|
orange sky posted:Well, class actions can still gently caress the company's bottom line Of course now lobbyists will make sure class actions can never amount to anything.
|
#
¿
Sep 27, 2017 16:25
|
|
|
|
| # ¿ May 22, 2024 11:15 |
|
|
Avenging_Mikon posted:Will? Isn't there literally a bill in the House that says "Class action can't do poo poo all" right now?
|
|
#
¿
Sep 27, 2017 16:47
|
|
|
Yeah smaller outfits just don't have the mind of resources for the constant audits/fixes you need either.
|
|
#
¿
Sep 29, 2017 19:45
|
|
|
None of the banks here even offer anything but 2FA for their websites. You can log onto the app with a code + print tho.
|
|
#
¿
Sep 30, 2017 12:53
|
|
|
Pablo Bluth posted:So rogue SMB servers can bypass Windows Defender by feeding a different clean file to Defender before delivering the real payload for running, and MS consider fixing this a "feature request". I can't claim to be an expert in the field, but making sure sure you're scanning a copy of what's actually going to be run/opened seems like a key step.
|
|
#
¿
Oct 1, 2017 21:37
|
|
|
CLAM DOWN posted:https://googleprojectzero.blogspot.ca/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html hobbesmaster posted:There’s an enormous number of IoT radio modules that only support 1.1 and will probably not ever get upgraded in the field.
|
|
#
¿
Oct 11, 2017 18:19
|
|
|
Portland Sucks posted:Unfortunately our IT gets pushed around like a bunch of chumps because "LOL NOT OPS" and really only have authority over the employee work stations and finance systems at this point. We have two independent networks because our production engineers staged a coup years back since IT wouldn't give them admin privs on the prod servers so they figured it'd just be easier to own their own network. Odds are if their formal notice to IT doesn't work they'll just fine a way to have the affected computers moved to the unsecured hacked together production network or else they'll just RFI new servers for it and move their lovely VB scripts on to those. I love this guys. Fluue posted:I plan on drilling that into them. They don't seem to be aware of the breadth of that hack. There's a lot of post- credit pull verification that goes on that involves the user providing more information that's harder to fake, but by that point they already have a credit pull on their record. Not sure what the implications are for the business if they get a credit pull disputed. incumbent telcos are the loving worst evil_bunnY fucked around with this message at 15:36 on Oct 25, 2017 |
|
#
¿
Oct 25, 2017 15:33
|
|
|
my bitter bi rival posted:I need a beer.
|
|
#
¿
Nov 2, 2017 20:03
|
|
|
doctorfrog posted:Like, is this a new gilded age of corporate/rich person impunity, or am I just getting more to the age where I notice it more and my bile just rises faster?
|
|
#
¿
Nov 22, 2017 11:21
|
|
|
CLAM DOWN posted:This industry is loving toxic.
|
|
#
¿
Dec 30, 2017 12:17
|
|
|
CLAM DOWN posted:I told my boss all about this and he laughed and went home.
|
|
#
¿
Jan 4, 2018 10:29
|
|
|
A parody macho man account with legit secfuck content would be p amazing
|
|
#
¿
Jan 19, 2018 18:20
|
|
|
hobbesmaster posted:Who is delivering pizza to FOBs in Afghanistan?
|
|
#
¿
Jan 29, 2018 12:05
|
|
|
Thermopyle posted:I'm not sure if I do or don't agree with you here.
|
|
#
¿
Feb 13, 2018 22:20
|
|
|
you wanna bet the server component doesnt input-sanitize the info from the client DRM?
|
|
#
¿
Feb 19, 2018 16:57
|
|
|
Jabor posted:Peep the penalties for non-compliance too. 4% of global turnover (or 20 million euros, if that's a bigger number) if you don't get free and informed consent before doing something.
|
|
#
¿
Feb 22, 2018 13:37
|
|
|
andrew smash posted:I keep urls stored in the url field in the relevant keepass database entry and tell keepass to “open in browser”. Am I owning myself?
|
|
#
¿
Feb 23, 2018 15:34
|
|
|
Internet Explorer posted:gently caress you, Equifax execs.
|
|
#
¿
Mar 14, 2018 22:40
|
|
|
Maneki Neko posted:What we find is that the people crafting the RFP just tailor it so their preferred vendor is the only one who can win anyway.
