|
https://donjon.ledger.com/kaspersky-password-manager/quote:The seed used to generate every password is the current system time, in seconds. It means every instance of Kaspersky Password Manager in the world will generate the exact same password at a given second. This would be obvious to spot if every click on the “Generate” button, in the password generator interface, produced the same password. However, for some reason, password generation is animated: dozens of random chars are displayed while the real password has already been computed.
|
# ? Jul 6, 2021 12:54 |
|
|
# ? Mar 28, 2024 11:17 |
|
”for some reason”
|
# ? Jul 6, 2021 13:00 |
|
lollllll
|
# ? Jul 6, 2021 13:31 |
|
jesus WEP posted:”for some reason” just because you know the reason doesn't mean you can't say "for some reason"
|
# ? Jul 6, 2021 13:33 |
|
lmfao
|
# ? Jul 6, 2021 13:52 |
|
i clicked the wrong link in a Teams invite and got this weird-rear end page, hosted at dialin.teams.microsoft.com is it just me or does that look a LOT like a domain squatter website, what the hell
|
# ? Jul 6, 2021 14:31 |
|
Looks like it's specifying a font you don't have and falling back to Times New Roman, lol
|
# ? Jul 6, 2021 14:33 |
|
Chris Knight posted:so, google and Microsoft, and ...
|
# ? Jul 6, 2021 15:00 |
https://twitter.com/0xabad1dea/status/1412197703275233284
|
|
# ? Jul 6, 2021 15:03 |
|
"unclear where it comes from" says anime person unaware of the amazing skill of looking up the ssh key format?code:
|
# ? Jul 6, 2021 16:17 |
|
2 years ago. lmooooa https://twitter.com/julianor/status/1412383696498348034
|
# ? Jul 6, 2021 20:07 |
|
Jabor posted:Looks like it's specifying a font you don't have and falling back to Times New Roman, lol something like that has definitely happened to me at seemingly random times on some azure pages
|
# ? Jul 6, 2021 21:10 |
|
Shame Boy posted:i clicked the wrong link in a Teams invite and got this weird-rear end page, hosted at dialin.teams.microsoft.com the teams dial-in stuff is pretty wacky. a lot of ut used to be configured through the now depreciated skype for business portal, so it's possible the ui is dragged over from some nth generation legacy system
|
# ? Jul 6, 2021 22:03 |
|
The best part is that they solved this problem by adding an animation that takes > 1s per password generation, so you can't tell that's what it was doing, instead of fixing the actual issue, or even making it per ms
|
# ? Jul 6, 2021 22:41 |
|
https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee
|
# ? Jul 6, 2021 22:53 |
|
lol tho https://twitter.com/UnderTheBreach/status/1412299945772785664
|
# ? Jul 7, 2021 00:51 |
|
im a communist and i like piss
|
# ? Jul 7, 2021 00:56 |
|
remember the last right-wing social network where every post including those marked private or supposedly deleted were fully accessible to anyone just by incrementing a url?
|
# ? Jul 7, 2021 02:45 |
|
struggling to come up with an entity I'd trust less with building a password manager than an antivirus vendor.
|
# ? Jul 7, 2021 04:49 |
|
Vanadium posted:struggling to come up with an entity I'd trust less with building a password manager than an antivirus vendor. the nsa?
|
# ? Jul 7, 2021 05:48 |
|
I honestly would trust the NSA way more to make a secure password manager. Their code review process would be legit and they don't have an incentive to backdoor something like that if they published it themselves. Would have to be one heck of a backdoor if they expect nobody to find it while being combed over by half the infosec community. if they make one as part of some operation and they publish it under a cover, that's another story altogether
|
# ? Jul 7, 2021 05:59 |
|
spankmeister posted:I honestly would trust the NSA way more to make a secure password manager. Their code review process would be legit and they don't have an incentive to backdoor something like that if they published it themselves. Something something ECC
|
# ? Jul 7, 2021 06:05 |
|
Volmarias posted:Something something ECC that's exactly it. they got caught with their hand in the cookie jar. anything they do now is scrutinized to hell and back. For example: do you think they backdoored Ghidra?
