Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy
 
  • Locked thread
Fergus Mac Roich
Nov 5, 2008

Soiled Meat

negromancer posted:

that's why you use mobaxterm on windows and stop using putty and winscp like it's 2004.

i use extraputty with awful lua scripts right now. there's even a portable version of this. thank you for pointing out this program and ending my nightmare.

* # ¿ Jan 9, 2017 15:28
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 2, 2024 03:12
  • Quote
Fergus Mac Roich
Nov 5, 2008

Soiled Meat

cheese-cube posted:

disabled https prolly lol

comedy option: he/she added the self-signed cert to the default domain policy so it will be added to the trusted store on all machines

would this be really bad even on a company intranet site?

* # ¿ Feb 8, 2017 08:28
  • Quote
Fergus Mac Roich
Nov 5, 2008

Soiled Meat

Truga posted:

technically, git isn't vulnerable to shattered thing because it salts its commits or somesuch and that issue is due to them using git-svn, but it should move off sha1 anyway, today shattered works, in 5 years plain old brute force will


i went to read
https://blog.agilebits.com/2017/02/23/three-layers-of-encryption-keeps-you-safe-when-ssltls-fails/
and the way I understand it:

technically, your password container is perfectly safe. your poo poo only gets synced within the context of the container encryption, so cloudflare never had direct access to your indivitual passwods. but, the password you use to log into their site (and cloud service?) would be sent in plaintext under https.

since cloudflare terminates https on their end to provide caching services etc, your password would have to exist in plaintext on their server, which isn't too big a deal (unless you're a paranoid little poo poo like me, I don't even trust my password container to cloud services, much less my pw to it), unless someone can read cloudflare's memory. oops!

i dunno what happens after you log into your 1password account, or if the container password is the same password as your 1password password, but i imagine it is, and in that case, start changing all the passwords. not like it'll be a lot more than you have to either way, a shitton of things use cloudflare and you have to change those in any case. :v:

but first, change your 1password pw, if you haven't already.


Sorry I'm security ignorant. AgileBits is saying I don't need to change my master password. What's wrong with their explanation stating that my master password is safe

* # ¿ Feb 24, 2017 19:52
  • Quote
Fergus Mac Roich
Nov 5, 2008

Soiled Meat

Truga posted:

is master password the thing you need to unlock your safe and also different from your 1password login and can't be recovered if you forget it? if so, then yes, it's 100% safe.

the thing you can't recover is the secret account code. I guess I'll reset my password when I get home anyway(you know, why not) but it does seem like they're saying even that isn't necessary.

* # ¿ Feb 24, 2017 20:15
  • Quote
Fergus Mac Roich
Nov 5, 2008

Soiled Meat

Rufus Ping posted:

bit of a joke that 1p for android still doesnt support the new vault format unless you use it in conjunction with either dropbox or bonjour

is the new vault format something I have to opt into? I signed up for 1password after all these things like v6 came into existence and i haven't noticed any issues, and i dont have a dropbox account.

1password owns in a big, big way btw

* # ¿ Mar 10, 2017 04:16
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 2, 2024 03:12
  • Quote
Fergus Mac Roich
Nov 5, 2008

Soiled Meat

pseudorandom name posted:

it's a standard feature on all cellular wifi boxes for some reason. presumably because it adds nothing to the cost and everybody else is doing it.

I wouldn't be surprised if there were regulatory issues or the cell providers insist on it

If the equipment already has a 3G data connection it's literally no extra work to get SMS, doesn't even need any extra paging to signal incoming SMS if it already has the data connection established

* # ¿ Apr 10, 2017 07:01
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy