|
Buff Hardback posted:exactly this is what i meant i'd give atomicthumbs the benefit of the doubt, but it's a weird thing to get up in arms over. like, at best their issue is that it defaults to encrypting the volume even if it's storing the key in an accessible manner and they would just prefer that it didn't encrypt the volume in that case. of course, it does this because volume encryption is the default in windows 11, which is good, imo. and this specific scenario only comes up if you go out of your way to avoid the mechanisms that manage the recovery key for you e: and if you do that, you can also just turn off bitlocker so the drive is unencrypted, if that's what you want infernal machines fucked around with this message at 20:50 on Jan 17, 2022 |
#
?
Jan 17, 2022 20:38
|
|
|
|
| # ? Apr 19, 2024 17:34 |
|
|
Doesn't the OPAL spec mandate that SSDs do FDE by default with a manufacturer-supplied key?
|
|
#
?
Jan 17, 2022 20:45
|
|
|
BlankSystemDaemon posted:Doesn't the OPAL spec mandate that SSDs do FDE by default with a manufacturer-supplied key?
|
|
#
?
Jan 17, 2022 20:49
|
|
|
atomicthumbs has just as much software security credibility as any other twitter furry
|
|
#
?
Jan 17, 2022 21:07
|
|
|
if you really care about drive encryption against more than a casual threat / so you can wipe the computer for resale, bitlocker+TPM without a PIN is not very useful
|
|
#
?
Jan 17, 2022 21:10
|
|
|
Hed posted:if you really care about drive encryption against more than a casual threat / so you can wipe the computer for resale, bitlocker+TPM without a PIN is not very useful windows 11 requires tpm 2.0 now (windows 10, which the laptop in that article was using, would enable bitlocker on tpm 1.2 devices, and so didn't use secure communication). idk if they actually enforce the secure communication component to use bitlocker, but in theory they could/may and that particular attack won't work
|
|
#
?
Jan 17, 2022 21:17
|
|
|
thank you. I haven’t looked at that since windows 11 came out so now I’m curious if secure comms is mandatory or if the SPI bus is just one happy family
|
|
#
?
Jan 17, 2022 23:00
|
|
|
Jenny Agutter posted:https://twitter.com/atomicthumbs/status/1482859329858404352?s=20 i've followed them for a while, their posting style reminds me strongly of the something awful dot com forums for some reason
|
|
#
?
Jan 18, 2022 00:11
|
|
|
Kesper North posted:i've followed them for a while, their posting style reminds me strongly of the something awful dot com forums for some reason idk if you're kidding but if not, atomicthumbs was a pretty prolific yosposter for a while till they got all vaguely twitter popular
|
|
#
?
Jan 18, 2022 00:13
|
|
|
mystes posted:I think that bitlocker stopped using that stuff because most disk companies were loving it up so bad? Shame Boy posted:idk if you're kidding but if not, atomicthumbs was a pretty prolific yosposter for a while till they got all vaguely twitter popular
|
|
#
?
Jan 18, 2022 01:27
|
|
|
akadajet posted:atomicthumbs has just as much software security credibility as any other twitter furry atomicthumbs is real and my friend
|
|
#
?
Jan 18, 2022 01:31
|
|
|
Shame Boy posted:idk if you're kidding but if not, atomicthumbs was a pretty prolific yosposter for a while till they got all vaguely twitter popular i was absolutely not kidding at all and lmfao that figures
|
|
#
?
Jan 18, 2022 01:36
|
|
|
BlankSystemDaemon posted:I think they stopped posting after the Dear Richard thread? they showed up for the lowtax death thread and i asked em' what they were up to: atomicthumbs posted:I'm doing pretty good! mostly on Twitter because it lets me choose who i want to "hang out" with online. Also I turned into a queer
|
|
#
?
Jan 18, 2022 01:46
|
|
|
I just kicked the infosec team’s elevated accounts out of domain admin/global admin/okta superadmin/etc, they only get specifically delegated access for their role now. 
|
|
#
?
