|
mystes posted:They're sharing it by passing the qr code around?!!!!!!! well, not any more once we disclosed it to their leadership and the blue team.
|
#
?
May 6, 2022 03:37
|
|
|
|
| # ? Apr 19, 2024 14:32 |
|
|
tired: using a bash script and awk to comb through git repositories for ssh keys and api tokens wired: using an AI to comb through twitch live and archive streams of people programming and automatically guessing passwords based on typing heuristics and totp qr code screenshots
|
|
#
?
May 6, 2022 08:06
|
|
|
our support team copied the passwords out of the vault and put them on confluence lol I dropped them right in the poo poo on that one, no point having "segregation of duties" if they're segregated away to idiots
|
|
#
?
May 6, 2022 08:40
|
|
|
just got an email from my identity protection service giving me a report on how my identity is doing as far as i know i don't have an identity protection service 
|
|
#
?
May 6, 2022 15:23
|
|
|
oh it's apparently a FREE BONUS FEATURE that comes with my loving health insurance from work for some reason okay also it really wants me to use their online password manager, sure let me just give my health insurance company all my passwords, why not
|
|
#
?
May 6, 2022 15:26
|
|
|
sb hermit posted:tired: using a bash script and awk to comb through git repositories for ssh keys and api tokens rsa key on webcam vibes here
|
|
#
?
May 6, 2022 16:05
|
|
|
some rad badasses itt. tellin it no questions asked cause they know wtf is up y'all
|
|
#
?
May 6, 2022 16:26
|
|
|
Shame Boy posted:oh it's apparently a FREE BONUS FEATURE that comes with my loving health insurance from work for some reason okay just think of it as free insurance for your drivers license please submit your drivers license to continue, for free, NOW submit goddamnit
|
|
#
?
May 6, 2022 16:29
|
|
|
dang man, all my health insurance gives me is a free $10K in life insurance or was that my credit union?
|
|
#
?
May 6, 2022 16:42
|
|
|
sb hermit posted:dang man, all my health insurance gives me is a free $10K in life insurance i feel like health insurance should give you a much higher amount of free life insurance as a sort of money-back guarantee
|
|
#
?
May 6, 2022 17:11
|
|
|
sb hermit posted:dang man, all my health insurance gives me is a free $10K in life insurance don't ask me man i just got this sweet binance card with this one weird trick you can buy cryptos on margin then sell it before the bill comes! it's free money
|
|
#
?
May 6, 2022 17:15
|
|
|
Shame Boy posted:i feel like health insurance should give you a much higher amount of free life insurance as a sort of money-back guarantee I wonder how well that would work to fix coverage issues. "If medical care would have fixed it, insurance pays out 10 million to the survivors"
|
|
#
?
May 6, 2022 17:56
|
|
|
ymgve posted:question, though: if you put a fake login on the whiteboard when interviewing someone for a red team role, would seeing that login being attempted count as positive or negative? if it wasn't cleared up after the interview then i'd be interested in what services they tried stuffing and how overt they were but neither would be relevant to their role in practice
|
|
#
?
May 6, 2022 19:41
|
|
|
just really awkwardly drop the u/p in the middle of your conversation, bonus points if it's alphanumeric plus extra for punctuation and whitespace
|
|
#
?
May 6, 2022 20:09
|
|
|
Beeftweeter posted:don't ask me man i just got this sweet binance card Arent those the crypto nazis or am I misremembering
|
|
#
?
May 6, 2022 22:39
|
|
|
ZeusCannon posted:Arent those the crypto nazis or am I misremembering as in nazi gold digital krugerrands maybe yes, just yes
|
|
#
?
May 6, 2022 22:50
|
|
|
+1 to the good dentist
|
|
#
?
May 6, 2022 23:20
|
|
|
ZeusCannon posted:Arent those the crypto nazis or am I misremembering yes they were the ones with the official swastika symbol a few weeks ago.
|
|
#
?
May 7, 2022 00:23
|
|
|
It's nice to know that CloudFlare, who present themselves as the only company who can solve security issues, isn't excempt from being a secfuck.
|
|
#
?
May 7, 2022 18:23
|
|
|
BlankSystemDaemon posted:It's nice to know that CloudFlare, who present themselves as the only company who can solve security issues, isn't excempt from being a secfuck. lol also their stock crashed like 40% over the past two days
|
|
#
?
May 7, 2022 18:34
|
|
|
BlankSystemDaemon posted:It's nice to know that CloudFlare, who present themselves as the only company who can solve security issues, isn't excempt from being a secfuck.
|
|
#
?
May 7, 2022 20:07
|
|
|
Lol that Chase asks me to log into the app and authenticate myself if I change IP addresses, but only requires you to reply YES to an SMS to authorize unusual, multi-thousand USD, wire transfers. Great threat model there.
|
|
#
?
May 7, 2022 23:12
|
|
|
I find that older businesses that should have tighter security are usually the ones that have the most conservative and outdated security models and controls.
