|
maskenfreiheit posted:so i heard defcon is cancelled not again!
|
# ¿ Jun 27, 2017 08:07 |
|
|
# ¿ Apr 29, 2024 05:32 |
|
flakeloaf posted:do you mean wcry or windows
|
# ¿ Jun 27, 2017 17:51 |
|
does anyone here have a good sec twitter list they can point me to? i'd really appreciate it, because left to my own devices i'd probably end up with dudes like thrurrott on my list and my pants on my head.
|
# ¿ Jun 27, 2017 18:30 |
|
right on, thanks!
|
# ¿ Jun 27, 2017 18:46 |
|
uh...i've been to many a library conference and depending on the crowd, they tend to be a bunch of librarians pissing and moaning about how to get the respect they deserve and to prove their worth to the world. ala is better than most but still ain't nobody talkin' about archiving at these things and internet privacy to a librarian means putting a polarized screen on the desktops so that their patrons can continue to watch rape porn in the childrens room
|
# ¿ Jun 27, 2017 19:23 |
|
BeOSPOS posted:I'm a librarian for real and this is a stupidly bad post Nah, I nailed it. If you feel you have to vocally defend your profession's worth, you aren't doing a very good job at your profession. And librarians get stupidly defensive about their careers to the point of obsession. All you have to do is say the triggering phrase Why do we need libraries when we have Google? to invoke Threat Level Midnight. Also, in terms of privacy, librarians cave like all the rest when law enforcement comes a-knocking. See: Silk Road and the role SFPL played.
|
# ¿ Jun 28, 2017 17:43 |
|
Shifty Pony posted:I just point the browser at proquest and go to town. institutional access owns. A public library card will usually get you free access to proquest, gale, ebsco, lexis, westlaw, and a million other loving useful online resources from your home but most people don't know this because librarians generally do a poor job of outreach unless it involves their "maker space" (a button maker or a 3D printer that is almost exclusively dedicated to kids printing skulls) or a knitting meetup. Hence the reason why librarians are so defensive about their self worth -- there's some truth to the questions about librarians' value because they seldom proactively demonstrate it. Usually this is an institutional problem and not the fault of the individuals which -- on the flip side -- you can have fantastic systems like that in Seattle because they foster the idea that a library should foster innovation and take the lead on engagement with in their community. BTW, I'm a librarian and I want libraries to succeed and thrive, but that means stfu with the hand-wringing angst, taking ownership of your own career, and being an effective leader.
|
# ¿ Jun 29, 2017 04:06 |
|
JewKiller 3000 posted:maybe the search engines, but you're not gonna get full text papers from the journals without paying, are you? Yes, most of the time you'll get full access to full text html or PDFs for free. Everything under the sun? No. There are some publishers (IEEE comes to mind) that keep their poo poo walled off. There are also the occasional journals that embargo their materials for a month or so, but it's been a while since I've run across one of those.
|
# ¿ Jun 29, 2017 04:18 |
|
sorry everyone no more from me. i've got it all out of my system now and besides the darkest days are behind us which was when second life was going to usher in a golden age of virtual library service and holy gently caress things can only look up after that.
|
# ¿ Jun 29, 2017 04:28 |
|
oh my god it was just a little prank about the company facing the possibility of another multi-million dollar loss -- why can't you guys take a joke???!!! rip, electrical dude
|
# ¿ Jun 29, 2017 17:08 |
|
i saw that the petya decryption key was released just the other day practically speaking, how are they obtaining the keys to these ransomwares? i mean, they must be using a crap algorithm in order for this to be possible, right?
|
# ¿ Jul 10, 2017 19:11 |
|
cinci zoo sniper posted:sometimes, people reverse engineer the ransomware enough to figure exactly what's happening, and how. this time, similarly to teslacrypt, the author released the private key in public i must be missing something because even if you reverse engineer something that implements something like rsa encryption, you aren't decoding that thing in a few months without the private key -- as you point out, the author would need to release that
|
# ¿ Jul 10, 2017 19:20 |
|
spankmeister posted:A few things are in play here: you are awesome. thanks for taking the time to post this and for the link!
|
# ¿ Jul 10, 2017 19:45 |
|
i used to fast-forward the vids to the end and then answer the obvious questions then they disabled fast-forward for the 18 video segments, so i opened 18 tabs and ran the vids concurrently then they disabled skipping segments before completing the previous one, so now i have to run them in real time in the background as i do real work(sa shitposting).
|
# ¿ Jul 10, 2017 20:53 |
|
Anyone who's been in a staged video shoot knows that the lighting is pretty bright at one of these things. Here's the Equifax CEO's apology while sporting dilated pupils the size of saucers despite all the lighting. Dude is tripping balls.
|
# ¿ Sep 11, 2017 18:50 |
|
tough crowd today
|
# ¿ Sep 13, 2017 20:40 |
|
lol nothing mattersBloomberg Law posted:Equifax Inc. could get away with paying a mere $1 per person after failing to protect almost half of America's credit data.
|
# ¿ Sep 21, 2017 18:17 |
|
Have I got the basics of this right? We've got perfectly good encryption methods that are basically uncrackable (without the aid of quantum computing), but the encryption/decryption is too compute heavy to be used in real-time applications; therefore, we need more "light-weight" versions but this in turn makes cracking them possible with current tech. That sound about right?
