|
mystes posted:The biggest problem is just that nobody wants to train users to understand this stuff and deal with customer support when people lose their certificate/token. yup, it's only like the last five years when people have had any kind of two-factor setup without corporate IT to call about it, and you can only teach the general public one new thing per decade
|
#
?
Sep 24, 2019 19:22
|
|
|
|
| # ? Apr 28, 2024 16:21 |
|
|
mystes posted:Honestly, just implementing u2f in software using a private key stored in the tpm / trusted enclave / whatever would solve most problems. Ideally add a password or require a fingerprint in case the phone is stolen. This is great until you have to replace your device. Unless you can backup a u2f key on to a cloud and restore it to a new device seamlessly and consistently [e: and without it getting stolen from your cloud account], you're out of luck if your phone/computer/whatever blows up. U2f USB keys are non-starters for people with only mobile devices to access accounts on and the NFC/bluetooth ones are insanely clunky. SMS is the lowest-common denominator when it comes to a second factor that will survive you dropping your phone in the toilet and needing to get access back to your facebook account. ewiley fucked around with this message at 19:49 on Sep 24, 2019 |
|
#
?
Sep 24, 2019 19:46
|
|
|
did anyone else see the vbulletin 0day that dropped earlier today
|
|
#
?
Sep 25, 2019 08:03
|
|
|
it’s a beauty apparently it was worth $10000 if they posted it to 0dayium instead of anonymously to the fd list
|
|
#
?
Sep 25, 2019 08:15
|
|
|
here’s to hoping SA’s vbulletin is so mangled and old that it SHES this matter lol
|
|
#
?
Sep 25, 2019 08:20
|
|
|
doubt the SA vbulletin is new enough to hit the minimum version
|
|
#
?
Sep 25, 2019 08:21
|
|
|
geonetix posted:doubt the SA vbulletin is new enough to hit the minimum version security through obsolescence
|
|
#
?
Sep 25, 2019 10:04
|
|
|
FAT32 SHAMER posted:did anyone else see the vbulletin 0day that dropped earlier today I didn't, op
|
|
#
?
Sep 25, 2019 11:33
|
|
|
geonetix posted:doubt the SA vbulletin is new enough to hit the minimum version its not by 3 major releases lol quote:The zero-day exploit code is verified to work against supported versions of vBulletin from 5.0.0 to the latest 5.5.4 build. quote:Powered by: vBulletin Version 2.2.9 (SAVB-v2.1.24)
|
|
#
?
Sep 25, 2019 12:07
|
|
|
we shouldn’t’ve driven the discourse guy away lol imagine sa with notifications, likes, and badges
|
|
#
?
Sep 25, 2019 14:24
|
|
|
Shinku ABOOKEN posted:imagine sa with notifications, likes, and badges, stamping on a smiley face - forever
|
|
#
?
Sep 25, 2019 14:36
|
|
|
Shinku ABOOKEN posted:we shouldn’t’ve driven the discourse guy away lol oh hell no please
|
|
#
?
Sep 25, 2019 14:43
|
|
|
Loky11 posted:oh hell no please popup ding sound, "GokuLiker69 has quoted your post and replied: im gay" appears in the corner of your screen on top of the powerpoint you're presenting to the executives
|
|
#
?
Sep 25, 2019 14:54
|
|
|
chef fatwood of snack overflow
|
|
#
?
Sep 25, 2019 15:00
|
|
|
Achievement: banned for shitposting 10 times! Achievement: Over 100 goons have placed you on Ignore! Achievement: Literally just gave money for this one.
|
|
#
?
Sep 25, 2019 15:11
|
|
|
Trump thinks Crowdstrike has the Clinton email server, and tried to get the President of Ukraine to investigate: https://twitter.com/RayRedacted/status/1176867460215128066?s=20 Which is laughable CommieGIR fucked around with this message at 15:53 on Sep 25, 2019 |
|
#
?
Sep 25, 2019 15:43
|
|
|
Volmarias posted:Achievement: banned for shitposting 10 times! Frog Dog Kickstart a rural hotdog shop.
|
|
#
?
Sep 25, 2019 15:52
|
|
|
Christmas Is Cancelled Spend your children’s present money on a rural hot dog shop. (This achievement is only available during the Doobies Christmas Event.)
|
|
#
?
Sep 25, 2019 15:54
|
|
|
CommieGIR posted:Trump thinks Crowdstrike has the Clinton email server, and tried to get the President of Ukraine to investigate: He also tries the full idiot press with other world leaders, which is just disappointing because it means it's not just an act for his supporters.
|
|
#
?
Sep 25, 2019 16:18
|
|
|
somethingawful gold for you!
|
|
#
?
Sep 25, 2019 16:20
|
|
|
Shame Boy posted:popup ding sound, "GokuLiker69 has quoted your post and replied: im gay" appears in the corner of your screen on top of the powerpoint you're presenting to the executives 
|
|
#
?
