|
0 day every day.
|
#
¿
Jun 27, 2017 00:51
|
|
|
|
| # ¿ Apr 29, 2024 05:40 |
|
|
cinci zoo sniper posted:welp time to start the hospital counter i guess hahahhhahahahahhaa.
|
|
#
¿
Jun 27, 2017 16:04
|
|
hopefully someone learned
|
cinci zoo sniper posted:i know, right. im just really not looking forward to a major life/-support system being hit by this poo poo, affect it me or not Hello! If you are seeing this it's because your pacemaker is no longer accessible, because it has been encrypted. Perhaps you are looking for a way to recover your heartbeat?
|
|
#
¿
Jun 27, 2017 16:07
|
|
|
Wiggly Wayne DDS posted:i thought we all agreed to disable the heartbeat extension THE HEARTBEAT EXTENSION IS MISSION-CRITICAL AND REQUIRED WORDPRESS 2.0!
|
|
#
¿
Jun 27, 2017 16:12
|
|
|
Taking a shower at the gym I realized that anybody flushing the toilets makes the water temp go up by 10F. MitM attack if I have ever seen one.
|
|
#
¿
Jun 28, 2017 20:14
|
|
|
communism bitch posted:can you flush enough toillets to effectively ddos the showers into pumping out boiling water I would think that's a buffer overflow.
|
|
#
¿
Jun 28, 2017 20:20
|
|
|
BangersInMyKnickers posted:I'm going over the OpenSSL docs to review their cipher support (schannel/openssl configbomb incoming) Hey, these are actually really neat! Do you mind also handling libressl as well? Thanks!
|
|
#
¿
Jul 7, 2017 10:48
|
|
|
ThePeavstenator posted:I shot the Sharif, but I did not shoot the Calibri. They say it was a Capital offense!
|
|
#
¿
Jul 12, 2017 18:13
|
|
|
ate all the Oreos posted:my friend moved from using gentoo to plan9, what kind of mental illness is that He will probably become a serial murderer.
|
|
#
¿
Jul 13, 2017 18:29
|
|
|
In non-security fuckup news: - I was able to get LibreSSL into mainline Buildroot. - I converted all of my projects over to using LibreSSL. 
|
|
#
¿
Jul 15, 2017 21:16
|
|
|
OH HEY The OPENSSL people IGNORED Tavis. https://github.com/libressl-portable/openbsd/commit/91744d3deae1b0a448f936d107d1934c12510fee You can't ignore Tavis! You will regret this!
|
|
#
¿
Jul 16, 2017 18:11
|
|
|
cinci zoo sniper posted:im the tyool 2017 infosec-related product person typing out loud "Some dude named Travis Ormandy" Oh they know who he is. 
|
|
#
¿
Jul 16, 2017 18:16
|
|
|
When I make a product I want it to be endorsed by Tavis.
|
|
#
¿
Jul 16, 2017 20:38
|
|
|
Security Fuckup Meathead - v14.1 - Security City 2000, Mayor Name: Tavis
|
|
#
¿
Jul 17, 2017 03:27
|
|
|
cinci zoo sniper posted:i set mine to a password a game beta test assigned to me more than a decade ago, but that was back when i was too dumb to keep rear end and had various password0, 0password, pass0word, etc Mine was my BIOS version number of a long forgotten motherboard I had back in the early 90's. That way if I forgot all I did was reboot!
|
|
#
¿
Jul 18, 2017 15:53
|
|
|
spankmeister posted:i think ratbert recently switched to libressl in their codebase Yep. It works just fine. A small patch to NTP was needed, but nothing too huge. Edit* LibreSSL is API compatible with OpenSSL 1.0.x, but not OpenSSL 1.1.x... Almost (See below) At least not yet. Looks like v2.6 is starting to work on that, so that's good. 99% of the applications that fail to compile against libressl I have found fall into two categories: 1) Packages that are compatible with both OpenSSL 1.0 and 1.1. Usually, they have macro checks like: code:code:Solution: Switch to PKS and stop using CMS. FlapYoJacks fucked around with this message at 16:39 on Jul 19, 2017 |
|
#
¿
Jul 19, 2017 13:48
|
|
|
It's a huge red flag to me when a website has a limit on maximum password length. They should be hashed and salted correct? Then all of the entered passwords should be the same god drat length in your database.
|
|
#
¿
Jul 20, 2017 14:12
|
|
|
I don't think hating on DD or KK is hating on poor people. It's hating on lovely bad for you food. People shouldn't eat or drink that garbage. One would argue that people think even less of the nutrition information in a huge caramel frappuccino than they do a donut. (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
¿
Aug 10, 2017 11:25
|
|
|
Look at that cracker not being very safe. 
