|
Name and  This is weird 
|
#
?
Aug 21, 2019 13:11
|
|
|
|
| # ? Apr 23, 2024 08:49 |
|
|
Mad Wack posted:should be mandatory on all logins like black box warnings on cigarettes clearly we need a solution like australian cigarettes where the login page is just login/pass boxes on top of a bunch of pictures of egregious security breaches, with text detailing the unpatched exploits the server has available
|
|
#
?
Aug 21, 2019 13:23
|
|
|
Wiggly Wayne DDS posted:ya it was: this is good. all mail servers should do this to all URLs in a message not just clickable links.
|
|
#
?
Aug 21, 2019 14:44
|
|
|
a bunch of advertisers will whine about false positives but I cant imagine caring what they think about anything
|
|
#
?
Aug 21, 2019 14:44
|
|
|
Shaggar posted:this is good. all mail servers should do this to all URLs in a message not just clickable links. yes, especially unsubscribe links
|
|
#
?
Aug 21, 2019 14:46
|
|
|
Isn't this a “People can't sue us when our data "leaks" (to people who pay us), because we warned them” caveat emptor-like piece of corporate bullshit?
|
|
#
?
Aug 21, 2019 14:47
|
|
|
haveblue posted:yes, especially unsubscribe links
|
|
#
?
Aug 21, 2019 14:51
|
|
|
second part is probably also true for banks
|
|
#
?
Aug 21, 2019 15:29
|
|
|
Telling people "Don't reuse this password" is better advice than telling people to use long/secure passwords anyway.
|
|
#
?
Aug 21, 2019 15:50
|
|
|
mystes posted:Telling people "Don't reuse this password" is better advice than telling people to use long/secure passwords anyway. That is what google is trying to do with stored passwords for new accounts, I've been pushing people to use their recommended randomized password more often.
|
|
#
?
Aug 21, 2019 16:53
|
|
|
Shaggar posted:this is good. all mail servers should do this to all URLs in a message not just clickable links. Sounds like a great idea https://twitter.com/RyPeck/status/732405198644228096?s=20
|
|
#
?
Aug 21, 2019 18:05
|
|
|
https://amonitoring.ru/article/onemore_steam_eop_0day/ new steam vuln by the guy from 2 weeks ago
|
|
#
?
Aug 21, 2019 20:53
|
|
|
cinci zoo sniper posted:https://amonitoring.ru/article/onemore_steam_eop_0day/ Apparently he got banned(?) from reporting vulns by the H1 vulnerability group, so he's openly reporting them now.
|
|
#
?
Aug 21, 2019 21:02
|
|
|
Anyone going to Global Security Exchange in Chicago Wish I were, convergence with physical security is nifty af.
|
|
#
?
Aug 22, 2019 02:22
|
|
|
I should try to talk my boss into it, sounds fun but doesn't really intersect with my policy wonk duties
|
|
#
?
Aug 22, 2019 03:50
|
|
|
Cocoa Crispies posted:the virgin brightline vs. the chad tri-rail I'm a few days late, but I appreciate this joke, Flo-goon. ewiley posted:https://twitter.com/GossiTheDog/status/1163753873351356417?s=20 Nowadays, when a big company goes down, I think it's best to put your money on Amazon loving up.  This is why I make sure I only reuse my personal and banking passwords on normal porn sites. Lol at people looking at animated sec gently caress videos.
|
|
#
?
Aug 22, 2019 05:08
|
|
|
pseudorandom posted:This is why I make sure I only reuse my personal and banking passwords on normal porn sites. https://www.youtube.com/watch?v=ba2IRyq3dyE
|
|
#
?
Aug 22, 2019 05:18
|
|
|
cinci zoo sniper posted:https://amonitoring.ru/article/onemore_steam_eop_0day/ 19-08-20 14:32 UTC: tweet of vuln https://twitter.com/PsiDragon/status/1163816024614944771 19-08-21 23:52 UTC: patch to beta: https://steamcommunity.com/groups/SteamClientBeta#announcements/detail/1599262071399843693 19-08-22 02:46 UTC: h1 policy change allowing EoP: https://hackerone.com/valve/policy_versions?change=3616941 quote:-* Attacks that require the ability to drop files in arbitrary locations on the user's filesystem.
|
|
#
?
Aug 22, 2019 16:50
|
|
|
PagedOut issue #1 is out in PDF form, in case it might take anyone's interest. It's basically like POC||GTFO, in how it gets to the loving point instead of waffling about and wasting peoples time.
|
|
#
?
Aug 22, 2019 20:50
|
|
|
anyone doing defendcon next month?
|
|
#
?
Aug 23, 2019 00:42
|
|
|
Made an account on the Brazilian Mathematical Society store then got the confirmation e-mail: Welcome etc. Use this info for access: *my e-mail *password I created 
|
|
#
?
Aug 23, 2019 04:25
|
|
|
hacking gmail.com as we speak
|
|
#
?
Aug 23, 2019 09:02
|
|
|
https://twitter.com/ItsReallyNick/status/1163638087773229056
|
|
#
?
Aug 23, 2019 19:01
|
|
|
Metadata's a bitch.
|
|
#
?
