|
i'm confused. securid works with your pin(something you know) and your token code(something you have, changes every 60 seconds), and the two of those must be correct when you're challenged. so your passphrase is PASSWORD123456 or PASSWORD456789 or whatever. are you asking about using the code _only_? don't do that. edit: apparently you're not but i'm still confused by the question
|
#
¿
Feb 16, 2016 02:14
|
|
|
|
| # ¿ May 5, 2024 15:53 |
|
|
i keep forgetting that client exists actually, which is why i was confused, we just pin + fob code directly. same thing ultimately since the server needs access to the token seeds anyway to confirm it was valid, still 2faquote:The fault is that the password you're now authenticating with is just eight numeric characters that changes every X seconds. you can manage that - trying to log in twice with the same code, or using the incorrect code twice in a row, locks me out of vpn and site logins until an admin resets my account
|
|
#
¿
Feb 16, 2016 02:37
|
|
|
EVIR Gibson posted:Where/how/why is doing the calculation to take "123456" to "01923227". Where in relation to the application requiring the authentication. How is it converting a the FOB token to 01923227. his application isn't involved in this part of the chain, it's all rsa securid and their client software. i'd suggest reading their docs if you're curious about the how and why of it
|
|
#
¿
Feb 16, 2016 15:40
|
|
|
you clearly know what shodan is, so why not just use it?
|
|
#
¿
Mar 21, 2016 03:30
|
|
|
i encrypt my end, and you encrypt your end, back and forth forever ))<>((
|
|
#
¿
Mar 29, 2016 00:35
|
|
|
oaok posted:What are some things that I should study to start learning sec related things? Also resources that would help a beginner/novice looking to get into the field of infosec. Books? Courses? Videos? I'm very interested in netsec and infosec but I don't know where to begin. I was looking at maybe bash/shell, different file encryption, scripts and things like that, but I feel I need some fundamental training on the whole lot of information for these subjects. here's a bigass wiki full of all kinds of web security stuff: https://www.owasp.org/ here's a really good place to start: https://www.owasp.org/index.php/OWASP_Top_Ten_Project once you've got your head around how all of that works you'll be ahead of everybody who doesn't give a poo poo about security, and should have a better idea of what you actually want to do(dev, ops, qa, infrastructure, whatever)
|
|
#
¿
Apr 21, 2016 19:11
|
|
|
oaok posted:Thanks man np, just don't stress it too much if things look overwhelming - like others said, it's a huge field. if you're finding yourself not understanding XSS exploits because you don't understand how something like text encoding works, that's ok, just keep googling the bits that don't make sense until it starts to come together
|
|
#
¿
Apr 22, 2016 09:36
|
|
|
Subjunctive posted:How do I get in on the coat tails thing? Sounds p sweet. hold a non-insane opinion
|
|
#
¿
Apr 28, 2016 22:19
|
|
|
Paul MaudDib posted:99.9%+ of known threats, 95%+ of unknown threats lol why don't they just catch the other 5% of unknown threats, can't be that hard
|
|
#
¿
May 1, 2016 01:50
|
|
|
based on a random sampling of my open tabs, 25% of internet traffic goes to something awful dot com. guess that radium guy knew a thing or two about servers after all
|
|
#
¿
May 1, 2016 01:58
|
|
|
Paul MaudDib posted:You're an idiot i was laughing at your naivete earlier but you really shouldn't be throwing around insults when you're running around believing things like "95% of the time, it works every time"
|
|
#
¿
May 1, 2016 09:23
|
|
|
Paul MaudDib posted:Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. your ability to understand basic english is as good as your understanding of security
|
|
#
¿
May 2, 2016 01:28
|
|
|
we live in a world where "sleep(30)" is enough to bypass a lot of av's attempts at sandboxing, yet that kid who had malwarebytes on a usb stick at school still thinks heuristics is a magic spell paul misspelled reference, your name is a boring word, please stop
|
|
#
¿
May 2, 2016 10:31
|
|
|
Daman posted:yeah the point I've heard is "users will disable AV just to run it" but that's less the case if they remember uncle jimmy saying that's how they get you. uncle jimmy should just tell people to install their software updates
|
|
#
¿
May 2, 2016 15:05
|
|
|
Swagger Dagger posted:I'm graduating from college in the fall with a BS in Computer Science, any tips on getting a job in the infosec industry? I'd rather be on the blue team/admin side of things but I'm kinda worried that I'll be job hunting and end up in something akin to a basic tech support job, and I've spent way too much time and money in college to really be able to afford that. don't pay for your own certs, that's what employers are for. i don't know poo poo about entering the job market on your side of the world so i can only really give the incredibly generic "attend meetups around your areas of interest and get talking to people because a) connections are great b) you can find out what the hell they want from new hires" here, sorry. also i wouldn't assume your degree is going to count for anything. good luck with the job hunt
|
|
#
¿
May 3, 2016 01:12
|
|
|
Daman posted:At a chosen point of attacker effort, defense against them does not work. the point of a dumb user running an AV solution is to raise that level past "standard irc botnet." poo poo like this is detected just fine all the time. has there been any malware for sale in the last decade or so that only drops one payload? i have no idea why "well, that probably got them all. it definitely got one" would inspire confidence also "don't open random attachments from yourbank@jkhagkjakjga.ru" would get you past that level
|
|
#
¿
May 3, 2016 11:46
|
|
|
if we must go with analogies, you're advocating safe sex by removing the condom and trusting the rhythm method
|
|
#
¿
May 3, 2016 14:13
|
|
|
DeaconBlues posted:I don't believe that everyone in this thread pays for all of their media, even the most security conscious. ;-) i do.