|
# ¿ Sep 21, 2017 22:44 |
|
Any credit/debit card infrastructure/procedural changes are part of the eternal battle between banks and merchants to foist any and all costs and liabilities onto the other.
|
# ¿ Sep 28, 2017 21:43 |
|
no biggie, it was just a lil' peek
|
# ¿ Oct 2, 2017 20:38 |
|
lol oops https://www.wsj.com/articles/yahoo-triples-estimate-of-breached-accounts-to-3-billion-1507062804
|
# ¿ Oct 3, 2017 21:41 |
|
Main Paineframe posted:beautiful lmao, that guy's gonna get dinged on his review!
|
# ¿ Oct 6, 2017 00:27 |
|
TL;DR: The FSB hacked into the Kaspersky product and used the network of 400 million installs as it's own search engine; it could search by user name or by any particular file they were interested in. The antivirus software would then upload the desired "sample" and deliver it to the Russians. That's goddamned brilliant.
|
# ¿ Oct 11, 2017 00:39 |
|
Main Paineframe posted:Where'd this come from? the NYT article doesn't have it What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies. ...by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known. Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.
|
# ¿ Oct 11, 2017 16:00 |
|
wolrah posted:My cat used to turn off my Xbox 360 S all the time by nosing the button... maybe your smart kitty just wanted you to stop and pet it?
|
# ¿ Oct 12, 2017 20:46 |
|
has anybody said pizza pii yet?
|
# ¿ Oct 13, 2017 16:28 |
|
CRIP EATIN BREAD posted:nice thing about wildcard certs is that if your key is compromised all your customers sites are compromised and it makes it much easier to deal with the class action lawsuit since you dont have to track exactly which customer was owned (it was all of them). I admit it; I laughed pretty good at this post.
|
# ¿ Oct 19, 2017 20:34 |
|
ate all the Oreos posted:npr had a short bit about the president's twitter where they were saying how you should be VERY SCARED that twitter's security is so bad that one lowly FOREIGN contractor could delete the president's account!!! The legit concern isn't about deletion of the Angry Yam's account, it's about the possibility that someone internally could access it and tweet from it because it doesn't look like there were much in the ways of a security protocol in place. The repercussions of a fake tweet from the President's official account could be pretty grave.
|
# ¿ Nov 3, 2017 23:03 |
|
cinci zoo sniper posted:almost like its a really stupid loving thing the le trumpet is tooting away there
|
# ¿ Nov 3, 2017 23:06 |
|
twitter is on record stating that trump's being president and using twitter as an official channel for government communication overrides their terms of service and they will never ban him for anything he tweets
|
# ¿ Nov 4, 2017 06:44 |
|
why is this guy melting down about firewalls
|
# ¿ Nov 6, 2017 23:26 |
|
totally not angry about firewalls, got it
|
# ¿ Nov 7, 2017 00:59 |
|
Shinku ABOOKEN posted:am i the only one who feels phishing tests are worthless. the way i see it used is mainly secops being shitheads. “haha gotcha u dummy”. it sucks rear end for morale and the tools don’t care if the user didn’t interact with the phish. Our IT dept sends out test phishing emails that kinda sorta look like they come from HR and then follows it up with a "You could have Putin on your pc now if you clicked on that link in real life, you dumb idiot!" message later in the day. An hour after that, HR will invariably send out a legit important firmwide email w/attachment an hour or two later and then get mad because no one opened it and read it. Every loving time.
|
# ¿ Nov 13, 2017 17:38 |
|
vOv posted:iirc some data breach related lawsuits have been thrown out because even though the plaintiff could easily show their information was exposed, they failed to show that they were harmed by it. Yep. You have the Supreme Court's Spokeo decision to thank for this.
|
# ¿ Nov 28, 2017 06:34 |
|
theodop posted:Their workaround? Nobody is allowed to purchase >128GB laptop hard drives, to prevent "too much" data being lost. hahahahaha omg
|
# ¿ Dec 12, 2017 00:02 |
|
what are the odds that everyone is just installing dropbox, onedrive, etc. to get around this lol stop-loss effort?
|
# ¿ Dec 12, 2017 00:50 |
|
pseudorandom name posted:the voter database itself is probably already publicly available from the state It depends on the county, but you’re supposed to be associated with a campaign of some sort, but it’s a joke in practice. Also the cost to obtain these lists are so low as to be negligible.
|
# ¿ Dec 15, 2017 19:01 |
|
missing a delivery time or god forbid tossing a box onto your porch without knocking is one thing yeah, but forging a signature is some next level bullshit
|
# ¿ Dec 27, 2017 23:07 |
|
oops! Tech firms let Russia probe software widely used by U.S. government Reuters posted:Major global technology providers SAP (SAPG.DE), Symantec (SYMC.O) and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found. https://www.reuters.com/article/us-usa-cyber-russia/tech-firms-let-russia-probe-software-widely-used-by-u-s-government-idUSKBN1FE1DT
|
# ¿ Jan 25, 2018 23:22 |
|
|
# ¿ Apr 29, 2024 05:32 |
|
AARP LARPer fucked around with this message at 23:29 on Jan 25, 2018 |
# ¿ Jan 25, 2018 23:26 |