|
lmaooo
|
#
?
Sep 3, 2021 21:11
|
|
|
|
| # ? Apr 16, 2024 09:31 |
|
|
i transposed those letters and was very confused why a website would want to profile whistleblowers
|
|
#
?
Sep 3, 2021 21:13
|
|
|
Shame Boy posted:i transposed those letters and was very confused why a website would want to profile whistleblowers SAME.
|
|
#
?
Sep 3, 2021 21:18
|
|
|
Shame Boy posted:i transposed those letters and was very confused why a website would want to profile whistleblowers lol
|
|
#
?
Sep 3, 2021 21:18
|
|
|
Shame Boy posted:i transposed those letters and was very confused why a website would want to profile whistleblowers it would redirect to the intercept in that case, not the same site on https
|
|
#
?
Sep 3, 2021 21:21
|
|
|
anyways i nuked tweet but will leave the post up as proof that i got tricked. the .net is a good pro choice site educating people. the .com (who godaddy is kicking off their platform) is the real snitch site. Always hit it in an incognito browser before hollering, folks
|
|
#
?
Sep 3, 2021 21:24
|
|
|
Deleted, like a coward.
|
|
#
?
Sep 3, 2021 22:05
|
|
|
anyways i nuked tweet but will leave the post up as proof that i got tricked. the .net is a good pro choice site educating people. the .com (who godaddy is kicking off their platform) is the real snitch site. Always hit it in an incognito browser before hollering, folks
|
|
#
?
Sep 3, 2021 22:17
|
|
|
since you deleted it and didnt elaborate in the post I don't even know wtf you got tricked by
|
|
#
?
Sep 4, 2021 00:00
|
|
|
somebody registered prolifewhistleblower.net to be like "actually abortion is good" and i didnt look at the page first. the .com is the real one. that's all.
|
|
#
?
Sep 4, 2021 00:05
|
|
|
if that counts as an IDN homograph attack, it's kind of a home-grown secfuck edit: also, it seems to have kinda worked? BlankSystemDaemon fucked around with this message at 14:19 on Sep 4, 2021 |
|
#
?
Sep 4, 2021 13:13
|
|
|
Jonny 290 posted:anyways i nuked tweet but will leave the post up as proof that i got tricked. the .net is a good pro choice site educating people. the .com (who godaddy is kicking off their platform) is the real snitch site. You could also edit you're post to say that you removed the tweet, to solve the mystery.
|
|
#
?
Sep 4, 2021 21:27
|
|
|
Johnny 290 try not to take another L challenge 
|
|
#
?
Sep 5, 2021 01:36
|
|
|
rufinator are you still cracking mirc
|
|
#
?
Sep 5, 2021 01:47
|
|
|
nice try officer
|
|
#
?
Sep 5, 2021 01:59
|
|
|
ok which one of you is mark ellzey https://censys.io/blog/cve-2021-26084-confluenza/quote:confluenza
|
|
#
?
Sep 6, 2021 21:00
|
|
|
https://twitter.com/evacide/status/1434972565747822592?s=20
|
|
#
?
Sep 6, 2021 21:19
|
|
|
i'm the threat model that thinks protonmail should be in any discussion at all
|
|
#
?
Sep 6, 2021 21:59
|
|
|
Real heads know riseup is the one the feds can't access
|
|
#
?
Sep 6, 2021 22:13
|
|
|
my pc is broadcasting an ip
|
|
#
?
Sep 6, 2021 22:17
|
|
|
The trick is to daisy chain your vpns and money trail through Egypt, into Israel, into Pakistan, into India.
|
|
#
?
Sep 6, 2021 22:32
|
|
|
Methanar posted:The trick is to daisy chain your vpns and money trail through Egypt, into Israel, into Pakistan, into India. always make your last hop is InterNIC so you can delete the logs easily
|
|
#
?
Sep 6, 2021 22:43
|
|
|
is this where we talk about case sensitivityquote:When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the node_modules hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as file:/some/path, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem.
|
|
#
?
Sep 7, 2021 00:46
|
|
|
phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead.
|
|
#
?
Sep 7, 2021 13:55
|
|
|
Microsoft Outlook for Microsoft 365 versions
|
|
#
?
