|
Lain Iwakura posted:this thread is great if you're an ex-AV industry person like me or just hate AV like me “pope pope ret” is a very good name
|
#
?
Jul 29, 2019 04:08
|
|
|
|
| # ? Apr 27, 2024 16:58 |
|
|
haveblue posted:why does everything come with web servers these days 
|
|
#
?
Jul 29, 2019 04:10
|
|
|
Deep Dish Fuckfest posted:well gently caress i've been wondering for years why those things were hundreds of MBs like a decade ago but this is the first time someone's provided me with any insight whatsoever about what was actually in there Not the kernel but they’re absolutely running that poo poo as a service under the system account and binding it to 0.0.0.0
|
|
#
?
Jul 29, 2019 05:47
|
|
|
BangersInMyKnickers posted:Not the kernel but they’re absolutely running that poo poo as a service under the system account and binding it to 0.0.0.0  I wonder how many people actually change the username/password.
|
|
#
?
Jul 29, 2019 06:05
|
|
|
Shaggar posted:i think its more that applications use services to handle privileged tasks without giving the user UAC prompts. and then if you're gonna have a service why not make it a web service. For a raid controller this might also be useful if its intended for management over a network. It reminds me of the elaborate poo poo that garbage developers did right after UAC launched to "work around" it, except now it's ~best practice~ among enterprise idiots abigserve posted:if you want to write an electron app without writing the entire backend in Node you will need to run a web server at some point I thought the same thing and uninstalled that poo poo immediately. this system can live without RAID. pseudorandom posted:
It makes you change it on login, but it's still 100+MB of code that eats network poo poo on one end and diddles your SATA controller on the other.
|
|
#
?
Jul 29, 2019 06:29
|
|
|
I'm just waiting for the first vendor that binds a serial to ip bridge to the jtag interface and presents it to the network
|
|
#
?
Jul 29, 2019 13:47
|
|
|
that has to have happened already as a feature on a non-dev platform
|
|
#
?
Jul 29, 2019 13:48
|
|
|
BangersInMyKnickers posted:I'm just waiting for the first vendor that binds a serial to ip bridge to the jtag interface and presents it to the network uuuuuuhhhhhhhhhhhh
|
|
#
?
Jul 29, 2019 13:59
|
|
|
Potato Salad posted:uuuuuuhhhhhhhhhhhh listen its too early on a monday for me to get this upset
|
|
#
?
Jul 29, 2019 14:00
|
|
|
BangersInMyKnickers posted:listen its too early on a monday for me to get this upset there's a non-zero chance that failing to reset your password at my current work resets it to "Abcd1234" remember to watch that blood pressure
|
|
#
?
Jul 29, 2019 14:07
|
|
|
Cocoa Crispies posted:“pope pope ret” is a very good name Pope Pope horny, George Michael.
|
|
#
?
Jul 29, 2019 16:00
|
|
|
Stabby McDamage posted:100+MB of code that eats network poo poo on one end and diddles your SATA controller on the other. Please don't cable kink shame
|
|
#
?
Jul 29, 2019 17:12
|
|
|
so i am failing to read anything on dashlane's website on how it even works and i am guessing it's just a lastpass clone https://support.dashlane.com/hc/en-us anyone got a clue? i am trying to avoid installing it before i know what is going on their release notes give some clue but still vague https://support.dashlane.com/hc/en-us/articles/206553939-Release-notes but then there is this other poo poo  so are they scanning the passwords server-side or is your client pinging back? because then there is this poo poo  i am going to say that this is possibly worse than lastpass and that is impressive
|
|
#
?
Jul 29, 2019 18:44
|
|
|
... and to my dad, i leave my suicidegirls account
|
|
#
?
Jul 29, 2019 18:59
|
|
|
as far as the identity protection stuff goes some of it is probably done entirely locally (ex: password reuse checking) and some of it they probably send the credentials to their own services for testing. Its possible they have a local db of compromised credentials that they check against, but the remote service thing seems more likely. it would be possible to generate a hash of the credentials and send that for comparison instead of the credentials themselves. the emergency contacts thing is fine. you may not have a use for it, but plenty of people do.
|
|
#
?
Jul 29, 2019 19:01
|
|
|
you could try contacting their support to get the specific implementation details.
|
|
#
?
Jul 29, 2019 19:02
|
|
|
1password's newer versions also do a check for compromised PW's against haveibeenpwned, they send the first 5 characters of your hashed password to hibp, get a list back of all matching hashes, and do a local comparison. Dunno if Dashlane's implementation is that but hopefully it's something similar.
|
|
#
?
Jul 29, 2019 19:06
|
|
|
its probably the same thing as everyone else - checking haveibeenpwned, and will coincidentally break just along with every other vendor once HIBP goes private
|
|
#
?
Jul 29, 2019 19:07
|
|
|
power botton posted:its probably the same thing as everyone else - checking haveibeenpwned, and will coincidentally break just along with every other vendor once HIBP goes private it'll break if they don't pay HIBP.
|
|
#
?
Jul 29, 2019 19:08
|
|
|
according to the "dark web" monitoring faq they host the data in house, but have some sort of partnership with SpyCloud based entirely on the stupid animated console example on spyclouds api website I suspect the client does a query against the api which returns the "dark web" data, including hashed passwords.
|
|
#
?
