|
https://twitter.com/KLM/status/994558640953716737
|
#
?
May 10, 2018 15:39
|
|
|
|
| # ? Apr 29, 2024 18:30 |
|
|
you just know there are probably multiple people working at KLM whose password is "KLM"
|
|
#
?
May 10, 2018 15:45
|
|
|
KLM has really poor security. I have a flying blue account and I think if I do the password reset a certain way all I need is a 4-digit pin. IIRC.
|
|
#
?
May 10, 2018 16:02
|
|
|
KLM is gonna rock ya
|
|
#
?
May 10, 2018 16:24
|
|
|
finally a reason to dig more into valve https://hackerone.com/valve i've documented cases with them before, expect a lot of low-hanging fruit especially with how the partner site interacts with everything else
|
|
#
?
May 10, 2018 16:28
|
|
|
Wiggly Wayne DDS posted:finally a reason to dig more into valve https://hackerone.com/valve Now you're thinking with web portals
|
|
#
?
May 10, 2018 16:34
|
|
|
Wiggly Wayne DDS posted:finally a reason to dig more into valve https://hackerone.com/valve it annoys me how i have to opt-out of Steam remembering my credit card every time i make a purchase no goddamnit i do not trust you with my goddamn credit card number!
|
|
#
?
May 10, 2018 16:40
|
|
|
Farmer Crack-rear end posted:it annoys me how i have to opt-out of Steam remembering my credit card every time i make a purchase Don't they just save a token from the payment processor?
|
|
#
?
May 10, 2018 16:45
|
|
|
Farmer Crack-rear end posted:it annoys me how i have to opt-out of Steam remembering my credit card every time i make a purchase they accept paypal now so i just use that instead because yeah lol even if they're using some third party processor i don't trust valve not to gently caress up somehow
|
|
#
?
May 10, 2018 17:00
|
|
|
https://arstechnica.com/information-technology/2018/05/attackers-trigger-rowhammer-bit-flips-by-sending-network-packets-over-a-lan/ back to rowhammer, apparently all you need to do is send a vulnerable box some packets 
|
|
#
?
May 10, 2018 17:08
|
|
|
Farmer Crack-rear end posted:it annoys me how i have to opt-out of Steam remembering my credit card every time i make a purchase I buy steam gift cards so that I don’t have to deal with any of that bullshit
|
|
#
?
May 10, 2018 17:10
|
|
|
do rowhammer attacks need to be tailored for a specific target? I can kind of see the results changing drastically across OS, software, memory, etc. configurations edit: obviously there will always be a market for tailored attacks but I'm mainly wondering if it's something that can reliably do bad things to many people embedded in a banner ad, email attachment, etc. BattleMaster fucked around with this message at 17:27 on May 10, 2018 |
|
#
?
May 10, 2018 17:21
|
|
|
Subjunctive posted:Don't they just save a token from the payment processor? yes
|
|
#
?
May 10, 2018 17:26
|
|
|
Do none of you ever shop online or what? Like I just assume all online merchants are poo poo at credit card infosec and let my issuer's risk department handle that. fake edit: Capital One brought back one-off virtual numbers if you wanna compartmentalize. fake edit 2: The only time I've actually had fraudulent charges was from an irl visit to a beer garden where someone wrote down the digits and manually keyed in a bunch of small transactions two weeks later.
|
|
#
?
May 10, 2018 17:30
|
|
|
BattleMaster posted:do rowhammer attacks need to be tailored for a specific target? I can kind of see the results changing drastically across OS, software, memory, etc. configurations yes and no. everyone is using the same DDR3/4 chips which is the common platform so the attack itself is pretty much universal. OS allocate memory in 4kb pages and a row contains 8kb of data so you can dump your payload in the rows above and below the target. the question becomes on the target what page contains the target bit(s) you're trying to flip
|
|
#
?
May 10, 2018 17:33
|
|
|
RISCy Business posted:https://arstechnica.com/information-technology/2018/05/attackers-trigger-rowhammer-bit-flips-by-sending-network-packets-over-a-lan/ rdma nic required, lol
|
|
#
?
May 10, 2018 17:38
|
|
|
Subjunctive posted:Don't they just save a token from the payment processor?
|
|
#
?
May 10, 2018 19:07
|
|
|
quote:Important new features in npm and the npm Registry will help you discover, share, and reuse code with confidence. cue 8 million "insecure" warnings on each npm install because a bunch of things 8 dependencies deep haven't been updated in half a decade oh well, good job trying npm
|
|
#
?
