|
poop is basically self-touching at this point
|
#
¿
Jun 26, 2017 21:48
|
|
|
|
| # ¿ Apr 29, 2024 00:13 |
|
|
autonomous poop
|
|
#
¿
Jun 26, 2017 21:55
|
|
|
nope, just housekeeping
|
|
#
¿
Jun 26, 2017 23:05
|
|
|
ThePeavstenator posted:explanation I gave over the weekend for what encryption is: "imagine a lock and key, but they're made of math" great work
|
|
#
¿
Jun 27, 2017 17:01
|
|
|
msft uses fuzzing a lot, it's a little surprising that they missed a part of their AV kit
|
|
#
¿
Jun 27, 2017 17:26
|
|
|
though they weren't fuzzing IE as of 2007, after the big internal push, so who knows
|
|
#
¿
Jun 27, 2017 17:27
|
|
|
if you want to avoid notpetra, why not just patch to current? does it use undisclosed vulns?
|
|
#
¿
Jun 28, 2017 02:39
|
|
|
underflow, I think
|
|
#
¿
Jun 28, 2017 20:23
|
|
|
we just hired a research associate and administrator at my firm, and MLIS degrees were a huge asset for candidates.
|
|
#
¿
Jun 29, 2017 04:04
|
|
|
JewKiller 3000 posted:maybe the search engines, but you're not gonna get full text papers from the journals without paying, are you? yes, you are syscall girl posted:waving around a piece of wood please text me promptly
|
|
#
¿
Jun 29, 2017 04:16
|
|
|
JewKiller 3000 posted:the best thing about cs academia is arxiv
|
|
#
¿
Jun 29, 2017 04:37
|
|
|
there's a new opsec thread, but I think you're on topic here fwiw
|
|
#
¿
Jun 30, 2017 03:15
|
|
|
win-win
|
|
#
¿
Jun 30, 2017 03:40
|
|
|
huh, yeah
|
|
#
¿
Jun 30, 2017 03:46
|
|
|
force them to use two specified characters in their password, and they can't reuse. forbid numbers for even better odds against reuse.
|
|
#
¿
Jun 30, 2017 03:51
|
|
|
from the schadenthread, emphasis mineRaygereio posted:Remember that WannaCry ransomware attack from last may? Afterwards the company I work for pushed out an internal memo telling all employees not to worry and that such attack could never hit us.
|
|
#
¿
Jun 30, 2017 21:23
|
|
|
"things I won't work with" http://blogs.sciencemag.org/pipeline/archives/2014/10/10/things_i_wont_work_with_peroxide_peroxides
|
|
#
¿
Jun 30, 2017 23:45
|
|
|
ate all the Oreos posted:"hospital" and "end of life" in the same sentence I only do palliative software maintenance
|
|
#
¿
Jul 3, 2017 14:48
|
|
|
I have a friend in public sector strategic consulting who says the difference between "infosec" and "cyber" in his materials is 5 speaking engagements and $250K/year.
|
|
#
¿
Jul 4, 2017 00:16
|
|
|
people were offering to cyber on ICQ in 1997
|
|
#
¿
Jul 4, 2017 00:21
|
|
|
JS has been the assembly of the web for a long time.
|
|
#
¿
Jul 5, 2017 18:07
|
|
|
Phone posted:the permissiveness of wildcard certs was kind of a determining factor to set up lets encrypt in the first place, iirc that's not my understanding. what do you have in mind?
|
|
#
¿
Jul 6, 2017 17:25
|
|
|
BangersInMyKnickers posted:Swapping out an existing cert with one that has more alt-names on it is maybe a 2 hour process and wildcard certs are just a crutch for lovely admins that don't want to do that. I don't think alt-names are a solution for something like slack that dynamically generates hostnames. A 2-hour process is a long time if you have a lot of machines, especially if you provision new addressable systems frequently. Why would wildcard certs be used across multiple servers more than alt-name ones? If people are going to re-issue for every server, they can do that with a wildcard too.
|
|
#
¿
Jul 6, 2017 17:39
|
|
|
BangersInMyKnickers posted:Yes if only the same use case wasn't already being tackled by load balancers. Pre-allocate a poo poo ton of alt-names in the cert ahead of time and if you start running out then do some more. All that can and should be automated. Slack generates the names to match the name selected by the community, it's not something you can preallocate.
