|
ate all the Oreos posted:USPS is actually very good at intuiting what you meant if you gently caress up an address I really want to send something just addressed to "That one bastard, Seattle, Washington."
|
#
?
May 16, 2018 20:47
|
|
|
|
| # ? May 6, 2024 01:25 |
|
|
in actual good news wireguard finally released an osx client just needs ios client and i can stop using openvpn forever
|
|
#
?
May 16, 2018 20:52
|
|
|
ate all the Oreos posted:USPS is actually very good at intuiting what you meant if you gently caress up an address doesnt usps usually just need house number and zip code to know what you meant? it's something like that
|
|
#
?
May 16, 2018 21:46
|
|
|
Bunni-kat posted:I really want to send something just addressed to "That one bastard, Seattle, Washington." I think Jeff's address is publicly known.
|
|
#
?
May 16, 2018 22:08
|
|
|
Potato Salad posted:I think Jeff's address is publicly known. Time for me to leave the ol spicy brown bag on his doorstep
|
|
#
?
May 16, 2018 22:59
|
|
|
Arcsech posted:doesnt usps usually just need house number and zip code to know what you meant? yeah, zip + 4 and one other piece of information should be enough if its a po box, you can do zip + 4 and nothing else if you want to feel like a spy
|
|
#
?
May 16, 2018 23:08
|
|
|
usps pushed the zip+4 poo poo really hard back in the day but it was a time where it was near impossible to figure out what those +4 were. but now with the internet most addresses can be deduced automatically so
|
|
#
?
May 16, 2018 23:12
|
|
|
Potato Salad posted:I think Jeff's address is publicly known. Best possible answer.
|
|
#
?
May 17, 2018 00:34
|
|
|
goddamnedtwisto posted:in the uk the royal mail have a master database of every valid postal address that is considered authoritative and can be licensed Ulf fucked around with this message at 13:30 on May 17, 2018 |
|
#
?
May 17, 2018 13:28
|
|
|
Ulf posted:that must be a huge regex We're gonna need a shitload of dimes.
|
|
#
?
May 17, 2018 13:36
|
|
|
duz posted:yeah, zip + 4 and one other piece of information should be enough What does the +4 stand for?
|
|
#
?
May 17, 2018 14:20
|
|
|
Ulf posted:that must be a huge regex reginex, at least for the moment 
|
|
#
?
May 17, 2018 14:31
|
|
|
EssOEss posted:What does the +4 stand for? it's 4 more zip code digits added to the end that allow the code to be specific enough to narrow it down to something like a city block, apartment complex, small neighborhood etc
|
|
#
?
May 17, 2018 14:34
|
|
|
they should just move to using WhatThreeWords instead 
|
|
#
?
May 17, 2018 14:52
|
|
|
ate all the Oreos posted:it's 4 more zip code digits added to the end that allow the code to be specific enough to narrow it down to something like a city block, apartment complex, small neighborhood etc the 4 digits represent a specific carrier route or PO box
|
|
#
?
May 17, 2018 15:18
|
|
|
The cell tower location data of every American cell phone on all carriers was accessible via a lovely demo form for a least a year: https://krebsonsecurity.com/2018/05...a-its-web-site/
|
|
#
?
May 17, 2018 20:18
|
|
|
all this location stuff came at a good time since our customers have been asking for the questionably legal functionality the competition was offering them and weve been having to try and not outright say they are doing something theyre not supposed to, now we have these articles to show off and give us some room yay for secfucks drawing away attention i guess duz fucked around with this message at 14:21 on May 18, 2018 |
|
#
?
May 17, 2018 20:57
|
|
|
Trabisnikof posted:The cell tower location data of every American cell phone on all carriers was accessible via a lovely demo form for a least a year: https://krebsonsecurity.com/2018/05...a-its-web-site/ https://twitter.com/saladinahmed/status/995481665026871296
|
|
#
?
May 17, 2018 20:58
|
|
|
I found my first career secfuck! An application my poo poo was linking to added a login page, but implemented it such that the page my app links to (with the sensitive data) is transmitted in full before some js is executed to redirect the login page.
|
|
#
?
May 17, 2018 21:11
|
|
|
Some asshat at a customer site decided that figuring out the routing from our Site2Site VPN was too hard and just exposed our server to the public internet without telling us. Take a guess what happened. I'm not looking forward to the fallout from this cluster gently caress 
|
|
#
?
May 17, 2018 21:37
|
|
|
External client secfuck...our API accepts an optional HTTP header that allows clients to send in their own correlation ID's so they can track events that pass through our system. Today I was looking at some logs to track down a harmless issue and noticed that some of the requests for a particular user had a correlation id of 'geoffrey2017'...ehhhh spidey sense prickling...a little more digging and it turns out for certain requests, one of our clients is sending through member's passwords in the correlation id. How does this happen. I don't just mean as a secfuck, but just...how is their code written so that such a nonsensical bug like that exists? Also we put a ton of effort into making sure our logs don't contain sensitive data but obvs this circumvented it and now I've had to clean our logs going back almost a year till when we went live.
|
|
#
?
May 17, 2018 21:44
|
|
|
Janitor Prime posted:Some asshat at a customer site decided that figuring out the routing from our Site2Site VPN was too hard and just exposed our server to the public internet without telling us. Take a guess what happened. Crypto or all customer info got leaked?
|
|
#
?
