|
Did we touch the poop again?
|
# ¿ Jun 26, 2017 23:00 |
|
|
# ¿ May 2, 2024 01:56 |
|
Subjunctive posted:does he do mobile? apseudonym? he should do mobile Some of the p0 folks do mobile things, the last iOS security bulletin thing had a lot of hilariously bad sounding bugs credited to them and they find some cool Android ones from time to time but not as much as I'd like. Tavis does what Tavis wants, he cannot be aimed. E: wildcard certs are good Subjunctive is correct as to why y'all crazy sometimes. apseudonym fucked around with this message at 17:51 on Jul 7, 2017 |
# ¿ Jul 7, 2017 17:48 |
|
CmdrRiker posted:I never thought about it before, but Google does a poo poo ton of data mining with all of their products. For example, when you get an email about your flight schedule and it magically appears on your calendar and at the top of your inbox app on the day of your departure. I became more aware of this poo poo when a colleague of mine got a job at Google and then promptly stopped using his Gmail account and wouldn't tell me why. I still use mine and I doubt that's why he switched ¯\_(ツ)_/¯.
|
# ¿ Jul 7, 2017 19:00 |
|
goddamnedtwisto posted:i'm really not sure why anyone thinks anything google has ever done has ever been about anything other than this
|
# ¿ Jul 7, 2017 19:59 |
|
Notorious b.s.d. posted:well, that would work, i guess Because they could do that
|
# ¿ Jul 12, 2017 23:17 |
|
I'm also at defcon and no one cares it's not exciting.
|
# ¿ Jul 30, 2017 04:12 |
|
maskenfreiheit posted:https://twitter.com/ur_ninja/status/891833262502420480 DEFCON what happened to you claiming to be against repressive governments.
|
# ¿ Jul 31, 2017 20:56 |
|
Subjunctive posted:changing the system from inside! That's why they all went into working for government contractors or selling vulns.
|
# ¿ Jul 31, 2017 23:40 |
|
Rufus Ping posted:grsecurity are suing bruce perens for writing this That'll go well in court
|
# ¿ Aug 4, 2017 04:38 |
|
James Baud posted:Android - on Nexus/Pixel, at least - recently figured out that it would be good to let manual update checks bypass the staged rollouts since determined people were just going to get it another way more complicated way, maybe Firefox will be nice enough to do that too... I was annoyed at having to hit the website and download the (no visible sign of a version number, run it blindly) stub installer the day the update came out too. I think Mozilla took down/are taking down the ftp site, so didn't try that route. Probably a bit of Chrome and a lot of websites, people keep bloating and bloating websites to a painful degree. Also gently caress the web.
|
# ¿ Aug 13, 2017 01:34 |
|
CommunistPancake posted:it wasn't that she didn't understand tires, it was that she expected that everyone else would believe she had her tires slashed so she could get internet nazi points No one would ever post lies for internet points
|
# ¿ Aug 15, 2017 06:11 |
|
Cocoa Crispies posted:unlike modern ios, android doesn't really have a standardized safari/chrome thing that lets apps launch web pages in a app-specific instance of the OS browser, instead they get to use a shittier browser view that google can't relaly fix because android Ur wrong also that looks like a Chrome Custom Tab
|
# ¿ Aug 24, 2017 20:12 |
|
wolrah posted:This one's always struck me as a matter of what threats you're trying to secure against. The point of a lockscreen is the first.
|
# ¿ Sep 5, 2017 18:42 |
|
cis autodrag posted:
Also focusing on the storage completely misses the point where fingerprint sensors fail in a security context and Apple's is no better than anyone else's.
|
# ¿ Sep 5, 2017 22:00 |
|
ate poo poo on live tv posted:Interesting. So you basically hit the button on the side 5x, and it disables fingerprints? Means you type in your pin a lot slower and I worry about that increasing the risk of screen surfing not decrease it since you have to think so long, you'll probably also make your pin shorter as a result of it sucking rear end
|
# ¿ Sep 6, 2017 04:41 |
|
I don't understand why you'd sell your stock because of a breach though, breaches never seem to have much of a lasting impact on price. What am I missing?
|
# ¿ Sep 8, 2017 08:00 |
|
Shinku ABOOKEN posted:lol the broadpwn bug is a plain-old 90's style buffer overflow Bugs in 2017 aren't different than bugs in 1990.
|
# ¿ Sep 23, 2017 01:34 |
|
anatoliy pltkrvkay posted:who is this 'fip' character and why do people like their mode so much. Fips is the jar jar of security
|
# ¿ Sep 25, 2017 21:02 |
|
anthonypants posted:yeah and a hundred years ago the swastika didn't have anything to do with nazis but guess what Yikes even this dead comedy forum can't stand a joke anymore in the fuckup thread
|
# ¿ Oct 15, 2017 01:39 |
|
I always rant that you shouldn't trust the network in any capacity but this gonna be fun
|
# ¿ Oct 15, 2017 18:41 |
|
Honestly if in 2017 you rely on wifi encryption alone you're doing it really wrong. If you're worried about your devices getting into hostile networks I sure hope you've never paired to any open networks since thats the way we've setup mitms forever.
