|
Cocoa Crispies posted:how does 2fa work with a password manager carefully!
|
#
?
Jul 29, 2019 22:48
|
|
|
|
| # ? Apr 16, 2024 06:35 |
|
|
BattleMaster posted:am I reading that wrong or did they just use a serial to USB bridge with extra steps You read it correctly. I can only imagine there was some completely insane bureaucratic requirement divorced from reality that somehow made it cheaper to do it that way. Supermicro.txt
|
|
#
?
Jul 29, 2019 22:58
|
|
|
Cocoa Crispies posted:how does 2fa work with a password manager for ones that sync to the cloud you can enforce 2fa when the user links a new device
|
|
#
?
Jul 29, 2019 23:12
|
|
|
Cocoa Crispies posted:how does 2fa work with a password manager I can't speak to the others, but 1pass can be set to require a OTP when connecting a new device.
|
|
#
?
Jul 29, 2019 23:18
|
|
|
I can't speak to Dashlane's security with regards to exploits but in my mind it does all the things right for security-centric app. Standard Windows/Mac/Android/iOS client that lets you set your key derivation function, how often to prompt for your password, 2FA management, etc. Standard browser plugin for Firefox/Chrome/Safari, with things like matching a code between the browser and the app when you install the plugin to ensure it's not fake. They have a white paper that goes into the internals a bit: https://www.dashlane.com/download/Dashlane_SecurityWhitePaper_October2018.pdf An analysis was done in 2016 that found some stupid, but not terrible bugs: https://courses.csail.mit.edu/6.857/2016/files/25.pdf They put out release pretty frequently and have supposedly fixed the bugs in that report and any more that've been disclosed since then: https://support.dashlane.com/hc/en-us/articles/206553939-Release-notes#title3 I'm not trying to defend them I've just been a happy user for a few years.
|
|
#
?
Jul 29, 2019 23:31
|
|
|
are the browser addons for lastpass/etc safe? they always seemed more vulnerable than the standalone programs
|
|
#
?
Jul 29, 2019 23:39
|
|
|
2fa deez nuts
|
|
#
?
Jul 30, 2019 00:17
|
|
|
Captain Foo posted:2fa deez nuts authentication method not found
|
|
#
?
Jul 30, 2019 00:25
|
|
|
The Fool posted:authentication method not found go deeper, you might need a forceps
|
|
#
?
Jul 30, 2019 00:28
|
|
|
Captain Foo posted:2fa deez nuts well you are nutz so I guess that works 
|
|
#
?
Jul 30, 2019 00:28
|
|
|
 capital one
|
|
#
?
Jul 30, 2019 00:57
|
|
|
rafikki posted:
what happen
|
|
#
?
Jul 30, 2019 00:59
|
|
|
Capital One data breach compromises tens of millions of credit card applications, FBI says https://wapo.st/2Kpklw7
|
|
#
?
Jul 30, 2019 01:01
|
|
|
Captain Foo posted:what happen https://www.bloomberg.com/news/articles/2019-07-29/capital-one-data-systems-breached-by-seattle-woman-u-s-says Capital One Financial Corp. said data from about 100 million people in the U.S. was illegally accessed after prosecutors accused a Seattle woman of breaking into the bank’s server at a cloud-computing company. The woman, Paige A. Thompson, was arrested Monday and appeared in federal court in Seattle. The data theft occurred some time between March 12 and July 17, federal prosecutors in Seattle said. The cloud-computing company, on whose servers Capital One rented space, wasn’t identified in court papers. “I am deeply sorry for what has happened," said Richard D. Fairbank, Capital One’s chief executive officer, in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected.” About 6 million individuals in Canada were also impacted by the breach, Capital One said. The largest category of data stolen was supplied by consumers and small businesses when they applied for credit cards from 2005 through early 2019, the bank said. It included personal identification data, including names, addresses, phone numbers and dates of birth, and financial data including self-reported income, credit scores and fragments of transaction history. About 140,000 Social Security numbers were accessed, as well as 80,000 bank account numbers from credit-card customers, the bank said.
|
|
#
?
