|
pseudorandom name posted:interferes with your Right To Repair apples and oranges, imho my expectations of repair-ability of a miniaturized consumer product versus a massive piece of industrial equipment worth more than a house is different plus my security requirements would be higher on a device that i carry out in public i would like to be able to repair my phone, but i would poo poo a kidney if i was stuck with a drm'ed critical piece of farm infrastructure between john deer's bullshit and the horrible contracts doled out by food conglomerates it's a wonder farmers even bother anymore
|
#
¿
Mar 22, 2017 05:53
|
|
|
|
| # ¿ May 21, 2024 07:19 |
|
|
ate all the Oreos posted:sounds like you've been brainwashed by modern capitalism into just accepting $800 devices as disposable friend nah, i cycled through every part for my previous phone at least once and i make my purchase decisions partly based on repair friendliness electronics manufacturers are flaming shitbags for making their stuff hard to repair (apple is especially guilty here), but i can understand it to a point with space saving & miniaturization actual industrial equipment should have some lockouts to prevent randoms from poking at everything, but there's no scenario in which i think it's acceptable to both force users to rely exclusively on you and then also refuse any liability
|
|
#
¿
Mar 22, 2017 06:28
|
|
|
i'm sure it's not that simple, but why isn't lastpass checking the domain/url of the page it's on before barfing out creds?
|
|
#
¿
Mar 22, 2017 08:00
|
|
|
Powaqoatse posted:what the hell are you doing to your phones you maniac i'm accident prone, and since i'm not always in an office environment means my gently caress-ups are usually around machinery or concrete floors also up until recently i was running blackberries, and parts were hilariously cheap, like "cheaper to resurface my display rather than buy screen protectors" cheap
|
|
#
¿
Mar 22, 2017 17:58
|
|
|
Chalks posted:4th result down is entitled "Confidential credit cards and SSNs". Who even has files with titles like that. every single employer i've have in the last decade has had a well-meaning secretary that didn't want to bother her boss with small purchases and other trivial auth stuff every. single. one. it's much easier to have a file with credit card numbers, personal data and what not than to create secondary accounts everywhere w/ power of attorney, issue an extra credit card for office purchases etc it's always either stored as passwords.txt or in the more fancy outfits, passwords.docx, right on the network
|
|
#
¿
Mar 28, 2017 14:27
|
|
|
Shifty Pony posted:my (federal government) office has apparently been targeted by someone. a bunch of people have been getting phishing emails which are reasonably well disguised to look like they are from our IT department telling people to confirm their password strength (something our IT hammers on all the time) on a linked page. depending on what it's hosted, either redirect the specific phishing url (or wildcard the domain) to a page under your control that both logs who lands there and displays something to the effect of "stop being idiots, idiots" that might not help on unmanaged, out-of-network devices (cellphones etc) which do tend to be management (aka higher risk, higher threat) but it at least provides a teachable moment for your internal users tracking who lands on the page is useful for one on one follow-up later, in my limited it manager experience people respond well to coaching if it's done in a non-blaming way, but ymmv
|
|
#
¿
Mar 29, 2017 22:08
|
|
|
no joke i'd consider pissing in the sink instead of playing cocklooker pong
|
|
#
¿
Mar 30, 2017 07:03
|
|
|
*groan* i'm having issues with cert issuance for a jira instance running on tomcat & windows server my desired end result is a java key store file containing my crap most tutorials or utilities expect linux or at least iis to add insult to injury, i'm pretty much only able to do a manual validation via dns since letsencrypt can't see my well-known file via http (it 403s) despite it being available and visible i did end up being able to pull down a cert via acmesharp but i wasn't able to package the crt file into a jks (via portecle) because it didn't know how to injest the crs pem i creted earlier how the hell do i do this? i have the previously mentioned stuff on the server and i also have a linux vm
|
|
#
¿
Mar 30, 2017 14:16
|
|
|
cheese-cube posted:missed opportunity for triple-combo: 69.66.62.19 late, but fixed
|
|
#
¿
Mar 30, 2017 22:35
