|
What is the public PGP key of this thread so I know I'm getting an authenticated yospos security fuckup experience?
|
#
¿
Apr 8, 2016 19:21
|
|
|
|
| # ¿ May 22, 2024 15:48 |
|
|
anthonypants posted:here is a security fuckup for the new thread: Boy it sure is a good thing this hacker registered his source IP in our domain before he started brute forcing SSH logins. 
|
|
#
¿
Apr 8, 2016 20:46
|
|
|
OSI bean dip posted:i'm the sec fuckup. i published my sa password to github Heh
|
|
#
¿
Apr 19, 2016 01:29
|
|
|
lulz. Yea that's a fuckup. But you caught it, so no harm done 
|
|
#
¿
Apr 19, 2016 01:46
|
|
|
Cocoa Crispies posted:eh, ever have some crook run up a $400 AWS bill mining bitcoins on your behalf? 400? My company employee a Russian company whose employees all work remote deploy dev boxes at AWS. Last month's bill? ~39k
|
|
#
¿
Apr 20, 2016 06:53
|
|
|
CRIP EATIN BREAD posted:granted, some of those requirements published by NIST actually REDUCE entropy, you still gotta play by the rules Dont work for the government, or do government related contract work, problem solved.
|
|
#
¿
Apr 20, 2016 18:45
|
|
|
I use the OSX 10.11 "El Capitan" integrated key-store. It fits my needs very well for all browser based services that require passwords. For SSH stuff I use a corporate 1password account for the shared vaults.
|
|
#
¿
Apr 21, 2016 15:48
|
|
|
CRIP EATIN BREAD posted:Why are you using password authentication for SSH?
|
|
#
¿
Apr 21, 2016 19:27
|
|
|
Parallel Paraplegic posted:i'm not sure what a "guest pass" is but you could set up a separate AP on a vlan. Do this OP and never under any circumstances should you be attempting to log guests. It does nothing but create liability. Captive Portal with a Terms and Conditions splash screen accept to allow internet access.
|
|
#
¿
Apr 22, 2016 15:31
|
|
|
Antillie posted:So a bank lost $81 million because they were too cheap to buy vlan capable switches and a few hardware firewalls for their network. quote:The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department. Pro-tip. If you are going to rob a bank, which is a bad idea for a number of reasons, with the guarantee of the missing funds being noticed as number 1, you should go big. You will end up in the same prison for $10,000 or $1 billion assuming you get caught and really the penalty isn't much different. Hell if you are clever you could even use the 1 billion you stole as leverage for a lighter sentence.
|
|
#
¿
Apr 22, 2016 20:56
|
|
|
Midjack posted:lotta wizard security on that plane TBF, were I to live within the magical halls Hogwarts, wizard security would be a good feature for a plane to have.
|
|
#
¿
Apr 27, 2016 21:56
|
|
|
It's probably something like these, https://en.wikipedia.org/wiki/TACLANE Lots of vendors do it nowadays, but 10 year's ago you needed that. And they were often locked in tamper-proof cages.
|
|
#
¿
Apr 28, 2016 02:43
|
|
|
Rufus Ping posted:the cloudflare thing is their lovely WAF thinking every post is a sqli
|
|
#
¿
Apr 28, 2016 17:02
|
|
|
SELECT from USERNAME 'Technogeek' drop; ""
|
|
#
¿
Apr 28, 2016 17:59
|
|
|
pr0zac posted:you should post more about military crypto opsec stuff it sounds real cool </seriouspost> They use IRC for interfleet communications within carrier groups.
|
|
#
¿
Apr 28, 2016 20:34
|
|
|
pr0zac posted:wait Nope, we are talking about the United States Navy, a global force for good.
|
|
#
¿
Apr 28, 2016 20:36
|
|
|
Though tbf, that is certainly not their only, or even their primary form of communication, but it's still pretty funny.
|
|
#
¿
Apr 28, 2016 20:38
|
|
|
darthbob88 posted:Army and Air Force as well, AFAIK. On the one hand, it's readily available, solid bandwidth, legitimately a good means for tactical text communication. On the other, I'm not sure how comfortable I am knowing that air strikes are being directed over the same protocol 4chan uses to discuss anime porn. I think it's a fine choice, it's just an amusing factoid.
|
|
#
¿
Apr 28, 2016 20:56
|
|
|
Hold up, now stop me if it's crazy, but what if the "hack" was coming from INSIDE the firewall?
|
|
#
¿
Apr 28, 2016 21:49
|
|
|
ewiley posted:There's no way you're defeating quantom physic randomization IIRC quantum tunneling is how a cryptographically secure RNG works.
