|
Flying Leatherman posted:Maybe I'm late on cipher discussions, but https://cipherli.st is a nice resource that I've used before on a government project we weren't even allowed to use tls 1.0 1.1 and 1.2 only. i was ok with it, of course.
|
# ¿ Jan 6, 2017 23:18 |
|
|
# ¿ May 5, 2024 07:39 |
|
A Pinball Wizard posted:are there any non poo poo consumer wifi routers? just get a dedicated wifi access point and connect it to a decent router
|
# ¿ Jan 13, 2017 16:14 |
|
hobbesmaster posted:i work for a company with an iot gateway that by default blocks all incoming connections on whatever the wan interface is detected as it's not a question but i bet the number one ticket filed is "it dont work"
|
# ¿ Feb 23, 2017 16:36 |
|
https://twitter.com/rafalwilinski/status/834772410125733888
|
# ¿ Feb 23, 2017 17:12 |
|
Shaggar posted:code signing is cool and good and its good for people to think about it even if its for silly poo poo like a text editor. it is but you also get things like http://colin.keigher.ca/2014/12/the-joke-behind-signed-sony-malware.html
|
# ¿ Mar 10, 2017 18:35 |
|
i thought everyone and their brothers used those action replays to play their "imports"
|
# ¿ Mar 14, 2017 19:53 |
|
we get it, you vibe
|
# ¿ Mar 14, 2017 20:21 |
|
SSL certs are such a loving racket. on the other hand, if i really thought I needed to shell out $2k for a SSL cert from some company and then find out it's losing its trust i'd flip my poo poo.
|
# ¿ Mar 23, 2017 17:49 |
|
apseudonym posted:EV certs do nothing compared to normal certificates. Don't buy them. of course not. but there's some people who think they need them. they'll be mad still, in this case.
|
# ¿ Mar 23, 2017 21:05 |
|
its funny reading this because i literally just had to re-up my hipaa training for the feds 10 minutes ago
|
# ¿ Apr 3, 2017 17:10 |
|
Shaggar posted:is that for cms? did you sign the cms cyber pledge for security?? nah, it was for another agency. i had to do fisma as well, which had a different pledge. i love how all the agencies have different requirements for this poo poo, and also their own set of NIST modifications which almost universally make things less secure
|
# ¿ Apr 3, 2017 17:33 |
|
oh jesus the IP to that thing is in one of the videos.
|
# ¿ Apr 5, 2017 19:32 |
|
there's no way that guys not going to jail, unless he's outside the US or something.
|
# ¿ Apr 5, 2017 19:35 |
|
im frantically F5ing until the tweets turn into a "/ ?" page
|
# ¿ Apr 5, 2017 19:51 |
|
cant wait to throw my money at that company
|
# ¿ Apr 5, 2017 22:05 |
|
they're chinese, right?
|
# ¿ Apr 5, 2017 22:13 |
|
atomicthumbs posted:What the gently caress e17 was a loving unicorn
|
# ¿ Apr 6, 2017 05:59 |
|
its cool to see all of symantecs failures just lined up like that
|
# ¿ Apr 10, 2017 17:08 |
|
https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/ im the emergency system connected to the internet
|
# ¿ Apr 10, 2017 17:50 |
|
sirens.stackexchange.com
|
# ¿ Apr 10, 2017 17:58 |
|
lol @ silverlight in general
|
# ¿ Apr 11, 2017 01:16 |
|
i guess you could always do ssh port forwarding or something
|
# ¿ Apr 11, 2017 01:20 |
|
well, i am
|
# ¿ Apr 12, 2017 04:11 |
|
i fought really hard to not have tenable's nessus installed in a production environment because of government requirements, to the point where we had to get a special exemption. i dragged my feet until we were allowed to just run nessus on some separate VPC with just some instances of the AMIs we used instead of opening a port to the world so the feds could run their dumb scanning tools. whenever i get a notice that there's some weird privilege escalation or remote execution exploit that needs to be patched, theres not a smugdog in the world large enough. total incompetence is pretty standard when dealing with the government, right?
|
# ¿ Apr 20, 2017 04:32 |
|
haveblue posted:they've been gradually closing off information sources that could be used for fingerprinting. like, you can no longer get a real UUID for an iphone, the value you can get will be changed if the user does a factory reset or non-unique if the user turned on an extra privacy setting im almost positive the number is application specific and each app will get a different id. it will also change if the user uninstalls/reinstalls the app.
|
# ¿ Apr 24, 2017 19:19 |
|
on that note i took on a contract at one point that was porting some win ce (lol) application that sent application-specific commands to users via intercepting SMS (win ce let you do that). i explained to the old dev that "you cant do that and you also cant get the users phone number from the software" he responded with: "what do you mean? microsoft has had this functionality for years!" finally he said "your responsibility is to find out how to circumvent these restrictions, because we cant implement a messaging system in the application itself, it has to be done via sms" both him and win ce are really loving stupid
|
# ¿ Apr 24, 2017 19:21 |
|
Shaggar posted:ive been doing integration w/ them and oh man. lol i did integration with them as well about 7 years ago and yeah cant believe they're a thing
|
# ¿ Apr 26, 2017 02:10 |
|
cis autodrag posted:they are losing market share rapidly. hit is becoming a three horse race between athena, cerner, and epic with the corpses of the other vendors trying to shamble along. they deserve it. they were terrible and they've been riding on the fact that they got there first and didn't do poo poo afterwards.
|
# ¿ Apr 26, 2017 02:50 |
|
responsible disclosure is so boring
|
# ¿ Jun 23, 2017 22:21 |
|
|
# ¿ May 5, 2024 07:39 |
|
infernal machines posted:so i've just discovered while transitioning services for a client, that the all-in-one (industry targeted) MSP they were using has their "Zoolz" cloud backup service tied to an employee email address. is it a government thing?
|
# ¿ Jun 23, 2017 22:32 |