lot of really annoying spergy assholes
|
# ? Nov 29, 2014 08:16 |
|
compare and contrast: brian krebs vs the folks who comment on his blog
|
# ? Nov 29, 2014 08:58 |
|
hackernews posters
|
# ? Nov 29, 2014 09:00 |
|
i hope this is logging passwords
|
# ? Nov 29, 2014 09:49 |
|
Acer Pilot posted:i hope this is logging passwords
|
# ? Nov 29, 2014 09:57 |
|
if the password is actually P@ssword1 it should take a few seconds honestly
|
# ? Nov 29, 2014 10:19 |
|
someone call the gangster computer god
|
# ? Nov 29, 2014 10:26 |
|
https://www.youtube.com/watch?v=jZ1ZDlLImF8
|
# ? Nov 29, 2014 10:32 |
|
|
# ? May 17, 2024 13:10 |
|
i guess a gunfight on a crowded street is more exciting than cops arresting a guy who starts shouting about gold fringes on flags while getting tazed.
|
# ? Nov 29, 2014 10:41 |