|
back to bank postin one of these banks still truncates your password at 6 chars i discovered this by typoing my password and still getting logged in as long as the first 6 are correct, anything else after that just gets stripped
|
#
?
Sep 16, 2019 02:45
|
|
|
|
| # ? Apr 28, 2024 16:59 |
|
|
And none of them have 2FA, even as an option. (NAB SMS spams me to setup new payments, I assume the others do too)
|
|
#
?
Sep 16, 2019 03:16
|
|
|
Lutha Mahtin posted:the loads of ancient GNU software that's still kickin around has been a pretty good source of billable hours for security folks heh
|
|
#
?
Sep 16, 2019 06:42
|
|
|
~Coxy posted:And none of them have 2FA, even as an option. ANZ has SMSes in NZ, no idea if that also applies to oz
|
|
#
?
Sep 16, 2019 07:02
|
|
|
The bank of China makes you install some .exe for "security" on windows. Supposedly this is to install some kind of key management app that lets you sign banking transactions but lol if I'm gonna install some random chinese software that is only really supported on winxp.
|
|
#
?
Sep 16, 2019 13:53
|
|
|
what are the odds that it's not a certificate to allow great firewall mitm
|
|
#
?
Sep 16, 2019 14:06
|
|
|
https://www.forbes.com/sites/daveywinder/2019/09/16/google-warns-lastpass-users-were-exposed-to-last-password-credential-leak/#2514024c4600 lmao at lastpass users
|
|
#
?
Sep 16, 2019 14:48
|
|
|
CRIP EATIN BREAD posted:https://www.forbes.com/sites/daveywinder/2019/09/16/google-warns-lastpass-users-were-exposed-to-last-password-credential-leak/#2514024c4600 This seems kinda constrained because you have to find a URL that will load an untrusted iframe in the domain you're authenticating to (unless i'm misreading tavis' description of the issue). This is probably trivial with office 365, google apps, since just about everything lives on *.google.com or *.microsoftonline.net but others maybe not. I hardly expect Forbes to figure out nuance though. https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
|
|
#
?
Sep 16, 2019 15:04
|
|
|
yeah but anyone using lastpass deserves whatever they get
|
|
#
?
Sep 16, 2019 15:04
|
|
|
CRIP EATIN BREAD posted:yeah but anyone using lastpass deserves whatever they get
|
|
#
?
Sep 16, 2019 15:51
|
|
|
I deserve whatever I get
|
|
#
?
Sep 16, 2019 15:59
|
|
|
CRIP EATIN BREAD posted:https://www.forbes.com/sites/daveywinder/2019/09/16/google-warns-lastpass-users-were-exposed-to-last-password-credential-leak/#2514024c4600 https://twitter.com/taviso/status/1167311357957435392
|
|
#
?
Sep 16, 2019 16:33
|
|
|
CRIP EATIN BREAD posted:yeah but anyone using lastpass deserves whatever they get https://twitter.com/taviso/status/1167400178912882688
|
|
#
?
Sep 16, 2019 16:34
|
|
|
While I've seen Tavis endorse LastPass a couple times, I don't remember him ever having an opinion on 1pass
|
|
#
?
Sep 16, 2019 16:43
|
|
|
they're all terrible use a piece of paper The Fool posted:While I've seen Tavis endorse LastPass a couple times, I don't remember him ever having an opinion on 1pass also thsi
|
|
#
?
Sep 16, 2019 16:44
|
|
|
I'm the pattern passcode of "M" https://twitter.com/iblametom/status/1173580854871896064?s=20
|
|
#
?
Sep 16, 2019 16:57
|
|
|
The Fool posted:While I've seen Tavis endorse LastPass a couple times, I don't remember him ever having an opinion on 1pass Later in that same thread https://twitter.com/taviso/status/1167404993260818434?s=19
|
|
#
?
Sep 16, 2019 17:04
|
|
|
https://twitter.com/gabro27/status/1173547934132178944
|
|
#
?
Sep 17, 2019 00:29
|
|
|
Rufus Ping posted:Later in that same thread Fair enough. I suppose I should go try to find the incident and decide how much I care. not at all
|
|
#
?
Sep 17, 2019 00:31
|
|
|
whew, without the GIF i'd be super worried about cutting humans out of the loop and bots just mashing code around without supervision but they had a celebratory gif? so its probably nothing to worry about
|
|
#
?
Sep 17, 2019 01:38
|
|
|
if thats what it takes to get people to keep their dependencies up to date...
|
|
#
?