Jan 18, 2022 01:53
|
|
|
Shame Boy posted:they showed up for the lowtax death thread and i asked em' what they were up to: yeah, they're a good poster/twitter follow and I'm glad they're living their life in a way they feel comfortable I've been reading this whole discussion with the fact that they sometimes rehab old machines for resale as part of their job in the back of my head. they work in electronics recycling, so I wouldn't be surprised if this came up trying to prep machines for purchasing in the shop and they wanted to get twitter feedback on if this made sense to anyone else the place they're at sells affordable recycled computers to the local community, as well as some neat hard-to-find stuff since all sorts of equipments comes through
|
|
#
?
Jan 18, 2022 02:23
|
|
|
Kesper North posted:i was absolutely not kidding at all and lmfao that figures lol
|
|
#
?
Jan 18, 2022 03:01
|
|
|
Shame Boy posted:they showed up for the lowtax death thread and i asked em' what they were up to: I can understand finding new places to hang out online; from 1992 to 2009 I basically only hung out on IRC (while archiving SA using .mht files when they weren't closed) and while I'm still there now, I'm also active on SA and a bit on Twitter. That being said, I suspect the way I use Twitter differs quite a bit from how most people do; I almost-exclusively browse it using tweetdeck, have retweets turned off for everyone I follow, disabled likes from showing up in any of the timelines, and keep my follower and following lists regularly maintained.
|
|
#
?
Jan 18, 2022 03:51
|
|
|
there are still irc communities alive??
|
|
#
?
Jan 18, 2022 03:58
|
|
|
Lady Radia posted:there are still irc communities alive?? If it wasn't because of all the channel and nickname collisions, I think it's possible IRC could go back to being the global network it was before eris.berkeley.edu got juped because it allowed everyone who could compile an ircd to connect, which led to lots and lots of netsplits, and eventually led to the Eris-Free Network.
|
|
#
?
Jan 18, 2022 04:05
|
|
|
irc can never be good unless you run a private invite only thing or charge people for it
|
|
#
?
Jan 18, 2022 04:08
|
|
|
Jonny 290 posted:irc can never be good unless you run a private invite only thing or charge people for it and discourse seems to have solidly gotten that niche
|
|
#
?
Jan 18, 2022 04:16
|
|
|
BlankSystemDaemon posted:That being said, I suspect the way I use Twitter differs quite a bit from how most people do; I almost-exclusively browse it using tweetdeck, have retweets turned off for everyone I follow, disabled likes from showing up in any of the timelines, and keep my follower and following lists regularly maintained. Twitter default timeline is bananas now. Not only do likes showup, but random tweets from people that people you follow follow! gently caress!!!
|
|
#
?
Jan 18, 2022 04:22
|
|
|
There's probably a #yospos somewhere if you're truly desperate to go hang out with the people who got run out of yospos and are eternally bitter about it.
|
|
#
?
Jan 18, 2022 04:24
|
|
|
~Coxy posted:Twitter default timeline is bananas now. Not only do likes showup, but random tweets from people that people you follow follow! gently caress!!!
|
|
#
?
Jan 18, 2022 04:32
|
|
|
Jabor posted:There's probably a #yospos somewhere if you're truly desperate to go hang out with the people who got run out of yospos and are eternally bitter about it. i joined a yospos irc channel right after i started reading yospos and one of the first things i saw was somebody talking about how they got run out of the yosslack for being too racist. i mashed /part real hard
|
|
#
?
Jan 18, 2022 04:32
|
|
|
Shame Boy posted:they showed up for the lowtax death thread and i asked em' what they were up to: dude still actively posts here
|
|
#
?
Jan 18, 2022 06:13
|
|
|
BlankSystemDaemon posted:... lol is that seriously the backstory of efnet hahaha irc rules, but i didnt like the yospos channel either. i lasted maybe an hour. yospos isn't really a fit for chat at all
|
|
#
?
Jan 18, 2022 09:20
|
|
|
Tankakern posted:lol is that seriously the backstory of efnet
|
|
#
?
Jan 18, 2022 09:35
|
|
|
the yospos irc channel is mostly people who use pepe memes
|
|
#
?
Jan 18, 2022 10:11
|
|
|
something tells me no one there is actually a yosposter anymore
|
|
#
?
