|
lol at https://gifs.are.theworst.technology/
|
# ¿ Apr 8, 2016 19:58 |
|
|
# ¿ May 22, 2024 04:55 |
|
still can't believe caro is alive
|
# ¿ Apr 8, 2016 20:21 |
|
Segmentation Fault posted:Dad also had an MSN beta test shirt with an anvil falling onto a bug haha, I saw a guy wearing this one like a decade ago
|
# ¿ Apr 8, 2016 20:25 |
|
I use emoji in my code, like this: - (NSString *) stringAsWarning { return [NSString stringWithFormat:@"⚠️ %@", self]; } - (NSString *) stringAsError { return [NSString stringWithFormat:@"⛔️ %@", self]; } they're a godsend
|
# ¿ Apr 13, 2016 19:47 |
|
thank god you can't read italian, the guy is in serious need of a punch straight in the face "ansible prevents these issues, every serious systems administrator should have known, checkmate bitches "
|
# ¿ Apr 17, 2016 01:25 |
|
jony ive aces posted:this is probably old but i just saw it come up on twitter today: trip report from the hacking team own: https://ghostbin.com/paste/6kho7 I wonder if I can do statistical analysis of the text and figure out who this is, like that guy a decade ago used to unmask secret identities on the full disclosure mailing list. I'm pretty sure his original language is italian because he makes a lot of the same mistakes I do, or other italians do
|
# ¿ Apr 17, 2016 15:31 |
|
he could be spanish I guess, considering the number of spanish language resources he cites
|
# ¿ Apr 17, 2016 15:32 |
|
oh right, I should read more carefully original release: http://pastebin.com/raw/GPSHF04A translator: https://oblivia-simplex.github.io/
|
# ¿ Apr 17, 2016 17:17 |
|
lots of people in the italian scene are skeptical of Phineas Fisher's claim of hacking HT. what they don't believe is that someone could exfiltrate that much data (400 GB in a month) in so little time without anyone noticing. 400 GB in a month, though, is far from unrealistic given that in Milan even households have access to symmetric 100/100 Mb/s internet. in fact Phineas Fisher was almost excessively cautious in using only about 1% of their upstream
hackbunny fucked around with this message at 12:31 on Apr 18, 2016 |
# ¿ Apr 18, 2016 12:28 |
|
spankmeister posted:la scena italiana *italodisco plays in the background* http://lombrosity.com/
|
# ¿ Apr 18, 2016 12:35 |
|
remember when SASS destroyed radium's reputation?
|
# ¿ Apr 19, 2016 08:57 |
|
nice av
|
# ¿ Apr 19, 2016 18:45 |
|
jony ive aces posted:isn't that how op's service works as well I think the idea behind the name canary is that you have fake accounts/data mixed in with the real ones, and you'll look for the fakes osi, do you run sweeps on github btw?
|
# ¿ Apr 20, 2016 12:25 |
|
Dessert Rose posted:my company's ops dept recommends (requires?) password safe, which is a password manager i've not seen recommended or hated or even mentioned anywhere, which is weird I use password safe, I recommend it every time password managers come up. it's open source but the only official build is for windows (where it works great btw). the official ios and os x versions cost money. the code is ostensibly cross-platform (wxwidgets) but I made my own os x build (because I'm cheap) and it's super buggy and almost looks like a bad third-party imitation of the windows version. I don't use a smartphone so I have no idea what are your options there. I wrote my own in-the-butt backup script for it (just a batch file that runs on a schedule and copies the password database to the google drive folder)
|
# ¿ Apr 20, 2016 20:42 |
|
Wheany posted:i just let the browser remember my logins #YOLO same but I have a master password
|
# ¿ Apr 21, 2016 15:35 |
|
AtomD posted:loving dammit is there a non -trash way to do public wifi with guest passes PPPoE. I used to use it as a joke but I know people who use it in the real world
|
# ¿ Apr 22, 2016 10:11 |
|
ErIog posted:I use PPPoE, but it's kind of impossible not to if you live in Japan and want to connect to the internet. It's a real pain in the rear end since every router I've had has had some sort of bug regarding initiating a connection. oh lots of DSL routers here in italy were just bridges and you had to configure windows for pppoe. the joke is using pppoe to authenticate wifi
|
# ¿ Apr 22, 2016 12:05 |
|
Truga posted:That's called a modem. oh right e: I don't know much about networks which is why I do things like pppoe wifi or ppp over parallel cable
|
# ¿ Apr 22, 2016 12:12 |
|
MononcQc posted:Is there any decent material on using AEAD crypto stuff someone knows? Like what the hell do I do with that AAD stuff and whatnot? I can figure out how to use things, but generally "try it and figure it out" is a great way to do stupid poo poo with crypto. use sodium if its box API covers your use cases
|
# ¿ Apr 26, 2016 13:52 |
|
alright, I have a crypto question of my own there's a password, Password it's hashed with PBKDF2, using parameters Salt and Cost, yielding Key a key is derived from Key using HKDF and hardcoded label Label, yielding AuthKey (Salt, Cost, AuthKey) is saved to permanent storage to authenticate, the user inserts password Password' (Salt, Cost, AuthKey) is read from permanent storage Password' is hashed with PBKDF2, using parameters Salt and Cost, yielding Key' a key is derived from Key' using HKDF and hardcoded label Label, yielding AuthKey' if AuthKey is identical to AuthKey', then Password' is identical to Password and the user is authenticated successfully is it a safe way to use PBKDF2 and HKDF? then: let's say there are two valid passwords, Password1 and Password2, both valid for authentication. after successful authentication, the authentication component broadcasts the master key (Key in the algorithm) to all components that need it to derive keys from it. the user interface, for example, derives a key (HKDF again) from the master key, which we'll call KeyId, which it uses to tell if the user switched from one password to the other again, is it a safe way to use HKDF? i.e. as a one-way hash and not a key. I can't just tell the UI which password was used, what's important is whether the user switched to a different password since the last time finally: KeyId is not stored anywhere at the moment, which has the unpleasant effect that we can't detect switches between the two passwords across restarts of the application (the old KeyId isn't in memory to be compared with the new one). is it safe to store? I guess it depends a lot from the threat model. I can elaborate if needed
