|
The PowerShell utility is telling me to get a BIOS/Firmware update to enable support. If that ends up being a requirement for most computers, it's never going to get done.
|
# ¿ Jan 5, 2018 01:53 |
|
|
# ¿ May 14, 2024 16:19 |
|
Powered Descent posted:Got into a fun discussion today that this thread might enjoy pondering. Use the first 10-15 words of lorem ipsum, you're never gonna remember that poo poo
|
# ¿ Jan 20, 2018 19:00 |
|
The Fool posted:I do feel the onus is on the user to control their public information. The onus should be on the government, who requires these companies to not do the kind of poo poo that they're doing, but lol that's never going to happen in the U.S. At least the E.U. is doing something with GDPR I guess.
|
# ¿ Jan 29, 2018 15:32 |
|
Mystic Stylez posted:Am I missing an option or can't you turn off 2FA with SMS codes in Facebook? I set Authenticator Plus up and wanted to use only it, but it seems like I have to keep both, so what's even the point? poo poo, most banks won't let you turn off SMS codes.
|
# ¿ Jan 31, 2018 22:01 |
|
Yep the content blockers in iOS work pretty well. I used to VPN to my home network which was running PiHole as another layer of blocking, but I stopped bothering because there are few ads that get through any more.
|
# ¿ Feb 16, 2018 20:58 |
|
Dylan16807 posted:But obtaining the PII of alleged pirates is not what they did. They hacked exactly one person. lol at giving the benefit of the doubt to a company that they are being honest that they only used it once on someone who was definitely guilty (according to them). Due process is unnecessary regulation you see.
|
# ¿ Feb 21, 2018 17:52 |
|
Dylan16807 posted:I agree entirely. And I file "putting test.exe on computers but not running it, then deleting it" as capability, not wrongdoing. Nah it's wrongdoing and illegal. This is a dumb argument.
|
# ¿ Feb 21, 2018 22:22 |
|
Or running pirated software that installed a dropper.
|
# ¿ Feb 23, 2018 22:17 |
|
BangersInMyKnickers posted:FYI AES-256 isn't just 128 with double the key-size, it is it's own algorithm with a key chaining scheme that many researchers believe limit its effectiveness to roughly the same as 128. Both are fine for data in-transit for the most part, I would only be demanding 256 for at-rest. Outside of quantum computers, I thought there wasn't much point in worrying about AES256 if you were already using 128, even at rest. Any reason for needing 256 other than modern computers don't really care about the slightly slower speed of it, so why not?
|
# ¿ Mar 20, 2018 15:44 |
|
Yeah I thought the current timeline for this was somewhere around the heat death of the universe. Then again, may know of some significant weaknesses
|
# ¿ Mar 20, 2018 19:19 |
|
wolrah posted:Locate the signal, knock on the door, and give them a bit of poo poo about it. ... tell them I was with IT (technically true) to threaten them with consequences. I'd love to be a fly on the wall, I bet the entire interaction was awkward and awful.
|
# ¿ Mar 23, 2018 18:50 |
|
FlyingCowOfDoom posted:I'm trying to understand why they would keep employee records in a test environment, why the gently caress do you not have those locked down? What testing was being done that needed that info? Lazy DB admin that didn't feel like working with anyone to generate some fake data so they just said gently caress it and copied it from production.
|
# ¿ Apr 3, 2018 20:21 |
|
MC Fruit Stripe posted:Fundamentally, people are just upset in this case because the information was possibly used against them, not for them, right? That seems like a great reason to be upset. Burying what companies do with your data in T&Cs and privacy notices is bullshit. Companies know people don't read them, and have relied on them to build up entire industries. The U.S. really needs something like GDPR and a shift in philosophy about who owns data, but I don't see that happening easily.
|
# ¿ Apr 4, 2018 21:25 |
|
Any recommendations on password managers for non-IT groups that are affordable? Our marketing department has a bunch of social media accounts that they need to store.
|
# ¿ Jun 13, 2018 18:40 |
|
I can't wait for sales reps to tell me their NextGen++ firewalls now detect and stop NetSpectre attacks (but they don't actually)
|
# ¿ Jul 27, 2018 18:19 |
|
prisoner of waffles posted:truck driver doesn't like how they get treated when this information is gathered on them and brings a GPS-jammer on their drive Wouldn't it be obvious that the driver was jamming the signal when the company receives no data on their routes? Is the truck driver shortage bad enough that they're not just firing these guys?
|
# ¿ Aug 3, 2018 17:49 |
|
CLAM DOWN posted:suuuuuuuuuuuuuuuuure They're probably just trying to give someone a heads up that they're being cheated on but want to remain anonymous. Although thinking about it, just using a junk account you make at home is sufficient unless you're trying to warn Melania that Donald's been cheating and don't want the feds to get you. Inept fucked around with this message at 19:02 on Nov 1, 2018 |
# ¿ Nov 1, 2018 18:57 |
|
Hey now, that rando stranger probably also Paypaled him a few hundred for it. And charged it back after he was given control.
