|
Powaqoatse posted:well thats kinda the same as before, but explicit, no? How so? Legal residents and visitors to the US enjoy the full protection of law.
|
# ¿ Jan 26, 2017 16:32 |
|
|
# ¿ May 17, 2024 15:02 |
|
Truga posted:Well, yeah, but now it's also legal. Until now there was that safe harbour replacement thing: http://fortune.com/2016/02/02/looks-like-data-will-keep-flowing-from-the-eu-to-the-u-s-after-all/ So how is this the same as it's been then?
|
# ¿ Jan 26, 2017 16:34 |
|
Truga posted:difference is, now it's legal for nsa to read my mail this isn't about the NSA. this is about agencies being able to publish that personal data, send to other agencies, share with private contractors. the privacy policy on a government service serves the same function as on a private service.
|
# ¿ Jan 26, 2017 17:39 |
|
OSI bean dip posted:twitter originally was conceived as an sms-based service hence its limit on characters it's also why a tweet of "m afreak you stink real bad" generates a DM
|
# ¿ Jan 26, 2017 22:44 |
|
Cocoa Crispies posted:tcpdump/wireshart are just big piles of vulnerable, since their goal is to be able to decrypt all the protocols a rust port of tcpdump would be a life's work, but so much nicer tcpdump is of course usually run as root
|
# ¿ Jan 30, 2017 15:15 |
|
my body is ready
|
# ¿ Jan 31, 2017 00:39 |
|
Shaggar posted:I doubt goog has the balls to revoke Symantec CAs from chome. they'd be shutting off part of the internet for their users and they care more about those ad dollars than security. they would revoke after a certain date, not retroactively
|
# ¿ Jan 31, 2017 02:13 |
|
apseudonym posted:This doesn't look retarded enough to be real don't say retarded
|
# ¿ Jan 31, 2017 04:33 |
|
hackbunny best bunny
|
# ¿ Jan 31, 2017 04:55 |
|
I never considered character encodings as a way to protect against rainbow tables, but in hindsight it's obvious. who has ebcdic tables?
|
# ¿ Jan 31, 2017 14:46 |
|
immutability would do it
|
# ¿ Feb 1, 2017 17:22 |
|
Shaggar posted:like I'm guessing its all dom and css modifications to format it for their printers. they could probably do it with a browser extension tho. that would be better. no, that would be worse. their lovely code shouldn't be resident unless I'm interacting with their system
|
# ¿ Feb 1, 2017 17:26 |
|
Shaggar posted:it wouldn't have to be always on and would just format a page for a printer. I mean I know failfox and chome are really bad at javascript but it wouldn't have any effect until you clicked the extension to format for their printer. it shouldn't be resident, and it shouldn't be dependent on them correctly writing the extension. it needs access to any page to work as an extension, and a printer tool shouldn't have that in my browser on an ongoing basis
|
# ¿ Feb 1, 2017 20:24 |
|
what are the regulatory constraints? windows update has the ability to execute commands given server instruction, as do all browsers with a decent update model
|
# ¿ Feb 3, 2017 22:21 |
|
infernal machines posted:in this case our only specific constraint is that all data must be stored in canada. our clients have requested that any data stored offsite be encrypted, and they have ongoing concerns re remote data storage. basically everyone uses rdi for offsite work and all onsite systems use bitlocker. updates are managed by wsus locally, enforced by gpo and all automatic updates on 3rd party software are disabled, updating 3rd party applications is handled by sccm or ninite*. this sounds p good, imo
|
# ¿ Feb 3, 2017 23:11 |
|
my company's web site was hacked. I don't know the details, but I doubt that someone burned a zero-day on it. I also somewhat doubt that we have clean backups.
|
# ¿ Feb 6, 2017 13:37 |
|
24 hours to restore, including "malware scan"
|
# ¿ Feb 6, 2017 15:09 |
|
was memorizing the pattern cheating? is memorizing a lot of words cheating at scrabble?