|
|
|
https://www.youtube.com/watch?v=97biyPDXnto
|
|
#
¿
Apr 1, 2017 22:53
|
|
|
ugh, this is going to be me next friday, my sister's clinic did an arguably good thing by allowing new clients to fill out the new patient questionnaire online (instead of having 15 minute bottlenecks at the office) but it's on a plain http wordpress site so it's sketching out people i think i'm just going to suggest they replace that with a bunch of forms available as pdfs or something so people can fill stuff out at home, but then i'm sure people will start emailing the forms in and that's it's own issue i guess i could add 10mb of bloat to make them un-emailable
|
|
#
¿
Apr 3, 2017 16:07
|
|
|
Shaggar posted:what your sister's clinic did is a hipaa violation and should be disabled immediately yup, done as soon as i caught wind of it although i think it's a pipeda violation, i'm not even sure we have a hipaa-like equivalent in this province re: having people show up 15 minutes in advance, yeah that never works, so having people show up with their stuff ready to go is really the best possible workflow they'll eventually spring for a proper forward facing system to have people fill in their info, but for now i'm pretty sure that having a link to a 26mb pdf in the welcome email is a ghetto as all hell but compliant solution
|
|
#
¿
Apr 3, 2017 22:00
|
|
|
Punkbob posted:or you could just wrap it up in ssl? per the advice i got in this thread (and really, common sense) i'm not doing security related for them, including setting up a server i'm game to throw in a recommendation here or there and help them understand concepts, but that's it 1) i'm doing this pro-bono to help my sister, but she's working in an established clinic with owners that should know better 2) lol @ the idea of taking on healthcare liability 3) i'm also a patient (gp, neurology) with a bunch of schedule ii stuff prescribed, so extra lol @ the idea of touching a network that has a computer able to issue any kind of prescriptions that said, if you guys have suggestions of stacks they should look into, i'll gladly relay them
|
|
#
¿
Apr 3, 2017 23:38
|
|
|
i should mention that previous recommendations included "do you really need off brand philips hue rgb lightbulbs in the kitchen" and "why oh god why are you straight up giving wifi network credentials to randoms in the waiting room"
|
|
#
¿
Apr 3, 2017 23:41
|
|
|
OSI bean dip posted:xn--e77hhaecegybmf7bpt0a.com lol god drat it  good luck getting someone to type that, but i can see the risk in clickable link form not sure what the crossover of "people who click on links in weird emails" and "people who have a font stack capable of rendering obscure unicode" is
|
|
#
¿
Apr 3, 2017 23:58
|
|
|
Shaggar posted:well I think the url would be presented as Unicode in the client so it wouldn't look fishy except for the font differences. but then you could probably find a similar font and make it all fit. 🇸🇴🇲🇪🇹🇭🇮🇳🇬🇦🇼🇫🇺🇱.com
|
|
#
¿
Apr 4, 2017 00:23
|
|
|
i had to install a font that specialized in wide unicode support to render the text properly the good news is that with ~120k glyphs it's impossible to have a single otf render everything
|
|
#
¿
Apr 4, 2017 00:27
|
|
|
less gaudy version:
|
|
#
¿
Apr 4, 2017 00:36
|
|
|
anthonypants posted:gently caress whoever at microsoft thinks "paste as plain text" needs to be hidden in as many right-click submenus as possible seconded, i paste a lot of stuff into excel and i hope whoever decided that the default option should be copying all the formatting (and not having a plain text shortcut) stubs their toe everyday re: unicode domains, not that regex ever solves anything, but why isn't icann or whoever doing a check for visually similar characters? i mean i don't get why anyone should be able to buy googlé.com or googl𝗲.com and gently caress them if they think the proper mitigation is buying thousands of domains
|
|
#
¿
Apr 4, 2017 00:45
|
|
|
Volmarias posted:Not sure if it works on versions of Windows newer than 7 but PureText is a godsend for this kind of bullshit. neat, i'll try it out, although i'm a bit concerned about stripping out tables and positional formatting
|
|
#
¿
Apr 4, 2017 00:57
|
|
|
flosofl posted:Not sure if I missed this in thread, found it amusing as hell: i'm surprisingly ok with this
|
|
#
¿
Apr 7, 2017 22:46
|
|
|
Kuvo posted:hahah what confirming both the feature and the funniness i had a look at my network logs, i can't seem to pinpoint which call returns the auth request, anyone mind enlightening me as to what is happening?
