|
 code: join us on irc: irc.synirc.net #yossec useful news resource for information security professionals: http://reddit.com/r/netsec/ risky business podcast is worth listening to and yospos has been mentioned in it before here are some old threads that haven't been archived: Security Fuckup Megathread - v16.2 - /home/land/security/theatre (may-dec 2018) Security Fuckup Megathread - v15.1 - Stop!!! I Kill You Researcher (jan-apr 2018) Security Fuckup Megathread - v14.1 - Hello, is this a delivery order? (jun 2017-jan 2018) Security Fuckup Megathread - v13.69 - plugins may violate privacy (jan-jun 2017) Security Fuckup Megathread - v12.2 - you have slammed your dick in the car door (apr 2016-jan 2017) Security Fuckup Megathread - v11.4 - who u gonna snitch to pussy bitch gently caress u (apr 2015-apr 2016) Security Fuckup Megathread - v10.1 (Hackers can turn your gas station into a bomb) (nov 2014-apr 2015) Security Fuckup Megathread - v7.69 (stay safe security ghost) (aug-nov 2014) Security Fuckup Megathread - v7.2 "BoringSFM" (jun-aug 2014) just a reminder: this is for sec gently caress ups. if you want to talk about telecoms or politics (including wikileaks), make a new thread Somebody fucked around with this message at 20:09 on Mar 27, 2019 |
#
¿
Dec 26, 2018 22:27
|
|
|
|
| # ¿ May 8, 2024 20:51 |
|
|
the fax talk is strong and hilarious
|
|
#
¿
Dec 29, 2018 17:56
|
|
|
Daman posted:TDO is back, looks like they're trying to ransom a US government agency this time. too bad there's no money
|
|
#
¿
Dec 30, 2018 23:25
|
|
|
Wiggly Wayne DDS posted:well this went under the radar how long until we get a ps4 or xbone jailbreak
|
|
#
¿
Jan 3, 2019 23:31
|
|
|
let's shut the gently caress up about upnp
|
|
#
¿
Jan 7, 2019 06:40
|
|
|
quote:Researchers have identified a critical "hard-coded credentials" vulnerability (CVE-2018-7800) affecting Schneider Electric floor-standing EVLink Parking units (version 3.2.0-12_v1 and earlier) that could allow attackers to compromise the EVLink Parking device, according to reports. While researchers say it is unclear what additional access can be obtained by compromising the EVLink Parking device, they point out that the device is part of the EVLink Parking network that is remotely managed by a cloud-based central system. According to Schneider, the flaw can be addressed by applying the provided patch or mitigated using a firewall configured to block unauthorized access from remote or external users. this is good
|
|
#
¿
Jan 7, 2019 19:31
|
|
|
https://twitter.com/KateLibc/status/1082687485887471616
|
|
#
¿
Jan 8, 2019 18:19
|
|
|
Midjack posted:You can download it and cut out the pieces. It's not sold as a box game: yeah. i should have linked to the pdf. i get lots of stuff from sans but i only do a course every few years. the only one i've really liked was the ics one i did years back
|
|
#
¿
Jan 8, 2019 20:57
|
|
|
Bhodi posted:Did chrome stop trusting disa.mil government CA? https://www.disa.mil/cybersecurity/network-defense/antivirus https://twitter.com/KateLibc/status/1082756012396797952
|
|
#
¿
Jan 8, 2019 22:49
|
|
|
BangersInMyKnickers posted:trust chain on that is completely hosed. you're not allowed to have an upstream trust intermediate have an expiration before the expiration of the downstream trust. how do you even achieve that
|
|
#
¿
Jan 8, 2019 22:51
|
|
|
BangersInMyKnickers posted:okay welcome to the loving dumbest pki implementation I have ever seen: holy heck
|
|
#
¿
Jan 8, 2019 22:58
|
|
|
Optimus_Rhyme posted:https://www.derbycon.com/blog/derbycon-9-0-every-beginning-has-an-end/ quote:This year, we had to handle issues that honestly, as an adult, we would never expect to have to handle from other adults. Conferences in general have shifted focus to not upsetting individuals and having to police people’s beliefs, politics, and feelings. Instead of coming to a conference to learn and share, it’s about how loud of a message a person can make about a specific topic, regardless of who they tear down or attempt to destroy. To put it in perspective, we had to deal with an individual that was verbally and mentally abusive to a number of our volunteer staff and security to the point where they were in tears. what's the story here? i ignore con drama