At least, in the wider sense, password expiration is going away. I hope password complexity goes with it. I think account security should just require a six character password minimum that isn't your username, and a second factor.
|
|
#
?
May 7, 2022 23:34
|
|
|
can’t wait to see what a loving nightmare this turns out to be for literally anyone who isn’t a twenty something guy with english as their first language
|
|
#
?
May 7, 2022 23:38
|
|
|
the gas utility here redid their website last year and the new version is a dog poo poo react app and the password field has right clicking and pasting disabled it rules having to dev tools the event handlers away so i can use my password manager
|
|
#
?
May 7, 2022 23:39
|
|
|
Beeftweeter posted:lol also their stock crashed like 40% over the past two days still higher than when i sold off my options in april 2020 lol look, i was correct on tech stocks and the economy in general taking a dive, just like 2 years early sb hermit posted:I find that older businesses that should have tighter security are usually the ones that have the most conservative and outdated security models and controls i wish i were a fly on the wall privy to these security discussions but i don't know why im expecting vigorous debate or w/e. most of my brain tells me "no, it's exactly like what you saw recently": there's a mid-50s management person who is driven to show that THEY ARE EXPERIENCED AND KNOW THINGS, so they take personal control over dictating what the contractors implement, so they recommend the state of the art in password security circa 1992 without consulting anyone with actual domain knowledge, and don't bother changing this when subordinates inform them it's outdated af because THERE ARE MORE IMPORTANT THINGS TO DO, LIKE ADDING MORE OUTDATED poo poo TO THE DESIGN. the idiot idealist parts of my brain continue to shout that this can't be the case. anyway, i am thankful my small CU is inexplicably way ahead of the curve on this; ask me why the passwords to our very needfully highly secure support ticket portal requires 4 classes of characters in passwords that expire monthly
|
|
#
?
May 8, 2022 00:01
|
|
|
i am moving into a position where i do infosec analysis for literally 10s of millions of people, things are going to be interesting i will be issuing many yospos-esque reports
|
|
#
?
May 8, 2022 00:17
|
|
|
Can anyone explain why, with full benefit of doubt, a website would disallow pasting passwords? What conceivable security benefits are there?
|
|
#
?
May 8, 2022 02:13
|
|
|
ur clipboard might be hacked
|
|
#
?
May 8, 2022 02:15
|
|
|
A Man With A Plan posted:Can anyone explain why, with full benefit of doubt, a website would disallow pasting passwords? What conceivable security benefits are there?
|
|
#
?
May 8, 2022 02:17
|
|
|
A Man With A Plan posted:Can anyone explain why, with full benefit of doubt, a website would disallow pasting passwords? What conceivable security benefits are there? password reuse is bad
|
|
#
?
May 8, 2022 02:20
|
|
|
pseudorandom name posted:password reuse is bad As opposed to making people enter passwords from memory, which causes them to enter totally unique 10 digit passwords with uppercase letters, numbers, and symbols, and never reuse them
|
|
#
?
May 8, 2022 02:22
|
|
|
if you copy and paste, you're assumed to be copying and pasting from a passwords.txt notepad file sitting on your desktop
|
|
#
?
May 8, 2022 02:23
|
|
|
I just take a photo of my post-it collection and OCR it
|
|
#
?
May 8, 2022 02:26
|
|
|
Shame Boy posted:if you copy and paste, you're assumed to be copying and pasting from a passwords.txt notepad file sitting on your desktop which, assuming complex and unique passwords, is still substantially better than what most regular people do
|
|
#
?
May 8, 2022 02:33
|
|
|
redleader posted:which, assuming complex and unique passwords, is still substantially better than what most regular people do
|
|
#
?
May 8, 2022 02:52
|
|
|
same as the re-enter email field. how else will you ensure that users typed it properly from memory! if they forget or typo you will have to send a costly automated password reset email!!!
|
|
#
?
May 8, 2022 03:00
|
|
|
CMYK BLYAT! posted:same as the re-enter email field. how else will you ensure that users typed it properly from memory! if they forget or typo you will have to send a costly automated password reset email!!! if they misenter the email address, where exactly do you send the reset email?
|
|
#
?
May 8, 2022 03:02
|
|
|
Where I work a lot of business processes depend on a basically defunct software suite that has 90s era password requirements like no punctuation except exclamation points, no more than 3 of the same character class in a row, etc. So if you don't want random things to fail, your domain password also has to follow these requirements
|
|
#
?
May 8, 2022 03:13
|
|
|
|
| # ? Apr 19, 2024 14:32 |
|
|
A Man With A Plan posted:Where I work a lot of business processes depend on a basically defunct software suite that has 90s era password requirements like no punctuation except exclamation points, no more than 3 of the same character class in a row, etc. So if you don't want random things to fail, your domain password also has to follow these requirements
|
|
#
?
May 8, 2022 03:14
|
|