|
I ordered some stuff from a webshop and had it delivered to a pick-up point in a local supermarket because otherwise I wasn't going to be home to get it from the delivery person. Because of the ransomware, the delivery company was a day late with sending me the e-mail saying the package is ready to be picked up. This malware is truly evil because I'm getting stuff a day later. That was my story.
|
# ¿ Jun 28, 2017 06:47 |
|
|
# ¿ May 7, 2024 01:05 |
|
http://www.northropgrumman.com/Capabilities/Cybersecurity/Pages/default.aspx Carbon dioxide fucked around with this message at 19:08 on Jul 3, 2017 |
# ¿ Jul 3, 2017 19:06 |
|
Several weeks ago I got a letter from my housing company, informing me that they had made a new website (subdomain of their main site) with a secure environment where their customers, (tenants), could login to view their personal information and update it online. The letter assured me that the website was double checked by some security company and deemed safe. However, when I went to sign up, at some point I ended up on their main public-facing website, where they had plopped a copy of the login (username/pass) form on the homepage. Which was http. There was an https version but it was configured wrong, with the security cert only being valid for the other subdomain. So I immediately sent them an e-mail telling them why putting a password form on a http page is a horrible idea, and giving them some pointers on how to quickly fix/remove it. To my surprise, the next day they called me to thoroughly thank me for pointing out the problem. They were already working on a fix and thought it would be ready by the end of the day. They also asked me if I wished to get an update on how they were doing a week later. Well, when I checked the site that evening, they already got everything in order. And, once again to my surprise, today I received a letter from them with another thank you, and a 25 eur gift card attached. Reading this thread, I was under the impression that most companies are dicks when you point out security problems to them. Apparently there are companies that are Good.
|
# ¿ Jul 13, 2017 21:14 |
|
E4C85D38 posted:seconded this place owns On friday afternoon, when the NSA employees are bored, they just jam the GPS signal on campus until some tourists end up at the wrong entrance, so the guards can have some fun harassing them.
|
# ¿ Jul 14, 2017 06:35 |
|
Twitter's own @support account has been suspended from Twitter. https://twitter.com/support
|
# ¿ Jul 19, 2017 19:22 |
|
https://www.bleepingcomputer.com/news/security/45-000-facebook-users-leave-one-star-ratings-after-hackers-unjust-arrest/
|
# ¿ Jul 24, 2017 18:04 |
|
vOv posted:yeah their dev blog makes them seem like some of the most competent game devs ever, especially consider that it started off like a $20k kickstarter So they're better than the binding of isaac devs. https://twitter.com/tyronerodriguez/status/667441957644468230
|
# ¿ Jul 27, 2017 06:25 |
|
https://torrentfreak.com/hackers-use-pirate-sites-to-ruin-your-life-state-attorneys-general-warn-170727
|
# ¿ Jul 28, 2017 07:02 |
|
My work deals with a LOT of personal data which means we get regular government audits and all that stuff already. I believe the current law/policy is that we can't keep any personal data longer than 2 years after our last dealing with them. It's not hard to just run a scheduled delete for that on all live systems. For backups, within 2 years things change so much that 2yo backups are completely useless to us anyway, so no reason to keep them.
|
# ¿ Jul 28, 2017 18:10 |
|
Interesting. The Dutch police opened a page on their website where you can enter your e-mail address to find out if it was in a compromised database, very similar to haveibeenpwned.com Except, when you do so, it tells you the system will send a mail to that address with tips on how to secure it again, if it appears in their list. If it doesn't, they won't send you a mail. I suppose that's a way to prevent people from seeing whether e-mail addresses that aren't theirs have been 'pwned'.
|
# ¿ Jul 30, 2017 00:05 |
|
"Scientists Put Malware in DNA For the First Time - "encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer."" Source: Someone on IRC who says they read it on reddit E: Also here https://www.wired.com/story/malware-dna-hack/
|
# ¿ Aug 10, 2017 17:53 |
|
According to the logs at work someone tried to "hack" the company website by setting a randomly generated id stored in a cookie to "file///etc/passwd". I can't even think of any setup in which that would actually do anything. What the hell.
