|
Tayter Swift posted:Security mods
|
#
¿
Jan 8, 2017 15:59
|
|
|
|
| # ¿ May 2, 2024 02:45 |
|
|
our tester was trying to connect to a server with winscp. it gave a warning about changed fingerprint and posted a screenshot "the new fingerprint is wh:at:ev:er:th:ef:uc:k" i tried if my connection still worked. it did. so i tried to find the fingerprint. maybe i'm just dumb, but i just can't find it anywhere in either winscp or putty ui. putty stores some super loving long hex string in the registry that looks nothing like the one shown in the dialog. i finally found out the fingerprint by enabling logging in winscp and looking at the log file. it didn't match
|
|
#
¿
Jan 9, 2017 10:16
|
|
|
James Baud posted:You're taking that too literally, the fingerprints are hex, unless that's a really dumb winscp placeholder message. yes, the fingerprint wasn't literally whateverthefuck, i'm not going to transcribe some screenshot for a yospost the point was that as far as i can tell, there is no way of finding out the saved fingerprint for a given server so that i can compare them well, with putty you can get some really long hex string from the registry, but its way too long and it's not in the same format as the one in the dialog. (two hex digits, colon, two hex digits, colon etc) so the warning is "YOUR poo poo MIGHT HAVE BEEN HACKED, check this fingerprint:" and there is no way to get a known-good value from another instance of winscp or putty to compare them.
|
|
#
¿
Jan 9, 2017 11:16
|
|
|
minivanmegafun posted:storing that in the windows registry sounds like something putty would do yes, putty definitely stores the known_hosts equivalent in the registry. on linux, i know that i can run "ssh-keygen -l -f ~/.ssh/known_hosts" to get the colon-delimited fingerprint, but i have no idea how to get putty to give me that information.
|
|
#
¿
Jan 9, 2017 15:18
|
|
|
jre posted:gently caress, that looks good. How long has that existed ? that does look good, but i don't feel like paying over $50 per year(?) to replace putty (and to a lesser extent, winscp)
|
|
#
¿
Jan 9, 2017 15:45
|
|
|
jre posted:If you are using this professionally why would you even blink at $50 for something that will improve your productivity i'm not that sure that a better ssh client would improve my productivity very much.
|
|
#
¿
Jan 9, 2017 16:07
|
|
|
negromancer posted:if you don't think mobaxterm isn't leaps and bounds ahead of fuckin putty, I don't know what to tell you. Wheany posted:that does look good, but i don't feel like paying over $50 per year(?) to replace putty (and to a lesser extent, winscp) 
|
|
#
¿
Jan 9, 2017 17:50
|
|
|
negromancer posted:If you have more than 12 sessions open you either need to start using config management or screen sessions there buddy. i thought that it meant that you can only have 12 saved sessions, not 12 sessions open at the same time.
|
|
#
¿
Jan 9, 2017 18:25
|
|
|
Progressive JPEG posted:listen the terminal software is only a drop in the bucket when youre on windows and also if you spend so much time using ssh that the difference between using putty and using mobaxterm is significant, you dun goofed
|
|
#
¿
Jan 10, 2017 08:28
|
|
|
Truga posted:honestly, this is great same, except netflix, itunes, youtube and amazon
|
|
#
¿
Jan 10, 2017 13:56
|
|
|
https://twitter.com/sweatyinbkk/status/819072551687045124 ticketmaster about not using https: 
|
|
#
¿
Jan 11, 2017 11:45
|
|
|
ymgve posted:I totally trust that the general populace that have stoves that flash 12:00 is able to configure their washer with the right address just so it can report when the power goes out which is why some of them just connect to any open network automatically 
|
|
#
¿
Jan 17, 2017 16:45
|
|
|
BangersInMyKnickers posted:I think the likely outcome is that for the sake of security the zigbee/whatever radio module will be kept as its own discrete component from the main control/firmware of the device with extreme limits on what can be passed between the two effectively neutering any ability to compromise it in a way beyond blasting garbage on the wireless link on one had, we could separate these two components for security purposes. on the other we could combine them and save fractions of a penny per device.
|
|
#
¿
Jan 18, 2017 09:31
|
|
|
ErIog posted:Jesus gently caress this derail is getting so tiring. The whole idea is that if the device knows some poo poo's going down with the electrical grid that choices will be made with regard to power consumption. The whole thing is to save on power when it's most loving expensive. The whole thing is meant to save everybody money. Whether those savings actually trickle down is something I really doubt, but it's a possibility. nice meltdown
|
|
#
¿
Jan 18, 2017 12:29
|
|
and electricity on every side.
|
Munkeymon posted:android kinda does that as of whenever they rolled out that material design stuff I think can confirm that before it sent all my data to china, android asked for authorization first to access the photos, then to access the camera before i took a selfie to change into animu.
|
|
#
¿
Jan 20, 2017 07:55
|
|
|
fishmech posted:the point of doing a ddos is that you do it from all over the place to try to make it hard for your target to avoid. it's so much the point that it's the first d of ddos.
|
|
#
¿
Jan 20, 2017 07:59
|
|
|
ate all the Oreos posted:for sale: used jet fuel, unable to melt steel beams
|
|
#
¿
Jan 23, 2017 09:47
|
|
|
Shaggar posted:I bet the software or hardware they use has a way to sign packages to prevent tampering but nobody has ever used it. oh no, i bet they used it a few times at first. but it was too cumbersome or someone forgot to do it, and it seems to work just fine. then that guy taught the new guy to do it and then the old guy left and now nobody knows that you can sign the packages.
