Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
fortinet has scummy recruiters

Adbot
ADBOT LOVES YOU

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

This is the visual of someone slamming their hands in a drawer over and over.

infernal machines
Oct 11, 2012

we have sealed ourselves away behind our money, growing inward, generating a seamless universe of self.

Shame Boy posted:

lmao dammit you said the thing we all know but that you're not supposed to say out loud!!!

three letter agencies are still customers, as long as they're paying

Schadenboner
Aug 15, 2011

by Shine

CommieGIR posted:

This is the visual of someone slamming their hands in a drawer over and over.

In that they bought an Fortinet?

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

EssOEss posted:

taviso just recommended lastpass am i in a mirror universe

https://twitter.com/taviso/status/1167311357957435392

LastPass... Not bad?

I'm actually curious how he stacks Chrome's built in password manager here.

akadajet
Sep 14, 2003

I'm sure it's not perfect, but lastpass is better than the alternative of not using a password manager. Keepass was a pain in the rear end when I used it back in the day.

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
https://twitter.com/campuscodi/status/1167440284269121540

Methanar
Sep 26, 2013

by the sex ghost

Whats this in response to?

Wiggly Wayne DDS
Sep 11, 2010



Methanar posted:

Whats this in response to?
there was a vuln patched where any account could get its password reset, including admin. it's got more traction lately as it's hit the active exploitation cycle so people are now starting to maybe consider updating

ewiley
Jul 9, 2003

More trash for the trash fire

Methanar posted:

Whats this in response to?

Kevin's been on a tear about SSLVPN for a while after Fortigate, Pulse, *and* Palo Alto were revealed to have had backdoors in their VPN products. Fortigate being the absolute worst.

https://twitter.com/GossiTheDog/status/1164601729347981312?s=20

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

akadajet posted:

I'm sure it's not perfect, but lastpass is better than the alternative of not using a password manager. Keepass was a pain in the rear end when I used it back in the day.

What was a pain in the rear end about it for you?

FungiCap
Jul 23, 2007

Let's all just calm down and put on our thinking caps.
Fortinet was formed by a group of people who previously made the Juniper Netscreen firewalls before they split off and made their own company.

Juniper Screen firewalls also had a hardcoded backdoor:

https://blog.rapid7.com/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/

Not a great track record.

Wiggly Wayne DDS
Sep 11, 2010



yeah but to be fair here's a list of firewall vendors without a backdoor/plausible vuln in the past:

Squinky v2.0
Nov 16, 2006

Behind you! A three headed monkey!

College Slice

Wiggly Wayne DDS posted:

but that is how ssns work? do you not pay the yearly renewal fee?

it’s frustrating that I have to pay the government in iTunes / amazon gift cards though

Shame Boy
Mar 2, 2010

Wiggly Wayne DDS posted:

yeah but to be fair here's a list of firewall vendors without a backdoor/plausible vuln in the past:

mikrotik, because nobody cares enough to find it so it's not there!

Lutha Mahtin
Oct 10, 2010

Your brokebrain sin is absolved...go and shitpost no more!

FortiOS more like FartyOS

ewiley
Jul 9, 2003

More trash for the trash fire

Shame Boy posted:

mikrotik, because nobody cares enough to find it so it's not there!

Kinda, at least it's not a network vuln:

https://twitter.com/Dinosn/status/1167069161970966529?s=20

dpkg chopra
Jun 9, 2007

Fast Food Fight

Grimey Drawer
@jack’s account got hacked

lol that it was to post racist stuff what a waste of effort

Chris Knight
Jun 5, 2002

me @ ur posts


Fun Shoe

Ur Getting Fatter posted:

@jack’s account got hacked

lol that it was to post racist stuff what a waste of effort

how would anyone notice?

Carbon dioxide
Oct 9, 2012

This shouldn't come as much of a surprise.

https://twitter.com/wongmjane/status/1167463054709334017

Shaggar
Apr 26, 2006
seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system.

Raere
Dec 13, 2007

Has anyone seen writeups on indicators of compromise on the recent iOS findings? Actually, given that iOS is so opaque, do we really ever get IOCs on it?

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Raere posted:

Has anyone seen writeups on indicators of compromise on the recent iOS findings? Actually, given that iOS is so opaque, do we really ever get IOCs on it?

There's an app for that!

https://www.securityweek.com/new-ios-app-helps-detect-compromised-iphones

infernal machines
Oct 11, 2012

we have sealed ourselves away behind our money, growing inward, generating a seamless universe of self.
that has to be a joke right?

