|
http://www.bbc.co.uk/news/technology-38415067quote:Security firms have launched routers at CES that can stop smart household gadgets being hijacked by hackers. quote:"You will have to buy a security solution for your internet-of-things," said Alex Balan, chief security researcher at BitDefender. quote:"You will have to buy a security solution for your internet-of-things," quote:"You will have to buy a security solution for your internet-of-things," quote:"You will have to buy a security solution for your internet-of-things,"
|
# ¿ Jan 7, 2017 13:35 |
|
|
# ¿ May 2, 2024 07:55 |
|
https://www.theguardian.com/world/2017/jan/06/russian-hacker-putin-election-alisa-shevchenkoquote:Young Russian denies she aided election hackers: ‘I never work with douchebags’ im_zor.gif
|
# ¿ Jan 7, 2017 18:28 |
|
ohgodwhat posted:Relatively tame but this guy's not off to a good start: quote:
|
# ¿ Jan 9, 2017 03:22 |
|
negromancer posted:that's why you use mobaxterm on windows and stop using putty and winscp like it's 2004. gently caress, that looks good. How long has that existed ?
|
# ¿ Jan 9, 2017 15:32 |
|
Wheany posted:that does look good, but i don't feel like paying over $50 per year(?) to replace putty (and to a lesser extent, winscp) If you are using this professionally why would you even blink at $50 for something that will improve your productivity
|
# ¿ Jan 9, 2017 15:54 |
|
well that escalated quickly zen death robot posted:Here's the rub. While I might be able to do it, I do not feel comfortable in doing so because that's not my area of expertise. Absolutely the correct answer.
|
# ¿ Jan 11, 2017 00:07 |
|
Number19 posted:yossec: who's a good ssl cert vendor in 2017? let's encrypt won't work for this. I've had a recommendation for alphassl but i want to see who else is decent these days. i need a wildcard cert for part of the project. Go to name cheap and pick the vendor of your choice edit: They only do comodo now, arse. jre fucked around with this message at 20:22 on Jan 11, 2017 |
# ¿ Jan 11, 2017 20:19 |
|
mod saas posted:test korea best korea
|
# ¿ Jan 23, 2017 23:10 |
|
pixaal posted:Ticket phone call email all came in at the same time.
|
# ¿ Jan 27, 2017 00:51 |
|
Fuzzy Mammal posted:it may be happening What was the background to this again, Symantec issuing certs for google domains ?
|
# ¿ Jan 31, 2017 00:44 |
|
Bonfire Lit posted:misissued certs for test.com and example.com (and some other certs/precerts that contain obviously bogus data) Oh, test korea best korea. Cool
|
# ¿ Jan 31, 2017 01:23 |
|
apseudonym posted:I dont understand how that thread is so good at bringing out weird views on security. Honeypot
|
# ¿ Feb 3, 2017 14:30 |
|
OSI bean dip posted:dipshit greys do not last long in here hth uncurable mlady posted:i see this is your first eripsa encounter then
|
# ¿ Feb 9, 2017 23:56 |
|
flosofl posted:Jesus, shut the gently caress up. You're gonna get the thread closed. Go to D&D and masturbate about laws and civil resistance there. Oh no! off topic posts, in yospos ? aaaaaaaah !
|
# ¿ Feb 13, 2017 10:17 |
|
Jesus christ this guy is a menace
|
# ¿ Feb 18, 2017 11:13 |
|
ratbert90 posted:Today in non-sec fuckups I made a tool that chunks through all of the packages in Buildroot and if it's hosted on GitHub or PyPI it checks to see if there's an update and if so auto-generates a patch to submit to the Buildroot team. Lol that's obnoxious and they will kill you if actually run it
|
# ¿ Feb 19, 2017 19:30 |
|
ratbert90 posted:Oh I talked to the maintainers and they were all for it. 58 patches submitted! This is totally retarded and will almost certainly break stuff. How did you check that bumping libraries major versions hasn't broken functionality ? There are already tools (e.g. https://snyk.io , https://pypi.python.org/pypi/dependency-check/ ) which scan your dependancies for known vulnerabilities so you can limit the updates to things that actually matter. jre fucked around with this message at 22:20 on Feb 19, 2017 |
# ¿ Feb 19, 2017 22:18 |
|
ratbert90 posted:I actually scanned the dependencies if there was a dependencies.txt, I tried to import the module as well, and then if there was example code I tried to run that. quote:As far as I could tell ... Hey I've just changed 58 dependancies without reading the change logs for those dependancies. I've done no meaningful tests so gently caress knows if this breaks the app, I've also not profiled what the effect of new versions on mem / cpu / io is. Nor did I actually check for advisories so the new versions are just as likely as the old to have horrible vulnerabilities in them. What do you mean your taking away my push privs ?
