|
https://techcrunch.com/2019/05/07/freedom-mobile-data-leak/ nothing like logging passwords in plaintext in a log collector
|
# ? May 8, 2019 14:52 |
|
|
# ? Apr 26, 2024 03:43 |
|
Lain Iwakura posted:https://techcrunch.com/2019/05/07/freedom-mobile-data-leak/ quote:We also found full credit card numbers, expiry dates and verification numbers stored in plaintext. [PCI Compliance Intensifies]
|
# ? May 8, 2019 14:59 |
|
fml. they have my credit card number for my mother's phone service. welp. time for a new card.
|
# ? May 8, 2019 15:02 |
|
https://twitter.com/KateLibc/status/1125963290050359301 i'm having fun with this. i wonder what sort of sensitive data exists within
|
# ? May 8, 2019 16:02 |
|
clearly has some bash logs in there too
|
# ? May 8, 2019 16:08 |
|
I put in "butts" and it started talking about the Patriots so score one for machine learning
|
# ? May 8, 2019 16:11 |
|
Lain Iwakura posted:https://twitter.com/KateLibc/status/1125963290050359301 i would prefer not to touch the poop but man is this one deep kybo maybe
|
# ? May 8, 2019 16:17 |
|
this is probably better in the markov thread but one of my pet peeves about the GPT-2 output is it will give itself an end of text token then happily change topics and styles
|
# ? May 8, 2019 16:22 |
|
https://twitter.com/filosottile/status/1125840275346198529
|
# ? May 8, 2019 17:16 |
This is probably the least surprising thing about System500.
|
|
# ? May 8, 2019 18:15 |
|
here's poettering's explanation of why they didn't just use getrandom: poettering posted:BTW, the reason we use RDRAND in some cases instead of getrandom() [which we use in many others] is that we need to generate uuids early on (since every service we starts gets one passed, the "invocation ID", and for other stuff too), but getrandom complains in dmesg or blocks if we call it before the pool is initialized. Since systemd is one of the earliest programs that runs and thus very likely comes into contact with an uninitialized pool we attempt to avoid that by using RDRAND when generating uuids, since it should be good enough for that, as the usecase needs a "mid-quality" rng source: not crypt quality and not totally guessable either. so is this a case of them being lazy and not doing something to get the pool initialized before calling getrandom?
|
# ? May 8, 2019 18:27 |
|
this is definitely more 'lol amd' than 'lol lennart' at any rate
|
# ? May 8, 2019 18:33 |
|
https://twitter.com/mayorbcyoung/status/1125826676280188929
|
# ? May 8, 2019 18:46 |
|
Farmer Crack-rear end posted:here's poettering's explanation of why they didn't just use getrandom: ah, yes, the laziness where when the CPU says that it's high-quality random number generator works, you use the CPU's high-quality random number generator for non-cryptographic purposes
|
# ? May 8, 2019 18:46 |
|
"please enter a memorable word in case you forget your pasword or username", ok that's dumb so ill mash the keyboard to make it a random string and put it in keepass.... edit: my keyboard mashing is evidently insufficiently random. Also I tried an actual word and it rejected it for having "3 or more sequential letters". Hope your memborable word doesn't contain "nop"!
|
# ? May 8, 2019 19:28 |
|
i want that database to get compromised so i can see how many people used "boners" or "weed" or "gently caress"
|
# ? May 8, 2019 19:32 |
|
Powerful Two-Hander posted:"please enter a memorable word in case you forget your pasword or username", ok that's dumb so ill mash the keyboard to make it a random string and put it in keepass.... What The gently caress
|
# ? May 8, 2019 19:34 |
|
"please see 800-63b" unfortunately has repeated characters too
|
# ? May 8, 2019 19:35 |
|
Powerful Two-Hander posted:"please enter a memorable word in case you forget your pasword or username", ok that's dumb so ill mash the keyboard to make it a random string and put it in keepass.... does sequence include sequence on the keyboard? would "powerful" be no good?
|
# ? May 8, 2019 19:38 |
|
Shame Boy posted:i want that database to get compromised so i can see how many people used "boners" or "weed" or "gently caress" flakeloaf posted:does sequence include sequence on the keyboard? would "powerful" be no good? yeah i think "PowerfulWeedBoners" is ok, please don't share this though as it's secret!!!!
|
# ? May 8, 2019 19:50 |
|
kjs500
|
# ? May 8, 2019 20:59 |
|
Powerful Two-Hander posted:"please enter a memorable word in case you forget your pasword or username", ok that's dumb so ill mash the keyboard to make it a random string and put it in keepass.... https://www.youtube.com/watch?v=H8x6x8enzrk
|
# ? May 8, 2019 21:12 |
|
Potato Salad posted:What take every developer and sysadmin who came up with these policies and break them upon the wheel then replace all former password policies with "must be at least a 30-character sentence" there, i've solved it forever. if you think typing 30 letters in a row with no mistakes is an undue hardship i hate you.
