|
heh
|
#
¿
Apr 8, 2016 19:37
|
|
|
|
| # ¿ May 22, 2024 06:24 |
|
|
anthonypants posted:here is a security fuckup for the new thread: lol 100 hits, i've seen bots get bored and give up before that
|
|
#
¿
Apr 8, 2016 19:44
|
|
|
anthonypants posted:the pci environment had different reporting and in there it was usually around three at a time but from like 50 different ips. that report was actually a solarwinds-generated pdf and was even worse to comb through wait what, it would just flag every 100th failed login?
|
|
#
¿
Apr 8, 2016 19:53
|
|
|
Powercrazy posted:Boy it sure is a good thing this hacker registered his source IP in our domain before he started brute forcing SSH logins. just make an IDENT call to their IP to find out if they're legit, they have to tell you. it's like if you ask someone if they're a cop 3 times in a row.
|
|
#
¿
Apr 8, 2016 20:59
|
|
|
Sharktopus posted:I think at this point we know enough generic systems first principles to know what kind of things tend towards robustness on average and what kind of things tend towards instability or they want to ignore that literature because research (or hell even being minimally informed) is hard and this is the way my granddaddy did it and he lived to be 95 / the nice man on the TV that knows all the right scripture wants to do it that way if I vote for him / socialism is literally satanic and the worst thing in the world and fox news says that helping poors in any way is completely equivalent to stalin's purges
|
|
#
¿
Apr 8, 2016 23:26
|
|
|
like i know a lot of people who simply do not believe me when i tell them that there is actual science and research behind why Europe isn't as hosed up as we are, and that no europe having health care and good worker protection laws doesn't mean that they somehow have other lovely things that "balance them out" seriously a surprising number of people, smart people, have this bizarre idea that since europe is better than us in several ways it must be proportionately worse than us in some other way. usually that other way is the completely ambiguous "cost of living" but i've also heard it argued that they have less freedoms or that the nanny state constantly tells them what to do. when i tell them that there's also social science that takes that into account and they still score higher than we do their brain just kind of shuts down and they insist that that must not be capturing the whole picture or something.
|
|
#
¿
Apr 8, 2016 23:30
|
|
|
fishmech posted:it is though, there's fascists running rampant and hella racisms, and 2/3 of the countries are desperately trying to become the worst part of america I was specifically talking about the nordic countries which admittedly aren't really part of "europe" since a bunch aren't in the EU
|
|
#
¿
Apr 9, 2016 00:12
|
|
|
Sharktopus posted:http://www.securityforrealpeople.com/2016/04/arris-motorola-surfboard-modem.html the best part is ISP's have to push the firmware to you and a lot of them (like comcast) will outright refuse to do that 
|
|
#
¿
Apr 9, 2016 17:47
|
|
|
So in my area Verizon's ISP division seems to have been gobbled up by Frontier. I'm making my Frontier account just now so I can pay my bill there, and so far: - Password field disallows paste (and even right click) - Password requirement is "at least 8 characters, one number, one lowercase letter, one uppercase letter", but kept rejecting my password. Turns out there's an unmentioned max character limit too, and it just gives you a generic error instead of telling you that! Seems to be around 16. - Not really security but more tech bubel thread, but separate from the 3 different ToS'es you have to agree to is this extra paragraph on the page that links TO the ToS'es, juuust to make sure you're hosed: quote:In addition, as part of our Terms, Frontier has instituted a binding arbitration provision to resolve customer disputes (Frontier.com/terms/arbitration). By using or paying for Frontier services, you are agreeing to these Terms and that disputes will be resolved by individual arbitration. This is all just on page 1 EDIT: You can't enter a phone number without consenting to recieving marketing calls, and if you leave it blank it nags you about it, christ Shame Boy fucked around with this message at 18:00 on Apr 9, 2016 |
|
#
¿
Apr 9, 2016 17:58
|
|
|
oh hey it seems to have completely lost my internet package and the free HBO I got signing up with verizon great thanks
|
|
#
¿
Apr 9, 2016 18:05
|
|
|
cheese-cube posted:i'll buy this tag for the next 10 ppl who quote this post (might take me a couple of days to do so, ive just moved house and have no internet yet)
|
|
#
¿
Apr 9, 2016 19:06
|
|
|
atomicthumbs posted:I installed fail2ban on my web server and it banned me for screwing up with my ssh keys when I tried to set up a reverse ssh tunnel to my desktop pc as a systemd service that retried every 2s if the connection failed. That's my security fuckup thanks for listening you can put in a list of ip's to never ban
|
|
#
¿
Apr 9, 2016 20:00
|
|
|
cheese-cube posted:someone make it so how about "Baud Buds"
|
|
#
¿
Apr 9, 2016 20:01
|
|
|
update on that TP-Link smart switch: I cracked it open because I do that to things and inside it's sporting a 400Mhz SoC designed for home routers complete with onboard 4-port fast ethernet switch and USB port (both not wired to anything of course). I think DD-WRT has support for this chipset. there's also a suspicious tiny 5 pin connector which might be a serial port. this thing is probably running linux. of course it loving is.
