|
are background checks reliable in Russia anyway?
|
# ¿ Jan 7, 2017 20:12 |
|
|
# ¿ Apr 30, 2024 01:04 |
|
anthonypants posted:imho if they didn't want a probe they wouldn't have posted the ip address of their server to the secfuck thread YOUR IP ADDRESS MAY BE LEAKING
|
# ¿ Jan 9, 2017 17:42 |
|
You could always compile it yourself: http://download.mobatek.net/sources/
|
# ¿ Jan 9, 2017 17:52 |
|
|
# ¿ Jan 10, 2017 02:29 |
|
Wheany posted:same, except netflix, itunes, youtube and amazon why do you need jtag for those?
|
# ¿ Jan 10, 2017 13:57 |
|
Volmarias posted:You know full well that it's never getting a firmware update. My Sony TV gets an update every few months, no doubt to introduce new vulnerabilities. When I had a Roku in like 2010 there were dozens of apps I could install, mostly terrible youtube clones. Has the ecosystem fallen apart?
|
# ¿ Jan 10, 2017 16:58 |
|
over in the BWM thread a former Steadfast employee is saying he knows the mods to have access to credit card data, presumably because the staff there look at tenant data? it's hard to figure out who is least credible
|
# ¿ Jan 10, 2017 18:07 |
|
Powaqoatse posted:tiny brontosaurus is cool this is good and true
|
# ¿ Jan 10, 2017 19:52 |
|
TINY BRONTOSAURUS CURES PRIVILEGE
|
# ¿ Jan 10, 2017 20:03 |
|
Segmentation Fault posted:FactsAreUseless is saying "nobody on SA has access to your credit card info" technically "I worked at the hosting provider so I know that FAU is lying" why would lowtax retain CC info for accounting purposes? what does logging into the load balancer tell you about CC retention? that thread is very confusing
|
# ¿ Jan 10, 2017 21:32 |
|
spankmeister posted:I distinctly remember something about SA keeping around CC information as a unique identifier to make sure people wouldn't be able to get around permabans. you don't have to keep usable CC info for that
|
# ¿ Jan 10, 2017 21:33 |
|
b&
|
# ¿ Jan 10, 2017 21:38 |
|
Trabisnikof posted:Even lowtax's comment that he's never seen "full" CC info doesn't contradict TB's concern (afaik) that someone leaked her name+zip. it does contradict negromancer's assertions that the full data is kept, for "accounting reasons" as though any decent accountant isn't going to have a full on grand mal when you give them a USB key labeled "CUSTOMER CC DATA" for your return
|
# ¿ Jan 10, 2017 21:41 |
|
zen death robot posted:He did not. I know he tried to run a bunch of SQL injection hacks against the site and claimed it was part of his regular job duties and unless someone at SA had requested it then I can assure you that it was not.
|
# ¿ Jan 10, 2017 21:48 |
|
a hosting provider that tries sql injection against a client's software without consent or even notice is pretty hosed up, even by the generous standard of hosting fuckups
|
# ¿ Jan 10, 2017 22:05 |
|
zen death robot posted:make things less secure live a little
|
# ¿ Jan 10, 2017 23:48 |
|
zen death robot posted:I don't know enough about webdev to fix the lovely way the cookie info is handled. That's why lowtax got an actual webdev guy to recode things, but if anyone can point me to some resouces I'll do what I can to fix that poo poo too. just use Stripe?
|
# ¿ Jan 10, 2017 23:49 |
|
zen death robot posted:Here's the rub. While I might be able to do it, I do not feel comfortable in doing so because that's not my area of expertise. That's why Lowtax has someone else working on site code. I don't know what all he is doing I can only explain how things currently are, but no radium code will be kept around in the long term. If I put my stamp on the code then I feel as if I'm accepting responsibility with all that goes with it, and I'm not comfortable with that. I have my areas of expertise and handling payment transactions across is not that area. I will describe how it's currently done though and do what I am comfortable with to make things better. seems reasonable. prepare for war.
|
# ¿ Jan 10, 2017 23:57 |
|
zen death robot posted:wasnt that fixed as well are the regression tests passing?
