|
Gonna leave this here: https://bugs.php.net/bug.php?id=59336 quote:Request #59336ioctl() support JFC
|
# ¿ Jan 5, 2017 17:35 |
|
|
# ¿ May 2, 2024 08:43 |
|
Migishu posted:Security Fuckup Megathread - v13.0.1 - looks like them secfuck boys are at it again Now them secfuck boys got themselves into a heap of trouble.
|
# ¿ Jan 5, 2017 17:35 |
|
Also 0 day posting.
|
# ¿ Jan 5, 2017 18:04 |
|
Wiggly Wayne DDS posted:https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-due-inadequate quote:In a statement emailed to Consumerist, D-Link responds to the lawsuit: Are they denying that their software had hard coded usernames and password? Or are they denying that their private keys were publicly available for 6 months on the internet? Lmbo
|
# ¿ Jan 5, 2017 20:48 |
|
Random question: Is there a way for me to NOT have a self-signed certificate on an production embedded device that may not be connected to the internet?
|
# ¿ Jan 6, 2017 18:46 |
|
OSI bean dip posted:enough chat about garbage ssh clients Wait what? Why would anybody want this?
|
# ¿ Jan 9, 2017 22:37 |
|
Ur Getting Fatter posted:cloudy with a chance of occasional broadcast storms mods
|
# ¿ Jan 20, 2017 03:44 |
|
atomicthumbs posted:50% of drivers for special-purpose printers are a trash fire I met the guy who created Zebra on a plane once. Dude seemed OK if a bit off. Friendly chat though.
|
# ¿ Feb 2, 2017 13:33 |
|
|
# ¿ Feb 2, 2017 22:16 |
|
Meat Beat Agent posted:universal serial butt
|
# ¿ Feb 7, 2017 16:52 |
|
https://twitter.com/taviso/status/832768915138678784
|
# ¿ Feb 18, 2017 06:10 |
|
Today in non-sec fuckups I made a tool that chunks through all of the packages in Buildroot and if it's hosted on GitHub or PyPI it checks to see if there's an update and if so auto-generates a patch to submit to the Buildroot team. Almost 60% of the python libraries were out of date. 40% of those were out of date by more than 2 major revision numbers.
|
# ¿ Feb 19, 2017 18:44 |
|
jre posted:Lol that's obnoxious and they will kill you if actually run it Oh I talked to the maintainers and they were all for it. 58 patches submitted!
|
# ¿ Feb 19, 2017 20:39 |
|
jre posted:This is totally retarded and will almost certainly break stuff. How did you check that bumping libraries major versions hasn't broken functionality ? I actually scanned the dependencies if there was a dependencies.txt, I tried to import the module as well, and then if there was example code I tried to run that. Out of the 58 patches, 3 were broken as far as I could tell. James Baud posted:I thought you'd been doing embedded stuff for a while? I am embedded, this is just a side project for fun. Also yeah, we are in discussions on how to actually maintain python libraries buildroot, as it's already 10~% of the packages and there are over 20,000 libraries on pypi.
|
# ¿ Feb 19, 2017 23:45 |
|
Jet fuel can't melt Buffalo Nas'
|
# ¿ Feb 25, 2017 17:53 |
|
sarehu posted:It's so easy to gently caress up a copy/pasted password so making you type it makes a lot of sense. sarehu posted:Not sarcastic at all. There are very obvious reasons why copy/pasting is disallowed when changing your password versus when logging in. If you can't think of them, try turning on your brain. sarehu posted:Gee, maybe stop and consider why people have to type it twice.
|
# ¿ Feb 26, 2017 19:56 |
|
MiniFoo posted:Today, in no particular order: Quickbooks, TeamViewer, Apple ID. Varkk posted:We use teamviewer host pushed out via GPO to avoid that. However we still have some external clients with no domain infrastructure where this can be an issue. MANime in the sheets posted:At an MSP, it's a relatively cheap way to use a simple program that even users can figure out. For a while we had a website where they could just download a one use one way client. Then internal systems put a new version of that up before help desk had a license for the new version.... we use Kaseya for the most part now. Probably more secure, and requires no intervention from the user for us to remote in. lampey posted:Was there ever a resolution to the teamviewer hack? Varkk posted:It was a bunch of people using the same email address/pass combo for LinkedIn and teamviewer. Coupled with some malware bundling it for remote access on victims around the same time. SEKCobra posted:We use Teamviewer to support our clients, how the gently caress else am I gonna be able to have a end user start a program while on a call and get to their desktop? I give them a link to download our QS and they give me the ID, done. Jesus Christ.
|
# ¿ Mar 2, 2017 16:30 |
|
OSI bean dip posted:i liked how teamviewer managed to create the narrative that they didn't get breached I am glad my company isn't stupid enough to use Teamviewer, and the CEO is a CCIE in security.
|
# ¿ Mar 2, 2017 16:40 |
|
Our current product only does SSLv3. There are no plans to update it because I am making a new product. Also grandstream phones don't support HTTPS.
|
# ¿ Mar 7, 2017 19:31 |
|
OSI bean dip posted:so this came up in the sh/sc help thread At least he's staying true to his forums name.
|
# ¿ Mar 7, 2017 22:09 |
|
http://wololo.net/2017/03/11/nintendo-switch-already-hacked-known-vulnerability/ Oh Nintendo.
|
# ¿ Mar 13, 2017 00:17 |
|
OSI bean dip posted:It was inevitable 9 days, pretty drat good.
|
# ¿ Mar 13, 2017 03:14 |
|
Capture the flag is fun. I am glad you got second!
|
# ¿ Mar 14, 2017 02:54 |
|
https://twitter.com/taviso/status/845719189918695424
|
# ¿ Mar 25, 2017 21:26 |
|
Security Fuckup Megathread - v13.4: Your 20" Lifelike Horse Dong has shipped!
|
# ¿ Mar 27, 2017 21:01 |
|
Instant Grat posted:That's what Troy Hunt told me to do when I emailed him for advice after eventually getting shunted to the payment processor and being told "yeah we know they're doing the iframe thing, we told them to get it fixed but what can you do" Forward it to Taviso and have him publically shame the company for you.
|
# ¿ Apr 4, 2017 15:51 |
|
Pikavangelist posted:so does the NSA pick their codenames by randomly mashing together words or something? I got moon moon.
|
# ¿ Apr 14, 2017 15:38 |
|
|
# ¿ May 9, 2017 15:21 |
|
My company doesn't want to start a security bug bounty program because it might make us look weak.
|
# ¿ May 26, 2017 14:53 |
|
DumbWhiteGuy posted:"we got hit with ransomware" It's for our embedded product. We don't have an established security bug bounty program, but his worry is that other companies in our industry might go: "See, THEY have bugs, so don't buy them. " (Our competitors also do not have security bug bounty programs either.)
|
# ¿ May 26, 2017 15:07 |
|
BangersInMyKnickers posted:yo momma doesn't even port knock on her backdoor yo momma has a bunch of open back doors.
|
# ¿ May 29, 2017 15:10 |
|
vOv posted:it's the former, because you can't send jesus over tcp https://www.sadtrombone.com/?autoplay=true
|
# ¿ May 31, 2017 15:07 |
|
Switching our product's crypto library over to libressl today.
|
# ¿ Jun 15, 2017 14:09 |
|
I drive a volt.
|
# ¿ Jun 22, 2017 02:08 |
|
|
# ¿ May 2, 2024 08:43 |
|
Security Fuckup Megathread - v13.70: Tavis does Redmond.
|
# ¿ Jun 23, 2017 19:37 |