|
|
#
¿
Aug 11, 2017 11:33
|
|
|
Wiggly Wayne DDS posted:in the wild memory leak in apache for non-default configs: Lol, Apache is such an unadulterated gigantic poo poo show.
|
|
#
¿
Sep 18, 2017 15:24
|
|
|
I don't remember this being posted, but it's so good and you guys should watch it. This guy is insanely good at what he does. https://www.youtube.com/watch?v=KrksBdWcZgQ Edit* Enjoy this really cool thing he made as well: https://github.com/xoreaxeaxeax/sandsifter FlapYoJacks fucked around with this message at 14:39 on Sep 22, 2017 |
|
#
¿
Sep 22, 2017 14:35
|
|
|
ThePeavstenator posted:How does a modern website even manage store passwords now? If you know what you're doing you're going to salt and hash. If you don't know what you're doing every webapp-in-a-box template/module is going to salt and hash your user's passwords. People are loving dumb is why. The first time I made a database to store passwords I thought to myself "Self, don't be a dumb. Take a few hours, do some research, figure out the best way to store passwords." After a few hours I had a bcrypt/hash/salt setup going that stored passwords not in plain text and I thought it was pretty decent. 99.99999% of the people out there won't even think about "Don't be dumb" and will just go about storing poo poo in plain text.
|
|
#
¿
Oct 9, 2017 17:52
|
|
|
Security Fuckup Megathread - v14.1 - Hello, is this a delivery order?
|
|
#
¿
Oct 13, 2017 15:18
|
|
|
Just found out my company has SMBv1 turned on. This is after WannaCry, and after upgrading to server 2016. 
|
|
#
¿
Nov 6, 2017 18:23
|
|
|
spankmeister posted:I wanna bet the domain functional level is 2003 or 2008 at the most All the corporate servers were updated to 2016. There isn't a corporate server that's lower than that.
|
|
#
¿
Nov 6, 2017 18:27
|
|
|
cinci zoo sniper posted:i think what he is saying is that your modern servers are configured like it was fashionable s decade ago Oh, well yeah probably, as the guy the CEO hired to do it was a blithering idiot who refused to accept that poo poo changes over time.
|
|
#
¿
Nov 6, 2017 18:31
|
|
|
anthonypants posted:domain/forest functional level also doesn't impact smb but using smbv1 in tyool 2017 is a good indicator that your it department is dumb That would indicate we have an IT department. Corporate has its own network that has a single Trunk going to the engineering network. Corporate runs WS2k16, engineering runs CentOS7. Engineering is 100% in charge of the engineering network. I set it up where every server runs yum-cron, SELinux is set to enforcing, and firewalld is setup as well. Corporate I have no loving clue, but they updated a few months ago from WS2003 to WS2016. Apparently, they don't give nearly as much of a poo poo about infosec as I do.
|
|
#
¿
Nov 6, 2017 19:57
|
|
|
RISCy Business posted:let's run the firewall on the same system normal users have access to, nothing could possibly go wrong Normal users sure as poo poo don't have access to the engineering servers.
|
|
#
¿
Nov 6, 2017 21:16
|
|
|
RISCy Business posted:do you really want anyone besides network/security people to even have the possibility of touching your firewalls Who says I don't have a hardware firewall? 
|
|
#
¿
Nov 6, 2017 21:27
|
|
|
RISCy Business posted:more like onepiss!!!!! one plus one equals don't buy one!
|
|
#
¿
Nov 15, 2017 02:04
|
|
|
The fact that WS2016 has SMBv1 turned on by default is so bad I can't even describe it.
|
|
#
¿
Dec 11, 2017 22:22
|
|
|
Wiggly Wayne DDS posted:in actual security news and not "i know what insider trading is, shut up with your facts" All the more reason to not use AV.
|
|
#
¿
Jan 4, 2018 12:51
|
|
|
edit: never mind
FlapYoJacks fucked around with this message at 07:01 on Jan 11, 2018 |
|
#
¿
Jan 11, 2018 06:49
|
|
|
Krankenstyle posted:all locks can be picked https://www.youtube.com/watch?v=OLsJDELd4lo
|
|
#
¿
Jan 17, 2018 16:36
|
|
|
|
| # ¿ Apr 29, 2024 05:40 |
|
|
Jonny 290 posted:i aint trustin no dude that realizes an arch is hosed up and keeps slamming his dick into a keyboard writing kernels for it and angry mailing list msgs about it sorry folks, we are cancelling support for Linux on x86.
|
|
#
¿
Jan 25, 2018 01:08
|
|