|
spankmeister posted:i put forth a proposal for a new gang tag for the thread: radical
|
# ? Apr 8, 2016 19:59 |
|
|
# ? May 22, 2024 05:29 |
|
1th floor
|
# ? Apr 8, 2016 20:04 |
|
spankmeister posted:i put forth a proposal for a new gang tag for the thread:
|
# ? Apr 8, 2016 20:05 |
BAUD DUDES reminds me of this t-shirt my dad had that had this comic book superhero-stylized CAPTAIN CODEC on the front and on the back was another picture of him and the LAN/WAN twins, does anyone know what the gently caress I'm talking about
|
|
# ? Apr 8, 2016 20:08 |
|
hi
|
# ? Apr 8, 2016 20:08 |
|
Parallel Paraplegic posted:wait what, it would just flag every 100th failed login?
|
# ? Apr 8, 2016 20:17 |
|
Subjunctive posted:Oki Semiconductor! I had an OkiSemi mouse pad with one of the other characters, NetChampion or something. oh man this press release is so first-bubble adorable http://www.prnewswire.com/news-releases/integrated-web-pr-and-advertising-strategy-pays-off-for-oki-semiconductor-76200872.html Subjunctive fucked around with this message at 20:23 on Apr 8, 2016 |
# ? Apr 8, 2016 20:19 |
|
still can't believe caro is alive
|
# ? Apr 8, 2016 20:21 |
Subjunctive posted:Oki Semiconductor! I had an OkiSemi mouse pad with one of the other characters, NetChampion or something. I looked it up (apparently I didn't try "captain codec" in quotes before) and got Oki Semiconductor, which I definitely remember. It also reminded me of NetWarrior, which I think was kind of a palette swap of Captain CODEC. Unfortunately I can't for the life of me find any pictures of the shirt or the superheroes or anything apart from a couple of press releases and people mentioning the campaign in passing. Dad also had an MSN beta test shirt with an anvil falling onto a bug
|
|
# ? Apr 8, 2016 20:24 |
|
Segmentation Fault posted:Dad also had an MSN beta test shirt with an anvil falling onto a bug haha, I saw a guy wearing this one like a decade ago
|
# ? Apr 8, 2016 20:25 |
|
Chris Knight posted:Whack for my Larry-o
|
# ? Apr 8, 2016 20:31 |
|
first floor
|
# ? Apr 8, 2016 20:42 |
|
anthonypants posted:here is a security fuckup for the new thread: Boy it sure is a good thing this hacker registered his source IP in our domain before he started brute forcing SSH logins.
|
# ? Apr 8, 2016 20:46 |
|
Powercrazy posted:Boy it sure is a good thing this hacker registered his source IP in our domain before he started brute forcing SSH logins. just make an IDENT call to their IP to find out if they're legit, they have to tell you. it's like if you ask someone if they're a cop 3 times in a row.
|
# ? Apr 8, 2016 20:59 |
|
Segmentation Fault posted:Dad also had an MSN beta test shirt with an anvil falling onto a bug I have that shirt!
|
# ? Apr 8, 2016 21:21 |
|
I'm very disappointed. i saw the last thread had closed and assumed something amazing had happened
|
# ? Apr 8, 2016 21:22 |
BiohazrD posted:I'm very disappointed. i saw the last thread and closed and assumed something amazing had happened We went a year without pooptouching!
|
|
# ? Apr 8, 2016 21:22 |
|
Segmentation Fault posted:We went a year without pooptouching! Something we should all be proud of.
|
# ? Apr 8, 2016 21:24 |
|
cool imessage vuln found by a friend of mine https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/ quote:Messages (iMessage) for OS X from Apple implements its user interface via an embedded version of WebKit. Additionally, Messages on OS X will render any URI as a clickable HTML <a href=”URI”> link. An attacker can create a simple JavaScript URI (e.g.,java script:) that when clicked, allows the attacker’s code to gain initial execution (cross-site scripting) in the context of the application DOM. particularly like this part: quote:One of the most notable differences between an embedded version of WebKit and a web browser like Chrome or Safari is that WebKit does not implement any same-origin policy (SOP) because it is a desktop application pr0zac fucked around with this message at 21:37 on Apr 8, 2016 |
# ? Apr 8, 2016 21:31 |
|
effort lurk posting but thanks for reiterating using a password manager. I neglected that forever and finally transitioned over that said I'm still using the same two dictionary words for everything, but i feel safer
|
# ? Apr 8, 2016 21:37 |
|
pr0zac posted:cool imessage vuln found by a friend of mine
|
# ? Apr 8, 2016 21:40 |
|
Speaking of PCI compliance, how's the retail industry handling it these days? I still see tons of places that have new readers, but the EMV slot is taped over?
