|
fortinet has scummy recruiters
|
# ? Aug 30, 2019 15:05 |
|
|
# ? Mar 28, 2024 11:59 |
|
ewiley posted:Also, holy loving poo poo This is the visual of someone slamming their hands in a drawer over and over.
|
# ? Aug 30, 2019 15:07 |
|
Shame Boy posted:lmao dammit you said the thing we all know but that you're not supposed to say out loud!!! three letter agencies are still customers, as long as they're paying
|
# ? Aug 30, 2019 15:08 |
|
CommieGIR posted:This is the visual of someone slamming their hands in a drawer over and over. In that they bought an Fortinet?
|
# ? Aug 30, 2019 15:10 |
|
EssOEss posted:taviso just recommended lastpass am i in a mirror universe LastPass... Not bad? I'm actually curious how he stacks Chrome's built in password manager here.
|
# ? Aug 30, 2019 15:11 |
|
I'm sure it's not perfect, but lastpass is better than the alternative of not using a password manager. Keepass was a pain in the rear end when I used it back in the day.
|
# ? Aug 30, 2019 15:13 |
|
https://twitter.com/campuscodi/status/1167440284269121540
|
# ? Aug 30, 2019 15:15 |
|
ewiley posted:Also, holy loving poo poo Whats this in response to?
|
# ? Aug 30, 2019 15:38 |
|
Methanar posted:Whats this in response to?
|
# ? Aug 30, 2019 16:03 |
|
Methanar posted:Whats this in response to? Kevin's been on a tear about SSLVPN for a while after Fortigate, Pulse, *and* Palo Alto were revealed to have had backdoors in their VPN products. Fortigate being the absolute worst. https://twitter.com/GossiTheDog/status/1164601729347981312?s=20
|
# ? Aug 30, 2019 16:18 |
|
akadajet posted:I'm sure it's not perfect, but lastpass is better than the alternative of not using a password manager. Keepass was a pain in the rear end when I used it back in the day. What was a pain in the rear end about it for you?
|
# ? Aug 30, 2019 16:47 |
|
Fortinet was formed by a group of people who previously made the Juniper Netscreen firewalls before they split off and made their own company. Juniper Screen firewalls also had a hardcoded backdoor: https://blog.rapid7.com/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/ Not a great track record.
|
# ? Aug 30, 2019 17:10 |
|
yeah but to be fair here's a list of firewall vendors without a backdoor/plausible vuln in the past:
|
# ? Aug 30, 2019 17:13 |
|
Wiggly Wayne DDS posted:but that is how ssns work? do you not pay the yearly renewal fee? it’s frustrating that I have to pay the government in iTunes / amazon gift cards though
|
# ? Aug 30, 2019 17:23 |
|
Wiggly Wayne DDS posted:yeah but to be fair here's a list of firewall vendors without a backdoor/plausible vuln in the past: mikrotik, because nobody cares enough to find it so it's not there!
|
# ? Aug 30, 2019 17:48 |
|
FortiOS more like FartyOS
|
# ? Aug 30, 2019 17:56 |
|
Shame Boy posted:mikrotik, because nobody cares enough to find it so it's not there! Kinda, at least it's not a network vuln: https://twitter.com/Dinosn/status/1167069161970966529?s=20
|
# ? Aug 30, 2019 21:08 |
|
@jack’s account got hacked lol that it was to post racist stuff what a waste of effort
|
# ? Aug 30, 2019 21:15 |
|
Ur Getting Fatter posted:@jack’s account got hacked how would anyone notice?
|
# ? Aug 30, 2019 21:17 |
|
This shouldn't come as much of a surprise. https://twitter.com/wongmjane/status/1167463054709334017
|
# ? Aug 30, 2019 21:17 |
|
seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system.
|
# ? Aug 30, 2019 21:38 |
|
Has anyone seen writeups on indicators of compromise on the recent iOS findings? Actually, given that iOS is so opaque, do we really ever get IOCs on it?
|
# ? Aug 30, 2019 22:46 |
|
Raere posted:Has anyone seen writeups on indicators of compromise on the recent iOS findings? Actually, given that iOS is so opaque, do we really ever get IOCs on it? There's an app for that! https://www.securityweek.com/new-ios-app-helps-detect-compromised-iphones
|
# ? Aug 30, 2019 22:51 |
|
that has to be a joke right? "is your iphone compromised? download this app to find out!"
