|
you can bet those nonces use cookies as well
|
# ? May 20, 2022 20:44 |
|
|
# ? Apr 26, 2024 12:22 |
|
never accept a nonce cookie
|
# ? May 20, 2022 20:45 |
|
CVE-13-2022: nonce cookie abuse to corrupt child processes
|
# ? May 20, 2022 20:47 |
|
dpkg chopra posted:CVE-13-2022: nonce cookie abuse to corrupt child processes lol
|
# ? May 20, 2022 21:25 |
|
dpkg chopra posted:CVE-13-2022: nonce cookie abuse to corrupt child processes welp
|
# ? May 20, 2022 21:40 |
|
Carthag Tuek posted:nobody forgets about dre still have NEXT_EPISODE_ENDING.m4r as my ringtone.
|
# ? May 20, 2022 21:46 |
|
Captain Foo posted:welp is that too long for a thread title cus come on
|
# ? May 20, 2022 21:46 |
|
dpkg chopra posted:CVE-13-2022: nonce cookie abuse to corrupt child processes I will always remember "bing search privilege escalation tools on GitHub" and drop that in any interview that asks me to describe threat actors.
|
# ? May 20, 2022 21:58 |
|
Shame Boy posted:is that too long for a thread title cus come on its only 4 letters
|
# ? May 20, 2022 22:03 |
|
Speaking of security guess who got voluntold to go to the RSA Conference. Is that conference any good these days or am I likely just to find a bunch of middle manager's being told they need to buy some security? I wanted to go to NANOG, but welp.
|
# ? May 20, 2022 22:09 |
|
Hed posted:still have NEXT_EPISODE_ENDING.m4r as my ringtone. smoke weed every day
|
# ? May 20, 2022 22:22 |
|
dpkg chopra posted:YOSPOS secfuck megathread 18.14: CVE-13-2022: nonce cookie abuse to corrupt child processes
|
# ? May 20, 2022 22:25 |
|
rsacon is very bad these days
|
# ? May 20, 2022 22:25 |
|
Plorkyeran posted:rsacon is very bad these days Yea I was afraid of that. I imagine I'm going there because my company is a big player in the "middle manager's need to buy security" market. So they are sending a few of our senior engineers there along with I assume one or two of our C-Suite :/ Oh well, guess I can relive my Cisco Sales Engineer days, and maybe sing some drunken karaoke.
|
# ? May 20, 2022 22:55 |
|
ate poo poo on live tv posted:Speaking of security guess who got voluntold to go to the RSA Conference. The joke with Black Hat was they were slowly becoming RSA, which was considered not a good thing.
|
# ? May 20, 2022 23:14 |
|
CommieGIR posted:The joke with Black Hat was they were slowly becoming RSA, which was considered not a good thing. i thought black hat was just an excuse to get work to pay for your airfare to defcon these days
|
# ? May 20, 2022 23:44 |
|
there's security jobs that balk at paying for defcon? dang im still not goin this year i guess. but that's not work's fault
|
# ? May 20, 2022 23:59 |
|
Achmed Jones posted:there's security jobs that balk at paying for defcon? dang vegas not entirely wrongly still sets off the corporate boondoggle detector.
|
# ? May 21, 2022 00:06 |
|
Flight prices are all hosed up rn. I just booked my flight for an offsite event on Monday and it was 655 dollars for what should be like, 200
|
# ? May 21, 2022 00:13 |
|
flakeloaf posted:i heard it was no sweat
|
# ? May 21, 2022 00:47 |
|
Methanar posted:Flight prices are all hosed up rn. I just booked my flight for an offsite event on Monday and it was 655 dollars for what should be like, 200 maybe you should book a flight for an onsite event instead
|
# ? May 21, 2022 01:17 |
|
dpkg chopra posted:CVE-13-2022: nonce cookie abuse to corrupt child processes
|
# ? May 21, 2022 05:21 |
|
ate poo poo on live tv posted:Speaking of security guess who got voluntold to go to the RSA Conference. if you can manage to goatse the tweet wall again itll be worth it
|
# ? May 21, 2022 08:11 |
|
CMYK BLYAT! posted:if you can manage to goatse the tweet wall again itll be worth it Maybe I can use the analog hole to paste the goatman up there.