|
# ¿ Feb 7, 2017 02:01 |
|
I suspect the TAO exfil includes a buttpile of VMs and system images for verifying the tools. the TAO guy I talked to said they cared about "hundreds or thousands" of target configs.
|
# ¿ Feb 9, 2017 22:09 |
|
also re: eripsa: don't roll your own cryptolibertarian
|
# ¿ Feb 9, 2017 22:10 |
|
Shaggar posted:tsa let me thru the other day w/out me taking off belt or other stuff which was nice. when you grow up you'll get Global Entry and Precheck and have that experience every time
|
# ¿ Feb 10, 2017 22:04 |
|
"citizen" doesn't mean anything at the border these days
|
# ¿ Feb 10, 2017 22:10 |
|
"hail Satan" probably gets you a pass
|
# ¿ Feb 10, 2017 23:07 |
|
"sorry, I only have Fetlife. here, I'll find it for you"
|
# ¿ Feb 10, 2017 23:10 |
|
Chris Knight posted:yes, if you are from the wrong country. I'm white as hell, but born in iran. does your passport have your place of birth on it?
|
# ¿ Feb 10, 2017 23:43 |
|
why the gently caress does Arby's have data to breach?
|
# ¿ Feb 10, 2017 23:55 |
|
hobbesmaster posted:all us passports do ah, in Canada people from certain countries can opt to have it omitted. some Iranian friends of mine have theirs omitted on the advice of the passport office, to ease entry into the US and other countries
|
# ¿ Feb 11, 2017 00:00 |
|
Shaggar posted:u have no idea. there have been hints
|
# ¿ Feb 11, 2017 01:20 |
|
Chris Knight posted:here, never saw the option It's a different application form. http://www.cic.gc.ca/english/passport/apply/omit-place-birth.asp
|
# ¿ Feb 11, 2017 01:50 |
|
it may surprise you to discover that it's well-covered ground at many of the companies who make these services
|
# ¿ Feb 12, 2017 17:21 |
|
James Baud posted:Yes, but let's say you didn't do that and are being compelled to fingerprint unlock... Darn, it asked for the PIN anyway even though I complied. is that going to be interpreted as destruction of evidence?
|
# ¿ Feb 12, 2017 18:19 |
|
that's actually quite reassuring
|
# ¿ Feb 13, 2017 17:53 |
|
cinci zoo sniper posted:im coming to your help, stuck post of subjunctive thanks pal!
|
# ¿ Feb 13, 2017 20:25 |
|
COACHS SPORT BAR posted:some bored college student hijacked his own campus' IoT devices and used them for a DDOS against said uni's DNS servers at least the systems were discreet
|
# ¿ Feb 13, 2017 23:12 |
|
yes, code signing based on chaining to roots defends against AV software installing roots. riotous applause.
|
# ¿ Feb 16, 2017 01:49 |
|
Shaggar posted:I'm talking about whitelists for signers and specific files, not chaining back to roots which would be pointless for code signing. is that not how code signing works on Windows?
|
# ¿ Feb 16, 2017 04:06 |
|
Lutha Mahtin posted:so every site is going to have one+ unique code signing cert? hang on, get the chrome team on the phone, i'm sure they'll start on this first thing tomorrow every site has a unique TLS cert, today signed scripts used to exist in Netscape and IE; I presume Shaggar is familiar with the drawbacks of those approaches
|
# ¿ Feb 16, 2017 04:14 |
|
Lutha Mahtin posted:nah but shaggz is talking about ones that don't chain to an authority. so the browser would then need zillions of certs for it to be useful, right? no amount of certs could make that useful
|
# ¿ Feb 16, 2017 05:16 |
|
Sapozhnik posted:https://github.com/glmcdona/Process-Dump breakpad can dump from within the process I believe. depends on how much you trust your environment.
|
# ¿ Feb 16, 2017 19:25 |
|
|
# ¿ May 17, 2024 15:02 |
|
Shaggar posted:also lol @ using a browser that has its own internal trust list instead of the system trust list. IE doesn't have a way for users to add roots to their keychains?
|
# ¿ Feb 16, 2017 21:44 |