Sep 25, 2019 17:10
|
|
|
CommieGIR posted:Trump thinks Crowdstrike has the Clinton email server, and tried to get the President of Ukraine to investigate: sounds like the guy/gal who tried to FOIA NSA to get their emails back when they lost them?
|
|
#
?
Sep 25, 2019 17:12
|
|
|
https://twitter.com/AndrewDesiderio/status/1176890146567983104
|
|
#
?
Sep 25, 2019 19:18
|
|
|
I was always suspicious about the RGB stuff on gaming system: https://twitter.com/gsuberland/status/1175570500292108289?s=20
|
|
#
?
Sep 25, 2019 20:14
|
|
|
misread that as KGB
|
|
#
?
Sep 25, 2019 20:24
|
|
|
Soricidus posted:misread that as KGB сука блять!
|
|
#
?
Sep 25, 2019 23:24
|
|
|
CommieGIR posted:I was always suspicious about the RGB stuff on gaming system: holy lol: https://twitter.com/gsuberland/status/1175571371415560193
|
|
#
?
Sep 26, 2019 03:41
|
|
|
wtf does any of that mean
|
|
#
?
Sep 26, 2019 04:25
|
|
|
Janitor Prime posted:wtf does any of that mean Maybe any userspace program can use it to elevate privileges or flash your bios depending on a bunch of specifics to be determined.
|
|
#
?
Sep 26, 2019 04:29
|
|
|
your 2fast2furious gamer systems with rgb led motherboards, videocards, etc. have giant gaping holes to low-level systems that can access everything, so that an app running as an unprivileged user can change the colour of lights e: https://twitter.com/gsuberland/status/1175578399039004673 lol infernal machines fucked around with this message at 04:35 on Sep 26, 2019 |
|
#
?
Sep 26, 2019 04:29
|
|
|
infernal machines posted:your 2fast2furious gamer systems with rgb led motherboards, videocards, etc. have giant gaping holes to low-level systems that can access everything, so that an app running as an unprivileged user can change the colour of lights what if i shoved all those rgb components into a windowless, black case. will that protect me? 
|
|
#
?
Sep 26, 2019 07:21
|
|
|
Yeah, good to go
|
|
#
?
Sep 26, 2019 07:29
|
|
|
mice now have arm chips in them for blast processing or some poo poo i wonder if you can get doom to run on your mouse...
|
|
#
?
Sep 26, 2019 07:57
|
|
|
Hackers can turn your computer into a RAVE!
|
|
#
?
Sep 26, 2019 08:18
|
|
|
D. Ebdrup posted:Also, one thing I forgot to note after having watched the presentation is that they use their position on software updates to argue that companies should "let opensource do the work of updating and vetting the software deployed via repositories" which I think is hugely disingenuous, as it shouldn't be the responsibility of someone doing work in their spare time which a company then benefits from. most open source code, by a very large margin, is produced by people who are paid to do so. you don’t have to tip IBM or Facebook or Google or the VC-funded devops darling of the minute for using the thing that they released.
|
|
#
?
Sep 26, 2019 11:49
|
|
|
Subjunctive posted:most open source code, by a very large margin, is produced by people who are paid to do so. you don’t have to tip IBM or Facebook or Google or the VC-funded devops darling of the minute for using the thing that they released. There is a staggeringly huge number of software projects in third-party repositories (as well as the code for keeping that software in repositories, such as the FreeBSD ports framework, Debians compressed tar files with shell scripts to build each individual software, and so on) that is handled by anything from students at universities, over people who're doing it in their spare time, to unemployed people who just want to feel useful. Beyond that, consider all the code that never makes it to any repository and just sits in some github, or all the code that's still sitting in sourceforge.
|
|
#
?
Sep 26, 2019 12:08
|
|
|
Janitor Prime posted:wtf does any of that mean https://twitter.com/gsuberland/status/1176180763999580160?s=20
|
|
#
?
Sep 26, 2019 12:08
|
|
|
Midjack posted:сука блять! more like CMYK BLYAT!
|
|
#
?
Sep 26, 2019 13:06
|
|
|
Powerful Two-Hander posted:CMYK BLYAT! mods name change pls
|
|
#
?
Sep 26, 2019 13:12
|
|
|
|
| # ? Apr 28, 2024 16:21 |
|
|
D. Ebdrup posted:That's quite simply not true. While it's true that Linux has been overtaken by companies to the point that an individual will find it exceeding difficult to get their code commited (and as a result, maybe a lot of the code written under opensource licenses is handled by companies), that doesn't account for a majority of the opensource projects. (I said “code”, so it’s not much of an italicized stretch to extend my post to indicate that.) counting the number of projects, as though the GTK IRC clients and billion abandoned React components are as significant as the Linux kernel or postgres, seems uncommonly naive
|
|
#
?
Sep 26, 2019 13:31
|
|