|
# ? May 8, 2019 21:38 |
|
pseudorandom name posted:ah, yes, the laziness where when the CPU says that it's high-quality random number generator works, you use the CPU's high-quality random number generator for non-cryptographic purposes i was more replying to the tweet that lain embedded that implicitly criticized systemd for not just calling getrandom
|
# ? May 8, 2019 21:46 |
|
Sagebrush posted:take every developer and sysadmin who came up with these policies and break them upon the wheel I think having to read 30 letters in a row written by you is an undue hardship, hth?
|
# ? May 8, 2019 23:04 |
|
Sagebrush posted:take every developer and sysadmin who came up with these policies and break them upon the wheel "to login, please enter characters 9, 17 and 23 of your password"
|
# ? May 8, 2019 23:11 |
|
Farmer Crack-rear end posted:i was more replying to the tweet that lain embedded that implicitly criticized systemd for not just calling getrandom yeah that tweet was made by an idiot
|
# ? May 8, 2019 23:12 |
|
Powerful Two-Hander posted:"to login, please enter characters 9, 17 and 23 of your password" I really hate banks that do this
|
# ? May 8, 2019 23:15 |
|
I’m going to abuse my relationship with Lain to post a job description here. I don’t read YOSPOS anymore so PM me or sbjnctv@gmail.com if you’re a loser without plat. I’m going to need a software developer focused on security soon. Hit me if that’s you. - I’d be your boss’ boss, and you’ll never have as supportive a management chain as this one. I’m not kidding even a little. - you need to make good decisions about tooling vs process vs just writing the diffs and tests yourself - someone else handles all the certification/audit poo poo, you just deal with real problems and getting ahead of them - our office is attached to a downtown subway station (line 1, west line best line) - other software developers want to do a good job and will thank you for helping them not gently caress up - when you tell a PM they shouldn’t ship because of a security issue, they listen - strong privacy and tech ethics values, and we spend to honour them - training? conferences? working from Tbilisi for two weeks because you’ve never been there (actual example)? tell your boss how it makes sense and sure. you’re an adult - more than a year of runway - actual paying customers - you should be able to tell me about how you fixed a security fuckup and made sure it stayed fixed - we have fired recruiting agencies for bringing us only white dudes for leadership and tech positions - you don’t need to know about AI, but you’ll sure learn about it, including privacy and bias pieces - talking to people (internal mostly) is part of the job. you can get coached to gently caress and back, but you can’t dodge it - you’re moving to Toronto or convincing me that you can kick all the rear end if you’re here 1 out of 3 weeks - your options are meaningfully in the black on day one because Canadian tax accounting is amazing e: Lain isn’t even OP, well whatever
|
# ? May 8, 2019 23:30 |
|
Mods, ban this sick filth.
|
# ? May 8, 2019 23:37 |
|
first, please spank me viciously
|
# ? May 8, 2019 23:41 |
|
|
# ? May 8, 2019 23:42 |
|
Subjunctive posted:- I’d be your boss’ boss, and you’ll never have as supportive a management chain as this one. I’m not kidding even a little. Subjunctive posted:- you need to make good decisions about tooling vs process vs just writing the diffs and tests yourself Subjunctive posted:- talking to people
|
# ? May 8, 2019 23:43 |
|
im not canadian and have no relevant experience but the rest of that stuff sounds pretty good op
|
# ? May 9, 2019 00:30 |
|
oh, we can do the visa thing, no question
|
# ? May 9, 2019 00:32 |
|
Subjunctive posted:oh, we can do the visa thing, no question Geez this is what pisses me off most about hiring in the US. "completely qualified and willing to relocate! Ooops sorry you're from outside the US, we can get you a visa in exactly never years"
|
# ? May 9, 2019 01:18 |
|
if you can get the job, we can get you in. and if it takes a long time, we’ll pay you to work remote in the interim. we aren’t animals
|
# ? May 9, 2019 01:21 |
|
how many figgies
|
# ? May 9, 2019 02:38 |
|
Celexi posted:I really hate banks that do this the little credit union where i first got a bank account when i was a child started doing online banking about 5 years ago the login is your account number the password is your ATM PIN, which must be four numbers i do not keep my money there these days.
|
# ? May 9, 2019 02:48 |
|
|
# ? Apr 26, 2024 03:43 |
|
Soricidus posted:how many figgies a deece number, most likely
|
# ? May 9, 2019 02:52 |