|
the last time I used one of those it asked me to pick an address I had previously lived at. all the possibilities were hundreds of miles away and it took me a while to remember that one of them was my college apartment from 15 years ago
|
# ¿ Dec 27, 2018 17:35 |
|
|
# ¿ May 9, 2024 15:30 |
|
Midjack posted:it's not useful unless you are specifically trying to disinfect some old rear end file from 1996 that isn't available without the malware anymore. if it’s from 1996 the malware won’t run under X anyway
|
# ¿ Dec 30, 2018 23:40 |
|
quote:> I could easily see this being a viral front page reddit kind of thing. loool
|
# ¿ Jan 2, 2019 02:37 |
|
spankmeister posted:Mac users are conditioned to click to give root rights to everything anyway. a revoked cert won't give you the choice to run it from the finder. you have to turn off code signing entirely and the option to do that isn't surfaced on demand, you have to go rooting through system prefs if you even know how to turn it off it also won't offer to run an unsigned app through the fast/easy path (double click), you don't get the run anyway button. you have to use the open command from a menu for it to present that
|
# ¿ Jan 2, 2019 22:55 |
|
hey guys I wrote this daemon to re-verify tape archives in the background, what do you think
|
# ¿ Jan 3, 2019 00:04 |
|
CmdrRiker posted:It's recording a public space so it should be available to the public. "A second source, with direct knowledge of Ring’s video-tagging efforts, said that the video annotation team watches footage not only from the popular outdoor and doorbell camera models, but from household interiors." weird that this only comes up so far down the article but it should be a way bigger deal that watching the front yard Cybernetic Vermin posted:the article is phrased weirdly though, it lists people the videos are available to 'without access control', if it is just publicly available why aren't they just saying that? what they seem to be trying to say is that within the ring backend it's possible to be exempted from all self-imposed access controls and granted carte blanche to browse any video from any customer on demand. so the "access control" is that you have to be a high-ranking employee of ring but beyond that there is no oversight or audit capability
|
# ¿ Jan 11, 2019 17:02 |
|
Heavy_D posted:is this too long for the title? "secfuck megathread: I don't think you trust in my self signed web certify" is 3 chars under
|
# ¿ Jan 12, 2019 03:09 |
|
ratbert90 posted:Haikus have to be about the seasons. three winters from now fallen leaves under snow and your cert expires
|
# ¿ Jan 13, 2019 18:30 |
|
https://twitter.com/DCFurs/status/1087663240421593089
|
# ¿ Jan 23, 2019 21:35 |
|
I thought we had already discovered furries thanks to the "oopsie woopsie we made a fucky wucky" tweet
|
# ¿ Jan 24, 2019 22:40 |
|
Volmarias posted:
yeah it’s a blatant rule violation. the cert they used here will absolutely be yanked, the main apps may be protected by being too popular
|
# ¿ Jan 30, 2019 03:11 |
|
Phone posted:I fail to recognise the “bad practice” here. Researchers clearly asked for consent, in case of teens they have required parental consent as well, they have had clearly worded policy, they have generously paid for participation. did you paste this from a comment somewhere the first bad practice was violating apple's terms with regards to who apps signed with that certificate may be given to, that made this open and shut. the second bad practice was using this to circumvent an app store ban, that made this open and shut with extreme prejudice. on top of that there are all the arguments to be had over whether the level of disclosure was sufficient, whether the users really understood the full implications of what they were doing, whether they did due diligence as to verifying parental consent was actually obtained, whether it's appropriate to make that sort of offer to teenagers in the first place, and the ethics of turning users' phones into bugging devices to obtain data on competitors facebook is exactly the sort of malicious actor that apple's heavy handed walled garden poo poo is meant to protect users from
|
# ¿ Jan 30, 2019 17:07 |
|
my bitter bi rival posted:does this mean they yanked all of facebooks development certs or that Facebook was using the same cert for all of this what they yanked was the "enterprise certificate", which is different from the "developer certificate". there's only these two, really the developer cert is used to sign apps for submission to the app store. this is the cert that signs public releases of the official app, messenger, etc. this cert has not been touched so far was we know and the apps are still up on the store the enterprise cert is used when you have to put an app on a device as part of your internal operations. you can't put an entirely unsigned app on an ios device unless you jailbreak it, there always has to be some level of credentials/trust involved. so this cert is used to e.g. give a build to your QA department that they can put on all their devices. or to make small in-house apps that don't need to go through the app store because anyone and everyone who uses them works for you to begin with. this cert was used for a bunch of those things and was also abused for this VPN research program, so when apple killed it a ton of internal facebook utilities went with it
|
# ¿ Jan 30, 2019 17:33 |
|
Potato Salad posted:Not knowing what action apple took here specifically, it would make sense that entities that existed before FB acquisition have their own apple certs. I agree, maintaining the old certs/dev accounts is the only way (that I know of) to retain the original store listings for instagram.app/whatsapp.app and the ability to deploy updates to installs of those listings
|
# ¿ Jan 30, 2019 18:06 |
|
wyoak posted:seems unfair imo, if facebook is paying a 13 year old 20 bucks a month they're clearly an employee and therefore sideloading this dodgy app to monitor their employee's usage is good and cool clearly they're independent contractors
|
# ¿ Jan 30, 2019 22:06 |
|
CmdrRiker posted:Yeah. And I would dare say Apple had its fair share of privacy fuckups over the last year as well. but apple's response is "oops, we'll fix it" rather than "oops we got caught" apple doesn't make money from selling your info and doesn't need to. the others do
|
# ¿ Feb 1, 2019 16:50 |
|
maybe the sequencer is making assumptions about naturally occurring sequences? did dna evolve length encoding and terminator characters?
