|
Captain Foo posted:0day poastin'
|
# ¿ Jan 5, 2017 17:27 |
|
|
# ¿ May 2, 2024 12:05 |
|
it gets better https://twitter.com/ErrataRob/status/819740885504192512 https://twitter.com/ErrataRob/status/819741399465816064
|
# ¿ Jan 13, 2017 04:55 |
|
my mom just replaced her washing machine that she's had for almost 20 years with a model that will likely only last a quarter of that e: poo poo this is the security thread not the tech bubel thread, ignore me
|
# ¿ Jan 18, 2017 19:31 |
|
quote:The story noted that vDOS earned its proprietors more than $600,000 and was being run by two 18-year-old Israeli men who went by the hacker aliases “applej4ck” and “p1st0”. Hours after that piece ran, Israeli authorities arrested both men, and vDOS — which had been in operation for four years — was shuttered for good.
|
# ¿ Jan 18, 2017 20:14 |
|
spankmeister posted:We already have "cyber reservists" here.
|
# ¿ Jan 19, 2017 18:43 |
|
Cocoa Crispies posted:that's insipid I'm not saying that it's necessarily smart or subtle, but as a ham-fisted way of putting pressure on someone I could kind of see the incoming administration looking at it as cyber gunboat diplomacy
|
# ¿ Jan 19, 2017 18:51 |
|
hackbunny posted:[*]IsBuildOlderThan20150211: false. what a weird check! it compares two static dates: the build timestamp encoded in the version number, and february 11th, 2015 (the next day). always evaluates to false, regardless of when, where and how the code is executed. very confusing Bhodi fucked around with this message at 05:24 on Jan 24, 2017 |
# ¿ Jan 24, 2017 05:21 |
|
infernal machines posted:the point is that previous ruling was the only reason patriated data centers mattered. if you have a legal requirement to store data domestically, you had the option of using local data centers even if they were being managed by an american company, because at least legally speaking the us couldn't just subpoena all your data across national boundaries. i'm sure the groaning will start because it's still deployed (but not managed!) by american staff and that access tunnel potentially means the feds will have legal avenues to grab data
|
# ¿ Feb 5, 2017 18:10 |
|
geonetix posted:Best advice? Got big German clients? Make sure you're doing what you've said you were doing ;-).
|
# ¿ Feb 5, 2017 18:22 |
|
they really made some huge opsec mistakes, they only made see-through mesh pockets after one of their guys got popped?
|
# ¿ Feb 6, 2017 18:01 |
|
I was paranoid and factory reset my phone and then installed a vpn when I went to china. didn't really matter since they didn't allow google anyway, I hardly used my phone at all on the trip e: should probably mention i also went into tibet including some of the militarized areas so it wasn't totally unfounded paranoia
|
# ¿ Feb 10, 2017 21:17 |
|
power botton posted:the weakest part of AD is all the servers and desktops storing kerberos tickets and hashes in memory to get retrieved with mimikatz et al, but MS keeps adding new features to minimize that. the chance of your average Fortune 500/1000 enabling them is nonexistent but hey. there's no fixing stupid, but you could at least give a warning / confirmation popup
|
# ¿ Feb 12, 2017 14:56 |
|
Shaggar posted:theres no reason to wait until it compiles to commit if you have a reason to commit. the CI system will only spit out compiled artifacts so it doesn't matter if a build breaks cause you should be using the last successfully built artifact instead of the source for the artifact.
|
# ¿ Feb 21, 2017 18:08 |
|
troy hunt could make some serious money by setting up a watchdog notification service for businesses to sign up to, for a small yearly fee dude prolly doesn't need any more cash though, he's already got a massive house on the aus gold coast
|
# ¿ Feb 21, 2017 18:23 |
|
Shaggar posted:if a dev is running their own feature branch who cares if they break the build? they're the only ones working in it. also good and related: make sure you don't just lint and do basic CI, better check for passwords as well because devs "whoops" them from their private code into dev all the loving time Bhodi fucked around with this message at 18:45 on Feb 21, 2017 |
# ¿ Feb 21, 2017 18:42 |
|
Shaggar posted:iu guess I don't really see the problem w/ broken builds getting into the CI system since either best case it becomes a joke, worst case egos get involved and the knives come out mostly it's managed by a mutual understanding of what being in a particular branch means, if you work with ppl who know there may be broken builds, that's fine for your org. but we work on a sprint where a release branch is branched off dev on a specific day and time, not necessarily by the people committing code, and they need to know it's at least in a mostly-functional state so they can start doing integration/acceptance testing Bhodi fucked around with this message at 18:55 on Feb 21, 2017 |
# ¿ Feb 21, 2017 18:51 |
|
i do have to admit using the build servers themselves to generate bitcoins is a spark of genius, since in a lot of cases part of the build process is to pull poo poo all over from random places on the internet (hello, maven) so outgoing firewalls are often already open to the build slaves the next step is obviously combing for :8080 jenkins and non-github stuff that's open facing so you can do the same thing with them. there are lots and lots of CI systems open to the internet out there
|
# ¿ Feb 21, 2017 19:06 |
|
Shaggar posted:If your builds are so large that minor changes in one branch break productivity for everyone your design is probably pretty heinous. also its infinitely more likely that the junior dev will horde his code because the CI keeps rejecting him and then he puts in a slew of changes that have hardcoded garbage to pass tests but that breaks everything in runtime. now you've been building your own stuff against his broken code for weeks cause you've trusted the CI server to gate things for you. any junior dev that does an end-run around the testing system deliberately, well, that's not a dev thats around for very long. plus, you know, code review, right? collaboration? Bhodi fucked around with this message at 19:21 on Feb 21, 2017 |
# ¿ Feb 21, 2017 19:19 |
|
Shaggar posted:sure but one real great way to trigger an out of band code review is a check in that doesn't build. lots of jr devs aren't gonna ask for help cause they're just out of college and they dont understand that they didn't learn anything there. now you're creating a build environment that's hostile to them and they're gonna fall back on the bad habits their profs taught them. A jr dev dodging tests in order to get code to compile is to be expected of a jr dev because they don't understand why tests are important yet.