Jan 18, 2022 11:02
|
|
|
BlankSystemDaemon posted:Ah, interesting. 
|
|
#
?
Jan 18, 2022 11:18
|
|
|
I don't know where to post this, but I have had a weird identity theft issue that is confusing me. Basically, I got a bunch of emails from Wells Fargo within about a minute of each other, starting with "We have received your application for a new checking account", and then one with a code to enter into their website for validation, and then a "Your checking account has been successfully set up" email. And then a final email saying that the contact information had been updated (to an email address that is not mine). Two of the emails refer to me by my full name. This obviously wasn't me. So I call Wells Fargo (from their website, not from any link in the emails), and tell them this, and they put a block on the account. First thing I do is change my email account password. Then I check on my credit card balances to make sure that there aren't any weird charges, and while I'm there, I check on my credit history, and it pops up that there are hits on the "dark web" for me from some data breach of some website a while ago, and it shows me my email address and a password that I use (not the password to the email account itself, but a password I use for a bunch of garbage sites I've signed up for over the years that don't have anything sensitive about me in them, which I guess used my email address as username or whatever). But I'm confused about why they used my actual email address for setting up the account when they must have already found my social security number and other basic info. Why not just use their own email address so that I wouldn't even know about it? And how did they get the confirmation code from Wells Fargo from my email to complete the account setup? If they had actual access to my email account, why not delete the mails so that I would be completely unaware? Is it possible that they are forwarding all of my emails to another email address, and does changing my email account password stop this? It's a gmail account, and I've checked the settings for auto-forwarding, and there is nothing there.
|
|
#
?
Jan 18, 2022 12:28
|
|
|
for your gmail the minimum breach recovery sequence here imo would be 1) change password on main gmail and recovery emails 2) terminate all signed in sessions via relevant security wizards 3) disable pop3 and imap support on main gmail, and recoveries if possible 4) deauthorise all applications connected to or authenticated via either involved account 5) enable 2fa for main gmail, and recoveries if possible 6) only re-enable disabled or disconnected stuff when you know what is it for as for how they got your stuff, imo it’s either some funny authenticated application or wells fargo has poo poo protocols and someone just pretty please’d them over the phone, which would explain why they had to use a normal email instead of cumrocket69@pcgamer.com cinci zoo sniper fucked around with this message at 12:58 on Jan 18, 2022 |
|
#
?
Jan 18, 2022 12:45
|
|
|
less likely scenarios ive seen doing financial fraud prevention - remote access worm on your device, or (well, this one is actually much more likely but id imagine you’d know if this is the case) your household member trying to pull off a scheme with your credentials
|
|
#
?
Jan 18, 2022 12:51
|
|
|
Tankakern posted:lol is that seriously the backstory of efnet yospos irc was pretty unwelcoming. the discord is good you should join in on the fun. i get double the amount of funny computer memes thanks to it
|
|
#
?
Jan 18, 2022 12:52
|
|
|
Kazinsal posted:something tells me no one there is actually a yosposter anymore eh, i'd assume hbag is on there
|
|
#
?
Jan 18, 2022 12:55
|
|
|
Inferior Third Season posted:I don't know where to post this, but I have had a weird identity theft issue that is confusing me. I had this happen to me a couple years ago in a similar fashion.
|
|
#
?
Jan 18, 2022 13:12
|
|
|
cinci zoo sniper posted:for your gmail the minimum breach recovery sequence here imo would be
|
|
#
?
Jan 18, 2022 13:28
|
|
|
akadajet posted:dude still actively posts here their most recent post on the forums was in the lowtax death thread, 3 months ago. before that they hadn't posted since April of last year, and they haven't posted in yospos since june 2020
|
|
#
?
Jan 18, 2022 13:40
|
|
|
|
| # ? Apr 19, 2024 17:34 |
|
|
Inferior Third Season posted:I had 2FA enabled already with SMS, but I added the Google Authenticator app. sms is not an adequate 2fa measure, and you should explicitly disable it from being such wherever possible. there have been plenty of documented sms takeovers by random bandits vs random people in the states, this doesn’t require russian cia resources
|
|
#
?
Jan 18, 2022 15:15
|
|