|
# ¿ Feb 3, 2019 18:33 |
|
Midjack posted:a condom is a firewall for your dick. also vag depending on your attitude wrt safe sex. the pill is an NX flag a fleshlight is a sandbox
|
# ¿ Feb 3, 2019 21:41 |
|
the best phish training email I've seen was one that claimed to be from our security team containing a list of people who fell for the last phish training email
|
# ¿ Feb 4, 2019 20:05 |
|
I didn't click it and it was auto-deleted once I used the outlook report phishing button usually the documents just have boilerplate "this was phishing, you're a dumbass, now read these guides" text
|
# ¿ Feb 4, 2019 21:02 |
|
salted hash browns posted:at least FB is trying to fix poo poo lol
|
# ¿ Feb 5, 2019 17:57 |
|
Midjack posted:https://mobile.twitter.com/Shadow0pz/status/1092437873205362689 ban this sick filth
|
# ¿ Feb 5, 2019 20:50 |
|
Cybernetic Vermin posted:we didn't really know what rules apple had in place for facebooks use of the certificates the terms of the generic enterprise cert program agreement are public and were cited as the reason for the revocation, I don't think they had a special private contract since apple removed ios's built-in facebook integration
|
# ¿ Feb 6, 2019 14:02 |
|
looks like they think "physical threat model" is the guy manning their booth at the convention
|
# ¿ Feb 6, 2019 20:09 |
|
glassbox's selling point is that they take the recorded taps and keystrokes and combine them with a mockup of your app/site to reconstitute what the screen looked like during the session. whether this counts as "screen recording" is a semantic argument so expect it to go on for another five pages
|
# ¿ Feb 7, 2019 21:37 |
|
I'm the offensive cyber
|
# ¿ Feb 8, 2019 17:48 |
|
people would accept phone/computer 2fa more if you told them they've already been using 2fa systems for years atm/debit cards
|
# ¿ Feb 12, 2019 23:16 |
|
I guess there's info disclosure there? although I can't spot what it is, all I see are internal IPs and half of an aws subdomain
|
# ¿ Feb 13, 2019 19:31 |
|
if you live in an area where brownouts are common it's not a bad idea for electronics
|
# ¿ Feb 14, 2019 17:07 |
|
Meat Beat Agent posted:love to perform a special command move and shoryuken my way into a complete stranger's medical records are you the hacker in my mandated online security training who tries to hack our network by powering up to super saiyijin and throwing fireballs at the server
|
# ¿ Feb 20, 2019 16:59 |
|
quote:For example, in Year 1 that useless letter `c' would be dropped to be replased either by `k' or `s', and likewise `x' would no longer be part of the alphabet. The only kase in which `c' would be retained would be the `ch' formation, which will be dealt with later. Year 2 might reform `w' spelling, so that "which" and "one" would take the same konsonant, wile Year 3 might well abolish `y' replasing it with `i' and Iear 4 might fiks the "g/j" anomali wonse and for all. --Mark Twain
|
# ¿ Feb 25, 2019 17:30 |
|
Shame Boy posted:is it just me or are these "i've got your old password via hacking and definitely not just using a big list" emails getting less and less understandable I forced a neural net to read 1,000 threatening emails, and
|
# ¿ Mar 5, 2019 22:54 |
|
Lain Iwakura posted:time to create some new calc.exe payloads that load calc.exe https://www.youtube.com/watch?v=SVt4XsTvWXY in other news, now that we're all done turning off branch prediction, we have to turn off the other clever microcode optimization trick http://nebelwelt.net/blog/20190306-SMoTherSpectre.html tldr: a thread running on an SMT core can figure out what threads on the other virtual core are doing
|
# ¿ Mar 6, 2019 22:23 |
|
figure out who did it with a blockchain explorer, shame them on slack
|
# ¿ Mar 7, 2019 20:58 |
|
everyone is better off with fewer bitcoins so yes
|
# ¿ Mar 8, 2019 01:51 |
|
florida lan posted:gently caress that poo poo, use a proper hardware credential system: that subtitle is all wrong, it’s “leeloo dallas multipass.“, a three-component proper name
|
# ¿ Mar 10, 2019 02:20 |
|
ewiley posted:I once encountered a T1 card with very similar behaviors. a ping packet padded with all 0's (or any other packet with a large 0's payload) would reset the connection due to some odd signal encoding fuckery. In-band metadata is the worst thing to happen to communications protocols. remember when certain models of modem would obey the hayes hangup command if it was delivered through the phone line port? good times
|
# ¿ Mar 11, 2019 16:31 |
|
duz posted:gave him $4k
|
# ¿ Mar 14, 2019 02:33 |
|
Soricidus posted:i feel sorry for the guy at the nsa who had to buy an account to carry on reading my posts *looks at camera* it’s a living!
|
# ¿ Mar 14, 2019 23:37 |
|
|
# ¿ May 9, 2024 15:30 |
|
Cybernetic Vermin posted:during trumps second term they're going to pour his brain into glados and he'll run things forever fyi if you pour his brain into a computer he turns into wheatley
|
# ¿ Mar 15, 2019 17:51 |