|
# ¿ Jan 11, 2017 01:52 |
|
A Pinball Wizard posted:can you get me a job just post your resume here and a steadfast operator will notice it in the database
|
# ¿ Jan 11, 2017 04:10 |
|
nothing of value should be lost if a workstation is blown away
|
# ¿ Jan 11, 2017 14:09 |
|
Shinku ABOOKEN posted:how much disk quota do your employees have on the file server? when last I cared about workstations, dozens of terabytes if they wanted it
|
# ¿ Jan 11, 2017 15:47 |
|
anthonypants posted:every single one of the claims made against trump is completely unverifiable, and buzzfeed believes that journalism means publishing every claim so that the american people can figure out what's real and what's not by themselves. buzzfeed published a story about the fact that an intelligence report contained those allegations, and explicitly said they couldn't verify the claims themselves. it's like writing a story "trump appointee claims climate change a hoax". e: whoops new page
|
# ¿ Jan 11, 2017 22:58 |
|
flosofl posted:The biggest threat to "cyber" is NOT the Russians (or the NSA). I want to know Backhoe's score.
|
# ¿ Jan 17, 2017 00:36 |
|
yeah, I remember nanog-l going apeshit. it was very exciting
|
# ¿ Jan 17, 2017 01:49 |
|
Chalks posted:Also somehow notifying them without utilising power... https://www.amazon.ca/dp/B00000J47L/
|
# ¿ Jan 17, 2017 13:04 |
|
Chalks posted:My battery powered washing machine is going to have trouble accessing the internet during a power cut since my router is not also battery powered. My security system uses a cell modem backup, and there are several/many IoT companies doing exactly that with monitoring devices for things like weather stations. Think this through.
|
# ¿ Jan 17, 2017 14:28 |
|
BattleMaster posted:and not have IoT devices in your home too late, I have a smart meter
|
# ¿ Jan 17, 2017 15:22 |
|
fishmech posted:f) data center caught on fire like delta or whoever's did g) incompatible update installed to wrong part of the fleet
|
# ¿ Jan 23, 2017 12:54 |
|
What should they use instead? openldap? NIS+?
|
# ¿ Jan 23, 2017 15:23 |
|
They could host it in the arms-length German facility.
|
# ¿ Jan 23, 2017 17:58 |
|
https://www.extremetech.com/internet/243202-symantec-caught-improperly-issuing-illegitimate-https-certificatesquote:According to security researcher Andrew Ayer, Symantec has issued 108 credentials in violation of strict industry guidelines that the organization agreed to abide by when it made this mistake back in 2015. Nine of the certificates were issued without the permission or knowledge of the affected domain orders, while the other 99 were issued to companies with obviously faked data, Ars Technica reports. Ayer writes: “I doubt there is an organization named “test” located in “test, Korea.”
|
# ¿ Jan 23, 2017 19:16 |
|
BiohazrD posted:maybe its time to untrust symantec root?
|
# ¿ Jan 23, 2017 19:54 |
|
Wiggly Wayne DDS posted:eta to *.webex.com xss: https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 quote:the user must click OK for code execution to happen oh that's fine then
|
# ¿ Jan 23, 2017 22:35 |
|
Wiggly Wayne DDS posted:an argument's brewing over there if someone's arguing that one-click exploit deployment is ok, I'm not sure I want to read it
|
# ¿ Jan 24, 2017 00:34 |
|
it looked from the bug that Tavis just said "good work Cisco, that was fast" rather than "uh, no, that's still bad", so we don't know what Cisco would have done with the remaining 75+ days in the disclosure window
|
# ¿ Jan 24, 2017 00:57 |
|
goddamn hackbunny. I mean goddamn
|
# ¿ Jan 24, 2017 16:57 |
|
ate all the Oreos posted:america, where you only have to report security breaches if they affect your investors rather than the actual people breached Not true in California at least.
|
# ¿ Jan 25, 2017 15:43 |
|
Wiggly Wayne DDS posted:they were always unusually insistent on saying they never analysed russian gov malware, even after the us dropped the iocs mentioning samples they had analysed prior I heard that he was under investigation before he joined Kapersky
|
# ¿ Jan 25, 2017 17:47 |
|
|
# ¿ Apr 30, 2024 01:04 |
|
Ur Getting Fatter posted:Security Fuckup Megathread - If path contains ".anime" kill
|
# ¿ Jan 26, 2017 15:44 |