|
|
#
¿
Apr 29, 2016 17:35
|
|
|
I mean it makes sense and it's much better then xXx_420GokuHitler_xXx
|
|
#
¿
Apr 29, 2016 17:42
|
|
|
spankmeister posted:$45K a year is pretty good for an intern I think that's what I pulled in when I was an intern. P-dece imo.
|
|
#
¿
May 2, 2016 19:09
|
|
|
Pro as gently caress prob. A PROb if you will..
|
|
#
¿
May 2, 2016 19:17
|
|
|
Season or Month + Year + ! for all your dumbass password requirement needs. Password Manager for everything else.
|
|
#
¿
May 2, 2016 22:41
|
|
|
Do people think base64 encoding is a security feature and not realize it's an encoding that was literally invented for the purposes of transferring data between systems that may have different character sets?
|
|
#
¿
May 4, 2016 01:24
|
|
|
I LIKE TO SMOKE WEE posted:Completely interchangeable with any and all uses of encryption, duh When you think about it encoding is just encryption but everyone already knows the password, also there isn't a password. So pretty much the same.
|
|
#
¿
May 4, 2016 01:41
|
|
|
"These things clearly only exist to torment me. " Yes, I'm sure the modern banking system with accounting and routing numbers and the fun vulnerabilities those entail, exist because the knights of templar knew that in TYOOL 2016 there would be a GIRL on the INTERNET!
|
|
#
¿
May 4, 2016 21:59
|
|
|
apseudonym posted:I see we don't like hyperbole when it's written by GIRLS on the INTERNET flakeloaf posted:the internet white knights tour
|
|
#
¿
May 4, 2016 22:09
|
|
|
jre posted:I am glad that the infosec community are continuing to be approachable and non judgmental The greatest feature of the internet is people who are smart and knowledgable about a subject will eventually encounter someone who is smarter and more knowledgable. How the person who thought he knew everything reacts tells a lot about that person. It's also hilarious when it's over social media and they have to delete their dumb opinion.
|
|
#
¿
May 5, 2016 21:47
|
|
|
Thermopyle posted:It also tells you a lot about the smarter and more knowledgable person.  Though the "smarter and more knowledgable person" might be the one who thought he knew everything.
|
|
#
¿
May 5, 2016 22:03
|
|
|
ChickenOfTomorrow posted:i do not think this is something of which you should be proud I bought an 850, is that a gently caress up? 
|
|
#
¿
May 6, 2016 06:03
|
|
|
Advised by the greys, vindicated by the 'pos. 
|
|
#
¿
May 6, 2016 06:41
|
|
|
The terrorists have won. They don't even need to do anything to disrupt transportation infrastructure.
|
|
#
¿
May 8, 2016 21:35
|
|
|
qntm posted:believe it or not, mild transportation disruption is not the terrorist endgame Then I wish we'd stop loving around with security theater that has nothing to do with stopping terrorists.
|
|
#
¿
May 8, 2016 22:54
|
|
|
Ulf posted:i was going through this yesterday and thank you for trying so that i did not have to 5000? Lol try like 3. What's that you forgot your password? Well lets verify your identity via 5 static questions with 3 possible answers each.
|
|
#
¿
May 10, 2016 19:47
|
|
|
Malloc Voidstar posted:a forum focused around “extreme anal dilation and anal fisting,” according to security researcher Troy Hunt. He actually goes by Mike.
|
|
#
¿
May 10, 2016 19:53
|
|
|
anthonypants posted:lol https://consumerist.com/2016/05/10/walmart-sues-visa-over-security-of-debit-card-authorizations/ It angers me that there has to be a lawsuit over this instead of it being something that is automatic and expected for continuing PCI compliance.
|
|
#
¿
May 11, 2016 00:35
|
|
|
Does reputation even matter? If the product gets traction, security poo poo can be fixed whenever. Does anyone say "This is a great program/piece of hardware that I would like to use. Oh it looks like thy rushed it to market and since then have made a few security improvements, never mind, their reputation sucks. I'm out." And besides that unlikely scenario rebranding can always be done as well. Basically security is a cost center that very rarely helps your product/service sell.
|
|
#
¿
May 16, 2016 03:03
|
|
|
Parallel Paraplegic posted:oh wait it's http/s wasn't exposed to the internet in any case though because i'm not incompetent, never mind I thought the whole idea of ubiquity was that they were "cloud managed" how can they reach the management platform if they aren't exposed to the Internet.
|
|
#
¿
May 17, 2016 16:05
|
|
|
|
| # ¿ May 22, 2024 15:48 |
|
|
Pretty much nothing people claim on twitter is true.
|
|
#
¿
May 20, 2016 20:56
|
|