|
# ¿ Aug 11, 2017 18:19 |
|
pairofdimes posted:Did you try running the installer? I was on 54, ran the installer, and it updated me to 55 just fine. I used the download link from this page which seems to just link you to a regular stub installer: https://support.mozilla.org/en-US/kb/update-firefox-latest-version I was on 54, couldn't install update from the About screen (it just claims I have the latest version), downloaded the installer and ran that, it said to restart Firefox to start the newly installed version. Did so, I'm still on 54, still no update available. So that installer only works if your system has already been 'selected' to be in the next group to get an update.
|
# ¿ Aug 12, 2017 19:04 |
|
Subjunctive posted:file that and PM me the bug number? That means finding out where firefox' bug reports have to go and how to file them.
|
# ¿ Aug 12, 2017 19:19 |
|
pairofdimes posted:Can you try again? I searched for why Firefox wasn't updating to 55 and it looks like all updates were stopped for a while due to a bug: No pages are rendered / Shutdownhang crashes with aetpkss1.dll PKCS#11 module in Firefox 55 Okay, after a double check I found it DID install the 55 version but an additional 'bug' happened. Windows 10 machine. I had the 32-bit version (Firefox 54) installed in "Program Files (x86)/Mozilla Firefox". The installer which I downloaded from the official website installed 64-bit Firefox 55 in "Program Files/Mozilla Firefox", without telling me. It also did not uninstall or overwrite the 32-bit version. The Firefox shortcut on the desktop was updated to start the new 64-bit installation, however the pinned shortcut on my taskbar was NOT updated and still pointed at the Firefox 54 version. I have now uninstalled the 32-bit version and now everything is okay. But that was a rather confusing thing. E: Also apparently you cannot run 32-bit and 64-bit simultanously. If you start one and then try to start the other, it just opens a new windows of the version you got already running. Carbon dioxide fucked around with this message at 20:40 on Aug 12, 2017 |
# ¿ Aug 12, 2017 20:36 |
|
Lutha Mahtin posted:is this bubbling up in the blogs and twitters?? or do we have a case of yospos FIRST POST I didn't spread it further because I am certain the yospos Actual Cecurity Experts (ACEs) will take care of it and march angrily to the twitters and grab some Mozilla devs by the neck until they fix it.
|
# ¿ Aug 14, 2017 07:07 |
|
ate all the Oreos posted:i don't even own a degree You don't need to own one to screw your underlings 360 degrees.
|
# ¿ Sep 10, 2017 19:46 |
|
Thanks for reminding me I wasn't following your new twitter yet. Carbon dioxide fucked around with this message at 19:47 on Sep 19, 2017 |
# ¿ Sep 19, 2017 19:44 |
|
Shaggar posted:non-us banks don't give their customers the same protections we take for granted Don't US banks have a history of giving you access to everything after they ask you your mother's maiden name on the phone and you reply with some random mumbling?
|
# ¿ Sep 20, 2017 19:27 |
|
drat, I thought the terrible way some people pronounce JWT was just a bad joke. But...RFC 7519 posted:The suggested pronunciation of JWT is the same as the English word "jot". It's actually in the standard.
|
# ¿ Sep 20, 2017 20:18 |
|
SAN FRANCISCO (Reuters) - An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. https://www.reuters.com/article/us-...t-idUSKCN1BW0GV
|
# ¿ Sep 21, 2017 20:13 |
|
A dutch insurance company is now offering a cybersec insurance for home users. When you sign up, you get a F-Secure router for free, the insurance says you are required to install it and use that for all your home internet connections. You also get a phone app in case you ever connect your phone to a network other than your home network. Then if your computer gets hosed up by malware, you can call them and an expert will help restore your data. If the computer is hosed beyond repair, the insurance will pay money as a compensation for the loss. They won't pay out more than 3 times per year per home though.
