|
Plus it's pretty annoying having an actual real password on your phone because think about how often you unlock it. Most people I know don't even bother with a 4 number pin code. I think the newer iPhones or iOS forces a 6 digit code now if you set one (as in 4 digits aren't allowed).
|
#
¿
Feb 17, 2016 20:58
|
|
|
|
| # ¿ May 7, 2024 05:54 |
|
|
Bash/shell and encryption aren't really even in the same category so yeah. I don't have any links but I'd say start with looking up how RSA works and go from there. If you're into videos there's a series with an English guy that's somewhat easy to understand but he's annoying to listen to. It also is gonna depend on your math background.
|
|
#
¿
Apr 21, 2016 18:36
|
|
|
Antillie posted:Well if the encryption is truly unbreakable by themselves after the fact and no logs of the data or keys are kept then that is all the defense they need. If you can get experts to testify before a judge that something is truly impossible then the judge will generally accept that as a good reason to not issue an order to do that something or as a good reason for not complying with such an order. Is let's encrypt actually worth taking the x minutes to set up? I remember ready somewhere that all having a cert from them says is "this guy has a cert from us" but doesn't actually mean/do much else. Could be wrong though.
|
|
#
¿
Apr 22, 2016 19:19
|
|
|
This thread was nice and informal but now it sucks.
|
|
#
¿
May 2, 2016 07:58
|
|
|
redreader posted:Hi. I am looking to start using a vpn or a seedbox, for the reason I'd use a seedbox (that is, hosting my own personal files of course). Could someone tell me a recommended vpn/seedbox company? I feel like googling for it will give me a bad answer... You're probably better off asking in the usenet thread. I know usenet is not torrents but some of us dabble in both over there. Unormal posted:I don't (well, now, didn't) even know what a seedbox is, but I thought this was an interesting concern so I googled "best seedbox" and google said: Seedboxes are private servers that you use to download and seed your linux iso files, of course. OP for what it's worth I've heard a lot about those two that he linked as well.
|
|
#
¿
May 23, 2016 15:18
|
|
|
Since everyone hates virus scanners here, what do I do about Windows Defender? Leave it on or turn it off? Also I noticed in my github account I have an option to upload a pgp key but I'm not really sure what this is. Is this just basically like having a second ssh key I need to babysit?
|
|
#
¿
Aug 10, 2016 15:35
|
|
|
Is the stuff here about key exchange protocols, ciphers, etc (ignoring the things like setting up Tor etc) up to date/good practice?
|
|
#
¿
Aug 17, 2016 09:01
|
|
|
ItBurns posted:Or this. Stories like this are amazing.
|
|
#
¿
Aug 19, 2016 17:03
|
|
|
DuckConference posted:Sure it's good in general. I mean I have it turned on for gmail. But why deal with the hassle for, say, dropbox when all of my bank accounts are protected with only 6 digit passwords and have no option for anything better? "I got keylogged and all my money is gone, but thank god they didn't get some random spreadsheets." Because my information is worth more than [temporary, reversible] access to my bank account. You can open new bank accounts, new credit cards, and find and gain access to other accounts of mine through simple "social engineering" by logging into my Dropbox and make my world difficult for the foreseeable future. I don't really give a poo poo if you've managed to brute force my 6 digit bank password that must be in all lowercase because the worse that will happen is I'm stuck on the phone for a bit while they reverse the charges/suspend my account/what have you. e: No I don't keep a txt file in my Dropbox called SOCIAL_SECURITY_NUMBER.txt or anything silly like that. But if you were willing to spend a modicum amount of time you could probably find out who my parents and sisters are from things in my Dropbox, my friends even, and there's probably enough information in there to figure out how to contact these people and impersonating someone else in my circle until you get the information you're looking for. Not that I'm famous or important or anything but that doesn't excuse the possibility. Boris Galerkin fucked around with this message at 08:38 on Dec 6, 2016 |
|
#
¿
Dec 6, 2016 08:35
|
|
|
flosofl posted:I inherited a pretty sensitive and integral piece of equipment when I worked at a large bank. The password was "Q1w2E3r4Y7u8I9o0", which, after glancing at a keyboard is about as stupid as it looks. My last corporate job, I poo poo you not, had a default password of something even more stupid along the lines of ACME321 where Acme was just the company's one word name and the 321 is not hyperbole. I'm loving serious. You're a new hire? Here's your exchange account. Here's your ssh access to the compute nodes/servers. Here's your offsite VPN account. All ACM321. Need to send sensitive data to customers? Just zip it up and password protect it (ACME321 was also the default go to here). Hell it wasn't even just us that did this because one time I had to upload some files to a customer (a top tier defense contractor) who provided us a secure ftp account on their servers. Except they gave us a password of something like ACME321-CUSTOMER and we passed a loving post it note around the office with the ftp server and this password written on it. (On the other hand some companies we worked with did request we have our IT guys encrypt everything onto enterprise grade hard drives and physically mail those as opposed to sending data ~via the cloud~ so it wasn't all bad .)
