|
Eonwe posted:I set up 900 users each with unique permissions and a unique password and the account manager wants me to set all of their passwords to one thing so she doesn't have to send individual emails tell her to do a mail merge
|
# ? Aug 10, 2015 22:25 |
|
|
# ? May 16, 2024 16:45 |
I did She wants to do one email and I said no, so we'll see who wins
|
|
# ? Aug 10, 2015 22:26 |
|
dont send people passwords in emails
|
# ? Aug 10, 2015 22:27 |
|
Awia posted:dont send people passwords in emails i've had to work with some lovely systems where there was no alternative ideally set them to expire on login to force a pw change though, and deactivate any that aren't changed within a week or whatever
|
# ? Aug 10, 2015 22:29 |
Awia posted:dont send people passwords in emails I'm wageslave with no say in the matter but I agree
|
|
# ? Aug 10, 2015 22:29 |
Cold on a Cob posted:i've had to work with some lovely systems where there was no alternative Yea they have to immediately change it, so its not as egregious
|
|
# ? Aug 10, 2015 22:30 |
|
this is probably the best talk to come out of blackhat so far this year: https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole.pdf i understand approximately 15% of the content and am still blown away
|
# ? Aug 11, 2015 00:24 |
|
OSI bean dip posted:it was chill to meet you all. i have some photos to share later including a very special one if the guys name is on a sanctions list he's hosed lol. doesn't matter that it's not him, he's gonna get blacklisted along with a billion guys with the same variation of Mohammed as a terrorist. sanctions lists are funny. every like 6 months someone requests that "the computer does fuzzy matching" on one at work and i just laugh and tell them to hire an intern to do it manually. at least then you can fire them when it goes wrong.
|
# ? Aug 11, 2015 00:34 |
|
Panty Saluter posted:OHMIGOD FUCKYOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOUUUUUUUUUUUUUU lol
|
# ? Aug 11, 2015 00:43 |
|
pr0zac posted:this is probably the best talk to come out of blackhat so far this year: https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole.pdf "The memory sinkhole" is an appropriate name. That embedded pdf viewer in github manages to crash both Firefox and Chrome after filling up a crapload of RAM. E: Alright, downloaded it. Interesting, if complicated, read. How the gently caress can anybody make sense of assembly code at all? Here's a short article about the vuln: https://techreport.com/news/28784/vulnerability-in-older-intel-cpus-gives-away-the-keys-to-the-kingdom Carbon dioxide fucked around with this message at 08:33 on Aug 11, 2015 |
# ? Aug 11, 2015 08:07 |
|
https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t oracle is Not Happy that customers are looking for and finding vulns in their products using reverse engineering and by not happy i mean i think they're sending out legal threats
|
# ? Aug 11, 2015 08:09 |
|
quote:We will also not provide credit in any advisories we might issue. You can’t really expect us to say “thank you for breaking the license agreement." quote:Q. But one of the issues I found was an actual security vulnerability so that justifies reverse engineering, right?
|
# ? Aug 11, 2015 09:02 |
|
quote:I’d rather spend my time, and my team’s time, working on helping development improve our code than argue with people about where the license agreement lines are.
|
# ? Aug 11, 2015 09:07 |
|
is there anything about oracle as a company which isn't terrible
|
# ? Aug 11, 2015 10:02 |
|
sometimes they lose lawsuits, those are fun
|
# ? Aug 11, 2015 10:06 |
|
Aleksei Vasiliev posted:https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t well, can't wait for them to backpedal immediately on this once some tech site reports on it
|
# ? Aug 11, 2015 10:24 |
|
Heresiarch posted:is there anything about oracle as a company which isn't terrible larry ellison is hilarious at a distance
|
# ? Aug 11, 2015 11:05 |
|
suffix posted:variable-length post that was interesting, thanks!
|
# ? Aug 11, 2015 11:27 |
|
Aleksei Vasiliev posted:https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t lol post is gone. is there a copy anywhere?
|
# ? Aug 11, 2015 13:09 |
|
scottch posted:lol post is gone. is there a copy anywhere? https://web.archive.org/web/20150811052336/https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t Bunch of news sources also picked it up. E: vvv lol Carbon dioxide fucked around with this message at 13:20 on Aug 11, 2015 |
# ? Aug 11, 2015 13:15 |
|
scottch posted:lol post is gone. is there a copy anywhere?