"is your iphone compromised? download this app to find out!"

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

infernal machines posted:

that has to be a joke right?

"is your iphone compromised? download this app to find out!"

But I thought Apple would keep you safe from unsafe apps? :ohdear:

LIVE AMMO COSPLAY
Feb 3, 2006

CommieGIR posted:

But I thought Apple would keep you safe from unsafe apps? :ohdear:

Well, the unsafe apps don't come pre-installed at least.

Happy Thread
Jul 10, 2005

by Fluffdaddy
Plaster Town Cop

Ur Getting Fatter posted:

@jack’s account got hacked

lol that it was to post racist stuff what a waste of effort

Why not get trump's account instead and announce the nukes had been launched in a scary credible sounding way

I mean, they shouldn't do that, but to think that we were *this* close from the entire earth getting surprise nuked today, wiping out all life without any of the fair warning people would expect to get that something was going down, and how nobody really is going to do anything about it now because it just won't matter in the busy news cycle, is amazing.

Instead the hackers just wanted to post like @jack for a minute and nothing else

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

Dumb Lowtax posted:

trump's account

credible

:thunk:

If someone figured out what I'm assuming is the creaky screen door security on the emergency warning system, now we're talking.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

oh, so the way to get gross racist tweets deleted from Twitter is to hack @jack and retweet them? now we know, I guess

Shame Boy
Mar 2, 2010

Dumb Lowtax posted:

Why not get trump's account instead and announce the nukes had been launched in a scary credible sounding way

I mean, they shouldn't do that, but to think that we were *this* close from the entire earth getting surprise nuked today, wiping out all life without any of the fair warning people would expect to get that something was going down, and how nobody really is going to do anything about it now because it just won't matter in the busy news cycle, is amazing.

Instead the hackers just wanted to post like @jack for a minute and nothing else

there's a bunch of people on twitter (including but not limited to trump) where tweeting the wrong thing could very realistically lead to thousands of deaths now that i'm thinking about it so that's a nice thought to have rattling around in my head, thanks

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
https://twitter.com/TwitterComms/status/1167591003143847936

SMS :allears:

ErIog
Jul 11, 2001

:nsacloud:
You'd think they would see this as a wake-up call for the SMS-based 2FA, but no, they just end up blaming the mobile provider.

pseudorandom name
May 6, 2007

well it is the mobile providers loving fault that they'll just give anybody's account to anybody who asks

Wiggly Wayne DDS
Sep 11, 2010



so did jack have sms tweeting enabled, or is it still not optional?

Cybernetic Vermin
Apr 18, 2005

Shaggar posted:

seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system.

yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence.

Wiggly Wayne DDS
Sep 11, 2010



Cybernetic Vermin posted:

yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence.
it's worse than metadata:
https://twitter.com/wongmjane/status/1167463077748436993

and no a company doesn't have the right to copy anything they can see just because it makes things potentially more convenient for them while disregarding any user choice in the matter

re: twitter sms, you can opt out via sms but it also removes 2fa silently - and tweeting/DMs via sms bypasses 2fa naturally

Cybernetic Vermin
Apr 18, 2005

i can't claim they have the *right*, but i can very easily see myself making the same decision. the metadata is bound to be trash on a non-trivial number of handsets, and if the library doesn't match any fingerprint you've seen before, and your apps are crashing and the users are livid, you'll need to get this stuff out to figure out what the gently caress the platform you're trying to run on even is.

might not be quite right, but i also don't see much of an ethical problem in this. system libraries isn't very private info, and you are grabbing it from users who are agreeing to be fingerprinted in an actually personal way already.

Wiggly Wayne DDS
Sep 11, 2010



i want to say we're a few steps past your regular crash reporting when you're uploading per-user system libraries quietly in the background without any informed consent

Cybernetic Vermin
Apr 18, 2005

actual crash dumps have way more potential for ethical issues though, messenger and whatsapp crashes may contain plaintext that facebook could not otherwise get at, and in general there may be unposted private things in the memory map. the system libraries just get dumped into the memory space of any dumb application with no checks or questions. if there are secrets to them i think there is some pretty heavy rethinking of platform security needed.

Adbot
ADBOT LOVES YOU

redleader
Aug 18, 2005

Engage according to operational parameters

Wiggly Wayne DDS posted:

and no a company doesn't have the right to copy anything they can see just because it makes things potentially more convenient for them while disregarding any user choice in the matter

dunno what timeline you come from, but over here that's fine and expected

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply