|
Volmarias posted:You're just training the user to hit the enter key after doing an autofill without reading what it says. uncheck them by default i guess? though that won't stop users from just blindly clicking everything
|
# ¿ Jan 9, 2017 05:01 |
|
|
# ¿ May 2, 2024 02:26 |
|
jtag over usb? what the actual hell
|
# ¿ Jan 10, 2017 04:28 |
|
i was setting up my new ps4 and it took me like 4 tries to get the password right because it's a 15-character generated one and i couldn't see what i was typing in because of the password entry field if you're gonna use dots for letters at least let the user unmask it like windows
|
# ¿ Jan 14, 2017 23:16 |
|
so what happened to the thread, anyway
|
# ¿ Jan 17, 2017 01:31 |
|
Loving Africa Chaps posted:Epic troll of Assange Barry O, good job https://twitter.com/wikileaks/status/819630102787059713
|
# ¿ Jan 17, 2017 23:14 |
|
Ur Getting Fatter posted:cloudy with a chance of occasional broadcast storms a high of 802.11 degrees
|
# ¿ Jan 20, 2017 04:10 |
|
ate all the Oreos posted:the javascript and html files are accessing and modifying the registry directly somehow windows has a javascript dialect that's intended to be used for scripting and has APIs for loving with the registry. obviously it doesn't work from the browser
|
# ¿ Jan 28, 2017 02:13 |
|
http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-roomsquote:One of Europe's top hotels has admitted they had to pay thousands in Bitcoin ransom to wizardcriminals who managed to hack their electronic key system, locking hundreds of guests in or out of their rooms until the money was paid.
|
# ¿ Jan 29, 2017 00:16 |
|
it also doesn't work if someone invites a guest over, then gives the guest the key to have it copied. or just takes a high-res photograph of the key.
|
# ¿ Jan 29, 2017 08:02 |
|
ate all the Oreos posted:shame it seems to have been done by a terrible white nationalist 4channer, kinda taints the whole thing oh ew
|
# ¿ Jan 31, 2017 07:00 |
|
the dolphin emulator blog has a post about how they were able to get two games to work. turns out those games had anti-emulation features: they'd stomp all over important memory and then immediately flush the cache to prevent the writes from going through. but since emulators don't emulate CPU cache it'd just crash on Dolphin. not super sec-related but i thought it was neat
|
# ¿ Feb 1, 2017 22:30 |
|
Wheany posted:keep rear end
|
# ¿ Feb 3, 2017 20:30 |
|
OSI bean dip posted:https://www.wired.com/2017/02/russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix/ i'm a bit surprised their PRNG is bad enough you can read the state off from a few dozen spins. wonder if they're using a Mersenne twister.
|
# ¿ Feb 6, 2017 22:29 |
|
LeftistMuslimObama posted:i mean, most slots players pretty much just robotically jab the spin button until they run out of credits or decide the machine is cold so as long as they can achieve the desired payout ratio the RNG probably doesn't need a ton of entropy assuming you can monitor the floor and catch people doing obviously shifty crap. yeah that's true, it could be seeded from like time plus PID plus one or two other things
|
# ¿ Feb 6, 2017 22:54 |
|
ymgve posted:why are slot machines using PRNGs at all - just have a microphone, a temperature sensor or some optical sensor - the lower bits should provide entropy enough for the system, it's not like it needs more than a few byts of RNG for every spin anyway yeah, way more secure to get all your random numbers over the network
|
# ¿ Feb 7, 2017 05:45 |
|
OSI bean dip posted:have been on hiatus from twitter as of late i'm the qqqqqqqqqqqqqqqqq
|
# ¿ Feb 10, 2017 08:12 |
|
flakeloaf posted:seriously though just log out of your poo poo and put the password in a password safe on dropbox, that's probalby good enough and it doesn't put you in a position where you need to lie to keep someone else from having your passwords to your angsty myspace poetry would they then ask you for your dropbox creds and the safe password?
|
# ¿ Feb 11, 2017 06:44 |
|
Volmarias posted:This has the same problem that FDE systems with alternate passwords have: "no, i don't believe you, show me your real account" even though that's the only one. the solution i heard once is where you have two alternate passwords, one of which has a bunch of stuff that's really embarrassing (fetish porn or whatever) but not actively compromising
|
# ¿ Feb 12, 2017 22:16 |
|
ate all the Oreos posted:lol i unplugged the loving thing and the dots didn't stop my router has a progress bar that's just updated via setTimeout
|
# ¿ Feb 13, 2017 19:38 |
|
dragon enthusiast posted:only kind of a secfuck but somebody on my TL described it as "This transitions into a refrigerator magnet cache poisoning attack" for those who aren't used to twitter's lovely ui you gotta click the datetime to see the entire thread, which is well worth reading
|
# ¿ Feb 26, 2017 21:53 |
|
Truga posted:the s in iot stands for security
|
# ¿ Mar 5, 2017 04:27 |
|
https://twitter.com/eorden/status/823924775177322497
|
# ¿ Mar 12, 2017 19:50 |
|
spankmeister posted:Mine still does. yeah it still does on android (though not ios because there's no api for that)
|
# ¿ Mar 12, 2017 20:27 |
|
fishmech posted:why would it spankmeister posted:It uses a security feature of Android, if you block screenshots that means other apps can't access the screen buffer either to potentially steal decrypted messages. i guarantee you this person wasn't thinking about that
|
# ¿ Mar 12, 2017 21:51 |
|
A Yolo Wizard posted:cemu is workin on it (though its kinda a lovely emulator conceptually) yeah i don't do filez anymore but even if i did i don't know if i'd support a closed-source emulator. though apparently they've said they'll release the source if they stop working on it?
|
# ¿ Mar 13, 2017 17:25 |
|
the problem isn't how lastpass is detecting password fields. the problem is that the attack worked despite the fact that travis's exploit page was on a completely different domain.
|
# ¿ Mar 17, 2017 05:28 |
|
hifi posted:it's in an iframe though yeah and you can't gently caress with other domains' iframes. password fields don't have any special protection from JS, you can still get at their contents with .value(), so there has to be something else going on here.
|
# ¿ Mar 17, 2017 05:32 |
|
pseudorandom name posted:welp, if I wanted to be a career rapist, I now know who I'd want to be my Ph.D advisor uh what
|
# ¿ Mar 17, 2017 09:35 |
|
it's bothering me more than it should that it doesn't play the 'full' song
|
# ¿ Mar 19, 2017 08:31 |
|
where would you even store signatures or checksums? iirc both storing them next to the data and storing them all off at the end somewhere both have problems
|
# ¿ Mar 21, 2017 09:26 |
|
moonshine is...... posted:Regarding the whole ISP's selling browsing history etc, I'm seeing a lot of people recommend a VPN as a solution. What keeps the ISP from just MITMing your traffic? half the point of a VPN is that the traffic between you and the server is encrypted
|
# ¿ Mar 24, 2017 19:48 |
|
of course the real question is how to find a VPN you can trust
|
# ¿ Mar 24, 2017 20:10 |
|
ate all the Oreos posted:they can see your IP addresses that you're connecting to which is just as good for basically all the sites that matter i don't know the current state of dns encryption so it's also possible they could just read your DNS queries (unless you send those over your VPN)
|
# ¿ Mar 24, 2017 20:36 |
|
is there any kind of signed package thing in place that would mitigate that? iirc debian distributes packages over plain http but they're signed so it doesn't matter
|
# ¿ Mar 30, 2017 08:40 |
|
Wiggly Wayne DDS posted:p good demo https://www.youtube.com/watch?v=yPZmiRi_c-o holy lol
|
# ¿ Mar 30, 2017 19:05 |
|
Subjunctive posted:that ssh-cache thing is a hoax, right? tbh now that you mention it that's kind of high-quality video for 45 KBps
|
# ¿ Mar 30, 2017 22:55 |
|
CrazyLittle posted:yes because browser stores are notoriously insecure. Firefox used to store in clear text how else would you store it without requiring a master password
|
# ¿ Apr 2, 2017 03:24 |
|
Wheany posted:the number 1 reason you're using randomly generated passwords and using a password manager is when a random site gets its login information leaked, all your logins everywhere are not immediately hosed. there could also just be an exploit that lets someone read arbitrary files as you but doesn't give them code execution or anything someone post the warning ie6 displayed when you were connecting over https
|
# ¿ Apr 3, 2017 08:02 |
|
|
# ¿ May 2, 2024 02:26 |
|
atomicthumbs posted:THE WORLD WONDERS lol
|
# ¿ Apr 11, 2017 08:08 |