|
|
#
¿
Mar 16, 2018 22:48
|
|
|
Avenging_Mikon posted:
Then there's physical security.
|
|
#
¿
Mar 20, 2018 20:52
|
|
|
That’s a 500 IQ secfuck holy poo poo
|
|
#
¿
Mar 28, 2018 13:51
|
|
|
https://twitter.com/theregister/status/979472597157949440?s=21
|
|
#
¿
Mar 29, 2018 22:54
|
|
|
You make them hire your one-man firm.
|
|
#
¿
Apr 3, 2018 11:17
|
|
|
ohgodwhat posted:Uh in the staging environment?
|
|
#
¿
Apr 3, 2018 12:56
|
|
|
FlyingCowOfDoom posted:I'm trying to understand why they would keep employee records in a test environment, why the gently caress do you not have those locked down? What testing was being done that needed that info?
|
|
#
¿
Apr 3, 2018 22:25
|
|
|
Dadbod Apocalypse posted:I remember some medical software company got busted a year ago or so for going on the road to demonstrate its software in public, pulling up patient records and poo poo. Using a hospital's actual patient database. Which was live. And the hospital had no idea the vendor was doing this.
|
|
#
¿
Apr 4, 2018 12:39
|
|
|
BangersInMyKnickers posted:large sections of our phone network died a few weeks back because NTP stopped working and enough phones and PBXs clock drifted that they wouldn't talk to each other 
|
|
#
¿
May 9, 2018 21:47
|
|
|
My dumbass take is that's it's a very real concern for people facing adversarial third parties, but it's not like they've opened pandora's chest.
|
|
#
¿
May 14, 2018 13:16
|
|
|
Subjunctive posted:Benign 3rd parties have never really been much of a problem in security.
|
|
#
¿
May 14, 2018 14:12
|
|
|
Beccara posted:LocalSystem level access on a PDC
|
|
#
¿
May 25, 2018 22:06
|
|
|
IIRC A factory reset kills the runtime, and after they seized the c2 domain the bootlader can’t grab the runtime and fails silently to normal operation. The problem is of course that none of these POS devices have any kind of security updates process, so they’re effectively just waiting for the next exploit to come along.
|
|
#
¿
Jun 1, 2018 15:34
|
|
|
Furism posted:Well, yeah, privacy matters and mass-collecting DNA by anyone Doesn't Sound Good and people probably shouldn't do it. My point was just that being Jewish or not is irrelevant in this context.
|
|
#
¿
Jun 8, 2018 21:34
|
|
|
Even the very latest Ubuntu has an smb client that doesn’t auto negotiate to v2.
|
|
#
¿
Jun 9, 2018 16:26
|
|
|
We mount our shared storage by specifying vers=2 but yeah it’s just dumb that it can’t auto negotiate up if it can do v2
|
|
#
¿
Jun 9, 2018 16:49
|
|
|
Absurd Alhazred posted:Even the Wild Wild Midwest must have some kind of privacy laws.
|
|
#
¿
Jun 15, 2018 14:47
|
|
|
BangersInMyKnickers posted:The ops people don't want to lose visibility, but the vast majority of those are coming from garbage ISPs full of crap that nobody cares about.
|
|
#
¿
Jun 28, 2018 21:09
|
|
|
cheese-cube posted:Turns out Strava wasn't the only opsec disaster app out there: https://www.bellingcat.com/resources/articles/2018/07/08/strava-polar-revealing-homes-soldiers-spies/
|
|
#
¿
Jul 8, 2018 14:37
|
|
|
cheese-cube posted:Yeah well why didn't you take your two brain cells and write a detailed research piece about it instead of posting in retrospect like a lovely Nostradamus. Also I never said it wasn't an opsec issue?
|
|
#
¿
Jul 8, 2018 16:06
|
|
|
The Fool posted:If keeping your location secret is a part of your job, then maybe don't use services whose entire purpose is to share your location. calm down nostradamus
|
|
#
¿
Jul 8, 2018 22:33
|
|
|
|
| # ¿ May 22, 2024 11:15 |
|
|
Thanks Ants posted:Just seems sensible to not make all runs public by default, and to not link all 'anonymous' exercises up to each other.
|
|
#
¿
Jul 9, 2018 10:41
|
|