|
does it autofill credit card information?
|
# ¿ Jan 5, 2017 21:55 |
|
|
# ¿ May 5, 2024 16:15 |
|
so the way to fix this would be making autofill a two step process where it displays a dialog box asking if you want to give this list of personal facts to blah.com
|
# ¿ Jan 5, 2017 22:05 |
|
wasn't there a brief period of time where you straight up couldn't download the windows ISO from Microsoft?
|
# ¿ Jan 6, 2017 04:22 |
|
ate poo poo on live tv posted:Actually it's an RJ-45 connector port 8P8C
|
# ¿ Jan 18, 2017 04:41 |
|
https://twitter.com/yashar/status/824614107034820609
|
# ¿ Jan 26, 2017 15:21 |
|
https://twitter.com/Acosta/status/826197552995373057
|
# ¿ Jan 31, 2017 03:12 |
|
Jabor posted:after that who really cares, but it's not like you're going to spend actual money on patching out drm later, since that gives you literally no benefit besides ending the payments you're making to your DRM provider
|
# ¿ Feb 6, 2017 02:40 |
|
CommunistPancake posted:probably more because of the heavily integrated always online bullshit how do you think they "heavily integrate" it, if not the "cryptographic virtual machine"
|
# ¿ Feb 6, 2017 16:50 |
|
Cocoa Crispies posted:did intel ever ship that actual rng instruction in chips you can buy RDRND shipped in Ivy Bridge, RDSEED shipped in Broadwell. I don't know that anyone dares use them since the output of a stream cipher is indistinguishable from an CPRNG.
|
# ¿ Feb 7, 2017 01:11 |
|
Trabisnikof posted:They demand access to laptops and phones from citizens if you're dark enough or muslim enough or journalist enough
|
# ¿ Feb 10, 2017 23:28 |
|
ate all the Oreos posted:'being moved somewhere else in memory' is position-independent code right? (the -fPIC flag in gcc) at least that seems to be required for a lot of unrelated things so it's possible it's enabled anyway... only libraries are built with -fPIC, executables need to be built with -fPIE. so you can apply ASLR to all shared libraries with no change, but not the main executable. a lot of the mitigations can be partially applied when you mix old and new code, which isn't great but is better than nothing. have a fuckup: quote:Hi,
|
# ¿ Feb 13, 2017 16:15 |
|
Shaggar posted:javascript is the absolute worst thing You can do the exact same thing, easier, with Java.
|
# ¿ Feb 15, 2017 18:56 |
|
cheese-cube posted:edit: ive been making a lot of dumb posts recently so someone please call me out if im an idiot ok, you're an idiot! modern "file-less" malware drive-by infects the machine and then never writes anything to disk at all, it relies on long uptimes and multiple machines on the network being infected to re-infect individual machines after they're rebooted and the malware instance is lost
|
# ¿ Feb 16, 2017 23:40 |
|
Wiggly Wayne DDS posted:32mb of esram disagrees
|
# ¿ Feb 22, 2017 22:53 |
|
quick, make a bleedflare logo to compete with cloudbleed
|
# ¿ Feb 24, 2017 00:50 |
|
rjmccall posted:the filing says they had suspicions when he left and checked the logs when the company got bought by uber
|
# ¿ Feb 24, 2017 18:43 |
|
Sapozhnik posted:i guess the self driving car project must have been its very own little silo because this probably wouldn't have happened if it was developed on core google infra did they switch to Piper because of China?
|
# ¿ Feb 24, 2017 20:09 |
|
so how many of you see cloudbleed as buttbleed?
|
# ¿ Feb 24, 2017 22:10 |
|
we had this conversation on pages 67 & 68 right before buttbleed
|
# ¿ Feb 25, 2017 09:07 |
|
huh. that SHA-1 variant that detects collisions and just hashes it some more is interesting
|
# ¿ Feb 25, 2017 22:46 |
|
tbf git is completely unsuited for the storage of anything besides plain text
|
# ¿ Feb 25, 2017 23:50 |
|
we just have toll bridges and hot lanes
|
# ¿ Mar 8, 2017 20:53 |
|
spankmeister posted:It uses a security feature of Android, if you block screenshots that means other apps can't access the screen buffer either to potentially steal decrypted messages. why would android even allow this at all? alternately: anroid lol
|
# ¿ Mar 12, 2017 22:14 |
|
Cocoa Crispies posted:doesn't matter because the bar codes they print out are very predictable and have no controls on 'em either only for products that have variable weights
|
# ¿ Mar 17, 2017 00:54 |
|
oh, I thought that was a checkout scale. suddenly your point makes a whole lot more sense.
