|
cheese-cube posted:oh yeah actual secfuck: today i found a couple of standalone windows servers in our environment that had their local Guest accounts enabled and they'd been added to the local Administrators group 
|
#
¿
Jul 5, 2017 11:48
|
|
|
|
| # ¿ May 15, 2024 16:47 |
|
|
Shinku ABOOKEN posted:sorry grandma https://www.youtube.com/watch?v=vfl33Tn0pYc
|
|
#
¿
Jul 5, 2017 18:38
|
|
|
Maximum Leader posted:i think someone hacked my poo poo, someone tried to log into (with correct username and password) my steam account from brazil and my spotify password just got changed sounds like that ye
|
|
#
¿
Jul 6, 2017 08:24
|
|
|
please use password manager from now on
|
|
#
¿
Jul 6, 2017 08:25
|
|
|
FAT32 SHAMER posted:or if you're like me, dont use the same password everywehre what
|
|
#
¿
Jul 6, 2017 08:46
|
|
|
FAT32 SHAMER posted:the unburned are those who havent been hacked yet yeah im trying to make sense of your advice to ditch password managers and implication of single password for everything with the use of password manager
|
|
#
¿
Jul 6, 2017 08:54
|
|
|
Angela Merkle Tree posted:people aren't hacking your password manager, they're hacking that unpatched counterstrike forum you posted on 10 years ago with the same password yeah that what I'm saying FAT32 SHAMER posted:nonono
|
|
#
¿
Jul 6, 2017 09:46
|
|
|
but yeah just ignore me whenever i stumble in english, i should've known better by now unless you are making some obscure regional references
|
|
#
¿
Jul 6, 2017 09:47
|
|
|
Raluek posted:i think cinci's confusion stems from these being basically opposites
|
|
#
¿
Jul 6, 2017 13:06
|
|
|
mrmcd posted:lol if there's scrubs itt not using password managers and 2fa to be honest i am too lazy to use 2fa for most things. one day thatll get me in trouble, but for now ive just had chinese guests in my c-tier nth gmail account i accidentally remembered after never using it, and my guild wars 2 account i barely ever used too
|
|
#
¿
Jul 6, 2017 14:16
|
|
|
Wrath of the Bitch King posted:is lastpass still unacceptable to use these days or what? I'm using keepass with my dropbox account to house the pw database, but it's a little more cumbersome than I'd like and I wouldn't mind moving to a centralized platform like LP. lastpass still not great at the specific part that makes it different from standalone cloud storage keepass, yes
|
|
#
¿
Jul 6, 2017 14:18
|
|
|
maskenfreiheit posted:I prefer to use KeePass. i use keepass too, "official" windows client with key file in onedrive
|
|
#
¿
Jul 6, 2017 15:43
|
|
|
Truga posted:I hope you mean password vault? Key file should be local. the database file, im not fluent with terminology
|
|
#
¿
Jul 6, 2017 16:16
|
|
|
maskenfreiheit posted:you use a keyfile? don't you worry that if that's compromised? database file locked under a password. cinci zoo sniper posted:the database file, im not fluent with terminology
|
|
#
¿
Jul 6, 2017 16:59
|
|
|
i opened the thread on phone and seeing twitter/taviso made me reflectorily go "oh poo poo"
|
|
#
¿
Jul 6, 2017 22:16
|
|
|
Arcsech posted:why doesnt this guy ever find earthshattering oh-poo poo vulns on like, monday morning or something i imagine he gets lame work poo poo out of the way, although he should have a p interesting for himself job, and then just hobbies away at whatevers the target
|
|
#
¿
Jul 6, 2017 22:45
|
|
|
spankmeister posted:I don't know if this user1 has any infosec knowledge or anything but it seems to me they dont actually know what an 0day is. an app idea - 0dayr, crashes your phone on activation
|
|
#
¿
Jul 7, 2017 08:08
|
|
|
The fidget spinner of prosumer cyber.
|
|
#
¿
Jul 7, 2017 08:09
|
|
|
communism bitch posted:You could probably find a venture capitalist ready to invest 10 mil into this. Just change "crashes" to "disrupts", make some vague noises about monetisation strategy, and you're golden. what if we pay users if they can actually load into it, but they pay us for each disruption suffered to make for an immersive ransomware experience?
|
|
#
¿
Jul 7, 2017 08:21
|
|
|
Cocoa Crispies posted:seems like a good way to know who even knows what a 0day is is people who call it an "oh-day" vs. "zero day" if you ever say it "zero day" to a british person you'll be laughed out into the loving oblivion. do you also "zero" when dictating a phone number with 0 in it?