|
# ? Aug 11, 2015 13:16 |
|
Wiggly Wayne DDS posted:it got taken down for reasons: https://twitter.com/addelindh/status/631040188010131456 Made my day
|
# ? Aug 11, 2015 13:25 |
|
scottch posted:lol post is gone. is there a copy anywhere? MOTHERFUCKING CSO OF ORACLE posted:No, You Really Can’t
|
# ? Aug 11, 2015 13:26 |
|
Wiggly Wayne DDS posted:it got taken down for reasons: https://twitter.com/addelindh/status/631040188010131456
|
# ? Aug 11, 2015 13:27 |
|
my favourite part is all of it
|
# ? Aug 11, 2015 13:27 |
|
Wiggly Wayne DDS posted:it got taken down for reasons: https://twitter.com/addelindh/status/631040188010131456 STOP REVERSE ENGINEERING OUR COOOOODE thanks, that is some funy computer
|
# ? Aug 11, 2015 13:27 |
|
by https://en.wikipedia.org/wiki/Mary_Ann_Davidson quote:Mary Ann Davidson is the Chief Security Officer of Oracle Corporation, the second largest software company in the world. Her outspoken views regarding software security and role as security spokesperson for a leading database product have made hers an important voice among computer security practitioners.[1] She has testified on Oracle's behalf before the U.S. Congress, and is routinely cited in industry and business publications. gosh i wonder who wrote that
|
# ? Aug 11, 2015 13:32 |
|
i for one am going to stop reverse engineering oracle code immediately. i consider this a very serious matter.
|
# ? Aug 11, 2015 13:46 |
|
quote:The better discussion to have with a customer —and I always offer this — is for us to explain what we do to build assurance into our products, including how we use vulnerability finding tools. I want customers to have confidence in our products and services, not just drop a letter on them.
|
# ? Aug 11, 2015 13:51 |
|
lol do people actually believe that analogy? for anyone reading this that doesn't get why it's a lovely analogy, reverse engineering code is like buying a lock and busting it open, not breaking into someone else's house where they've installed the lock. jfc oracle get your poo poo together
|
# ? Aug 11, 2015 13:59 |
|
MOTHERFUCKING CSO OF ORACLE posted:No, You Really Can’t
|
# ? Aug 11, 2015 14:16 |
Wiggly Wayne DDS posted:it got taken down for reasons: https://twitter.com/addelindh/status/631040188010131456
|
|
# ? Aug 11, 2015 14:17 |
|
my favorite part was the raging against keynesians at the end
|
# ? Aug 11, 2015 14:18 |
|
Wiggly Wayne DDS posted:it got taken down for reasons: https://twitter.com/addelindh/status/631040188010131456 5'd
|
# ? Aug 11, 2015 14:22 |
|
Wiggly Wayne DDS posted:it got taken down for reasons: https://twitter.com/addelindh/status/631040188010131456 lmao. pack it in boys, we've achieved peak irony. speaking of oracle and sec-fucks: does anyone here actually change the password on the jre keystore file when deploying it to clients? fun fact: the default password for the keystore file ("changeme") is also the default password on oracle storagetek tape libraries
|
# ? Aug 11, 2015 14:23 |
|
cheese-cube posted:speaking of oracle and sec-fucks: does anyone here actually change the password on the jre keystore file when deploying it to clients? fun fact: the default password for the keystore file ("changeme") is also the default password on oracle storagetek tape libraries I always changed it, but judging by the sheer number of tutorials that just say "and now put the password 'changeme' in this field and you're good!" nobody else ever did.
|
# ? Aug 11, 2015 14:35 |
|
Cold on a Cob posted:lol do people actually believe that analogy? for anyone reading this that doesn't get why it's a lovely analogy, reverse engineering code is like buying a lock and busting it open, not breaking into someone else's house where they've installed the lock. or breaking into your own house/setting off your own burglar alarm gj Oracle please continue to cement my dislike of you as firmly as you can so whenever anyone at work mentions your name i can do a massive rolleyes and disregard the rest of what they say
|
# ? Aug 11, 2015 14:35 |
|
Cold on a Cob posted:lol do people actually believe that analogy? for anyone reading this that doesn't get why it's a lovely analogy, reverse engineering code is like buying a lock and busting it open, not breaking into someone else's house where they've installed the lock. its more like you bought a $10 million bank vault, advertised as the worlds most secure bank vault then followed industry guidelines and hired some independent auditors to test it
|
# ? Aug 11, 2015 14:48 |
|
Chris Knight posted:i watched both vids last night and they were good, then followed with another one about making keys from pictures. I'm somewhere in the audience for the key talk. sad I missed the elevator talk in person
|
# ? Aug 11, 2015 15:07 |
|
|
# ? May 16, 2024 16:45 |
|
I.N.R.I posted:All of you guys like to have sex with animals
|
# ? Aug 11, 2015 15:08 |