Aug 23, 2019 22:20
|
|
|
|
|
#
?
Aug 24, 2019 02:38
|
|
|
FungiCap posted:Metadata's a bitch. I'm reminded of this https://en.wikipedia.org/wiki/Dennis_Rader#Cold_case quote:Police found metadata embedded in a deleted Microsoft Word document that was, unknown to Rader, still stored on the floppy disk.[35] The metadata contained the words "Christ Lutheran Church", and the document was marked as last modified by "Dennis."[36] An internet search determined that a "Dennis Rader" was president of the church council.
|
|
#
?
Aug 24, 2019 10:29
|
|
|
Stick Insect posted:I'm reminded of this https://en.wikipedia.org/wiki/Dennis_Rader#Cold_case quote:In his letters to police, Rader asked if his writings, if put on a floppy disk, could be traced or not. The police answered his question in a newspaper ad posted in the Wichita Eagle saying it would be safe to use the disk. lol
|
|
#
?
Aug 24, 2019 11:02
|
|
|
Stick Insect posted:I'm reminded of this https://en.wikipedia.org/wiki/Dennis_Rader#Cold_case quote:They obtained a warrant to test the DNA of a pap smear Rader's daughter had taken at the Kansas State University medical clinic when she was a student there. The DNA of the pap smear was processed by the Kansas Bureau of Investigation at their lab in Topeka, and demonstrated a familial match to the sample taken from Wegerle's fingernails. That's actually kind of hosed up.
|
|
#
?
Aug 24, 2019 16:15
|
|
|
Methanar posted:That's actually kind of hosed up. where do you think the idea for “23 and speculum” came from?
|
|
#
?
Aug 24, 2019 16:33
|
|
|
Garrand posted:lol yeah i've read about this before and that's always my favorite part "hey cops do you pinky swear that you can't get any evidence from this?" "... uh... sure..."
|
|
#
?
Aug 25, 2019 01:25
|
|
|
I don't understand why they had to get a family DNA sample all subterfuge-like when like a year prior they did a big 1,300 sample dragnet, could they not have just compelled him for a sample like they did to the many other men I'm assuming that would be better than violating medical confidentiality
|
|
#
?
Aug 25, 2019 01:45
|
|
|
or just dig in his trash in the time honored tradition. how hard would it be to find a bit of hair from a vacuum bag or something
|
|
#
?
Aug 25, 2019 01:54
|
|
|
BattleMaster posted:I don't understand why they had to get a family DNA sample all subterfuge-like when like a year prior they did a big 1,300 sample dragnet, could they not have just compelled him for a sample like they did to the many other men then he would have known they were coming for him and he would have... done... something maybe? idk he seems like he was pretty resigned to just being caught by that point judging by how calmly he went with police and stuff.
|
|
#
?
Aug 25, 2019 01:56
|
|
|
Shame Boy posted:then he would have known they were coming for him and he would have... done... something maybe? idk he seems like he was pretty resigned to just being caught by that point judging by how calmly he went with police and stuff. unless he was an xxxxxtreme flight risk yeah that’s weird. they probably wanted to set a precedent of shaking down doctors for patient information though.
|
|
#
?
Aug 25, 2019 02:02
|
|
|
Midjack posted:they probably wanted to set a precedent of shaking down doctors for patient information though. it's this
|
|
#
?
Aug 25, 2019 02:06
|
|
|
ymgve posted:*nervously clicks link, reads article, sees name of site, sighs in relief* lol. at work the it sec team did a demo thing in the cafeteria of entering your email on haveibeenpwned and I did it and just as I hit enter thought "gently caress I've had this email address for like 20 years and I was a dumbass teen, I'd this gonna return porn?" but no, it was fortunately just xbox mod forums (lol) and rpg codex or something (double lol)
|
|
#
?
Aug 25, 2019 02:10
|
|
|
it was interesting searching the old ashley madison leak for clients' domains it was more interesting notifying the affected parties that their credentials may be breached
|
|
#
?
Aug 25, 2019 02:19
|
|
|
Powerful Two-Hander posted:lol. The porn stuff is behind email verification. They are categorized as sensitive breaches like Ashley Madison. Pro tip: don’t validate email during demo, but do mention this factoid as an uneasy chuckle laugh for the room.
|
|
#
?
Aug 25, 2019 02:43
|
|
|
why would they force you all to do that poo poo in public? or are you saying you were just doing it as a demo to other people?
|
|
#
?
Aug 25, 2019 02:54
|
|
|
|
| # ? Apr 23, 2024 08:49 |
|
|
Shame Boy posted:why would they force you all to do that poo poo in public? or are you saying you were just doing it as a demo to other people? it was basically a "you're all probably hosed, use strong passwords ok?" thing, so actually probably a good thing to do given the average failure rate on our lovely phishing tests is like 60%. they got some interns to do it, it was all optional and they were getting ignored so I thought" hey I'll do it, what's the worst that can come up? " crazysim posted:The porn stuff is behind email verification. They are categorized as sensitive breaches like Ashley Madison. drat brb gonna see how embarrassed past me is gonna make me Powerful Two-Hander fucked around with this message at 03:01 on Aug 25, 2019 |
|
#
?
Aug 25, 2019 02:58
|
|