Bangersinmyknickers" posted:

jre is such poo poo

computer toucher posted:

what the hell are you talking about?

cheese-cube posted:

i'll buy this tag for the next 10 ppl who quote this post (might take me a couple of days to do so, ive just moved house and have no internet yet)

FopeDush posted:

oh hey 72 new posts in the secfuck thread something big must have gone down

Subjunctive posted:

I think there's a problem with the last 4 on that list, I'll have to mail support or something

Shaggar posted:

Microsoft ftw.

OSI bean dip posted:

i'm the sec fuckup. i published my sa password to github

(yes. this is still me)

CommunistPancake posted:

a good word filter

OSI bean dip posted:

i'm sold


i wonder what they're using. must be some horrid snort-based solution

Paul MaudDib posted:

Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters.

It would almost be funny if they weren't giving such bad advice. Sure, anyone who posts in this forum can probably avoid clicking any obvious malware links or opening a suspicious attachment. But that's not good advice for a business or for your aunt who loves those FWD: FWD: FWD: emails.


So angry. One of these idiots actually started stalking my posts to yell at me in other forums. Saturday night on Something Awful Dot Com, y'all

OSI bean dip posted:

imagemagick allowed me to make huge.jpg back in 2001

online friend posted:

Winkle-Daddy posted:

yes.

CRIP EATIN BREAD posted:

std::string should have zero allocations because memory is expensive. Instead, it should use other solutions such as mongodb. That way, Chrome can easily handle massive amount of data and big data ready for 2015. Added bonus is that std::string is now async, which means massive IO, which is impossible with memory allocations because even mmap is bound by virtual space. C++17 is indeed actually working on embedding mongodb and node.js into STL because those should be industry standard and solve 100% of business problems that C++ is aimed at solving at. Already github pull request is made. All you need is 2 thumb ups and will get merged in. Just imagine, std::string is everywhere: network stack, user applications, kernel drivers... And now they all use mongodb. And they will be Actor model massively concurrent paradigm. This is new science Wolfram is talking about. Just accept the PR already.

Rooney McNibnug posted:

Name and shame.

Dex posted:

*shoves grey into cryptolocker*

vOv posted:

https://twitter.com/DefuseSec/status/730897149727137794
https://twitter.com/Sc00bzT/status/730901170038792192
https://twitter.com/DefuseSec/status/730902257160441857
https://twitter.com/Sc00bzT/status/730903007014076416

Midjack posted:

if it's a legitimate rc.script the server has ways to just try to shut that whole thing down

Chris Knight posted:

ya it's been real good

CRIP EATIN BREAD posted:

code:

Broadcast message from [email]conservative@shittysouthernstate.com[/email]
	(/dev/pp/1) at 11:28 ...

The system is going down in 24 hours are you sure you have read everything you need to know about this decision?

ymgve posted:

so what would happen if this dude reported someone for child porn and when the police searched the suspect's house they didn't find anything?

it's not like the content of the computer sent to geek squad could be used as evidence because holy poo poo broken chain of custody

OSI bean dip posted:

No fighting in the war room

Powercrazy posted:

Perhaps there is something more to food then "calories?"

qntm posted:

haha what workplace is going to approve that

ratbert90 posted:

The gently caress? What packages are you needing specifically that a new version would work better than a older version + security updates?

pr0zac posted:

go is ok even tho the standard lib fokls are really rigid about what they put in meaning a lot of basic stuff doesn't exist because its "easy to implement yourself!"

vOv posted:

I've never used go in seriousness, what's wrong with its dependency management

Panty Saluter posted:

https://twitter.com/internetofshit/status/744588488859914244

lomarf

Wiggly Wayne DDS posted:

bicycle posted:

UK universities are far worse. Source: I went to a UK uni and know next to nothing.

bicycle posted:

little of column A, little of column B

the curriculum definitely needs improving, but it's always the case that the individuals who work their rear end off and care about the subject enough before attending uni will do better.

there's also a weird thing where many people go to university and expect a job to be handed to them as soon as they're done - they don't often care about what subject they choose because they just need to pass some tests to get an easy job

bicycle posted:

Two years later I'm interviewing uni grads who don't understand what a snort rule is or what grep does

bicycle posted:

to clarify I'm talking about the Network/Computer Security specific degrees rather than computer science which is generally miles ahead in my experience

Wiggly Wayne DDS posted:

you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments

quote:

You manage 100+ servers and you're not using something like Ansible/Chef/Puppet? I agree SELinux is a huge pain in the arse (and I'm here searching something related) but come on, only you can make your job easier!

quote:

Lots of us have been managing 100's and 100's of Linux system long before Chef/Puppet/etc... and honestly they are no easier to use for an experienced Linux system admin than a couple bash scripts. Plus I don't have to deal with the overhead putting up an entire Ruby stack just to copy a couple freggin public keys.

Besides, what is the point of keeping SELinux enabled if your going to "gem install" a package dependency that does a direct git clone from an unsigned github repository. It's not like you are configuring these systems with security as the primary concern at that point.

My experience, and it just my opinion btw, is that the vast majority of developers who use one of the mentioned tools are generally Apple developers who don't actually know how to do Linux things on Linux systems because they don't actually regularly use the systems they build their software to run on.

geonetix posted:

How would you call somebody in an organisation that does code review and educates their colleagues?

Shaggar posted:

so did they have public dns returning 192.168.1.1 or is the dns entry intercepted by the router and sent to the current router ip cause if its the later that's not that big of a deal.

anthonypants posted:

the first one

daft punk railroad posted:

i need tp-link for my security hole