|
|
#
¿
Jan 14, 2019 21:33
|
|
|
i ended up ranting in a thread about my dislike of infosec yesterday https://twitter.com/KateLibc/status/1084506853042733056 someone decided that a klout-like website for infosec persons (really just men who are "thought leaders" with a few token women) would be a grand idea. it's everything i hate about infosec in one website
|
|
#
¿
Jan 14, 2019 22:08
|
|
|
Diva Cupcake posted:see also: hope con 2018 i went to HOPE last year and it was complete trash. friends of mine were harassed to say the least considering they kept deadnaming chelsea manning unnecessarily citing "historical record" or whatever, it's no surprise they're inept about their problems. when i made a beef about it on twitter that summer, their response to me invited a small amount of harassment my way
|
|
#
¿
Jan 14, 2019 22:25
|
|
|
apseudonym posted:They dont even have natashenka on there, nice. why would they put a girl on there who is only known for having tamagotchis? she is one of the nicest people in infosec i bet
|
|
#
¿
Jan 15, 2019 04:42
|
|
|
florida lan posted:RSA is still a security conference? boy i could talk endlessly about rsa if i wasn't bound by ndas
|
|
#
¿
Jan 15, 2019 05:44
|
|
|
Loky11 posted:All Twitter drama aside, Derbycon was my favorite con. I'd been since Adrian Crenshaw decided to do a Metasploit class that turned into Derbycon. Sad to see it go, however, I'd started to get the Defcon and megacon vibe this past year. So maybe all good things must come to an end. adrian crenshaw is a garbage individual who deserves to be thrown out with the trash
|
|
#
¿
Jan 15, 2019 15:54
|
|
|
Loky11 posted:is this about the time he got kicked out of the Indiana University MBA for repeatedly bringing up Nazi Germany in an econ class? the laundry list is long. he's a total shithead. i've refused to be on a panel with him because of how foul of a person he is
|
|
#
¿
Jan 15, 2019 16:20
|
|
|
cis white men who tell me that there are no problems in infosec are typically the problem in infosec (this goes the same for any other tech sector)
|
|
#
¿
Jan 15, 2019 18:12
|
|
|
after coming out, i made a choice to not engage as much into the whole infosec community and since then have sparingly attended meetups or talked much with people online. i am still in some circles due to legacy or if they're a majority non-men, but it's overall toxic and unnecessary for me to be part of. aside from a few garbage posters in this thread, this is one the spaces i still like i may make an appearance at defcon this year but only because work is paying for it and i would like to attend one conference this year
|
|
#
¿
Jan 16, 2019 00:51
|
|
|
Loky11 posted:being told "you don't get LGBT issues" while being LGBT myself and growing up not ever talking about it with people outside my close friends is frustrating. Maybe it's a generational thing. Good luck bringing up things on social media. It's just not my style and try maybe, to at least give people the benefit of the doubt. I will too. just as a reminder, i am in the LGBTQ+ community myself and i will not ever speak on behalf of those who are not me. heck i will not even talk on behalf of all lesbians or transgender women because that is not what i am here for (i describe myself as "queer woman" and typically refrain from talking about my being trans because it's irrelevant to who i am daily). it's usually poor form to speak on behalf of the whole community when these matters affect a small subset. we're talking about the treatment of non-men at conferences and not specifically anything else here. i have a problem with infosec because i work in it and have to deal with all sorts of nonsense with it being transphobic, sexist, or just outright ignorance you may get the issues that you face as part of the LGBTQ+ community but your views do not necessitate everyone as a whole. i am not asexual so i never talk on behalf of those who are aces nor am i bisexual so i cannot comment on their challenges either. this is something that should always remain in mind for anyone under our colourful umbrella as it helps not step on toes Lain Iwakura fucked around with this message at 21:13 on Jan 16, 2019 |
