|
ErIog posted:Loose lips sink ships, but those same lips also help a lot of people make enough money giving blowjobs so it's impossible to say if it's good or bad what part of that would be bad?
|
#
?
Feb 2, 2023 01:49
|
|
|
|
| # ? Oct 2, 2023 17:53 |
|
|
something something dead seamen
|
|
#
?
Feb 2, 2023 02:29
|
|
|
Jabor posted:something something dead seamen dead seamen on your loose lips? more likely than you think!
|
|
#
?
Feb 3, 2023 12:06
|
|
|
hooooly poo poo did I just find a fuckup we have a cloud platform that uses sso across the company domain(s), so when you go to it and enter powerfultwohander@company.com, it forces sso against our idp (you can probably see where this is going), but only if the domain is yours. so if you go to it and enter the email address as powerfultwohander@yospos.com it just reverts to username and password and you can then upload whatever you like! loving lmao. not only did it security not think of this (neither did until just now but it's not my job), but the vendor didn't think to mention it and their solution to it is absolute trash (just ip restrict to that domain your morons). bonus: we don't monitor outbound data on the main domain account anyway lol this is gonna ruin at *least* two people's days
|
|
#
?
Feb 3, 2023 14:18
|
|
|
Powerful Two-Hander posted:this is gonna ruin at *least* two people's days since it's a friday, you have a moral obligation to wait until 4:55pm to report it.
|
|
#
?
Feb 3, 2023 17:30
|
|
|
Powerful Two-Hander posted:the vendor didn't think to mention it and their solution to it is absolute trash vendor keeping up the status quo though, good for them
|
|
#
?
Feb 3, 2023 18:16
|
|
|
Powerful Two-Hander posted:hooooly poo poo did I just find a fuckup Isn't that standard keycloak behaviour? I don't think you can do much to mitigate it.
|
|
#
?
Feb 3, 2023 19:40
|
|
|
SlowBloke posted:Isn't that standard keycloak behaviour? I don't think you can do much to mitigate it. it's standard behavior at every saas that's supported sso since the beginning of time too
|
|
#
?
Feb 3, 2023 21:18
|
|
|
infernal machines posted:since it's a friday, you have a moral obligation to wait until 4:55pm to report it. I told my boss 45 mins before he got on a plane lol SlowBloke posted:Isn't that standard keycloak behaviour? I don't think you can do much to mitigate it. turns out you sort of can. you can add your organisation identity id as an outbound http header to all traffic to the domain so that requests containing that header get forced to logon using domain emails it would be much, much, easier if they had org specific subdomains and you could just block the others in your firewall e; this isn't that bad in the scheme of things because it's basically "turns out you can send data over the internet!" but there was a big "someone sent sensitive info to an external account" poo poo that went down recently so, lol
|
|
#
?
Feb 3, 2023 21:27
|
|
|
Crimew did the Well There's Your Problem podcast lmao https://www.youtube.com/watch?v=FgbQb7G6e7w
|
|
#
?
Feb 3, 2023 23:33
|
|
|
Powerful Two-Hander posted:I told my boss 45 mins before he got on a plane lol When I ask for SSO from our vendors I usually hope they can act as you describe is a huge issue. Usually accounts not in our iDP collaborate on the platform so there are both local and federated accounts. Doing a domain bounce to the iDP rather than account by account is cool and good. I'd like PW to be a non exposed field until a full username is put in but a lot of SaaS won't support that.
|
|
#
?
Feb 4, 2023 15:34
|
|
|
Submarine Sandpaper posted:I'd like PW to be a non exposed field until a full username is put in but a lot of SaaS won't support that. It also messes up password managers, sometimes. Why would anyone want to do that?
|
|
#
?
Feb 4, 2023 17:04
|
|
|
So users will question any time they actually put in a PW.
|
|
#
?
Feb 5, 2023 00:39
|
|
|
I actually unironically got a "please say 'my voice is my password ' to biometrically authenticate" the other day. I barely remember setting that up and when I did, doing it mainly to see what would actually happen.
|
|
#
?
Feb 5, 2023 11:07
|
|
|
my bank has prompted me to do that every time I've called in to activate a credit card or authorize a limit increase, for like five years now i've always declined to turn it on
|
|
#
?
Feb 5, 2023 15:28
|
|
|
for maximum security I put on an accent and ended with a question mark to add a special character *australianishly* my voice is my password?
|
|
#
?
Feb 5, 2023 16:56
|
|
|
i remember the leak well, since a guy i know was one of the victims of it, but i did never have an idea about how the hacker got caught lmao https://krebsonsecurity.com/2023/02/finlands-most-wanted-hacker-nabbed-in-france/quote:In late October 2022, Kivimäki was charged (and “arrested in absentia,” according to the Finns) with attempting to extort money from the Vastaamo Psychotherapy Center. In that breach, which occurred in October 2020, a hacker using the handle “Ransom Man” threatened to publish patient psychotherapy notes if Vastaamo did not pay a six-figure ransom demand. omg
|
|
#
?