|
|
#
¿
Apr 8, 2017 00:10
|
|
|
cinci zoo sniper posted:looks like mirai's internet of poo poo is now mining buttcoins i'm the botnet subsidizing itself on a nickel a day
|
|
#
¿
Apr 11, 2017 14:49
|
|
|
security fuckup: the poop is trying to touch me edition pretty sure i previously mentioned the lady that has a similar first name/same last name as me before that keeps using my x.yyyyyy@gmail.com address over the years i received medical stuff, financial stuff, work stuff, email money transfers, teeth x-rays, privileged government documents, a will, crazy amounts of family pictures and an awesome spaghetti sauce recipe i try to delete stuff without opening it when i recognize it (like from her alma matter) but screw you lady, we're in the same industry, apart from the divorce lawyer stuff i get the same emails from the same senders, so i'm bound to open some of them i did reach out a couple times in the past to let her know about this, but since it's only getting worse, it's just easier to burn everything to the point, she just added me on linkedin in the blind and on the one hand, i kinda feel like i should take her up on it since it'd only be fair she knows who i am at this point, and she'd actually be a relevant professional contact on the other, i basically have had her complete medical, financial, legal and personal file go through my inbox and i'm concerned this could bite me in the rear end if she gets her identity stolen (by someone else) what's the best practice here?
|
|
#
¿
May 11, 2017 17:49
|
|
|
anthonypants posted:if they're not going to acknowledge you then don't acknowledge them. they probably just mashed the "find linkedin contacts, here is my email address username and password" button and you're in there since you've emailed them. not the same email, so either she's adding all of us with the same name (~25 in the region) or she connected the dots from our old conversations like i said my first reflex is to add her, but i'm concerned about liability down the line
|
|
#
¿
May 11, 2017 18:16
|
|
|
pretty sure it'll do that if requested, not sure if it still does that on it's own also after reviewing my linkedin counterpart i figure out why i'm getting gov't docs, one of my twins is a freakin' minister so it's possible that i'm dealing with parallel idiocy here e: i forget the details, but didn't linkedin use goog's sso and took the opportunity to request access to contacts or something?
|
|
#
¿
May 11, 2017 18:26
|
|
|
Powaqoatse posted:impersonate her and make some sick remixes for comedy gold nah i got my identity stolen once (found out on a trip that my card was maxed out because i apparently purchased the services of quite a few escorts in russia) the closest i came to touching the poop was accept an email money transfer into her bank account, since i knew both the answer to the secret question and where to point the cash, but that would be inviting issues into my life
|
|
#
¿
May 11, 2017 18:36
|
|
|
Wiggly Wayne DDS posted:the words "deterrence policy" just got spoken regarding a signed and soon to be released US executive order regarding 'cybersecurity' that smells of kinetic strike responses
|
|
#
¿
May 11, 2017 19:16
|
|
|
Midjack posted:delete on receipt and don't initiate or acknowledge any further contact with her that isn't via your attorney. if she knows you, you are the first suspect when her pii is inevitably compromised pretty much the plan i settled on, what bothers me is that she's apparently taken on a senior role at a university i'm considering, because of course she did. i guess that's an awkward conversation for down the line. aaaaaaaaaaaa i guess my life is now inexorably linked to idiots with no opsec
|
|
#
¿
May 11, 2017 21:58
|
|
|
Last Chance posted:are you sure you don't have dissociative identity disorder and you actually own both email accounts? man, i wish
|
|
#
¿
May 12, 2017 13:49
|
|
|
84k hosts per the malwaretech map, 7 people paid bitcoin remains the weak link in this whole ransomware thing e: apparently it's using 3 addresses, so the success rate 28/84k or 0.000̅3% https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn surebet fucked around with this message at 00:47 on May 13, 2017 |
|
#
¿
May 13, 2017 00:37
|
|
|
this whole thing apparently scarred a few non-technicals enough to reach out to me about backups, what's the current hotness in terms of archiving? last time i did anything related it was write once, read many lto
|
|
#
¿
May 13, 2017 14:13
|
|
|