Sep 17, 2019 02:11
|
|
|
https://twitter.com/gsuberland/status/1173780622562791425
|
|
#
?
Sep 17, 2019 03:09
|
|
|
hot
|
|
#
?
Sep 17, 2019 06:04
|
|
|
O _ O
|
|
#
?
Sep 17, 2019 06:17
|
|
|
imagine asking a normal person to use keepass lol
|
|
#
?
Sep 17, 2019 11:59
|
|
|
redleader posted:imagine asking a normal person to use keepass lol same but cloud thingies. heck imagine asking them to pay rent for password fillers.
|
|
#
?
Sep 17, 2019 12:01
|
|
|
duz posted:if thats what it takes to get people to keep their dependencies up to date... I ran a snyk test on our companies repo once. panicked, closed the terminal, and went to find another job. worked out great thusfar
|
|
#
?
Sep 17, 2019 12:54
|
|
|
anyone here doing work around ML privacy (and to a lesser degree security)? I'm collecting a bibliography to summarize for some folks and plan out our own research agenda, and would love to swap notes. we're chiefly right now focused on reidentification risk (including attribute disclosure) given a restricted set of inference parameters, but we will likely broaden our scope around more specific and ideally measurable privacy characteristics of models given certain properties of the training data and methods (if not working on this stuff, and you're interested in learning about the current state of things, https://arxiv.org/pdf/1811.01134.pdf is a good overview)
|
|
#
?
Sep 17, 2019 15:05
|
|
|
does bitwarden have any traps to watch out for if I deploy it myself? it has a bunch of moving parts and I'm not sure how to lock down the inter-container traffic exactly, but I'm not sure if there are other best practices that I would like to find out before I violate them
|
|
#
?
Sep 17, 2019 15:06
|
|
|
testing azure sentinel and got our first incident today: a board member logging in to company resources through a public vpn
|
|
#
?
Sep 17, 2019 21:22
|
|
|
want to socially engineer that catte https://twitter.com/gabbytropea/status/1097347872901738497?s=21
|
|
#
?
Sep 17, 2019 21:28
|
|
|
Shinku ABOOKEN posted:same but cloud thingies. heck imagine asking them to pay rent for password fillers. you know what doesn’t cost me anything and works flawlessly hunter2
|
|
#
?
Sep 17, 2019 21:57
|
|
|
Subjunctive posted:want to socially engineer that catte A catte that did not just contemptuously stare at the person trying to get back in A shameful catte
|
|
#
?
Sep 17, 2019 22:15
|
|
|
Subjunctive posted:want to socially engineer that catte clever girl
|
|
#
?
Sep 17, 2019 22:21
|
|
|
i mean yeah no poo poo if you didn't lock the door it isn't locked
|
|
#
?
Sep 17, 2019 22:37
|
|
|
Powerful Two-Hander posted:i mean yeah no poo poo if you didn't lock the door it isn't locked you can see the way she yanks hard on the first pull, it's very likely 'locked' and that's overpowering it
|
|
#
?
Sep 17, 2019 22:43
|
|
|
Subjunctive posted:want to socially engineer that catte mandatory catte for wework offices https://twitter.com/neerajka/status/1173997679363407872
|
|
#
?
Sep 17, 2019 23:13
|
|
|
mystes posted:It's great that in 2019 things like discord have real 2FA but banks all use SMS or are maybe in the process of jury rigging 2FA in their lovely mobile apps. wells fargo still won't accept a password longer than 14 characters edit: and they disable paste functionality on the password change form so you cannot easily create a random password and copy/paste it in Farmer Crack-Ass fucked around with this message at 00:11 on Sep 18, 2019 |
|
#
?
Sep 18, 2019 00:02
|
|
|
Banks are driven by uptime. If you lose your account because they can't push a change through to provide 2FA, well, that sucks for you. But if their system goes down for 2 minutes of unscheduled outage while doing said change it makes the news, and even though the result is easily worth the tiny amount of pain they don't see it that way. This is the same in most large enterprise environments - when your IT systems are basically the ground on which your business can operate, anything that could theoretically break it is treated as bad, no matter how good the reason is.
|
|
#
?
Sep 18, 2019 00:14
|
|
|
|
| # ? Apr 28, 2024 16:59 |
|
|
geonetix posted:I ran a snyk test on our companies repo once. panicked, closed the terminal, and went to find another job. HAHAHA HAHAHAHAHAHA HAHAHA *begins to have nam like flashback about container security* Its all red. All red.
|
|
#
?
Sep 18, 2019 00:40
|
|