|
|
#
¿
Jul 6, 2017 17:50
|
|
|
Shaggar posted:is lets encrypt cert generation not immediate? what is the 2 hour delay? also if you have that much a problem you can provision names prior to provisioning hosts to solve the problem. the 2 hour delay for re-provisioning came from the person I was quoting, based I believe on how long it took someone (idk who) to rotate certs on a set of servers slack, as I keep saying, can't provision names ahead of time. they create new endpoints in real time based on user input I don't know who, if anyone, is suggesting generating wildcard certs on the fly
|
|
#
¿
Jul 6, 2017 17:56
|
|
|
BangersInMyKnickers posted:Depends on the CA and we haven't seen LE's Implimentation, but often with traditional ones the private key also came from the CA to encourage re-use. Not a traditional CSR process can you give an example of a CA that did this? I've been poking around and can't find any, and all the wildcard submission forms I can find just ask for a public key
|
|
#
¿
Jul 6, 2017 17:57
|
|
|
why would you need to issue identical certs more frequently than that? a|b|c is different from a|b, I'm pretty pretty sure
|
|
#
¿
Jul 6, 2017 17:58
|
|
|
Shaggar posted:you were suggesting generating them on the fly instead of reusing existing keys. no, I was suggesting using wildcard certs, because slack can't predict what names they will need. if you go and create a slack community called "shaggarfanclub", then https://shaggarfanclub.slack.com" works moments later.
|
|
#
¿
Jul 6, 2017 17:59
|
|
|
I don't understand that part. let's say the CA sends you a private key. you then have a private key in a file, just like if you'd generated it yourself. why would key management practices need to be different?
|
|
#
¿
Jul 6, 2017 18:00
|
|
|
Shaggar posted:you were suggesting separate wild card certs (same domain, different key) instead of re-use which would require requesting new, identical wildcard certs with other keys. if you aren't doing this then you are re-using the keys and increasing your attack surface. oh, sure. just like you'd need to do to protect an alt-name version similarly, right? if you get the a|b|c|d|... key from one server you can see all traffic to all the servers, same as wildcard. Bangers was suggesting that you not share keys across servers, which means reissuing afaik.
|
|
#
¿
Jul 6, 2017 18:03
|
|
|
wyoak posted:concern would be that the CA has a copy of the private key you're using on your servers, I'd imagine the CA's would shy away from that just from a liability standpoint (although really nothing stupid a CA can do would surprise me at this point) what I've seen has been a web page that gives you something to copy. but the concern Bangers raised was around key management, not the CA keeping a copy for some reason (I sure wouldn't want to, in their position)
|
|
#
¿
Jul 6, 2017 18:04
|
|
|
I would be *extraordinarily* surprised if LE's implementation asked for the private key, even if other CAs somewhere do or did, and we're talking about LE here
|
|
#
¿
Jul 6, 2017 18:06
|
|
|
BangersInMyKnickers posted:Does LE force the client to generate a new private key after some interval or does it just keep rubber-stamping the same cert with new validity intervals until someone marks it as revoked or it ages out? certbot defaults to a new key, but if you want to live dangerously then you can reuse
|
|
#
¿
Jul 6, 2017 18:30
|
|
|
Notorious b.s.d. posted:at slack's scale i am a little surprised they don't have an intermediate CA in order to issue trusted certificates on the fly I don't think Facebook has one either. running a CA loving sucks. LE spent less than $2M on their chained root, IIRC. it's not the money that's a barrier. even if you issue trusted certs on demand, you also have to deploy them in real time too and at scale that is unpleasant. I forget how long it took to roll an updated cert set to across FB, but it wasn't fast
|
|
#
¿
Jul 6, 2017 21:19
|
|
|
there are issues with the current specifications of those extensions, IIRC, but also until all clients honor it you don't get anything from using them. I forget the details, but we decided back in 2011 that it wasn't worth putting in Firefox because we didn't want people implementing it as specified. I sure wish we'd had it for CNNIC though.
|
|
#
¿
Jul 6, 2017 21:50
|
|
|
cinci zoo sniper posted:i imagine he gets lame work poo poo out of the way, although he should have a p interesting for himself job, and then just hobbies away at whatevers the target a lot of his job is sending email to people who have done, and likely will continue to do, dangerously stupid things
|
|
#
¿
Jul 6, 2017 23:27
|
|
|
sysadmins work weekends when paged, attackers like to party
|
|
#
¿
Jul 6, 2017 23:46
|
|
|
does he do mobile? apseudonym? he should do mobile
|
|
#
¿
Jul 6, 2017 23:52
|
|
|
MacOS airdrop? Chrome's webm container handling? a fuzzer for DHCP? some obscure but enabled-by-default USB-over-SCSI-over-IP protocol? outlook?
|
|
#
¿
Jul 6, 2017 23:55
|
|
|
|
| # ¿ Apr 29, 2024 00:13 |
|
|
yeah, pagerank was a long con
|
|
#
¿
Jul 7, 2017 19:39
|
|