|
# ? Jul 7, 2021 06:45 |
|
spankmeister posted:that's exactly it. they got caught with their hand in the cookie jar. anything they do now is scrutinized to hell and back. I wouldn't be at all surprised if someone pulled a Trusting Trust with it either.
|
# ? Jul 7, 2021 07:04 |
|
once everyone hears what happened the first time, a future frog should feel safe just hopping on a scorpion
|
# ? Jul 7, 2021 07:09 |
|
spankmeister posted:that's exactly it. they got caught with their hand in the cookie jar. anything they do now is scrutinized to hell and back. I sure don't know, but I run it on an air-gapped computer anyway.
|
# ? Jul 7, 2021 08:52 |
|
Volmarias posted:The best part is that they solved this problem by adding an animation that takes > 1s per password generation, so you can't tell that's what it was doing, instead of fixing the actual issue, or even making it per ms that is baffling to me, it just seems like more work i guess maybe if the guy who wrote the generation code was transferred and they only had UI guys left to finish the app?? tbh i think the animation was just some manager's stupid idea that accidentally hid the broken pw gen Carthag Tuek fucked around with this message at 11:23 on Jul 7, 2021 |
# ? Jul 7, 2021 11:20 |
|
it all makes sense if you assume generating predictable passwords was intentional
|
# ? Jul 7, 2021 12:42 |
|
ymgve posted:it all makes sense if you assume generating predictable passwords was intentional fair
|
# ? Jul 7, 2021 14:11 |
|
lol. ms pushed an out-of-band patch for print nightmare. notably, the description for kb5004945 mentions printnightmare by name but doesn't include the word "resolves" anywhere
|
# ? Jul 7, 2021 14:23 |
|
spankmeister posted:I honestly would trust the NSA way more to make a secure password manager. Their code review process would be legit and they don't have an incentive to backdoor something like that if they published it themselves. ignoring the whole "of course they'd backdoor it anyway lmao" angle, one incentive to backdoor it is it'd probably wind up being the tool that all the federal and state government agencies would be required to use, and it's always handy being able to break into them whenever you want without having to worry about pesky things like jurisdiction or having a valid reason
|
# ? Jul 7, 2021 14:55 |
|
infernal machines posted:lol. ms pushed an out-of-band patch for print nightmare. notably, the description for kb5004945 mentions printnightmare by name but doesn't include the word "resolves" anywhere The number of "critical" patches that in no way resolve the issue this year has been high.
|
# ? Jul 7, 2021 19:18 |
|
Shame Boy posted:ignoring the whole "of course they'd backdoor it anyway lmao" angle, one incentive to backdoor it is it'd probably wind up being the tool that all the federal and state government agencies would be required to use, and it's always handy being able to break into them whenever you want without having to worry about pesky things like jurisdiction or having a valid reason all federal stuff goes through a mitm proxy with certs trusted by the machines, that is always decrypted and inspected (they do content filtering even on SSL), so those passwords are getting analyzed/sent as plaintext anyways.
|
# ? Jul 7, 2021 19:27 |
|
on cool thing that happens is they don't tell people that the new certs are being deployed ahead of time and they randomly change them and then every piece of software running in the environment managed/supplied by a vendor immediately breaks because someone has to go update deployments to trust the new certs
|
# ? Jul 7, 2021 19:28 |
|
nice to know my pki is better than the feds
|
# ? Jul 7, 2021 19:45 |
|
infernal machines posted:lol. ms pushed an out-of-band patch for print nightmare. notably, the description for kb5004945 mentions printnightmare by name but doesn't include the word "resolves" anywhere i hate everything about this
|
# ? Jul 7, 2021 20:23 |
|
"Updates a remote code execution exploit" is uh... ambiguous
|
# ? Jul 7, 2021 20:35 |
|
we fixed the expoit poc by blacklisting MyExploit.dll
|
# ? Jul 7, 2021 20:53 |
|
the remote code execution was producing excessive log messages
|
# ? Jul 7, 2021 20:55 |
|
|
# ? Mar 28, 2024 11:17 |
|
https://twitter.com/patriottakes/status/1412553834132475905
|
# ? Jul 7, 2021 21:39 |