|
# ¿ Feb 20, 2017 00:16 |
|
I was staring at that for ages going, what's wrong with a minimum of 8 chars, mix of caps , small and numbers? wtf ?
|
# ¿ Feb 22, 2017 22:45 |
|
OSI bean dip posted:It doesn't matter to me if you're "rich", you're as white as many other posters in this thread and unlike many people who are not white, you've had the ability to get a degree that enabled you to teach at two post-secondary institutions. Like many other white males such as yourself, you've also attempted to go into business in a white male-dominated field--we're talking about your failed cryptocurrency nonsense. quote:Sorry for bursting your tender white male bubble, Eripsa, but no matter what you say you're as white as they come. I'm Irish and by that definition I am not technically "white" but guess what? I am and so are you. Where you were raised, what level of education your parents have, or where you were born are completely irrelevant to me. You have the privilege of being white and just like most people with attitudes like yours, you don't understand it. I enjoyed the posts where you told the hispanic guy that he wasn't dark enough to be an ethnic minority, that was good. I'm surprised you didn't quote these brutal owns yourself.
|
# ¿ Feb 22, 2017 23:08 |
|
Wiggly Wayne DDS posted:we've been trying to get osi to stop posting for years to no effect
|
# ¿ Feb 22, 2017 23:18 |
|
OSI bean dip posted:I regret that post and I acknowledged in the thread it was wrong of me Cool, can we go back to laughing at sec fucks and not have to wade through you quoting your own dick waving posts from else where in the forums ?
|
# ¿ Feb 22, 2017 23:25 |
|
owns owns owns
|
# ¿ Feb 23, 2017 23:24 |
|
Wiggly Wayne DDS posted:cloudflare reverse proxies are dumping uninitialized memory: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 loving hell quote:We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
|
# ¿ Feb 24, 2017 00:05 |
|
anthonypants posted:Needless to say, this did not convey to me that they take the program seriously. Savage
|
# ¿ Feb 24, 2017 00:10 |
|
anthonypants posted:Cloudflare's statement: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ While claiming a 3 month average is taking the piss a bit, they are correct that the speed with which they fixed this and deployed to massive infra is impressive.
|
# ¿ Feb 24, 2017 00:35 |
|
Wiggly Wayne DDS posted:itym SHAvage gently caress, outdone
|
# ¿ Feb 24, 2017 00:53 |
|
I think you're being trolled.
|
# ¿ Feb 27, 2017 22:56 |
|
OSI bean dip posted:it's hard to tell really
|
# ¿ Feb 27, 2017 23:23 |
|
sarehu posted:It's very easy to test my hypothesis. Take my 8 characters-and-less passwords on websites I use (they go down to 6), count how many times my accounts have been lost from the password being hacked, and compare the results with your however-long passwords that make you feel secure.
|
# ¿ Feb 28, 2017 00:39 |
|
ate poo poo on live tv posted:*millions of dollars in lost revenue for customers* If you are only in 1 region and being down for 10 hours costs you significant money you're the fuckup
|
# ¿ Mar 2, 2017 23:26 |
|
Truga posted:the s in iot stands for security
|
# ¿ Mar 5, 2017 10:55 |
|
Zero One posted:I have a login for a top-5 global bank that allows me to process international funds transfers (on behalf of my clients) worth millions of dollars. Depressing but not surprising
|
# ¿ Mar 12, 2017 15:58 |
|
OSI bean dip posted:browse the site from tor: legit amazing What ya gonna do, when the austrian police come from you ?
|
# ¿ Mar 23, 2017 01:50 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o jesus gently caress
|
# ¿ Mar 30, 2017 22:41 |
|
They made an ssh -> tcp -> cache noise protocol quote:Even in the presence of extraordinarily high system activity, we can maintain a transmission rate between 34.27 KBps and 45.09 KBps with an error rate of 0% on Amazon EC2 virtual machines, which is three orders of magnitude higher than previous covert channels on Amazon EC2. Based on this error-free covert channel, we built the first implementation of TCP through a cache covert channel. We verified the practical applicability of our error- free TCP connection by tunneling SSH and telnet connections reliably between two colocated Amazon EC2 virtual machine jre fucked around with this message at 22:48 on Mar 30, 2017 |
# ¿ Mar 30, 2017 22:46 |
|
and I just can't hide it
|
# ¿ Apr 5, 2017 19:06 |
|
CRIP EATIN BREAD posted:oh jesus the IP to that thing is in one of the videos.
|
# ¿ Apr 5, 2017 19:34 |
|
apseudonym posted:Its not janky It's non existent
|
# ¿ Apr 13, 2017 19:23 |
|
|
# ¿ May 2, 2024 07:55 |
|
Oh have they finally fixed the problem of 99.9% of android devices never getting an update security or otherwise once they leave the factory ? I must have missed that.
|
# ¿ Apr 13, 2017 20:06 |