|
|
#
¿
Apr 10, 2016 19:12
|
|
|
b0red posted:lmao if you're so mad about being scammed that you get in your car and drive several hours to beat up your scammer. i've used it a lot and if you actually look at the response it gives back it DOES say that they could only be identified to the country level, and then gives the coords of the country. it's just that most applications loving ignore that and just plug whatever coords it gets directly into whatever they're doing and pretend like that's 100% accurate because developers are lazy fucks
|
|
#
¿
Apr 10, 2016 19:23
|
|
|
also thanks for the gang tag btw 
|
|
#
¿
Apr 10, 2016 19:23
|
|
|
Illusive gently caress Man posted:i forgot i never shared this don't encourage this poo poo with real actual money though
|
|
#
¿
Apr 10, 2016 20:36
|
|
|
apseudonym posted:Best I can tell the bar for APT is things that malware was doing 10 years ago. The bar for APT is "thing our company's garbage firewall and/or AV software can detect so you should totally buy it" so yeah 10 years ago
|
|
#
¿
Apr 11, 2016 13:25
|
|
|
ripped off from @swiftonsecurity: 
|
|
#
¿
Apr 11, 2016 15:58
|
|
|
kalstrams posted:https://threatpost.com/moxa-wont-patch-publicly-disclosed-flaws-until-august/117311/ ahh yes, the "open all the ports you can" approach to... serial devices...
|
|
#
¿
Apr 11, 2016 17:43
|
|
|
Ur Getting Fatter posted:does anyone have a good layman's guide to IPv6? Once your ISP enables it, depending on how they do it, yes your TV will probably magically become internet accessible. There is no more port forwarding, only firewalls. In my case, I have my router's firewall set up to block all incoming connections to anything inside the network, and to "forward" a port I just say "allow connection to ip [whatever] port [whatever]" and bam
|
|
#
¿
Apr 11, 2016 18:01
|
|
|
so the rules are like Allow anything from inside my network to get out Allow established connections Allow unsolicited requests to port 80 on ip [whatever] Allow unsolicited requests to port 443 on ip [whatever] Drop unsolicited otherwise I get the feeling that ISP's will automatically set this up if you bought their routers but who knows.
|
|
#
¿
Apr 11, 2016 18:05
|
|
|
spankmeister posted:Aren't you precious. there's some guy who works for BrightHouse that I've seen forum posts on their customer forums where he says one of the reasons why they're taking so goddamn long to deploy IPv6 was figuring out how to do that on all the customer routers but yes i realize that isp's in general probably don't give a gently caress and bright house will probably eventually just go "gently caress it ipv4's are getting expensive" and flip the switch regardless
|
|
#
¿
Apr 11, 2016 18:10
|
|
|
Jabor posted:e: while blind scanning the entire range is not realistic, someone seeing your tv downloading new ads to show you and then scanning that particular ip is definitely something worth considering. it's already happening iirc. I Read Some Article about it. but yeah generally brute-force scanning won't work anymore and even getting a particular computer's IP won't really work because modern OS'es do this thing where they pick random IP addresses and switch every few hours specifically so people can't use the IPv6 address as a unique identifier. however i seriously doubt anything but computers and phones have / will be implementing that.
|
|
#
¿
Apr 11, 2016 18:13
|
|
|
Subjunctive posted:What networks does your ISP route to you? It seems like port forwarding could still be a thing, especially if an ISP only gave a small number of publicly-routable addresses to each customer. none, i use Hurricane Electric's free tunnel  anyway yeah you might still need to port forward if your ISP only gives you one address for some ungodly reason instead of the /64 they're supposed to or whatever.