Feb 5, 2023 19:16
|
|
|
loving looool
|
|
#
?
Feb 5, 2023 19:56
|
|
|
my_criminal_empire.zip
|
|
#
?
Feb 5, 2023 21:55
|
|
|
Volguus posted:It also messes up password managers, sometimes. Why would anyone want to do that? Doesn't mess up Firefox.
|
|
#
?
Feb 5, 2023 23:18
|
|
|
i did wonder what happened to that shitstain that resorted to extorting patients
|
|
#
?
Feb 6, 2023 00:13
|
|
|
Kitfox88 posted:my_criminal_empire.zip tar -xvf ~ /crimes
|
|
#
?
Feb 6, 2023 00:28
|
|
|
Everyone knows that Ransom Man is weak to the Opsec Torpedo.
|
|
#
?
Feb 6, 2023 00:39
|
|
|
hoist by your /home/ petard
|
|
#
?
Feb 6, 2023 01:58
|
|
|
haveblue posted:tar -xvf ~ /crimes Zamujasa posted:hoist by your /home/ petard 
|
|
#
?
Feb 6, 2023 02:02
|
|
|
thumbprints.db
|
|
#
?
Feb 6, 2023 03:24
|
|
|
Zamujasa posted:hoist by your /home/ petard
|
|
#
?
Feb 6, 2023 03:43
|
|
|
Volguus posted:It also messes up password managers, sometimes. Why would anyone want to do that? if implemented properly it should never gently caress up password managers see google sign in, ebay, etc
|
|
#
?
Feb 6, 2023 03:55
|
|
|
cinci zoo sniper posted:i remember the leak well, since a guy i know was one of the victims of it, but i did never have an idea about how the hacker got caught lmao https://krebsonsecurity.com/2023/02/finlands-most-wanted-hacker-nabbed-in-france/ lmao quote:When they roused him and asked for identification, the 6′ 3″ blonde, green-eyed man presented an ID that stated he was of Romanian nationality. racial profiling finally bringing home the goods for the french cops
|
|
#
?
Feb 6, 2023 11:57
|
|
|
HTP and zf0 zines back in the day were one of the reasons i began to enjoy security fuckups so i am glad they are still bringing the goods even if its unintentional this time
|
|
#
?
Feb 6, 2023 12:59
|
|
|
distortion park posted:lmao lol drat I missed that
|
|
#
?
Feb 6, 2023 13:20
|
|
|
Zamujasa posted:hoist by your /home/ petard
|
|
#
?
Feb 6, 2023 18:03
|
|
|
I surface from the depths to share this https://kotaku.com/ai-seinfeld-twitch-ban-transphobia-chatgpt-dalle-jerry-1850077836 That AI generated Seinfeld stream on Twitch got banned because it dropped some sick bigotry "jokes".... and why? quote:Hartle shared a technical explanation for what happened while discussing the results of an internal investigation into Larry’s transphobic mishap, saying something went wrong with an in-use OpenAI GPT-3 model. "We were having tech issues so we made a change on live, rather than production" strikes again. Hope they enjoy their two week time out and sort their poo poo.
|
|
#
?
Feb 6, 2023 19:12
|
|
|
a few days ago they were talking about how infinite AI seinfeld is not a weird gimmick joke but actually the future of popular entertainment
|
|
#
?
Feb 6, 2023 19:13
|
|
|
I wouldn't even say the resulting joke was transphobic, it absolutely would have read as mocking hack comedians had it come from a human. Especially with the very fitting punchline. The chatbots are edgy now, what a world.
|
|
#
?
Feb 6, 2023 19:29
|
|
|
that seinfeld ai thing was boring and extremely unfunny anyway
|
|
#
?
Feb 6, 2023 19:31
|
|
|
haveblue posted:a few days ago they were talking about how infinite AI seinfeld is not a weird gimmick joke but actually the future of popular entertainment tbh it's pretty entertaining to read about it today, but i hope it gets more story arcs than testing code in prod
|
|
#
?
Feb 6, 2023 19:33
|
|
|
That joke reads as pitch-perfect mockery of Jerry Seinfeld, and if the AI really produced it unscripted, I will defend this entire project as a masterpiece of art. It's a brilliant recontextualization entirely by accident.
|
|
#
?
Feb 6, 2023 19:36
|
|
|
Zamujasa posted:hoist by your /home/ petard 
|
|
#
?
Feb 6, 2023 19:40
|
|
|
|
| # ? Oct 2, 2023 17:53 |
|
|
Last Chance posted:that seinfeld ai thing was boring and extremely unfunny anyway
|
|
#
?
Feb 6, 2023 20:01
|
|