|
# ¿ Oct 16, 2017 17:04 |
|
M_Gargantua posted:so should I be finding a way to wipe all prior key exhange material from all my devices or should they have been doing that well enough through routine garbage collection? Keys wouldn't really be stored afaik Cybernetic Vermin posted:there have been quite a few of those posts already though, and i keep wondering whether they should be read "99.99% of users are loving idiots and should get off the internet", and whether you actually have been advicing your friends and family to not use wifi The exact opposite? If you're using tls and friends the network doesn't matter (and the network is always hostile). This doesn't noticably change the security posture for any device that has an open network in it's pairing list (e.g. Starbucks) aka just about all of them. Normal people shouldn't get off the Internet, though sometimes I wish parts of the security community would.
|
# ¿ Oct 16, 2017 17:43 |
|
Top figure of the year
|
# ¿ Oct 17, 2017 16:09 |
|
hobbesmaster posted:title: “Microsoft is good? ” Good compared to that TPM vendor at least.
|
# ¿ Oct 17, 2017 19:48 |
|
BangersInMyKnickers posted:Please don't construe OpenSSL's one instance of doing something right with an endorsement of that garbage fire Openssl sucks but everything else sucks more
|
# ¿ Oct 17, 2017 20:37 |
|
Just-In-Timeberlake posted:https://arstechnica.com/information-technology/2017/10/google-play-apps-with-as-many-as-2-6m-downloads-added-devices-to-botnet/ Did anyone actually read this because it's the stupidest scare mongering thing I've read in a while.
|
# ¿ Oct 19, 2017 19:09 |
|
Proteus Jones posted:Adress space randomization. Makes it harder to take advantage of buffer overflows. Specifically it makes it harder to know addresses, it's not particularly about buffer overflows (just as applicable to many attack primitives). It means you don't know, short a leak, the address of the function or ROP gadget you want to jump to or struct in memory you wish to mess with isn't known to you at runtime as an attacker.
|
# ¿ Oct 20, 2017 04:06 |
|
ate all the Oreos posted:the last time it came up in this thread i bought one and now i own one, i guess it's not actually that interesting a story Not the cyberpunk future I expected but buttpunk has a ring to it.
|
# ¿ Oct 25, 2017 03:05 |
|
Wasabi the J posted:Butt rock is already a thing. E.g.: Nickelback. Wrong kind of buttplay
|
# ¿ Oct 25, 2017 05:34 |
|
suffix posted:i've noticed crapware asking for it bump_fn posted:
What a clever way to reduce the entropy of a password to almost nothing.
|
# ¿ Oct 29, 2017 20:40 |
|
Bulgogi Hoagie posted:https://twitter.com/lukasstefanko/status/926084558273044481 Adrian is right and iOS security is overblown .
|
# ¿ Nov 3, 2017 03:57 |
|
Wiggly Wayne DDS posted:some more android vulnerabilities: https://pleasestopnamingvulnerabilities.com Scotty is a super cool dude, I'm glad he didn't totally burn out. hobbesmaster posted:so this will be named PSNV? Doubt it, they don't get traction these days without dedicated PR people being involved and he isn't trying to sell you anything. Its too complicated and doesn't have a clever name and so wont be noticed compared to a lot of the far less interesting bugs that have lit up the press this year.
|
# ¿ Nov 6, 2017 20:46 |
|
This is not the buttpunk future I wanted.
|
# ¿ Nov 11, 2017 04:23 |
|
fishmech posted:its good that no one uses bing.
|
# ¿ Nov 12, 2017 06:31 |
|
haveblue posted:I'm curious how much the phone's owner participated in that, the writeup and video don't make it clear. high rez face photos and 3D scans would not be easy to do on the sly and would be totally infeasible if you don't know who the owner is in the first place (phone obtained through street crime etc) Face is a stupid unlock mode and Apple users are gonna get bit in so many terrible ways but people will keep defending it .
|
# ¿ Nov 13, 2017 23:32 |
|
I wish WikiLeaks actually delivered what it used to promise and wasn't just a weak sauce mouthpiece for Russian poo poo.
|
# ¿ Nov 14, 2017 01:33 |
|
|
# ¿ Nov 16, 2017 01:43 |
|
Brings new meaning to sanitize your inputs
|
# ¿ Nov 22, 2017 06:15 |
|
SmokaDustbowl posted:I like your avatar Thanks Security Fuckup Megathread - v14.1 - I caught a virus from my unsanitized blowjob
|
# ¿ Nov 22, 2017 06:28 |
|
|
# ¿ May 2, 2024 01:56 |
|
Ur Getting Fatter posted:gonna ddos the blowjob machine until I get a buffer overflow iykwim vOv posted:distributed denial of service dick denial of service
|
# ¿ Nov 22, 2017 21:06 |