|
# ¿ Oct 19, 2017 18:57 |
|
buttcoin idiot of the year https://www.businessinsider.nl/man-in-the-netherlands-sold-everything-for-bitcoin-2017-10/
|
# ¿ Oct 21, 2017 09:01 |
|
|
# ¿ Oct 24, 2017 16:08 |
|
Cocoa Crispies posted:yeah, and enough sites are https-only that lol it is a place where yarn is not safe. where birds lie dead, placed upon doormats and newspapers. it is a place where laser pointers drive one to question existence itself. it is... the Kitten Zone.
|
# ¿ Oct 28, 2017 16:01 |
|
bump_fn posted:
They shouldn't be able to verify only specific characters of your password, unless their encryption is crap or non-existant.
|
# ¿ Oct 29, 2017 19:37 |
|
The real problem with lastpass is that its firefox plugin UI is a horrible piece of poo poo.
|
# ¿ Nov 2, 2017 22:17 |
|
Has anyone heard of this app and is it good/does it have a future? https://tox.chat
|
# ¿ Nov 4, 2017 21:26 |
|
https://twitter.com/Timrasett/status/926903967027785728 SA has trouble embedding this, but this is a 35K sized tweet.
|
# ¿ Nov 4, 2017 22:47 |
|
anthonypants posted:mine is an exclamation point https://twitter.com/anthonypants/status/926938537877843974 They take one down, the next one pops up https://twitter.com/xsimemuero/status/926914609776279552
|
# ¿ Nov 4, 2017 23:44 |
|
Ciaphas posted:I like the "facebook and twitter are incestuous hitlerholes that need to be burned to the ground and salted ASAP and never ever replaced" hill myself, i'd die on that In my experience at least half of software devs hate facebook. In society as a whole that number is a lot smaller, but still it has been growing.
|
# ¿ Nov 7, 2017 07:37 |
|
Kuvo posted:buzzfeed but lol quote:It just interested me right away. Right then and there I wanted to do anything and everything cyber.”
|
# ¿ Nov 9, 2017 23:03 |
|
Wiggly Wayne DDS posted:i found where radium went From that thread: https://twitter.com/tehjh/status/929504787229564928
|
# ¿ Nov 12, 2017 12:20 |
|
Dutch tech news is reporting that the police decrypted a metric crapton of PGP-encrypted e-mails. How? Well, the company selling this 'encrypted e-mail service' kept a copy of the private keys on the same server where the encrypted e-mails were hosted. All they needed was access to the machine.
|
# ¿ Nov 20, 2017 21:46 |
|
quote:Intel has released a downloadable detection tool located at http://www.intel.com/sa-00086-support , which will analyze your system for the vulnerabilities identified in this security advisory. Okay what the gently caress is this. The Linux version appears to be a bunch of python files + a larger executable. The Windows version has 4 folders, one that contains a GUI tool that says my system is not vulnerable, and a log file that seems to have been created on an Intel company machine a couple days ago, that has log lines about DLL signing. One that contains documentation. One that contains a command line tool that tells me "your system might be vulnerable" and then throws an error about not having access to write poo poo to Windows Registry, and writes a log file in the same folder which says "Detection error: your system might be vulnerable" so I'm thinking that whole tool doesn't work. And the fourth folder contains a windows application package, what seems to be a powershell build script of sorts, and a cert file issued by "user" to "user". They were in a rush to get this tool released, I suppose?
|
# ¿ Nov 20, 2017 23:14 |
|
Cool, so they 1. pay ransoms to hackers and 2. keep the hackers' identities secret. This is useful to know.
|
# ¿ Nov 21, 2017 23:33 |
|
|
# ¿ Nov 24, 2017 23:40 |
|
In what backass country do you still got public payphones? They got rid of all of them here after they stopped being profitable because everyone got a cell phone.
|
# ¿ Dec 1, 2017 07:40 |
|
Come on guys, Apple just followed up on their slogan promises with that root "bug". https://www.apple.com/macos/high-sierra/
|
# ¿ Dec 1, 2017 20:16 |
|
|
# ¿ May 7, 2024 01:05 |
|
Wait a minute. Waaaait a minute. Does archive.org have copies of all DMCA'd youtube videos? Because that would be quite a big deal.
|
# ¿ Dec 11, 2017 17:20 |