|
# ? May 21, 2022 08:24 |
|
Has there ever been a conference that wasn't an excuse to get pissed up and talk poo poo Remembering years ago at ausnog when a guy from some ISP was brutally heckled at a talk about IPv6
|
# ? May 21, 2022 09:57 |
|
nanog is great because it's a bunch of old bgp janitor greybeards getting sauced and grumbling about call of duty patches causing their edge routers to explode. nobody gives a poo poo about the talks because none of it is really that relevant when everyone's day to day is somewhere between "my akamai peering saturated all my links because activision doesn't care about compression" and "china telecom accidentally hijacked a hojillion prefixes and half the internet is offline" good luck getting your new proposal for enhanced authenticated autonomous system prefix announcement security working when there's still people running cisco 7200s
|
# ? May 21, 2022 11:48 |
|
doesn't sound great to me
|
# ? May 21, 2022 11:59 |
|
ate poo poo on live tv posted:Maybe I can use the analog hole to paste the goatman up there.
|
# ? May 21, 2022 11:59 |
|
abigserve posted:Has there ever been a conference that wasn't an excuse to get pissed up and talk poo poo this question doesn't make sense, no there has not been a conference that wasn't a conference
|
# ? May 21, 2022 12:01 |
|
Wait, nonce is slang for pedo? I thought it was like "dumbass"
|
# ? May 21, 2022 17:46 |
|
dumbass
|
# ? May 21, 2022 18:07 |
|
its both
|
# ? May 21, 2022 18:16 |
|
Kazinsal posted:nanog is great because it's a bunch of old bgp janitor greybeards getting sauced and grumbling about call of duty patches causing their edge routers to explode. nobody gives a poo poo about the talks because none of it is really that relevant when everyone's day to day is somewhere between "my akamai peering saturated all my links because activision doesn't care about compression" and "china telecom accidentally hijacked a hojillion prefixes and half the internet is offline" BGP is actually a poor example in this case because things like BGP Flow-spec can actually be used by people running their ancient mainframe internet access through an EoL Cisco box, they can also implement a number of BCP's such as BGP TTL Security, or anti-spoofing measures. All of those are relatively recent improvements that were designed to be compatible with BGP Speakers that are running on ancient hardware. Anyway, NANOG is cool.
|
# ? May 21, 2022 19:29 |
|
ate poo poo on live tv posted:BGP is actually a poor example in this case because things like BGP Flow-spec can actually be used by people running their ancient mainframe internet access through an EoL Cisco box, they can also implement a number of BCP's such as BGP TTL Security, or anti-spoofing measures. All of those are relatively recent improvements that were designed to be compatible with BGP Speakers that are running on ancient hardware. the bgp speakers of the 3rd tier NANOG
|
# ? May 21, 2022 19:38 |
|
Subjunctive posted:dumbass :,mods:
|
# ? May 21, 2022 19:42 |
|
an ancient company selling paper supplies that was an early adopter of the internet and has an entire class B of the public ipv4. the network operators trying to justify to iana that they need all that space, but are secretly using it for their own purposes the c-suite executives trying to find a way to sell off the class B but get thwarted by the network operators the independent tech journalists trying to find out the real truth behind everything
|
# ? May 21, 2022 19:42 |
|
xerox was indisputably a tech major during that time. but all go to one place: all are from the dust, and all return to dust.
|
# ? May 21, 2022 20:01 |
|
The c-suite executives don't know they have a class-b space, and don't know the value of it even if they did.bob dobbs is dead posted:xerox was indisputably a tech major during that time. but all go to one place: all are from the dust, and all return to dust. 13.13.0.0/16 US Norwalk, Connecticut Xerox Corporation 13.13.0.0/17 US Norwalk, Connecticut Xerox Corporation 13.13.128.0/17 US Norwalk, Connecticut Xerox Corporation 13.14.0.0/16 US Norwalk, Connecticut Xerox Corporation 13.14.0.0/17 US Norwalk, Connecticut Xerox Corporation 13.15.0.0/16 US Norwalk, Connecticut Xerox Corporation 13.15.0.0/17 US Norwalk, Connecticut Xerox Corporation 13.15.128.0/17 US Norwalk, Connecticut Xerox Corporation Yea, checks out.
|
# ? May 21, 2022 20:02 |
|
bob dobbs is dead posted:xerox was indisputably a tech major during that time. but all go to one place: all are from the dust, and all return to dust. parc still exists though it's been a while since they had a blockbuster project.
|
# ? May 21, 2022 20:35 |
|
|
# ? Apr 26, 2024 12:22 |
|
I worked at a place that had 8 class Bs and several class Cs of public addressing and no, they weren't an ISP. That job slapped
|
# ? May 22, 2022 07:40 |