wcry monetization update: 180k detected hits as of right now against 60 transactions on the know addresses used. of those: - 9 of them were literally idiots throwing cash at the addresses to track them (avg txval of $3.63 & lol avg txfee of $8.36) - 1 of them was for $235, which is lower than the required $300 unlock bounty - 35 were within the range of $300 - 15 were above the required bounty, which supposes multiple hits per owner (9x $600, 3x $900, 2x $1200 & 1x $3300) which i'm not sure helps since iirc each machine requires a unique unlock code so we're looking at a conversion rate of 51/180k or 0.00028̅3%, with a return of about $25k (13˘ per infection), with the usual caveats of converting bitcoin into something useful. e: how does the worm talk to it's c&c to generate the unlock key, is it via the sinkholed domain? not that i condone paying these idiots, but doesn't that screw the infected people out of the possibility of recovery? surebet fucked around with this message at 19:50 on May 13, 2017 |
|
#
¿
May 13, 2017 19:13
|
|
|
Chalks posted:Yeah, but there have been some instances of "scam" ransomware that just encrypts your poo poo without bothering to have the whole unique key retrieval infrastructure. i'd wager it has more to do with the fact that a) good luck running a non-technical through the bitcoin buying and transmitting process and b) who in their mind would punch their credit card info into an exchange suggested by scammers, no matter how (relatively) trustworthy it is imagining for a moment that they wouldn't get wrecked, if the requested payment was over paypal, i'm sure the conversion rate would be significantly higher. maybe they should try with amazon giftcards or something
|
|
#
¿
May 14, 2017 02:26
|
|
|
i'm looking forward to the first report of a droidcar plowing into a building trying to catch a pokemans or videos of drivers getting arrested after playing flappy birds at highway speeds
|
|
#
¿
May 15, 2017 18:22
|
|
|
https://www.youtube.com/watch?v=GB4YgKmKVZc
|
|
#
¿
May 19, 2017 18:31
|
|
|
apparently some fuckers are trying to kill wcry's kill switch: https://www.wired.com/2017/05/wannacry-ransomware-ddos-attack/
|
|
#
¿
May 19, 2017 23:51
|
|
|
 aaaaaaaaa there's a lot of commercial results in there too akadajet posted:tbf trello isn't really a great anything it's a great tool to get people into the idea of project management for zero dollars, but you should be trying to move users to something less dumb asap
|
|
#
¿
May 21, 2017 18:41
|
|
|
a few thoughts on the whole implanted device thing: "if they're in the same room, they could stab you, therefore" murdering someone in a more conventional fashion leaves behind clues that are generally well known and understood by forensic investigators. the first wave of murders-by-ssh will probably be understood as device malfunctions, especially if the device doesn't freeze it's state & firmware at the time of death. this goes double for medical infrastructure that's subject to protest like clinics providing abortion services or hospitals run by/catering to certain groups. "companies are probably really interested in not getting blamed/sued" if the first wave is going to be misunderstood as failure, i'm legit concerned that further fuckery will be handled in the same way that auto manufacturer handled some incidents, where some mba geniuses cost benefited recall expenditures versus lawsuits and opted to hide risks from their customers. if companies aren't held to the highest standards right off the bat, case law and revenue models will form in a way that supports the low security status quo. i 100% that there are more pressing & systemic issues with healthcare security, but between the boomer cohort entering geriatric care and the proliferation of implantable devices, if manufacturers & providers aren't proactive about security concerns, we're heading towards a critical mass of problems in the next decade
|
|
#
¿
May 30, 2017 07:28
|
|
|
|
| # ¿ May 21, 2024 07:19 |
|
|
if someone with a life sustaining implant drops dead today, is there anyone that does forensics on the devices? like i'm sure if dick cheney farted out right now without an obvious cause of death, maybe? but if joe schmoe pacemaker dude with a couple trustfund kids bites it, is there anything that happens except for a tech that checks to see if the device still powers on? random stats i pulled from fbi.gov says ~50% of murders committed are done by people who knew the victim, and half of those by immediate family. that's your proximity, and surely at least one of those geniuses are able to gently caress around with a btle stack or whatever.
|
|
#
¿
May 31, 2017 01:02
|
|