|
|
#
¿
Dec 6, 2016 08:49
|
|
|
Mustache Ride posted:Hey I'd be happy with a new grad. Just not a mid 30s loving certification whore who hasn't worked for anything that didn't end in "group" and who believes that powerpoints are the best form of communication. As a mechanical engineer PowerPoint is the accepted form of communication though. I hated it so much.
|
|
#
¿
Dec 9, 2016 14:05
|
|
|
I'm on vacation right now and I'm going to need to print some documents this week. What's the general safest way to get these PDFs onto a public computer to print if I don't have a USB stick with me? I'd rather not log into my email or any accounts. I was thinking just putting it on Dropbox, getting the share links, printing it and then deleting them from Dropbox? e: I'm not really worried about the contents of the documents being accessible (just boarding passes, some notes/checklists etc), rather the idea of logging onto my poo poo on public computers.
|
|
#
¿
Dec 31, 2016 14:24
|
|
|
Subjunctive posted:Could create a burner gmail account and mail stuff there. I thought of that but I guess you can't make gmail accounts without a phone number now? It says my phone numbers been used too many times to register.
|
|
#
¿
Dec 31, 2016 15:44
|
|
|
My 1Password Watchtower/heartbleed tab has like 30+ websites listed as vulnerable. A lot of them are one off accounts I made to buy something or whatever that 1Password saved (I mean really do I "need" to update my account at "jetpens.com"? Whatever address i saved there isn't even where i live anymore and I'm sure the credit card is either expired or if not then well I know I'm not gonna be on the hook if someone steals it so who cares), and the others are websites that make it really difficult for me to change my password/can't login anymore without  .My point is that passwords are annoying. You should still use password managers though. They help except when they don't (e.g. maximum arbitrary password lengths).
|
|
#
¿
Feb 28, 2017 13:52
|
|
|
What do you guys think about the CIA leaks? https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/
|
|
#
¿
Mar 9, 2017 09:02
|
|
|
So this is basically a "water is wet" report? Nothing interesting or damaging like the Snowden leaks?
|
|
#
¿
Mar 9, 2017 14:47
|
|
|
What is it about LastPass that makes it so bad? I use 1Password and I almost never hear about any earth shattering vulnerabilities but I don't know enough about them to know how they do things differently. Is it some kind of exposure thing? I'm not sure LastPass has an android app, and it was traditionally a OS X app and the lovely sluggish Windows version shows. More people using LastPass = more exploits found or is it something more fundamental like "those devs just don't know what they are doing?"
|
|
#
¿
Mar 18, 2017 08:46
|
|
|
https://mobile.twitter.com/taviso/status/844312124541186048 Posted about 15 minutes ago. 
|
|
#
¿
Mar 21, 2017 23:32
|
|
|
I guess I don't see why its not unreasonable to want people to know this? In my world for example we use algorithms that we call like "GMRES" or whatever and I'm pretty sure every single person that does anything in this field could tell you that it stood for "generalized minimal residual method", and I would hope that 99% of them could tell you that it's a Krylov subspace method and explain how those methods work. I would also hope that most people could tell you it was developed by Saad and Schultz. I dunno, I think you should know both how the mechanisms work and how/who it came from?
|
|
#
¿
Apr 2, 2017 09:07
|
|
|
So the Trump thread in D&D of all places has been talking about U2F (in the context of one campaign/office issuing a $15 Yubikey to each staffer I think) and I figure I'd ask here about them: 1. Should I buy a $15 Yubikey? I already use 2FA on all websites I can use them on and 1Password to generate random passwords. I'm not an important person but if $15 can get me more security for minimal effort I don't see any harm in it. 2. How much of an effort is it going to be to use U2F from a USB stick? I have an iPhone so I don't think any NFC etc versions would work, and I don't think U2F works with 1Password on my iPhone. I would use it on three computers which unfortunately are Windows, Linux, and macOS, so the system needs to be compatible with all three. 3. I'm thinking in terms of "minimal effort"---I usually just drop my keys into a bowl by the door when I walk into my house. The number of times my keys are sitting with me next to my desk at home or next to me in bed on my laptop are literally never. If I went all-in on the U2F thing then I would need to change my habits here and just keep my keys with me or not attach my Yubikey to my keychain or is there a better way that I'm missing?