|
# ¿ Mar 17, 2017 03:59 |
|
welp, if I wanted to be a career rapist, I now know who I'd want to be my Ph.D advisor
|
# ¿ Mar 17, 2017 09:25 |
|
just more Jacob Appelbaum stuff, this time implicating djb as a facilitator
|
# ¿ Mar 17, 2017 09:40 |
|
we all agree that the cryptographic link between the touch sensor and the secure enclave is a good thing, right?
|
# ¿ Mar 22, 2017 04:29 |
|
Truga posted:what does it do? interferes with your Right To Repair also prevents TouchID MITM attacks
|
# ¿ Mar 22, 2017 05:35 |
|
so these are all in the Safe Browsing list now, right?
|
# ¿ Mar 24, 2017 17:30 |
|
BangersInMyKnickers posted:Is there a blessed/reasonable method of getting a user cert for my gmail.com email address? No.
|
# ¿ Mar 29, 2017 21:44 |
|
use your operating system's secure keychain or equivalent
|
# ¿ Apr 2, 2017 05:11 |
|
pr0zac posted:Firefox used to store it with strong encryption but had to change cause they got too many complaints from people losing their passwords cause users are idiots. Now they use easily reversible encryption unless you set a master password. They've never stored in plaintext afaik I think you're confusing Firefox Sync with local password storage. afaik, the local password storage has always been unencrypted unless you set a master password.
|
# ¿ Apr 2, 2017 05:56 |
|
Powerful Two-Hander posted:i dont use Firefox sync for passwords, that was an obviously bad idea Firefox Sync used to use strong crypto which required you to pair new devices with an existing client to do the key exchange, but users were too stupid to understand the concept and thought Sync was a backup mechanism and got mad when they lost everything when they deleted all their Firefox installs so Mozilla changed it to just derive the key from your Sync password because we can't have nice things
|
# ¿ Apr 2, 2017 18:44 |
|
quote:Beau du Jour found that the Siime Eye creates a WiFi internet access point whose password, by default, is "88888888." That way, anyone in range can connect to it by guessing the simple password, as he explained in a blog post published on Monday. By looking at the code of the mobile app that comes with the dildo, the researcher also found that once on the dildo's WiFi, you can access its webserver. This has a login portal, but the user is "admin" and the password is blank.
|
# ¿ Apr 3, 2017 15:12 |
|
ate all the Oreos posted:why does a dildo have a webserver how else are you going to get the images from the camera?
|
# ¿ Apr 3, 2017 15:20 |
|
OSI bean dip posted:i'm the need for sms integration in my access point it's a standard feature on all cellular wifi boxes for some reason. presumably because it adds nothing to the cost and everybody else is doing it. I wouldn't be surprised if there were regulatory issues or the cell providers insist on it
|
# ¿ Apr 10, 2017 05:38 |
|
I'm sure it isn't out-of-band management over SMS based on the screenshot and my experience troubleshooting my grandmother's lovely Verizon LTE WiFi hockeypuck, it has a web interface on the local WiFi network that can be used to send and receive SMS messages. the web page that displays incoming SMS messages clearly has an XSS that can be exploited to extract information from the rest of the web interface and then exfiltrate it using the SMS sending page
|
# ¿ Apr 10, 2017 15:48 |
|
your phone is jumping airgaps, hth
|
# ¿ Apr 13, 2017 02:04 |
|
|
# ¿ May 5, 2024 16:15 |
|
Mr. Nice! posted:there used to be a list of adjudication decisions online regarding clearances, but I can't seem to find it at the moment. in your example it would probably be listed as "person has deep and undisclosed ties to groups that have a stated goal of undermining the goverment. was not truthful about past drug use. clearance denied." http://ogc.osd.mil/doha/industrial/2017.html this year's crop is pretty boring so far
|
# ¿ Apr 16, 2017 17:26 |