May 17, 2018 21:50
|
|
|
Zil posted:Crypto or all customer info got leaked?
|
|
#
?
May 17, 2018 21:55
|
|
|
so am I understanding the situation correctly when I say everybody involved with PGP is a dick?
|
|
#
?
May 17, 2018 22:05
|
|
|
Zil posted:Crypto or all customer info got leaked? Not sure what the impact was to the other systems on their lan, our only ssh login that worked didn't have sudo. From what I could tell form looking in /tmp they were running a bunch of bitcoin poo poo on it our 64core server. The system wasn't live yet, so there wasn't any data on that server to be had, but who knows about what else got owned on their network.
|
|
#
?
May 17, 2018 22:08
|
|
|
pseudorandom name posted:so am I understanding the situation correctly when I say everybody involved with PGP is a dick? You understand the situation correctly if your conclusion from the recent PGP news was "never use email to send something that's meant to be secure".
|
|
#
?
May 17, 2018 22:12
|
|
|
Lain Iwakura posted:https://twitter.com/KateLibc/status/992810127383183364 oh hey I went to his side track talk at def con Beijing and it was good
|
|
#
?
May 17, 2018 22:50
|
|
|
Cocoa Crispies posted:oh hey I went to his side track talk at def con Beijing and it was good he's really knowledgeable on telephony. i wouldn't ever argue with him
|
|
#
?
May 17, 2018 23:52
|
|
|
pseudorandom name posted:so am I understanding the situation correctly when I say everybody involved with PGP is a dick?
|
|
#
?
May 18, 2018 00:41
|
|
|
quote:Sadly, the GnuPG team made the decision that it’s not their job to pre-emptively address problems that they view as ‘clients misusing the GnuPG API’ (my paraphrase), even when that misuse appears to be rampant across many of the clients that use their tool. And so the most obvious fix for one part of the problem was not available. Not surprised in the least
|
|
#
?
May 18, 2018 01:20
|
|
|
Raere posted:Not surprised in the least Good avatar - post combo.
|
|
#
?
May 18, 2018 06:40
|
|
|
shady as hell warnings with bribes in attempt to get around GDPR?? https://twitter.com/jjbbllkk/status/997491067086819328 opt in/out of.. what
|
|
#
?
May 18, 2018 16:02
|
|
|
I'm not a lawyer, and definitely not one worrying about not getting slapped with 4%-of-global-revenue fines. But if I was, I'd be concerned about that sort of thing not actually counting as users giving informed consent to what you want to do. E: is gdpr compliance going to have tip-off bounties like tax evasion does?
|
|
#
?
May 18, 2018 16:14
|
|
|
I've heard there are a bunch of companies getting set up to do GDPR ambulance chasing in the same way the PPI claim thing spawned it's own little industry.
|
|
#
?
May 18, 2018 16:24
|
|
|
duz posted:all this location stuff came at a good time since our customers have been asking for the questionably legal functionality the competition was offering them and weve been having to try and not outright say they are doing something theyre not supposed to, now we have these articles to show off and give us some room There will be muted outrage for a week, if that, before Trump literally kills a puppy on live TV and everyone forgets about this. Your customers have literally nothing to fear pushing for this.
|
|
#
?
May 18, 2018 16:26
|
|
|
Jewel posted:shady as hell warnings with bribes in attempt to get around GDPR?? synergy is doing something slightly different but equally cheeky:  ooo you want to hear that exciting news don't you, eh buddy? ehh?
|
|
#
?
May 18, 2018 16:35
|
|
|
Volmarias posted:There will be muted outrage for a week, if that, before Trump literally kills a puppy on live TV and everyone forgets about this. Your customers have literally nothing to fear pushing for this. i agree that it will leave the news cycle shortly its more that we dont want to do it as a company because despite being scum we try to be ethical scum this isnt the first thing customers have asked for that weve tried to avoid doing because we felt it was ethically dubious
|
|
#
?
May 18, 2018 17:34
|
|
|
duz posted:all this location stuff came at a good time since our customers have been asking for the questionably legal functionality the competition was offering them and weve been having to try and not outright say they are doing something theyre not supposed to, now we have these articles to show off and give us some room when we have potential clients tell us that their current vendor lets them get PHI over SMS I tell them we dont do that because its a huge HIPAA violation.
|
|
#
?
May 18, 2018 18:07
|
|
|
ate all the Oreos posted:synergy is doing something slightly different but equally cheeky: one of my clients did something similar to this for their second GDPR mailer, subject line to the effect of “First look at *new product*” with a standard GDPR text opt-in (no new product news in the email itself), it actually garnered a couple thousand additional signups (people actually want this product) and I guess the trade off for the brand is if users ignore it they are gonna get cleaned anyhow come next week. Cheeky though. Cabal Ties fucked around with this message at 18:33 on May 18, 2018 |
|
#
?
May 18, 2018 18:31
|
|
|
|
| # ? May 6, 2024 01:25 |
|
|
ate all the Oreos posted:ooo you want to hear that exciting news don't you, eh buddy? ehh? are they gonna announce which synergy they are?
|
|
#
?
May 18, 2018 18:36
|
|