Sep 7, 2021 14:27
|
|
|
infernal machines posted:phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead. gross
|
|
#
?
Sep 7, 2021 14:35
|
|
|
infernal machines posted:phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead. lol
|
|
#
?
Sep 7, 2021 15:23
|
|
|
infernal machines posted:phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead. imo a better solution would just be to reject email from any domain with non-ascii characters
|
|
#
?
Sep 7, 2021 15:27
|
|
|
Shaggar posted:imo a better solution would just be to reject email from any domain shaggar.... was right
|
|
#
?
Sep 7, 2021 15:28
|
|
|
confluenza continues, jenkins on the menu now https://threatpost.com/jenkins-atlassian-confluence-cyberattacks/169249/
|
|
#
?
Sep 7, 2021 17:35
|
|
|
Cold on a Cob posted:shaggar.... was right Broken clock etc
|
|
#
?
Sep 7, 2021 18:06
|
|
|
infernal machines posted:phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead. lmao
|
|
#
?
Sep 7, 2021 19:54
|
|
|
cinci zoo sniper posted:confluenza continues, jenkins on the menu now https://threatpost.com/jenkins-atlassian-confluence-cyberattacks/169249/ imagine: you take control of Jenkins' Confluence server. what do you do? a. pivot to the Jenkins organization's internal network and start ransomwaring everything. b. figure out how to get into the Jenkins' source code repo and insert some malicious code, allowing you to control thousands of high-powered servers across the world. c. install a Monero miner
|
|
#
?
Sep 7, 2021 20:37
|
|
|
Pendragon posted:imagine: you take control of Jenkins' Confluence server. what do you do? I've been dealing with this bullshit, and its amazing how complacent people are about the thread... like, our processes are disturbing me because its just 'patch and run maldet, and let them go, but not til the customer approves a window'(and some of our big customers are pushing back, fortunately, lol) and its bonkers. it took a week into it all before someone took the suggestion of automating and pushing to all servers seriously, and I don't think its happened yet what a clusterfuck
|
|
#
?
Sep 7, 2021 20:43
|
|
|
RFC2324 posted:I've been dealing with this bullshit, and its amazing how complacent people are about the thread... like, our processes are disturbing me because its just 'patch and run maldet, and let them go, but not til the customer approves a window'(and some of our big customers are pushing back, fortunately, lol) and its bonkers. it took a week into it all before someone took the suggestion of automating and pushing to all servers seriously, and I don't think its happened yet I've run into the opposite issue with some high-priority cisco bugs where our MSP wanted to patch over a weekend and reboot our prod ASA whenever they got to it and I had to push back and say, "no, we need a window where we can tell our customers our stuff might go down." that said you're dealing with a friggin confluence install how mission critical can those be ...I don't want to know the answer to that question, do I?
|
|
#
?
Sep 7, 2021 20:52
|
|
|
Pendragon posted:I've run into the opposite issue with some high-priority cisco bugs where our MSP wanted to patch over a weekend and reboot our prod ASA whenever they got to it and I had to push back and say, "no, we need a window where we can tell our customers our stuff might go down." depends on the org. most people are pretty chill about us declaring an emergency bounce as long as they know, but a handful were trying to push it out by weeks for a 5 minute down
|
|
#
?
Sep 7, 2021 21:42
|
|
|
infernal machines posted:phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead. email sucks so loving bad, its unreal lets have two "from" addresses, one of them is validated via spf/dkim and the other isnt (guess which one the client will show you when you are reading an email)
|
|
#
?
Sep 7, 2021 22:11
|
|
|
30 TO 50 FERAL HOG posted:email sucks so loving bad, its unreal and yet smtp will never die
|
|
#
?
Sep 8, 2021 05:06
|
|
|
lovely mail; toilet paper
|
|
#
?
Sep 8, 2021 12:05
|
|
|
|
| # ? Apr 16, 2024 09:31 |
|
|
actual security question: my company is looking to freshen up their website and the contractor they want to hire uses Wordpress. normally I wouldn't care security-wise as it wouldn't be hosted anywhere close to our networks (and thus hacks wouldn't matter) but our place in our industry makes us a possible watering hole target. how concerned should I be about the security implications of a Wordpress site?
|
|
#
?
Sep 8, 2021 14:07
|
|