|
|
#
¿
Jan 31, 2017 19:28
|
|
|
Phone posted:what's the thread favorite for a password manager these days? keep rear end
|
|
#
¿
Feb 3, 2017 19:51
|
|
|
and by favorite, i mean "the first one i tried"
|
|
#
¿
Feb 3, 2017 19:52
|
|
|
vOv posted:i'm the qqqqqqqqqqqqqqqqq weren't you banned?
|
|
#
¿
Feb 10, 2017 09:04
|
|
|
flosofl posted:Jesus, shut the gently caress up. You're gonna get the thread closed. Oh no
|
|
#
¿
Feb 13, 2017 07:49
|
|
|
Jabor posted:in general i'd expect good pedagogy for teaching hacking to start with "here's how we used to break stuff back in the day", because the fundamentals of getting control flow out-of-the-expected-path-somehow are still pretty much the same. then once you've mastered the basics it moves on to "here's what people came up with to make these things harder, and here are the more advanced techniques we use to defeat that and gain control anyway" do operating systems provide all the advanced protections "for free" to older programs too, or do you need to use newer libraries/recompile the programs to take advantage of them. i'm just wondering if it's actually "back in the day" or can you still pop vulnerable software with the easy tricks if they haven't been changed in the last 15 years
|
|
#
¿
Feb 13, 2017 15:22
|
|
|
ate all the Oreos posted:im updating the firmware on a point of sale system right now. the new firmware came in the form of a zip archive on some rando dropbox, and i upload it by running an anomalous bat file that, so far, has just printed an endless stream of periods to the console window 
|
|
#
¿
Feb 13, 2017 19:30
|
|
|
ate all the Oreos posted:oh hey it's checking signatures that's nice
|
|
#
¿
Feb 13, 2017 19:33
|
|
|
windows 10 home apparently doesn't come with bitlocker. how bout that.
|
|
#
¿
Feb 18, 2017 09:36
|
|
|
i thought that maybe i should enable disk encryption on my laptop, but it has windows 10 home on it and welp
|
|
#
¿
Feb 18, 2017 09:40
|
|
|
Cardboard Box A posted:Windows 10 Home to Pro upgrade costs $100 USD, which is 50% off the MSRP of $200 USD. well on one had, i don't really need bitlocker, but on the other, doesn't everybody need it? like it probably shouldn't be a "pro" feature in cyber year 2015
|
|
#
¿
Feb 18, 2017 11:44
|
|
|
cinci zoo sniper posted:yeah i desperately need to encrypt my anime trove and configuration files for counter strike: global offensive uhhuh
|
|
#
¿
Feb 18, 2017 12:14
|
|
|
cinci zoo sniper posted:don't get me wrong, i encrypt my portable electronics that can realistically be lost somewhere. i dont see much benefit for doing so with my personal desktop computer i play video games on at home hmmm
|
|
#
¿
Feb 18, 2017 12:28
|
|
|
Wheany posted:well on one had, i don't really need bitlocker, but on the other, doesn't everybody need it? like it probably shouldn't be a "pro" feature in cyber year 2015 looks like windows 10 home at least supports bitlocker-to-go, at least when the usb drive has been encrypted in windows 10 pro.
|
|
#
¿
Feb 19, 2017 11:50
|
|
|
uncurable mlady posted:tsayyy lmao flakeloaf posted:haw haw i bet teh secfuck has a smaller secfuck inside guys
|
|
#
¿
Feb 21, 2017 07:54
|
|
|
"i have a really simple system: for banks and email and facebook i have good unique passwords that i remember. for everything else i just use the same password" i have an even simpler system: just use a password manager for everything
|
|
#
¿
Mar 11, 2017 10:18
|
|
|
Chalks posted:What are people's thoughts on simply using browser password storage + a master password? That's presumably the same as using an external dedicated password manager since the password database is encrypted. i just let my browser remember my passwords since i think the realistic threat model is more "some skiddie breaks radium's code and gets my password" and less "ve haf vays of makink you talk, mr. bond"
|
|
#
¿
Mar 11, 2017 14:09
|
|
|
Cocoa Crispies posted:even warning you that it's a non-https connection to that server is a very recent thing https://twitter.com/internetofshit/status/847444546741047297
|
|
#
¿
Apr 3, 2017 07:49
|
|
|
CrazyLittle posted:yes because browser stores are notoriously insecure. Firefox used to store in clear text the number 1 reason you're using randomly generated passwords and using a password manager is when a random site gets its login information leaked, all your logins everywhere are not immediately hosed. if you have malware on your computer that can leak your browser's password database, you're already dead. if your browser vendor's cloud sync platform gets popped, welp,
|
|
#
¿
Apr 3, 2017 07:52
|
|
|
pseudorandom name posted:Firefox Sync used to use strong crypto which required you to pair new devices with an existing client to do the key exchange, but users were too stupid to understand the concept and thought Sync was a backup mechanism and got mad when they lost everything when they deleted all their Firefox installs i'm not too stupid to understand the concept, but i wanted to sync my bookmarks from my home computer to my work laptop and it told me to type the code that's displayed on my home computer's screen (or other way around, i don't remember). anyway it was unusable unless i remembered to specifically prepare for the sync process
|
|
#
¿
Apr 3, 2017 07:57
|
|
|
Today in the secfuck thread: "if you suddenly get weird new popups in your browser, be sure to click on them"
|
|
#
¿
Apr 3, 2017 13:50
|
|
|
Dylan16807 posted:clicking inside a web page can't really do anything that the web page couldn't already do how can the user tell the difference between a safe thing to click and a non-safe thing?
|
|
#
¿
Apr 3, 2017 14:45
|
|
|
|
| # ¿ May 2, 2024 02:45 |
|
|
i got 80085 points
|
|
#
¿
Apr 4, 2017 14:11
|
|