|
# ¿ Apr 27, 2016 15:14 |
|
Parallel Paraplegic posted:first and most obvious question: why are you rolling your own protocol it's not a protocol, it's an application password. nothing is transmitted anywhere if that's what you mean
|
# ¿ Apr 27, 2016 15:21 |
|
MononcQc posted:Yeah the stuff is mostly for at-rest stuff (so there's no big need for asymmetric keys there?), oh right, we use it for messaging. well, sodium got you covered either way: https://download.libsodium.org/doc/secret-key_cryptography/authenticated_encryption.html
|
# ¿ Apr 27, 2016 15:21 |
|
like I have a password and I need to use it both for authentication and to encrypt/verify a database. if using two key derivation functions, for their intended usage, is rolling my own protocol then I dunno what I'm supposed to do instead
|
# ¿ Apr 27, 2016 15:25 |
|
crazypenguin posted:do you need authkey at all? it's for decoupling the authentication component from the storage component. I'm probably overengineering it
|
# ¿ Apr 27, 2016 19:37 |
|
keseph posted:Why are yoy not just: this is exactly what I do to encrypt the storage: I derive (HKDF) a key from the master key derived (PBKDF2) from the password, and use it to decrypt+verify (AES-GCM) a random key that encrypts the storage. I forget why I'm not using the master key directly and I pass it through HKDF first, though keseph posted:Hash second time and store as verifier if anyone might be trying this inside of a trusted service. The hashing parameters could be the same for both functions. isn't this what I'm doing already, too? I derive (HKDF) a separate key as a hash twice removed of the password. I will probably eventually drop everything and use the storage layer to both verify the password and detect when the user is switching between passwords... but I'm afraid the storage library doesn't have a "verify key" function yet, just "open with key, reset storage if the key is wrong"
|
# ¿ Apr 28, 2016 07:45 |
|
earbuds, vampire teeth, chopsticks with helper, Spider Man 3 bluray (opened)
|
# ¿ Apr 28, 2016 12:27 |
|
BangersInMyKnickers posted:absurd cartoon avatars jim woodring cartoon avatars, pleb
|
# ¿ Apr 28, 2016 22:58 |
|
Parallel Paraplegic posted:The space shuttle main computer's software is one of the few computer programs mathematically established to not have any bugs in it only parts of it iirc, the rest is just developed with the strictest standards in software ever. highlights of their process were (iirc):
|
# ¿ Apr 29, 2016 08:54 |
|
~Coxy posted:and there was at least one ring-O cold boot vulnerability lol you jerk
|
# ¿ Apr 30, 2016 14:06 |
|
Jabor posted:The necessity of #define NOMINMAX in windows code is absolutely hilaribad. I recommend #define STRICT too
|
# ¿ May 1, 2016 11:24 |
|
spankmeister posted:can you not it's pointless to undefine NOMINMAX, windows.h is "namespace pollution, the header". in fact NOMINMAX prevents it from defining min and max as macros that break standard C++ code (where min/max are "standard" function names that are almost language extensions)
|
# ¿ May 1, 2016 13:21 |
|
some ATMs show a photo/diagram of what the ATM is supposed to look like on the screen, I wonder if it's a good measure
|
# ¿ May 3, 2016 17:19 |
|
sports team I guess?
|
# ¿ May 4, 2016 15:35 |
|
Dex posted:*shoves grey into cryptolocker*
|
# ¿ May 9, 2016 08:33 |
|
anthonypants posted:i clicked the button and it took like 30 seconds for the popup to appear I'm still waiting
|
# ¿ May 9, 2016 15:11 |
|
Ur Getting Fatter posted:panama papers database just went live but whoops? as soon as it started giving errors (i.e. very soon), I downloaded the raw data
|
# ¿ May 9, 2016 21:13 |
|
OSI bean dip posted:we haven't had a nadim post in a while wait, is he saying the truth? re licensing the protocol
|
# ¿ May 10, 2016 23:28 |
|
OSI bean dip posted:moxie ranted about not wanting third-party clients using official signal servers because they'll gently caress up its security model which undoubtedly they will that sounds perfectly reasonable. what I mean is writing your own implementation from the spec, but I've looked at the thread on github and it seems nadim pulled that out of his rear end?
|
# ¿ May 11, 2016 08:41 |
|
Snapchat A Titty posted:i think IDA pro is the goto if you want to spend moneys on your reverse engineering ida pro is incredibly expensive, plus last time I used it it had terrible mips support, and I don't think the free version supports mips cross-compile binutils and use objdump imo Winkle-Daddy posted:Radare2 is loving cool if you are fairly experienced with RE'ing in a *nix environment. or this I guess
|
# ¿ May 12, 2016 18:24 |
|
|
# ¿ May 22, 2024 04:55 |
|
vOv posted:https://twitter.com/DefuseSec/status/730897149727137794 backdooredsayswhat?
|
# ¿ May 13, 2016 17:15 |