Jul 30, 2019 01:01
|
|
|
Oh good, I was wondering where my next supply of free credit monitoring would come from! What's that? "GDPR in the USA"? To that sort of European* nonsense I say: No Sir!  Make Mine Freedom. *More like Europoopin, ammirite? Schadenboner fucked around with this message at 01:04 on Jul 30, 2019 |
|
#
?
Jul 30, 2019 01:01
|
|
|
quote:It is unusual in a major hacking case for a suspect to be apprehended so quickly, and in this case, that was apparently due to boasts made online. uh huh
|
|
#
?
Jul 30, 2019 01:02
|
|
|
|
|
#
?
Jul 30, 2019 01:04
|
|
|
Schadenboner posted:Oh good, I was wondering where my next supply of free credit monitoring would come from! pls dont make fun of shaggar, its not his fault that he is poisoned by capitalism
|
|
#
?
Jul 30, 2019 01:06
|
|
|
infernal machines posted:uh huh posted to github but the quote is apparently pulled from a twitter dm, which goes to show the classic truth about opsec quote:Thompson then posted about having the data on GitHub, a site where software developers share projects and code. A GitHub user alerted Capital One about the possible breach in mid-July, and the company turned to the FBI to pursue criminal charges. 
|
|
#
?
Jul 30, 2019 01:10
|
|
|
also, is it really true that you have to work up credit by loaning and paying back and if you never use credit you have no worthiness? its not perfect, but how about current net worth + last couple months paychecks instead (assuming credit is for a mortgage
|
|
#
?
Jul 30, 2019 01:10
|
|
|
Trabisnikof posted:posted to github but the quote is apparently pulled from a twitter dm, which goes to show the classic truth about opsec i mean, she was if nothing else aptly named
|
|
#
?
Jul 30, 2019 01:12
|
|
|
HAIL eSATA-n posted:are the browser addons for lastpass/etc safe? they always seemed more vulnerable than the standalone programs No more safe than any other piece of software. There've been exploits in password manager browser addons before. They interact with websites so there's more that can be exploited.
|
|
#
?
Jul 30, 2019 01:24
|
|
|
that was an awesome game though there wasn't much replay value once you figured out how to cheese the "trace a large transaction" job to get like 10 million dollars right at the beginning wish they'd made a sequel. lan hacking was fun
|
|
#
?
Jul 30, 2019 01:35
|
|
|
Sagebrush posted:that was an awesome game though there wasn't much replay value once you figured out how to cheese the "trace a large transaction" job to get like 10 million dollars right at the beginning i’d love uplink2 that reflects the intervening 20 years of technical and social changes around hacking.
|
|
#
?
Jul 30, 2019 01:42
|
|
|
Midjack posted:i’d love uplink2 that reflects the intervening 20 years of technical and social changes around hacking. but how long can you spend on the phone claiming to be the IRS, getting septuagenarians to buy google play gift cards?
|
|
#
?
Jul 30, 2019 01:49
|
|
|
id love that zachtronics hacking game plus red string social club put together
|
|
#
?
Jul 30, 2019 01:50
|
|
|
in that vein Watch_Dogs 2 was pretty great. the hacking was more video-gamey for sure but the context of it all was fantastic. they modeled san francisco well enough that i could pretty much just drive around it like i do for real, the bad guy is essentially jack dorsey, there are perfect copies of google and facebook and nest and such and they're all spying on everyone and selling the data, the first mission has you harassing martin shkreli, etc e: oh and there are a bunch of missions involving deprogramming someone who sounds exactly like tom cruise from an organization that is definitely not the scientologists
|
|
#
?
Jul 30, 2019 01:51
|
|
|
Trabisnikof posted:that zachtronics hacking game Which one Also seconding watch dogs 2, it was goofy fun, though they definitely just phoned in the second half of the story. The multiplayer seamlessly worked with the single player if you enabled it, so you could play games of "capture the drone"
|
|
#
?