|
#
¿
Jan 16, 2019 21:10
|
|
|
in sec news on my end, i am finally starting my years long security orchestration project
|
|
#
¿
Jan 16, 2019 21:22
|
|
|
BangersInMyKnickers posted:global rm -rf / job on puppet you have no idea how tempting that is
|
|
#
¿
Jan 16, 2019 21:27
|
|
|
yeah. i got one of those e-mails and it had my password from the lastfm breach. it shook me to my bones 
|
|
#
¿
Jan 16, 2019 21:45
|
|
|
|
|
#
¿
Jan 17, 2019 17:36
|
|
|
can we move on? i am tired of bad opinions in here about non-secfuck stuff
Lain Iwakura fucked around with this message at 02:42 on Jan 18, 2019 |
|
#
¿
Jan 18, 2019 02:18
|
|
|
it won't fit and it would be v17.1, not v18.0 thanks
|
|
#
¿
Jan 18, 2019 04:12
|
|
|
https://twitter.com/magen_wu/status/1086394054265458689
|
|
#
¿
Jan 18, 2019 23:46
|
|
|
hey. if you're gonna go murdering people... https://www.runnersworld.com/news/a25924256/mark-fellows-runner-hitman-murder/ quote:A British runner, cyclist, and mob hitman has been convicted for the murders of two rival gangsters, in part, because of his GPS watch. Mark “Iceman” Fellows, 39, was found guilty by a jury at Liverpool Crown Court of killing organized crime leader Paul “Mr. Big” Massey and his associate John Kinsella, 55 and 53 at the time of their deaths. Massey and Kinsella were also career criminals, part of a gang scene near Manchester, England, with a reputation known across Europe, according to the Manchester Evening News.
|
|
#
¿
Jan 18, 2019 23:52
|
|
|
Raere posted:osint is being intellegent about operating systems Your Operating System Is Not Trash
|
|
#
¿
Jan 19, 2019 00:36
|
|
|
Powerful Two-Hander posted:good to see the speed running community are still setting new times in Hitman
|
|
#
¿
Jan 19, 2019 06:37
|
|
|
https://twitter.com/shivasinghal00/status/1086665612326105089 simmer down everyone, okay?
|
|
#
¿
Jan 19, 2019 20:15
|
|
|
considering that i had met the quadriga cx people at some local event, none of this surprises me
|
|
#
¿
Feb 4, 2019 15:50
|
|
|
anyone ever done some siem integrations into gapps? i'm looking to pull whatever data they have available on there and am looking around to see what others have done
|
|
#
¿
Feb 4, 2019 19:54
|
|
|
we've got a genius in the sec help threadCarbon dioxide posted:I think it's nonsense to assume all VPN providers are unsafe. 
Lain Iwakura fucked around with this message at 16:13 on Feb 16, 2019 |
|
#
¿
Feb 16, 2019 16:07
|
|
|
https://twitter.com/KateLibc/status/1098258502714183680
|
|
#
¿
Feb 20, 2019 17:31
|
|
|
nadim is back https://twitter.com/isislovecruft/status/1098270385148022784
|
|
#
¿
Feb 20, 2019 18:46
|
|
|
so who wrote this crap? their website is all sorts of vague. i am not even sure where to start with an llc search since every state handles it--assuming they even exist the fact that they are centerzero.org and not .com or whatever is even more weird
|
|
#
¿
Feb 25, 2019 22:54
|
|
|
Bhodi posted:https://twitter.com/bethwalkr/status/1099117191922962434 drop this conversation; it's not even security-related jfc
|
|
#
¿
Feb 25, 2019 22:56
|
|
|
|
| # ¿ May 8, 2024 20:51 |
|
|
x-postingLain Iwakura posted:So in an effort to get back into doing fun coding things again, I'm going to probably demonstrate how I worked with breach data via Twitch streams. Still trying to come up with an angle I like but I feel like it's time to let people know that I am a terrible software developer and have bad ideas on how I approached the entire mess.
|
|
#
¿
Feb 27, 2019 00:04
|
|