|
Heresiarch posted:False Intelligence Spreading Heuristic MECHanism
|
#
?
Jul 15, 2014 13:59
|
|
|
|
| # ? May 14, 2024 09:48 |
|
|
Heresiarch posted:False Intelligence Spreading Heuristic MECHanism Finitely Intelligent Simulation of Human MECHanism
|
|
#
?
Jul 15, 2014 16:15
|
|
|
cheese-cube posted:Finitely Intelligent Simulation of Human MECHanism look at this tryhard. we already have an emptyquote bandwagon, please just jump on board.
|
|
#
?
Jul 15, 2014 16:30
|
|
|
yeah that was pretty terrible (mlmp). apologies all round. goodbye secfuck thread, doomed to banishment due to fishmech's poor opsec
|
|
#
?
Jul 15, 2014 16:34
|
|
|
Jabor posted:remember that lastpass's "we don't know your passwords, honest :iamafag:" thing is because they do cryptocat-style js crypto in your browser. so it would be trivial for them, or anyone who can legally compel them, to get all your passwords if they really wanted them. seriously i don't get why you'd put  in charge of a trove of your sensitive passwords.
ultramiraculous fucked around with this message at 18:04 on Jul 15, 2014 |
|
#
?
Jul 15, 2014 18:00
|
|
|
Heresiarch posted:False Intelligence Spreading Heuristic MECHanism
|
|
#
?
Jul 15, 2014 18:00
|
|
|
reidscones posted:
I remember reading an article about this. second life is so dead these days that the only terrorists the NSA could find were FBI agents trying to recruit terrorists on second life
|
|
#
?
Jul 15, 2014 18:03
|
|
|
OSI bean dip posted:http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/ how i remotely sync my keepass to my iphone: openvpn into home router, download kdbx over sftp using goodreader, open file with MiniKeePass
|
|
#
?
Jul 15, 2014 18:20
|
|
|
Perplx posted:how i remotely sync my keepass to my iphone: i use spideroak's app to keep the .kdbx up to date automatically e: this keeps it sync'd between my computers too
|
|
#
?
Jul 15, 2014 18:32
|
|
|
GCHQ project names are a lot more quaint and less random sounding like there is probably one called CORGIPOUNCE and it's about steganography in animal gifs
|
|
#
?
Jul 15, 2014 18:45
|
|
|
It's still totally nuts to use a one-point-of-failure cloud-bullshit password manager. I'll probably switch this year or next but until then I enjoy remembering dozens of unique passwords. It's fun (I tell myself).
|
|
#
?
Jul 15, 2014 18:52
|
|
|
reading posted:It's still totally nuts to use a one-point-of-failure cloud-bullshit password manager.
|
|
#
?
Jul 15, 2014 19:14
|
|
|
keep rear end knuits my seeds
|
|
#
?
Jul 15, 2014 19:15
|
|
|
i only use lastpass for the dumb bullshit sites that i don't care about like the Something Awful Dot Com Internet Forums. stuff like my bank and amazon account are in keepass
|
|
#
?
Jul 15, 2014 19:17
|
|
|
i helped an old person install aol on their windows 8 computer. they have had an aol account since 1996. their password was 4 characters long. it was their birth year.
|
|
#
?
Jul 15, 2014 19:19
|
|
|
We have multiple computers in our household, in addition to phones. I COULD use KeePass with some nerd poo poo to synchronize it, and have my wife ignore it and reuse literally the same 8 char letters only password for everything because it's "too hard", or I could use LastPass and the browsers all magically put in the passwords and generate good ones by clicking an icon. I chose LastPass over inadvertently sharing my banking credentials with AO-loving-L (  ), with Yahoo, and with some loving astrology site.The point is LastPass and KeePass target different market segments. I'm firmly in the "Married to the weak link in the authentication chain" segment. I'm willing to take the risk that a TLA will try to compromise my credentials. Volmarias fucked around with this message at 19:47 on Jul 15, 2014 |
|
#
?
Jul 15, 2014 19:43
|
|
|
Yeah, I feel like the key problem with KeePass is getting it to the point where password reuse and management is not a subtle drain on your time due to the lack of good browser/OS integration. I run dev on Ubuntu, plus I've recently gotten a Mac that I'm using for testing Safari/iOS, but am leaning towards using that as my non dev activities computer just so I can get more use out of it. Sort of feels like that makes sense as an approach anyway. Right now I'm wondering whether to ditch my KeePass shanty town in favour of LastPass or something like it, that sports a much better browser integration which can save a ton of time in the long run. LastPass's integration is really REALLY nice, but as everyone says, there's the risk of handing over the keys to the castle in a way you have little control over.
|
|
#
?
Jul 15, 2014 20:21
|
|
|
what's the yospinion on passwordsafe?
|
|
#
?
Jul 15, 2014 20:33
|
|
|
keepass is minimal trouble if you keep it synced over some cloudthing, there are legit cloud providers other than dropbox that are security-minded, like younited from F-Secure. it has "secure" right there in the name! also use a key file and don't put that file in the cloud.
|
|
#
?