Jul 30, 2019 01:55
|
|
|
Volmarias posted:Which one exapunks - http://www.zachtronics.com/exapunks/ also i do recommend red string social club as a relatively short, good game that deals with social engineering https://store.steampowered.com/app/589780/The_Red_Strings_Club/ https://www.youtube.com/watch?v=IKwKVukDsXQ
|
|
#
?
Jul 30, 2019 02:03
|
|
|
HAIL eSATA-n posted:are the browser addons for lastpass/etc safe? they always seemed more vulnerable than the standalone programs anything that uses javascript should be considered insecure.
|
|
#
?
Jul 30, 2019 02:06
|
|
|
Shaggar posted:anything that uses javascript should be considered insecure. It's fine, I'm sure one of the many machine local databases that are accessible by a website are totally isolated from any other sites code touching it. Or that I couldn't paste a link here that'd email me your entire html5 web storage. That has never happened.
|
|
#
?
Jul 30, 2019 02:10
|
|
|
FWIW CapitalOne was a part of the keynote at AWS' security conference last month.
|
|
#
?
Jul 30, 2019 02:24
|
|
|
weird the ppl crawling out of the woodwork to defend dashlane itt
|
|
#
?
Jul 30, 2019 03:16
|
|
|
Krankenstyle posted:also, is it really true that you have to work up credit by loaning and paying back and if you never use credit you have no worthiness? yeah. when your whole business is trusting people to pay off their debt to you it's good to have proof of a history of that and establish a potential for that to keep happening which is the part you're talking about. probably most prospective employers shouldn't be able to run your credit though and before you say that's insane remember which country we're talking about
|
|
#
?
Jul 30, 2019 03:20
|
|
|
Trabisnikof posted:https://www.bloomberg.com/news/articles/2019-07-29/capital-one-data-systems-breached-by-seattle-woman-u-s-says  (source)
|
|
#
?
Jul 30, 2019 07:44
|
|
|
Krankenstyle posted:also, is it really true that you have to work up credit by loaning and paying back and if you never use credit you have no worthiness? yes. i work in the industry, sort of, and “has never paid back on a loan formally registered with a credit bureau” is universally a statistically significant indicator for predicting defaults on loans (mind you, im not doing mortgages or car loans and have no experience with north america north of mexico or africa- literally everywhere else this holds true) current net worth + current stable income sounds okay for europe, where it’s really hard to fire people and average person has a decent enough safety net (provided your net worth calculation is sane). it would most definitely not be a feasible primary determinant in the states, in 31 of which you can be fired without any notice and any reason given. for mortgages specifically, having talked to people who do them, age is a major factor because they all are trying to estimate probability of your death before repayment
|
|
#
?
Jul 30, 2019 08:44
|
|
|
gently caress. thx for the explanation. every day I learn another way that capitalism sucks.
|
|
#
?
Jul 30, 2019 08:56
|
|
|
Schadenboner posted:*More like Europoopin, ammirite? --an europoopian about that capital one hack, did erratic basically turn herself in? certainly living up to her nickname
|
|
#
?
Jul 30, 2019 11:00
|
|
|
D. Ebdrup posted:you are, OP. hth ??
|
|
#
?
Jul 30, 2019 11:22
|
|
|
|
| # ? Apr 16, 2024 06:35 |
|
|
cinci zoo sniper posted:yes. i work in the industry, sort of, and “has never paid back on a loan formally registered with a credit bureau” is universally a statistically significant indicator for predicting defaults on loans (mind you, im not doing mortgages or car loans and have no experience with north america north of mexico or africa- literally everywhere else this holds true) This is kind of the racket in America. How are you supposed to have paid the loan registered with the credit bureau if in order to get the loan you need to have paid off a loan registered to the credit bureau? They discriminate by age. If you have a certain income by a certain age they don't care. They call it a "score" so they don't get called out for not giving people a chance. ErIog fucked around with this message at 11:56 on Jul 30, 2019 |
|
#
?
Jul 30, 2019 11:43
|
|
