|
dpkg chopra posted:changelog:
|
#
?
Mar 23, 2023 23:49
|
|
|
|
| # ? Apr 27, 2024 05:56 |
|
|
dpkg chopra posted:changelog: - switch underpinnings - attempt to close hole to mitigate fartbleed
|
|
#
?
Mar 23, 2023 23:58
|
|
|
fartbleed, the sequel to back orifice
|
|
#
?
Mar 24, 2023 00:19
|
|
|
dpkg chopra posted:changelog: changelog: ok NOW it's mitigated
|
|
#
?
Mar 24, 2023 00:23
|
|
|
dpkg chopra posted:changelog:
|
|
#
?
Mar 24, 2023 03:00
|
|
|
dpkg chopra posted:changelog: lmao if i ever wind up doing anything with the domain i will work this in somehow
|
|
#
?
Mar 24, 2023 03:02
|
|
|
lotta people are gonna have a fun one today https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
|
|
#
?
Mar 24, 2023 11:18
|
|
|
PIZZA.BAT posted:lotta people are gonna have a fun one today quote:This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository. lol quote:Please note that this issue was not the result of a compromise of any GitHub systems or customer information. Instead, the exposure was the result of what we believe to be an inadvertent publishing of private information. We have no reason to believe that the exposed key was abused and took this action out of an abundance of caution. lmao even
|
|
#
?
Mar 24, 2023 11:41
|
|
|
Powerful Two-Hander posted:lol the vuln was not an act of malice. it was a deliberate action of malicious consequence
|
|
#
?
Mar 24, 2023 12:03
|
|
|
I'm probably a smooth brain who thinks that more=better but I've recently thought it was dumb that git uses RSA keys
|
|
#
?
Mar 24, 2023 13:32
|
|
|
gib hut
|
|
#
?
Mar 24, 2023 14:23
|
|
|
private RSA keys? no, public repo!
|
|
#
?
Mar 24, 2023 14:28
|
|
|
the declarative version of the joke doesn't work because "no public repo" doesn't really scan on its own C+ good attempt, see me after class
|
|
#
?
Mar 24, 2023 15:09
|
|
|
~Coxy posted:I'm probably a smooth brain who thinks that more=better but I've recently thought it was dumb that git uses RSA keys there’s nothing particularly wrong with them in this context, is there? it’s not like key exchange where the old rsa algorithms have significant security deficiencies.
|
|
#
?
Mar 24, 2023 15:14
|
|
|
Soricidus posted:there’s nothing particularly wrong with them in this context, is there? it’s not like key exchange where the old rsa algorithms have significant security deficiencies. mystes fucked around with this message at 15:26 on Mar 24, 2023 |
|
#
?
Mar 24, 2023 15:23
|
|
|
https://twitter.com/thezdi/status/1639013632779628545
|
|
#
?
Mar 24, 2023 15:26
|
|
|
https://twitter.com/Synacktiv/status/1638996681260781574 lmao sounds bad
|
|
#
?
Mar 24, 2023 15:43
|
|
|
what a car crash
|
|
#
?
Mar 24, 2023 16:26
|
|
|
dpkg chopra posted:changelog:
|
|
#
?
Mar 24, 2023 16:27
|
|
|
Achmed Jones posted:the declarative version of the joke doesn't work because "no public repo" doesn't really scan on its own private RSA keys? no, public exposure!
|
|
#
?
Mar 24, 2023 16:42
|
|
|
Tesla will probably claim all crashes are due to hackers from now on and not their software.
|
|
#
?
Mar 24, 2023 16:44
|
|
|
~Coxy posted:I'm probably a smooth brain who thinks that more=better but I've recently thought it was dumb that git uses RSA keys its for the centos 6 servers still in production
|
|
#
?
Mar 24, 2023 16:56
|
|
|
apparently scams are going around tricking people into giving their steam login creds to dodgy sites to get access to the CS2 limited launch lmao: https://mastodon.social/@cs2unofficial/110093825035120363
|
|
#
?
Mar 27, 2023 08:20
|
|
|
Pile Of Garbage posted:apparently scams are going around tricking people into giving their steam login creds to dodgy sites to get access to the CS2 limited launch lmao: https://mastodon.social/@cs2unofficial/110093825035120363 this after all the trillions of totally real dollars in stolen skins? goddamn, at some point cs players have to basically deserve getting owned
|
|
#
?
Mar 27, 2023 08:41
|
|
|
cinci zoo sniper posted:this after all the trillions of totally real dollars in stolen skins? goddamn, at some point cs players have to basically deserve getting owned *nods sagely* terrorists win
|
|
#
?
Mar 27, 2023 10:43
|
|
|
if anything Valve should have learned from the literature that reactive counter-terror is not a deterrent and instead proactive anti-terror is much more effective. also most of the "terrorists" are good guys anyway
|
|
#
?
Mar 27, 2023 10:51
|
|
|
Powerful Two-Hander posted:*nods sagely* terrorists win
|
|
#
?
Mar 27, 2023 15:11
|
|
|
https://twitter.com/naglinagli/status/1639343866313601024
|
|
#
?
Mar 27, 2023 15:32
|
|
|
lmfao that has nothing to do with chatgpt. its just that openai hosed up configuring the caching on their CDN and it's open to abuse: https://twitter.com/naglinagli/status/1639353297982087180 you'd be forgiven for thinking otherwise ofc, given how the OP framed it
|
|
#
?
Mar 27, 2023 16:49
|
|
|
.css stands for cross site scripting, right? 
|
|
#
?
Mar 27, 2023 17:29
|
|
|
Caching Sure Sucks
|
|
#
?
Mar 27, 2023 17:31
|
|
|
Credentials Stored Securely
|
|
#
?
Mar 27, 2023 17:31
|
|
|
Can’t Senter Simply
|
|
#
?
Mar 27, 2023 17:32
|
|
|
Pile Of Garbage posted:lmfao that has nothing to do with chatgpt. its just that openai hosed up configuring the caching on their CDN and it's open to abuse: i don’t see the problem with the framing. they didn’t say it was a vulnerability in chatgpt, they said it was a vulnerability in the website and could give the attacker access to your chat history among other things. mentioning chatgpt is appropriate given that this could have affected most chatgpt users
|
|
#
?
Mar 27, 2023 18:39
|
|
|
from the OP tweet: "The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it." literally said affecting ChatGPT. irresponsible disclosure. edit: link if it was lost https://twitter.com/naglinagli/status/1639343866313601024
|
|
#
?
Mar 27, 2023 18:42
|
|
|
idk admittedly maybe im letting my dislike of the subject take over but if anything it should be clear that the OP deliberately phrased and then posted about the exploit in a way that it would sound like chatgpt was the cause. that you have to dig four tweets in to find that it's actually just CDN fuckery is ugh. good for them thou, stack paper from the rube mode
|
|
#
?
Mar 27, 2023 18:47
|
|
|
oh also it's just a config issue with their setup so we never ever have to care about it ever lmao
|
|
#
?
Mar 27, 2023 18:48
|
|
|
aren’t most chatgpt users using it through that website?
|
|
#
?
Mar 27, 2023 19:04
|
|
|
nah. nahhh
|
|
#
?
Mar 27, 2023 19:11
|
|
|
|
| # ? Apr 27, 2024 05:56 |
|
|
apparently twitter had gone open sores too https://www.theverge.com/2023/3/27/23657928/twitter-source-code-leak-github
|
|
#
?
Mar 27, 2023 19:29
|
|