|
spankmeister posted:Or that it was being fishmeched again and it will be fishmeched again in the future. fishmeching never ends. in secfuck news apparently bevmo was storing entire CC numbers because PCI auditors are good at their jobs.
|
# ¿ Dec 27, 2018 02:34 |
|
|
# ¿ May 8, 2024 18:06 |
|
Wiggly Wayne DDS posted:Censored Planet: a Global Censorship Observatory by Roya Ensafi (56:04) eh, i'd expect that concerns over compromising sources and methods is probably overblown as long as they're technical--the adversaries in question are the policy arms of government, and while those will go after identifiable persons under their jurisdiction raising a stink (you, as a government, want to shut up individuals who complain to foreign media about censorship), covering up evidence of that censorship itself is probably a much lower priority. it's not exactly a secret that some governments censor the internet (hell, Roskomnadzor itself very much makes a queriable database of censored items open to the public, albeit through a broken-rear end garbage website), and that researchers can confirm this along with specific details through non-official means probably isn't much concern to the governments in question unless it provides a means of circumventing the block also.
|
# ¿ Dec 28, 2018 10:21 |
|
any nation state actor with the chops and desire to infiltrate mar a lago already has done so 4 or 5 different ways. the russians maybe having a shortcut through a particular wifi company probably doesnt make much difference in the end tally of ways that part of florida is bugged out the rear end
|
# ¿ Dec 31, 2018 22:29 |
|
fritz posted:florida lan mods plz
|
# ¿ Jan 1, 2019 00:18 |
|
on the subject of dumb cert chain poo poo, gently caress s_client the s_client manpage helpfully includes these two options right next to each other quote:-verify depth it's not immediately clear why there are separate options for "set the max chain depth" and "actually fail if you exceed it", but whatever. however, setting both of these and using a chain that's longer than the argument passed to verify does nothing. no fatal error, same output. there is, however, a second block of options, which is just poo poo copied verbatim from openssl verify: quote:-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict setting verify_depth too short will cause s_client to error out, regardless of whether verify_return_error is present. for extra fun, the depth reported in the output uses a different counter than what's used to determine whether poo poo will fail. output is zero-indexed and includes all certs in the chain: code:
code:
|
# ¿ Jan 10, 2019 09:16 |
|
BangersInMyKnickers posted:okay welcome to the loving dumbest pki implementation I have ever seen: sadly it seems this has since been replaced with this boring corporate cert chain cant the dod do anything itself anymore god
|
# ¿ Jan 12, 2019 05:52 |
|
Lain Iwakura posted:i ended up ranting in a thread about my dislike of infosec yesterday RSA is still a security conference?
|
# ¿ Jan 15, 2019 04:57 |
|
i was once on a plane with a number of women going to a conference of great clips salon managers all i learned from this is that great clips salon managers view industry conferences as an excuse to get drunk even more than tech people do
|
# ¿ Jan 16, 2019 02:52 |
|
security fuckup thread 17.1 - YDGKJFTQDFGQWYFTDUKYWQG loving HELL
|
# ¿ Jan 19, 2019 10:49 |
|
redleader posted:nah, blockchain is old news and no longer hip then why is there still a big IBM blockchain ad outside my work
|
# ¿ Feb 9, 2019 04:44 |
|
curse security teams that blindly forward security scanner reports to vendors demanding urgent fixes v important to address a BIND DoS vector for a container image that (a) never runs BIND and (b) doesnt even have BIND installed, but does have the BIND license in /usr/share/doc, because the centos image includes it for some reason
|
# ¿ Feb 13, 2019 20:09 |
|
fishmech posted:printers are portals between the computer realm and the flesh realm, of course the diagrams for how they work are horrific sigils and they constantly break where can i get a flesh printer also reams of flesh paper
|
# ¿ Feb 14, 2019 05:41 |
|
mfw when our customer indicates that they need intermediate proxies to log full request bodies because "it's necessary for debugging purposes" and they swear that having a regex filter on the contents will avoid any possible issues. bonus points because said customer is a loving (major) bank
|
# ¿ Mar 6, 2019 04:05 |
|
gently caress that poo poo, use a proper hardware credential system:
|
# ¿ Mar 9, 2019 05:06 |
|
> why spend time and money understanding APIs and building scripted orchestration poo poo for whatever product your dealing with when you can just simulate the user interaction lol at the idea of anything that accenture is being called into automate has documented apis intended for public use. this is ENTERPRISE; nothing is designed well
|
# ¿ Mar 29, 2019 23:55 |
|
|
# ¿ May 8, 2024 18:06 |
|
pseudorandom name posted:Your gender has been compromised in a data breach. we're offering 6 months of HRT free to compensate
|
# ¿ Apr 4, 2019 03:27 |