ate all the Oreos posted:

wife just linked me this:



brilliant

Lain Iwakura posted:

ayyy lmao

but yeah. i came out in april and sort of disappeared for a while because of it. will be kicking rear end soon enough!

compuserved posted:

lol

Helianthus Annuus posted:

libraries are good and cool

maskenfreiheit posted:

Maybe they will ban McAfee? 🤔

Truga posted:

cheese-cube posted:

he left about 3 months ago so i cant tear his trachea out.

Wiggly Wayne DDS posted:

what could possibly go wrong

https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

Lain Iwakura posted:

code:

15:44 < user1> company doing pentest on us is pissed at us.. one of our engineers uploaded
                their 0day exploit to virustotal and MSFT picked it up and tweeted about it
15:45 < user2> lmao
15:46 < user3> hahahahaha rekt.
15:46 < user4> Oops
15:46 < user4> Where's the tweet?
15:46 < user3> Of all the poo poo ways to burn an 0day.
15:46 < user3> That's probably the worst
15:49 < user1> [link to tweet]
15:49 < user1> MSFT picked it up from virustotal
15:49 < user1> and tweeted about it.. all in a span of about 25 minutes

https://twitter.com/JohnLaTwC/status/883057609023959040

Cocoa Crispies posted:

oh-day

Shifty Pony posted:

idk, there's probably enough wiggle room for them to set up some sort of quarantine for all preinstalled apps until they are actually launched by the user. they would just have to include their own apps in it too.

Shifty Pony posted:

and if they cracked down and actually applied standards for what is critical functionality the manufacturers would simply pool the dialer and settings app with the bloat apps into a single package such that the former depend on code from the latter for operation, similarly to how MS deeply integrated IE into windows.

pray for my aunt posted:

exploit indexing begins at 1day

COACHS SPORT BAR posted:

lol



coworker had this hanging on his wall for years after being hassled on his day off to complete phishing training

fishmech posted:

Plug this Web key into the USB drive on your computer.

what is with this copy

surebet posted:

How the Calibri font could take down Pakistan’s prime minister
Microsoft’s default font is at the centre of an ongoing corruption investigation



Microsoft’s Calibri is a fairly innocuous font, used by default on countless numbers of Word, Excel and Powerpoint documents. The inoffensive lettering could soon topple Pakistan’s prime minister, however, after being placed at the heart of a corruption investigation.

Pakistan’s supreme court is currently deliberating a case against Nawaz Sharif, the head of the country’s government. As Al Jazeera reports, a Joint Investigative Team (JIT) encompassing police, military officials and financial regulators has been gathering evidence about the prime minister’s family’s assets.

This follows a judgment by investigators that there were "significant gap[s]" in Sharif's family's ability to explain their assets and means of income. The investigation stems from the 2016 Panama Paper leak, which named three of Sharif's children as beneficiaries of offshore companies. Sharif’s political opponents claim that his properties in London were obtained through corrupt means.

Okay, so where does Calibri come in? Well, to prove her father’s innocence, Sharif’s daughter Maryam Nawaz Sharif has produced a document – allegedly from 2006 – which claims to show certain declarations of income.

The JIT report, however, notes that the documents are written in Calibri, which was not made commercially available by Microsoft until 2007. The investigators say this means that the declarations are therefore incorrectly dated, and were likely created at some later point in time.

https://twitter.com/frooq/status/884494782306889730
The investigation is ongoing, so it’s too soon to tell if a misused font is enough to undermine Sharif’s case, but it certainly isn’t going to do the precariously placed politician any favours. Still, at least it wasn’t Comic Sans.

my bitter bi rival posted:

Calibri more like Sans Sharif

ratbert90 posted:

He will probably become a serial murderer.

Carbon dioxide posted:

25 eur gift card attached.

Rectus posted:

cinci zoo sniper posted:

government

reason

encryption

bobfather posted:

I was really hoping "what security question did you choose" picked twice would pop up a third drop down box.

cinci zoo sniper posted:

I was really hoping "what security question did you choose" picked twice would pop up a third drop down box.

Subjunctive posted:

yeah, without hdr there's a simple rainbow table attack

Chris Knight posted:

that's because the real one is @twittersupport

cinci zoo sniper posted:

hackers can turn your segway into a bomb

cinci zoo sniper posted:

https://www.ioactive.com/pdfs/IOActive-Security-Advisory-Ninebot-Segway-miniPRO_Final.pdf

My PIN is 4826 posted:

best part isn't even mentioned in this article - the STA database is public domain information, so it's passed around to advertisers as a service. however, this one time they all got an un-redacted database that included things like people in the witness protection programs.

the obvious solution would be to send out the redacted version and tell recipients to destroy the old one, but instead they sent out a list of who to remove from the first database

Powerful Two-Hander posted:

do u have a skul gun?

Dodoman posted:

What happened to your 💀?

PCjr sidecar posted:

ur dogs on a no flea list

maskenfreiheit posted:

i look forward to a future where we are sedated, stripped naked, and stacked like cordwood when flying

cinci zoo sniper posted:

no, you are not. you would land too rapidly etc, and regulators have their own opinions on it all too

cheese-cube posted:

patriot pac-3 has drone shoot-down capability within a very broad altitude envelope. you better be packing some badass ruskie EW/traditional countermeasures fdriend

fake edit: holy lol, this bit from the patriot wiki article is a proper fuckup (https://en.wikipedia.org/wiki/MIM-104_Patriot#Failure_at_Dhahran):

quote:

Two weeks earlier, on February 11, 1991, the Israelis had identified the problem and informed the U.S. Army and the PATRIOT Project Office, the software manufacturer.[46] As a stopgap measure, the Israelis had recommended rebooting the system's computers regularly. The manufacturer supplied updated software to the Army on February 26.

cinci zoo sniper posted:

https://security.gerhardt.link/RCE-in-Factorio/

Factorio is a very popular multiplayer factory management and automation game. It supports modification though the use of Lua scripts. For security and determinism (in a multiplayer game all clients process the game state separately, any client difference would result in desyncronization and crashing) access to certain Lua core libraries is disabled. This includes OS, debug and package. Factorio supports a Lua REPL that can be used by administrative users in multiplayer games and will also autorun Lua provided by the server on joining in a less widely used system called “scenarios”.

Subjunctive posted:

https://www.theregister.co.uk/2017/07/27/russian_politicians_son_gets_27yrs_fraud

quote:

It also helped that Seleznev didnt use encryption at all.

flakeloaf posted:

unless it is a festering landfill of diapers you cannot improve it with the addition of blockchain technology

French Canadian posted:

To be fair, it was partially the "authenticity" of the DropBox-esque email that screwed me over.

Gone are the days of Nigerian emails and poor grammar.

ate all the Oreos posted:

today my friend managed to catch in code review one of our shittier devs' "solution" to running tasks remotely.

anyone wanna guess what it was doing?

it was literally just netcat piped to sh of course!

this was going to be installed on a customer's corporate network

geonetix posted:

nist has some very cynical people in their copywriting department