|
# ¿ Nov 27, 2018 20:52 |
|
quote:Facebook is also saying that less than 5% of participants in the program were teens and all minors had signed parental consent forms. God Facebook sucks. Also there's no loving way they all signed consent forms.
|
# ¿ Jan 30, 2019 16:33 |
|
CLAM DOWN posted:Got any proof/evidence of that? There's plenty here that's problematic without making poo poo up. From the article quote:Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook. Of course some kids lied about their age or filled out the form pretending to be their parents so they could get paid. It was just some online signup page.
|
# ¿ Jan 30, 2019 18:57 |
|
You mentioned penetration testing, but do you currently have any vulnerability scanning in place? This should come first. In my experience, some sysadmins are still bad about updating their servers because they won't want to break the SQL server with a bunch of real time financial transactions occurring.Volmarias posted:If you hired someone competent, would they leave from boredom/underpay? This point is important too. A title doesn't mean much if you're just paying them 50k a year.
|
# ¿ Feb 1, 2019 21:09 |
|
Thanks Ants posted:CVE-2019-5490 Default Privileged Account Vulnerability in the NetApp Service Processor My NetApp guy when I forward him the notice "I'm looking into this, but we changed default passwords when we set it up"
|
# ¿ Mar 6, 2019 16:02 |
|
On the one hand, it makes me more paranoid about using uBlock. But then I remember how many infections are the result of malicious ads. They're never going to solve this poo poo until they actually have strong regulations and imprison people who violate them. So...never.
|
# ¿ Jul 18, 2019 18:55 |
|
I work in government but I like auditors because we tell them what we know isn't compliant, but there's no funding for fixing. They ding us, and surprise, there's suddenly resources to fix things.
|
# ¿ Sep 10, 2021 18:00 |
|
Ynglaur posted:My personal pet peeve was how Sarbanes-Oxley's separation of duties somehow became "the person who wrote the code can't deploy it to production." That is not what separation of duties meant. that's still a good practice in general
|
# ¿ Sep 10, 2021 18:44 |
|
WebSphere lol
|
# ¿ Sep 12, 2021 23:12 |
|
https://twitter.com/AnEternalEnigma/status/1446421951883489281 https://www.theverge.com/2021/10/8/22716184/twitch-hack-jeff-bezos-pictures-defaced
|
# ¿ Oct 8, 2021 20:51 |
|
Fart Amplifier posted:Why not just have multiple independent hardware authenticator devices, like you probably should be doing already? If you get enough hardware keys, you become the computer janitor
|
# ¿ Jan 2, 2023 07:05 |
|
CommieGIR posted:Yeah, I do remember reading over 4.0 and they did change it, but IIRC its still awaiting final approval and adoption. 4.0 is out and still requires password length, it's 12 characters with alphanumerics, or 8 characters if you have some old system that can't support more than 8
|
# ¿ Jan 21, 2023 20:04 |
|
CommieGIR posted:Really feel like it should be 14 chars minimum alphanumerics non-console administrative access has required multifactor for a while in PCI and I think that's a better focus
|
# ¿ Jan 21, 2023 21:53 |
|
How did they even know her email account address unless the phone was already unlocked?
|
# ¿ Jan 25, 2023 21:04 |
|
If you do business with Lastpass, ask for their latest SOC2 report
|
# ¿ Feb 1, 2023 21:43 |
|
Saukkis posted:When I got my first online banking account around the turn of the millenium it came with a credit card sized paper OTP sheet. That was pretty much the only option with online banking. Some bank may have had an alternative method, but all required 2FA. A lot of elderly have learned to use the OTP sheets over the years. IIRC ING Direct just had some lovely 4 digit PIN that you had to click on with a mouse back in 2007, no MFA at all
|
# ¿ Feb 18, 2023 21:28 |
|
cr0y posted:Is it a terrible idea to expose a self hosted bitwarden instance to the internet? Currently mine is only available over my VPN but I am kicking around the idea of extending it to my family in a desperate effort to get them to have better password management and security in general as opposed to using the same drat password for everything. Just pay for an account somewhere. You don't want your internet going down to be the reason your parents can't get into their bank account.
|
# ¿ Mar 25, 2023 16:47 |
|
I wonder if any of the phone companies are providing identity verification services to banks. i.e. if you use this phone number, we can verify it belongs to x person. That's the only other thing I can think of.
|
# ¿ Jan 18, 2024 21:46 |
|
|
# ¿ May 14, 2024 16:19 |
|
BaseballPCHiker posted:I never thought I'd be a compliance person, but here I am studying up for a PCI certification... card brands don't like losing money It's generally nice that it's specific, until you hit some case where their language makes your existing solution a pain in the rear end. I know some people struggled with dated language with modern stuff like Kubernetes. At least with PCI 4.0 they introduced the customized approach instead of having to fill out a compensating controls worksheet for every single control where you're doing something different than the DSS spells out
|
# ¿ Feb 28, 2024 18:03 |