|
# ? Aug 30, 2019 23:47 |
|
infernal machines posted:that has to be a joke right? But I thought Apple would keep you safe from unsafe apps?
|
# ? Aug 30, 2019 23:47 |
|
CommieGIR posted:But I thought Apple would keep you safe from unsafe apps? Well, the unsafe apps don't come pre-installed at least.
|
# ? Aug 31, 2019 00:34 |
|
Ur Getting Fatter posted:@jack’s account got hacked Why not get trump's account instead and announce the nukes had been launched in a scary credible sounding way I mean, they shouldn't do that, but to think that we were *this* close from the entire earth getting surprise nuked today, wiping out all life without any of the fair warning people would expect to get that something was going down, and how nobody really is going to do anything about it now because it just won't matter in the busy news cycle, is amazing. Instead the hackers just wanted to post like @jack for a minute and nothing else
|
# ? Aug 31, 2019 00:42 |
|
Dumb Lowtax posted:trump's account If someone figured out what I'm assuming is the creaky screen door security on the emergency warning system, now we're talking.
|
# ? Aug 31, 2019 03:02 |
|
oh, so the way to get gross racist tweets deleted from Twitter is to hack @jack and retweet them? now we know, I guess
|
# ? Aug 31, 2019 03:26 |
|
Dumb Lowtax posted:Why not get trump's account instead and announce the nukes had been launched in a scary credible sounding way there's a bunch of people on twitter (including but not limited to trump) where tweeting the wrong thing could very realistically lead to thousands of deaths now that i'm thinking about it so that's a nice thought to have rattling around in my head, thanks
|
# ? Aug 31, 2019 04:54 |
|
https://twitter.com/TwitterComms/status/1167591003143847936 SMS
|
# ? Aug 31, 2019 07:25 |
|
You'd think they would see this as a wake-up call for the SMS-based 2FA, but no, they just end up blaming the mobile provider.
|
# ? Aug 31, 2019 07:44 |
|
well it is the mobile providers loving fault that they'll just give anybody's account to anybody who asks
|
# ? Aug 31, 2019 08:00 |
|
so did jack have sms tweeting enabled, or is it still not optional?
|
# ? Aug 31, 2019 08:13 |
|
Shaggar posted:seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system. yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence.
|
# ? Aug 31, 2019 09:53 |
|
Cybernetic Vermin posted:yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence. https://twitter.com/wongmjane/status/1167463077748436993 and no a company doesn't have the right to copy anything they can see just because it makes things potentially more convenient for them while disregarding any user choice in the matter re: twitter sms, you can opt out via sms but it also removes 2fa silently - and tweeting/DMs via sms bypasses 2fa naturally
|
# ? Aug 31, 2019 09:57 |
|
i can't claim they have the *right*, but i can very easily see myself making the same decision. the metadata is bound to be trash on a non-trivial number of handsets, and if the library doesn't match any fingerprint you've seen before, and your apps are crashing and the users are livid, you'll need to get this stuff out to figure out what the gently caress the platform you're trying to run on even is. might not be quite right, but i also don't see much of an ethical problem in this. system libraries isn't very private info, and you are grabbing it from users who are agreeing to be fingerprinted in an actually personal way already.
|
# ? Aug 31, 2019 10:07 |
|
i want to say we're a few steps past your regular crash reporting when you're uploading per-user system libraries quietly in the background without any informed consent
|
# ? Aug 31, 2019 10:14 |
|
actual crash dumps have way more potential for ethical issues though, messenger and whatsapp crashes may contain plaintext that facebook could not otherwise get at, and in general there may be unposted private things in the memory map. the system libraries just get dumped into the memory space of any dumb application with no checks or questions. if there are secrets to them i think there is some pretty heavy rethinking of platform security needed.
|
# ? Aug 31, 2019 10:21 |
|
|
# ? Mar 28, 2024 11:59 |
|
Wiggly Wayne DDS posted:and no a company doesn't have the right to copy anything they can see just because it makes things potentially more convenient for them while disregarding any user choice in the matter dunno what timeline you come from, but over here that's fine and expected
|
# ? Aug 31, 2019 10:33 |