|
|
#
¿
May 4, 2016 12:20
|
|
|
Haquer posted:You're everyone? more of a gestalt entity, that pays for poo poo
|
|
#
¿
May 4, 2016 13:33
|
|
|
Subjunctive posted:So keep it in one file. MIT doesn't preclude that.
|
|
#
¿
Sep 4, 2016 14:02
|
|
|
Rufus Ping posted:i mean seriously, if there are people out there who don't trust proper password managers but do trust some pile of poo poo w3schools-quality javascript bookmarklet written by local helpdesk janitor Tod McRetard, then your response shouldn't be to indulge their stupidity brutal, but fair
|
|
#
¿
Sep 5, 2016 10:29
|
|
|
just think of all the users with a linux server as their desktop who were saved from malware thanks to mcafee, though
|
|
#
¿
Dec 13, 2016 21:05
|
|
|
personally i'm shocked that spies have been spying on people
|
|
#
¿
Mar 9, 2017 09:28
|
|
|
Cup Runneth Over posted:"First, though, a few general points: one, there's very little here that should shock you. The CIA is a spying organization, after all, and, yes, it spies on people." yes, that's exactly the line i was posting about, good job
|
|
#
¿
Mar 9, 2017 12:00
|
|
|
Cup Runneth Over posted:source your quotes you already did that for me, thanks Martytoof posted:Mild annoyance at the fact that the serial numbers disclosed in the leak are to software I already own. No taxpayer-funder IDA Pro key for me, I guess. i haven't actually checked but i saw somebody on twitter saying that the windows keys were pirated anyway, lol if true
|
|
#
¿
Mar 9, 2017 13:03
|
|
|
i think you're exaggera https://twitter.com/taviso/status/843965519371812864 ting a bit
|
|
#
¿
Mar 21, 2017 02:49
|
|
|
attribution is hard
|
|
#
¿
Mar 31, 2017 14:19
|
|
|
22 Eargesplitten posted:I'm assuming it's a matter of the government having millions of times the resources and expertise of a normal person, but I know basically nothing about infosec. mickens' "mossad vs not mossad" threat model comes to mind: https://www.usenix.org/system/files/1401_08-12_mickens.pdf if a nation state really, really, really wants you, good luck. use signal, use tor, use salt circles, use prayer. in the actual case you're talking about though, it's extremely unlikely anybody in sigint would give the remotest of shits who that person is so they're going to be fine as long as it's dipshit investigators sending bad legal threats to twitter instead of a serious unmasking attempt
|
|
#
¿
Apr 8, 2017 21:00
|
|
|
22 Eargesplitten posted:That first paragraph is the weirdest Lorem Ipsum I've ever read. i had a bit of an internal scream when i saw bittorrent, but tbh i know gently caress all about the protocol these days and from ten seconds on google "bittorent sync" is some kind of private tracker thing where everything in the swarm is under your control? i genuinely have no idea how good or bad that is but there's probably somebody here who does
|
|
#
¿
Apr 9, 2017 02:02
|
|
|
|
| # ¿ May 5, 2024 15:53 |
|
|
it's really not, the bespoke bullshit software they paid hundreds of thousands of dollars for that only works on xp is going to be a bigger factor always
|
|
#
¿
May 13, 2017 10:57
|
|