|
# ? Apr 8, 2016 21:48 |
|
DrPossum posted:effort lurk posting but thanks for reiterating using a password manager. I neglected that forever and finally transitioned over When I switched over I just did a few phases of transition: run your password manager and capture all the existing passwords for a few weeks change weak passwords as you log in to services for a few weeks check the uncommonly used poo poo that still has a weak pass and bite the bullet and spend an hour or two changing all of them helps keep it from being a 8 hour password changing marathon some clients also supposedly can just log in for you and change the passwords so that might be worth trying?
|
# ? Apr 8, 2016 21:50 |
|
Jimmy Carter posted:Speaking of PCI compliance, how's the retail industry handling it these days? I still see tons of places that have new readers, but the EMV slot is taped over? same as always, with copious Business Processes and "oh gently caress the audit is next month lets hide all the poopy"
|
# ? Apr 8, 2016 21:51 |
|
assuming state actors aren't after my bitcoins is truecrypt still a decent choice for full disk encryption?
|
# ? Apr 8, 2016 22:04 |
|
Sharktopus posted:next month
|
# ? Apr 8, 2016 22:06 |
|
Ur Getting Fatter posted:assuming state actors aren't after my bitcoins is truecrypt still a decent choice for full disk encryption? what os are you running that doesn't have built in full disk encryption already?
|
# ? Apr 8, 2016 22:14 |
|
Ur Getting Fatter posted:assuming state actors aren't after my bitcoins is truecrypt still a decent choice for full disk encryption? no, because it doesn't work with modern hard drive formats and oses
|
# ? Apr 8, 2016 22:15 |
|
lets see how quickly we can get this one shut down a friend of mine works for a major uk government agency. she's just found out that she can log into one of their internal systems - one that holds salary and all sorts of other hr information - by just using the username as a password, and of course the username is just the localpart of their email address (normally firstname.lastname). she found this out because she realised she'd been using her old password to login after changing it, so decided to try the first one she was ever given, which was her username. it worked, and of course everyone on the system was assigned their first password that way. i have literally no idea how you gently caress things up that badly - not in a normal "i can't believe how dumb this is" but literally i don't know how, let alone why, you'd set up an authentication system that way. the best bit is it enforces a strict 60-day change policy including not allowing old passwords to be reused (which possibly suggests how the bug came in) so she did the right thing and reported it to her management and the it department. they told her they would look into it but not to worry, nobody could make changes because all changes had to be approved by a line manager. who would have to log in to the system to approve them.
|
# ? Apr 8, 2016 22:16 |
|
brutal :/ this isn't helping my anti-bureaucracy bias btw
|
# ? Apr 8, 2016 22:18 |
|
Sharktopus posted:brutal :/ tbh a big part of why government it (in the uk at least) is so hosed up is that sort of bias. it goes like this: "hey this system hasn't been updated in 10 years, can we have budget to fix it?" "SEE TYPICAL PUBLIC SECTOR INEFFICIENCY! THE PRIVATE SECTOR IS FAR MORE EFFICIENT!" *pays 200 million quid to logica/serco/cmg/lockheed/bae for poorly-specced and over-promising new system *new system fails miserably, everyone goes back to old system "hey this system hasn't been updated in 15 years" etc
|
# ? Apr 8, 2016 22:25 |
|
ummmmm sure why not
|
# ? Apr 8, 2016 22:29 |
|
goddamnedtwisto posted:tbh a big part of why government it (in the uk at least) is so hosed up is that sort of bias. it goes like this:
|
# ? Apr 8, 2016 22:42 |
|
its not even lowest bidder, its that government contracts are about who you know and your ability to navigate the process.
|
# ? Apr 8, 2016 22:45 |
|
whats unique to govt about that?
|
# ? Apr 8, 2016 22:50 |
|
i'm convinced that humans are just extremely bad at large systems with more than a couple hundred people whether it's governmental or corporate
|
# ? Apr 8, 2016 22:51 |
|
Shaggar posted:its not even lowest bidder, its that government contracts are about who you know and your ability to navigate the process. it is the lowest qualified bidder it just turns out only one bidder is qualified
|
# ? Apr 8, 2016 22:53 |
|
pr0zac posted:what os are you running that doesn't have built in full disk encryption already? win 10 home :/ was hoping to not have to shell out for the pro upgrade but if people say it's the only good choice then I guess it's fine.
|
# ? Apr 8, 2016 22:58 |
|
vOv posted:i'm convinced that humans are just extremely bad at large systems with more than a couple hundred people whether it's governmental or corporate have you read systemantics yet? Ur Getting Fatter posted:win 10 home :/ was hoping to not have to shell out for the pro upgrade but if people say it's the only good choice then I guess it's fine. 10 home doesnt even support native fde???? lmfaoooooo
|
# ? Apr 8, 2016 22:58 |
|
|
# ? May 22, 2024 05:29 |
|
the home edition strips out all the poo poo you really don't want to have to explain to the average user when they find some way to gently caress it up horribly, like fde and remote desktop server
|
# ? Apr 8, 2016 23:03 |