|
|
#
¿
May 7, 2017 09:36
|
|
|
CLAM DOWN posted:I love this part:  
|
|
#
¿
May 9, 2017 05:34
|
|
|
I just bought the new IKEA smart light system as a impulse buy to play with before figuring out if I want to keep it or not. Never had another iot device before. This one comes with a hub that I plug into my network. Link: http://m.ikea.com/us/en/catalog/products/art/90353361/ How do I plug it in without getting my network pwned? For what it's worth my home network is a edge router lite -> hub -> wifi . There is an unused port on my router still. Is my understanding correct that plugging the ikea hub into that second unused port will isolate it from my wifi/pc network?
|
|
#
¿
Aug 26, 2017 18:10
|
|
|
What do I need to do to take care of my poo poo in light of this new breach?
|
|
#
¿
Sep 10, 2017 16:00
|
|
|
Volmarias posted:Freeze your credit if you haven't already, and pray that TransUnion and Experian handle their pins better. EVIL Gibson posted:Just to be clear. Make sure you freeze and not monitoring. Freezing means that if anyone tries to open an account or attempt to get a loan through your name illegitimately, they need to get that PIN to actually do it. Just to be more clear you mean to do the thing here right?
|
|
#
¿
Sep 10, 2017 20:50
|
|
|
God this seems so much more complicated that it should be. Like are you serious, signing up for the wrong thing can result in me waiving my rights? The gently caress? I know this is probably all by design to fool people into doing it to help their bottom line but god drat.
|
|
#
¿
Sep 12, 2017 15:59
|
|
|
https://www.reddit.com/r/privacy/comments/3frjqw/psa_kaspersky_injects_remote_javascript_into_all/quote:its not remote its local to your machine quote:The problem is that this could change without notice at any moment. The domain is resolved through their DNS, not locally, so the fact that it "currently" resolves to a loopback address is moot. Is this bad
|
|
#
¿
Sep 27, 2017 06:27
|
|
|
Is it illegal to DVR the show and play it back on a computer?
|
|
#
¿
Oct 22, 2017 07:49
|
|
|
You should do it for them like they asked. And then charge them megabucks to fix the problem when they get sued.
|
|
#
¿
Oct 25, 2017 17:04
|
|
|
Can bitcoin solve this
|
|
#
¿
Jan 4, 2018 14:56
|
|
|
Volguus posted:What's the consensus here about not allowing pasting into password fields? In my opinion it lowers security by preventing the use of password managers, while bringing nothing to the table. Are there engineers out there that favour this approach towards password fields? gently caress all the apps and websites that don’t let me paste. Especially if it’s on my phone. I hope everyone who made the decision to disable paste rots in hell.
|
|
#
¿
Jan 16, 2018 13:23
|
|
|
Why is that news? It’s well known that there are poo poo ad networks out there that serve malware, loving JavaScript bitcoin miners, and system prompts that try to look as close to iOS/android assets as possible.
|
|
#
¿
Jan 19, 2018 08:07
|
|
|
Absurd Alhazred posted:"Give us your password!" Reminds me of this https://www.youtube.com/watch?v=bLE7zsJk4AI
|
|
#
¿
Jan 21, 2018 08:35
|
|
|
Samizdata posted:Because, yeah, my thermite and C4 bomb has a mercury switch... 
|
|
#
¿
Jan 25, 2018 12:15
|
|
|
Methylethylaldehyde posted:Fork it, ignore the entire premise, deploy lovely code developed by a HS senior in C, ignore exploits, declare more secure thing. Fill it up with nonsense too. Licenses that don’t make sense. Header blocks bigger than the code. Require Java to compile a JSON compatible input file (that you preprocess from Markdown) to a whatever code/language Etherum uses.
|
|
#
¿
Feb 8, 2018 11:40
|
|
|
Isn’t he like an actual murderer?
|
|
#
¿
Feb 9, 2018 12:34
|
|
|
DACK FAYDEN posted:Finally, we've found a new economic model for porn sites to replace banner ads. Replace? Why not buttcoins and banner ads?
|
|
#
¿
Feb 14, 2018 08:05
|
|
|
I don’t want to remember my myspace login. I’m not ready for that trip to the past.
|
|
#
¿
Feb 18, 2018 12:04
|
|
|
|
|
#
¿
Feb 19, 2018 06:38
|
|
|
The users on their forums are incredible. The amount of mental gymnastics they need to overcome is honestly amazing. “I’ve got nothing to hide.” “I’m not a pirate so this doesn’t affect me.” “They said this is only used against pirates, so I’m fine.” “Who cares if they steal your passwords, are you afraid they’re gonna log into your pornhub account?” My favorite one was a guy claiming he was in the cyber security field and (paraphrased): “I don’t see any technical issues here because it only steals your passwords if you’re a pirate. Ethical issues yes, but not technical. Everything is fine.”
|
|
#
¿
Feb 19, 2018 12:56
|
|
|
|
| # ¿ May 7, 2024 05:54 |
|
|
They transmitted the stolen passwords over http. https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/
|
|
#
¿
Feb 19, 2018 18:16
|
|