|
|
#
¿
Jul 7, 2017 14:23
|
|
|
james bond, agent double zero seven
|
|
#
¿
Jul 7, 2017 14:25
|
|
|
ate all the Oreos posted:what weird european country are you from where they call them "handsets" i've only ever heard that in relation to landline phones standard english m8
|
|
#
¿
Jul 7, 2017 16:53
|
|
|
gonadic io posted:I'm British and say zero day you're not supposed to just go and blow up my cover like that 
|
|
#
¿
Jul 7, 2017 21:03
|
|
|
jre posted:what that's what ive heard in europe the few times ive got to hear it,, and most of countries here stick to british english 
|
|
#
¿
Jul 7, 2017 23:49
|
|
|
FAT32 SHAMER posted:when you say "oh-day" i think of his brother qusay hussein
|
|
#
¿
Jul 7, 2017 23:52
|
|
|
jre posted:People saying oh-day ? yea
|
|
#
¿
Jul 8, 2017 00:08
|
|
|
BattleMaster posted:it had never even occurred to me that "oh day" was a possible way to say it especially when phrases like "zero hour" have existed for a long time its always pronounced oh hour thouhg? ok im kidding.
|
|
#
¿
Jul 8, 2017 08:15
|
|
|
spankmeister posted:I use antifa on all my accounts preparing for imac pro eh?
|
|
#
¿
Jul 9, 2017 10:17
|
|
|
Mr SuperAwesome posted:i am a british person who says "zero day" zero really?  but yeah thread opinions and my limited experiences are different things. not that it matters much, im just more and more curious how oh-day hasn't seen broader, i guess, adoption due to being easier and shorter to say while retaining the clarity of meaning
|
|
#
¿
Jul 9, 2017 10:26
|
|
|
geonetix posted:if you say anything else than "zero day" you should probably not be in this kind of business thankfully im a financial analyst  just interested in reading and talking about dangerous computers
|
|
#
¿
Jul 9, 2017 10:31
|
|
|
Mr SuperAwesome posted:obviously SMS 2FA is bad, but if you're using gauth/totp whatever and lose your phone, what then? i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers?
|
|
#
¿
Jul 9, 2017 10:37
|
|
|
Subjunctive posted:where are you, if I might ask, that losing your phone means getting a new phone number? latvia. a significant portion of population uses prepaid for which im far from certain about the possibility to restore number in the case of theft. with contract plans that should of course be possible
|
|
#
¿
Jul 9, 2017 11:23
|
|
|
spankmeister posted:By the way the plural is zeroes day argh
|
|
#
¿
Jul 9, 2017 13:21
|
|
|
guys has anyone seen the op, by the way.i think we may have killed her  Shaggar posted:you just get a new phone and the same account w/ same number. the old phone/sim are deactivated. the reason SMS is so common for 2fa is because the user doesn't have to manage their own key recovery when their 2fa mechanism is lost. For example
|
|
#
¿
Jul 9, 2017 19:53
|
|
|
Shaggar posted:oh yeah then you'd be hosed. same as if you didn't copy down your recovery keys for a non-sms 2fa. altho depending on the account they probably have a way to remove the 2fa which is an easier target than your SMS was in the first place.
|
|
#
¿
Jul 9, 2017 20:24
|
|
|
spankmeister posted:I'm not going this year may your kapsalons be especially tasty
|
|
#
¿
Jul 9, 2017 20:39
|
|
|
/r/programmerhumor checking in
|
|
#
¿
Jul 10, 2017 14:02
|
|
|
COACHS SPORT BAR posted:lol thats a cool coworker 
|
|
#
¿
Jul 10, 2017 17:38
|
|
|
WAR DOGS OF SOCHI posted:i saw that the petya decryption key was released just the other day sometimes, people reverse engineer the ransomware enough to figure exactly what's happening, and how. this time, similarly to teslacrypt, the author released the private key in public
|
|
#
¿
Jul 10, 2017 19:14
|
|
|
|
| # ¿ May 15, 2024 16:47 |
|
|
WAR DOGS OF SOCHI posted:i must be missing something because even if you reverse engineer something that implements something like rsa encryption, you aren't decoding that thing in a few months without the private key -- as you point out, the author would need to release that
|
|
#
¿
Jul 10, 2017 19:31
|
|