|
|
#
¿
Apr 11, 2016 18:13
|
|
|
yeah handing out /64's and /48's was in the plan from the beginning and we won't run out of /48's (let alone /64's) unless like every one of the hundred billion nanobots in everyone's cyberbody has a public IP address, and if that happens you're better off killing yourself anyway
|
|
#
¿
Apr 11, 2016 19:23
|
|
|
fishmech posted:You know they used to charge on the basis of how many devices were connected on ipv4 right? They canceled that stuff after a while because it was too much hassle to account for. and before that you'd get charged based on how many phones you had connected to the line, initially because it required additional power to drive the ringers for each additional phone but it eventually evolved into "gently caress you we're the phone company deal with it"
|
|
#
¿
Apr 11, 2016 19:53
|
|
|
the sheep from a spoon test
|
|
#
¿
Apr 11, 2016 20:46
|
|
|
ewiley posted:Has anyone heard of these people? It seems like they're selling some kind of proxy/VM server, but it really bothers me that their technology is called 'AirGap' when it's clearly not air gapped. lol 
|
|
#
¿
Apr 11, 2016 20:49
|
|
|
ChickenOfTomorrow posted:didn't ISIS release an opsec guide i thought that was shown to be fake or something.
|
|
#
¿
Apr 12, 2016 02:08
|
|
|
I had to reset my 2-FA with Gandi and they actually required that I send them a scan of a government-issued photo ID because they're Actually Good At Things
|
|
#
¿
Apr 12, 2016 17:43
|
|
|
spankmeister posted:yeah or you just show them one of these that you had made: I mean I guess if they knew my address and full name and stuff, I'm not saying it's perfect but it's way better than just "oh I got locked out" "sure here's your account information and new password have a nice day  "
|
|
#
¿
Apr 12, 2016 17:56
|
|
|
Crime on a Dime posted:stop being gross nerds p... pen... fvagina? 
|
|
#
¿
Apr 12, 2016 18:55
|
|
|
spankmeister posted:linku? oh no, my Clustered Data ONTAP in 7 Mode running on my StorageGRID WebScale NetApp AltaVault
|
|
#
¿
Apr 12, 2016 20:06
|
|
|
surebet posted:this has a stdh.txt vibe but heh, still funny: I saw that yesterday, the best part is buried in the comments for the bottom answer, while he was trying to make a copy of a disk to recover: quote:I swapped if and of while doing dd. What to do now?
|
|
#
¿
Apr 13, 2016 14:38
|
|
|
deep impact on vhs posted:probably fake but i've seen poo poo like this before someone else pointed out that since he was doing a script that wound up with empty variables it easily could have collapsed to rm -rf /* or something like that which doesn't need --no-preserve-root it's probably fake though, the dd thing is too perfect.
|
|
#
¿
Apr 13, 2016 19:24
|
|
|
deep impact on vhs posted:https://github.com/p-e-w/maybe christ i hate loving emojis leaking into everything, one guy on my team keeps putting them in unit tests so they report their status of "success" with "clappy hand" or whatever
|
|
#
¿
Apr 13, 2016 19:28
|
|
|
Segmentation Fault posted:I read an interesting article about how different people interpret emojis differently, and how the problem is exacerbated by different companies having different-looking emoji sets (e.g. smiling and grinning looks happy with the Google and LG set but painful with the Apple set) yeah I saw that too. thing is i'm fine with them existing, they have their use, i certainly use them in chats and emoticons on SA and stuff, it's just annoying when they get shoved into programs or documentation to try to make it all cutesy, idk
|
|
#
¿
Apr 13, 2016 19:36
|
|
|
hackbunny posted:I use emoji in my code, like this: see just like a check mark or an error symbol or something is fine, though it looks weird and out of place in my monospace font, that's at least sort of what those are meant for. i'm whining more about when you sprinkle in random ones to be cute and it just kinda obscures the intended message or fills your terminal with weird graphics suddenly or breaks poo poo
|
|
#
¿
Apr 13, 2016 20:49
|
|
|
|
| # ¿ May 22, 2024 06:24 |
|
|
thehustler posted:http://arstechnica.com/security/2016/04/yes-badlock-bug-was-shamelessly-hyped-but-the-threat-is-real/ It's as real as any other CVE-10, I'm not sure why ars needs to run a smug story about how all you children who are calling it dumb are wrong and us cool smart dudes are better than you 
|
|
#
¿
Apr 14, 2016 14:41
|
|