Jul 29, 2019 19:08
|
|
|
power botton posted:its probably the same thing as everyone else - checking haveibeenpwned, and will coincidentally break just along with every other vendor once HIBP goes private yeah, 1pass's watchtower service does this
|
|
#
?
Jul 29, 2019 19:10
|
|
|
crazysim posted:it'll break if they don't pay HIBP. so then half these vendors will change it to a susbcription based "identity protection service" for an extra 2 bucks/month or something. 1password is already subscription based and set up nicely for this. lower the cost of the normal version by a dollar or whatever and increase the cool HIBP integration to like 2$/month or whatever. either way im going to assume a lot of these services will go pay only or break, so you don't have to worry about it unless you actually opt in.
|
|
#
?
Jul 29, 2019 19:31
|
|
|
Lain Iwakura posted:so i am failing to read anything on dashlane's website on how it even works and i am guessing it's just a lastpass clone I use Dashlane as my password manager and it suits my needs. They've had a handful of security flaws over the years but nothing outrageous and were quick to fix. Solid 2FA support for my Yubikey. It's your bog standard password manager. Unsure about that emergency contact thing, it's new to me.
|
|
#
?
Jul 29, 2019 21:26
|
|
|
Dashlane has always sketched me the gently caress out and I wouldn't touch it with a ten foot pole
|
|
#
?
Jul 29, 2019 21:27
|
|
|
lol ran some janky webapp we own's uri through a base64 decoder andcode:
|
|
#
?
Jul 29, 2019 21:29
|
|
|
Last Chance posted:Dashlane has always sketched me the gently caress out and I wouldn't touch it with a ten foot pole that is my logic too. there is nothing about it that really makes me go "yeah that is good"
|
|
#
?
Jul 29, 2019 21:50
|
|
|
Lain Iwakura posted:
Lain Iwakura posted:because then there is this poo poo
|
|
#
?
Jul 29, 2019 21:51
|
|
|
evil_bunnY posted:Isn't that hash comparison with hibp? how do you think it works?
|
|
#
?
Jul 29, 2019 21:55
|
|
|
infernal machines posted:how do you think it works? Poorly?
|
|
#
?
Jul 29, 2019 21:55
|
|
|
evil_bunnY posted:Isn't that hash comparison with hibp? i am asking if this is server-side or client. my gut says client but i am failing to see any mention of how they manage any of this quote:I mean having so many is weird but why wouldn't you want your partner able to access your poo poo if you get yourself 6ft under? Does it work differently than I'm assuming? there are other, better ways to do this and relying on the server to dictate when to give the keys to someone else is pretty problematic
|
|
#
?
Jul 29, 2019 21:59
|
|
|
Lain Iwakura posted:so i am failing to read anything on dashlane's website on how it even works and i am guessing it's just a lastpass clone Idgi. what specifically are you investigating dashlane for? 1Password, lastpass, and dashlane all have pretty much the exact same functionality and use. dashlane costs more but it has a vpn and some other items. included. they all have emergency contacts which you don’t have to setup. dashlane is also originally (?) from france so I suppose it may have stricter data regulations... depending on if they’re used or if it matters since they have servers in the US who knows. in terms of a copy... I guess but in the same sense lastpass is a copy of 1password. you could always use keepassXC which has the EFF seal of approval.
|
|
#
?
Jul 29, 2019 22:10
|
|
|
source you're posts
|
|
#
?
Jul 29, 2019 22:14
|
|
|
BangersInMyKnickers posted:I'm just waiting for the first vendor that binds a serial to ip bridge to the jtag interface and presents it to the network a supermicro blade server we have contains an integrated 10gig switch. The console connection is serial -> ip -> ethernet -> integrated ethernet to usb adapter -> usb 2.0 type A female connector Yes it has a DHCP server turned on by default, and bridges you to vlan 1.
|
|
#
?
Jul 29, 2019 22:16
|
|
|
am I reading that wrong or did they just use a serial to USB bridge with extra steps
|
|
#
?
Jul 29, 2019 22:17
|
|
|
BangersInMyKnickers posted:lol ran some janky webapp we own's uri through a base64 decoder and it was encrypted with base64!
|
|
#
?
Jul 29, 2019 22:18
|
|
|
I dated a chick I met on dashlane
|
|
#
?
Jul 29, 2019 22:19
|
|
|
Vomik posted:Idgi. what specifically are you investigating dashlane for? this is a garbage response and you don't seem to get the spirit of this thread i'm saying that lastpass looks like trash and there is little on their website documenting how it even functions
|
|
#
?
Jul 29, 2019 22:27
|
|
|
and also this dashlane product people speak of
|
|
#
?
Jul 29, 2019 22:38
|
|
|
Wiggly Wayne DDS posted:and also this dashlane product people speak of that too. my brain categorized it as the same I guess
|
|
#
?
Jul 29, 2019 22:39
|
|
|
|
| # ? Apr 27, 2024 16:58 |
|
|
Raere posted:I use Dashlane as my password manager and it suits my needs. … Solid 2FA support for my Yubikey. It's your bog standard password manager. how does 2fa work with a password manager
|
|
#
?
Jul 29, 2019 22:40
|
|