|
# ¿ Feb 21, 2017 19:42 |
|
e: nm, moved to politics security thread
Bhodi fucked around with this message at 19:50 on Feb 21, 2017 |
# ¿ Feb 21, 2017 19:46 |
|
+++ATH0 just in case
|
# ¿ Feb 27, 2017 21:14 |
|
I would buy a consolidator for fobs from aliexpress instantly like, this http://www.wexinc.com/wex-corporate/the-rise-of-the-all-in-one-card-consolidator/ but for fobs, even if it was just HID or something i have four of the loving things
|
# ¿ Feb 27, 2017 23:54 |
|
Truga posted:the s in iot stands for security
|
# ¿ Mar 5, 2017 18:09 |
|
apseudonym posted:Judging by the Android section this is pretty old stuff https://twitter.com/matthew_d_green/status/839161256061857792
|
# ¿ Mar 7, 2017 18:11 |
|
there's definitely a theme but VA paid a college intern
|
# ¿ Mar 8, 2017 20:40 |
|
ate all the Oreos posted:the real trick is to only do it to moderate to poor people, obvs
|
# ¿ Mar 15, 2017 18:50 |
|
armchair lawyers (but with actual law degrees) are less optimistic about his chances. because it's the internet, of course people piled on https://twitter.com/kurteichenwald/status/842754912249434112
|
# ¿ Mar 18, 2017 14:17 |
|
anthonypants posted:"his wife" immediately jumped on twitter after the gif was sent to tell the person who sent the gif that he was having a seizure Bhodi fucked around with this message at 19:07 on Mar 18, 2017 |
# ¿ Mar 18, 2017 19:05 |
|
"when techies have smartphones they surf like this, but when blue collar workers have smartphones they surf like THIS" but with arbitrary encrypted traffic, a dozen data points and fairly reliable accuracy. three cheers for metadata! https://arxiv.org/ftp/arxiv/papers/1701/1701.00220.pdf
|
# ¿ Mar 25, 2017 16:10 |
|
it's already dead! please, someone call him off!!
|
# ¿ Mar 25, 2017 20:22 |
|
https://twitter.com/thegrugq/status/845972521761624065
|
# ¿ Mar 26, 2017 13:57 |
|
OSI bean dip posted:oh boy i cannot wait for the recommendations for a vpn service coming down the pipe
|
# ¿ Mar 29, 2017 00:23 |
|
Progressive JPEG posted:I'll be the city limits reaching out to all the reservoirs:
|
# ¿ Apr 10, 2017 20:17 |
|
today's a good day for fuckups. how would you like an over the air PoC against samsung tvs that survives factory resets? war driving's back, baby! https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/
|
# ¿ Apr 10, 2017 23:30 |
|
anthonypants posted:today, huh
|
# ¿ Apr 11, 2017 00:15 |
|
cheese-cube posted:i do all my hacking from the most weird domains, ones that would be extremely awkward for a prosecutor to read out they'll never find me because I come from IIIlllIIlIliiilillIlllIlll.com
|
# ¿ Apr 16, 2017 15:11 |
|
people who believe that binding common, fingerprintable daemons to non-standard ports improves security are dumb and so are the security mandates they create
Bhodi fucked around with this message at 20:44 on Apr 19, 2017 |
# ¿ Apr 19, 2017 20:42 |
|
Wiggly Wayne DDS posted:i am shocked, truly, that the developers aren't completely in a vacuum from researchers https://twitter.com/Snowden/status/863425539616284673 https://twitter.com/blakehounshell/status/848139529697546241
|
# ¿ May 13, 2017 17:32 |
|
|
# ¿ May 16, 2017 20:15 |
|
|
# ¿ May 2, 2024 12:05 |
|
BangersInMyKnickers posted:They claim it was an "unprecedented database corruption event" but how the hell it sat for so long and why they weren't able to restore within a day of the failure is a mystery to me
|
# ¿ May 22, 2017 15:53 |