May 10, 2018 20:27
|
|
|
if only there was a central repository for them to audit rather than farming it out to every client in other news more info's been released on bypassing arbitary code guard's implementation in edge https://googleprojectzero.blogspot.co.uk/2018/05/bypassing-mitigations-by-attacking-jit.html
|
|
#
?
May 10, 2018 20:33
|
|
|
https://twitter.com/thememoryhole2/status/994641217957826562 lol you think there'd be something to secure this, but nope
|
|
#
?
May 10, 2018 23:19
|
|
|
I think there are 2 pretty good options: 1) disable the feature 2) when disposing of the printer, destroy the drives like you would when disposing a computer.
|
|
#
?
May 10, 2018 23:28
|
|
|
every machine I've used with a password function to use secure print has been the default 4 numbers
|
|
#
?
May 10, 2018 23:32
|
|
|
NoneMoreNegative posted:https://twitter.com/thememoryhole2/status/994641217957826562 Lol technology was a mistake.
|
|
#
?
May 10, 2018 23:49
|
|
|
mrmcd posted:Lol technology was a mistake. ai will fix it
|
|
#
?
May 11, 2018 00:12
|
|
|
Phone posted:ai will fix it no the block chain will
|
|
#
?
May 11, 2018 00:21
|
|
|
terminator 2 is one way to solve technology, yes
|
|
#
?
May 11, 2018 00:23
|
|
|
mrmcd posted:Lol technology was a mistake. it can't be that bad, right? quote:Juntunen picked four machines based on price and the number of pages printed. In less than two hours his selections were packed and loaded onto a truck. The cost? About $300 each. oh 
|
|
#
?
May 11, 2018 00:24
|
|
|
mrmcd posted:Lol technology was a mistake. it all declined starting with the typewriter and spoiling the tape out to see messages
|
|
#
?
May 11, 2018 00:41
|
|
|
Lutha Mahtin posted:it can't be that bad, right? BUFFALO.
|
|
#
?
May 11, 2018 01:06
|
|
|
pulling documents off of mfds is fun because some of them use a stripey, weird-endian image format to store their data. I remember one of the VA guys needed a fair bit of time and trials to figure out what the hell it was doing others are like "here's a tif oh and also i'm literally an unpatched winxp box" they do make encryption modules for the copiers, but they're expensive so most places just opt for destroying the drive once the device is EOLed, or when someone puts something on it that shouldn't be on that network (which usually happens about four minutes after the fucker's plugged in)
|
|
#
?
May 11, 2018 01:14
|
|
|
Flip side of the coin, SED/TPM models are a bitch to service when the lovely 128GB drive dies.
|
|
#
?
May 11, 2018 01:27
|
|
|
Ur Getting Fatter posted:Now you're thinking with web portals
|
|
#
?
May 11, 2018 02:05
|
|
|
do copiers fall into the dumb grandfathered in exclusions to HIPAA rules like fax machines do? i mean a lot of copiers are also fax machines...
|
|
#
?
May 11, 2018 03:01
|
|
|
no. they would count since its regular data storage. it would need to be stored encrypted at rest and then destroyed properly when the hardware is decommissioned. the best solution is to prevent it from being stored in the first place since it has no benefit.
|
|
#
?
May 11, 2018 03:31
|
|
|
this is as low-tech as it gets but i think it definitely belongs in this thread https://twitter.com/NPR/status/994659661792985088 (DNS cache poisoning: now offline!)
|
|
#
?
May 11, 2018 04:17
|
|
|
fantastic
|
|
#
?
May 11, 2018 04:21
|
|
|
ol qwerty bastard posted:this is as low-tech as it gets but i think it definitely belongs in this thread quote:Henderson-Spruce allegedly messed up the form a little. "Henderson-Spruce did not identify himself on the one-page form. At first, the initials 'HS' were written on the signature line, but the initials were then scratched out and replaced with 'UPS,' according to the charges," the Tribune reports. lol Seriously I'm actually laughing out loud at this.
|
|
#
?
May 11, 2018 04:23
|
|
|
NoneMoreNegative posted:https://twitter.com/thememoryhole2/status/994641217957826562
|
|
#
?
May 11, 2018 04:34
|
|
|
Submit this form to discover the one weird DNS hijack trick Postmasters hate!
SeaborneClink fucked around with this message at 06:18 on May 11, 2018 |
|
#
?
May 11, 2018 06:15
|
|
|
|
| # ? Apr 29, 2024 18:30 |
|
|
NoneMoreNegative posted:https://twitter.com/thememoryhole2/status/994641217957826562 what? seriously? why do they need to store documents on a hard disk?
|
|
#
?
May 11, 2018 06:34
|
|