Jul 15, 2014 20:45
|
|
|
Progressive JPEG posted:so you must fork twice (id assume without hitting the prng after the first fork to avoid the PID mismatch being detected), and the grandparent process needs to have exited so that the grandchild process has a chance of being given the same PID if only there were some way of registering a function to be called at fork time
|
|
#
?
Jul 15, 2014 20:53
|
|
|
i don't bother with keyfiles and i store my keep rear end database in dropbox but i also use a diceware password and use enough rounds of key stretching that it takes a second to decrypt
|
|
#
?
Jul 15, 2014 20:54
|
|
|
Please Use Microsoft Sky(One)Drive
|
|
#
?
Jul 15, 2014 20:54
|
|
|
is 1password déclassé now rufo cracked the licensing keygen
|
|
#
?
Jul 15, 2014 21:14
|
|
|
lastpass premium+yubikey imo 12 bucks a year plus a 25$ 2fa nerdkey for peace of mind seems worth it to me that vuln was def disconcerting tho
|
|
#
?
Jul 15, 2014 21:24
|
|
deserve got nothin to do with it
|
lmao if you have lastpass/onepass/asspass and keep the creds for your email account to which everything is tied to in it and you dont have 2fa
|
|
#
?
Jul 15, 2014 21:47
|
|
|
cheese-cube posted:lmao if you have lastpass/onepass/asspass and keep the creds for your email account to which everything is tied to in it and you dont have 2fa also yeah this my e-mail account password isn't written down anywhere
|
|
#
?
Jul 15, 2014 21:51
|
|
|
my email is 2fa'd so w/e @ t he passwordl ol
|
|
#
?
Jul 15, 2014 21:58
|
|
|
i dont get why browser integration is such a big deal, i log in to a handful of sites regularly and it really isnt any trouble to open keepassx, double-click things and middle-click paste them into the right fields on websites
|
|
#
?
Jul 15, 2014 22:12
|
|
|
today's security fuckup is oracle. it's time for the quarterly java security update: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA 20 exploits, all remotely exploitable without authentication, 8 of them 9.3 scores or higher 
|
|
#
?
Jul 15, 2014 22:15
|
|
|
Number19 posted:today's security fuckup is oracle. it's time for the quarterly java security update: looking forward to reading qualys reports next week, a nightmare in pdf form
|
|
#
?
Jul 15, 2014 22:21
|
|
|
cheese-cube posted:looking forward to doing quaaludes next week
|
|
#
?
Jul 15, 2014 22:24
|
|
|
Lysidas posted:i dont get why browser integration is such a big deal, i log in to a handful of sites regularly and it really isnt any trouble to open keepassx, double-cli- Aaaaand you've lost the audience.
|
|
#
?
Jul 15, 2014 22:32
|
|
|
u know, at this point i really cant tell what is worse: taking narcotics or supporting jre
|
|
#
?
Jul 15, 2014 22:46
|
|
|
infernal machines posted:what's the yospinion on passwordsafe? I made myself a MacOS build of it (gently caress paying for the official version from the app store), successfully after enduring a serious degree of pain (like installing and setting up wxWindows), and it's vile garbage. works, but barely. broken UI, had to comment out a few asserts, correct some bugs to even get it to start. crashy crap I never keep running for long but it works, and I have moved all of my passwords to it hackbunny fucked around with this message at 22:56 on Jul 15, 2014 |
|
#
?
Jul 15, 2014 22:52
|
|
|
cheese-cube posted:u know, at this point i really cant tell what is worse: taking narcotics or supporting jre if you're supporting the jre then you're definitely doing the other
|
|
#
?
Jul 15, 2014 22:55
|
|
|
Lysidas posted:i dont get why browser integration is such a big deal, i log in to a handful of sites regularly and it really isnt any trouble to open keepassx, double-click things and middle-click paste them into the right fields on websites source your quotes
|
|
#
?
Jul 15, 2014 23:03
|
|
|
hackbunny posted:I made myself a MacOS build of it (gently caress paying for the official version from the app store), successfully after enduring a serious degree of pain (like installing and setting up wxWindows), and it's vile garbage. works, but barely. broken UI, had to comment out a few asserts, correct some bugs to even get it to start. crashy crap I never keep running for long grazie mille i'm on win32 so it basically just worked out of the box. at some point we're going to use it with yubikey for 2fa
|
|
#
?
Jul 15, 2014 23:12
|
|
|
Number19 posted:today's security fuckup is oracle. it's time for the quarterly java security update: i think we need a new word for the java security model. sandboxing doesn't quite carry the right meaning. perhaps "soliciting", as in "java solicits malicious code"
|
|
#
?
Jul 16, 2014 02:17
|
|
|
i really like java but there oughta be a law against java plugin
|
|
#
?
Jul 16, 2014 02:18
|
|
|
|
| # ? May 14, 2024 09:48 |
|
|
Catboxing would be a perfect term. no matter how many times you scoop there's more stinkers hiding away and you know it. and one day they'll be uncovered And just like java the best approach is to throw all of it in the garbage and start fresh
|
|
#
?
Jul 16, 2014 02:19
|
|