|
i hated the trinitron lines
|
#
?
May 18, 2023 00:23
|
|
|
|
| # ? Sep 30, 2023 03:36 |
|
|
sb hermit posted:
I always got a proper desk and chair because the monitor I snuck out of work at 8am on Saturday wasn’t certain to be supported by one of the improvised flat surfaces in a friend’s basement it did not improve my results
|
|
#
?
May 18, 2023 00:24
|
|
|
ram is too cheap to waste precious disk space on swapfiles anyway
|
|
#
?
May 18, 2023 00:25
|
|
|
nudgenudgetilt posted:how does keepassxc's mfa support actually secure the data though? is the yubikey being used for a cryptographic operations, or is it keepassxc just "lol, yeah, you got the static yubikey and master password, take what you need" from what I understand, it actually gets key material from the yubikey, probably by passing it some sort of value and using the hash that is returned I haven't looked at the source code to verify, but if you don't have the yubikey and you use the right password, it says that the master key didn't work and your database is likely corrupted EDIT: fix misspelling
|
|
#
?
May 18, 2023 00:25
|
|
|
i just like that with `pass` i can punt the entire encryption operation into the yubikey
|
|
#
?
May 18, 2023 00:29
|
|
|
nudgenudgetilt posted:i hated the trinitron lines trinitrons were good tvs but that always bugged the poo poo out of me on a monitor
|
|
#
?
May 18, 2023 00:50
|
|
|
nudgenudgetilt posted:i just like that with `pass` i can punt the entire encryption operation into the yubikey
|
|
#
?
May 18, 2023 00:53
|
|
|
mystes posted:at the cost of not encrypting the metadata yeah, there are tradeoffs, but if you can access any of my devices where i access my pass repo, you already havethe bulk of that metadata. yubikey+pass+git on syncthing is just about bulletproof from a reliability perspective, and yeah, if you manage to get into my laptop or phone's already encrypted storage, you can suss out that I have a forums account (though not the username, as I store that in a login: field)
|
|
#
?
May 18, 2023 01:02
|
|
|
Late to the party on the MS zip scan thing, but you can list the filenames in a password protected zip archive, and I believe each file also has a checksum. I suspect that there's probably some checksum scanning for common malware, which is less likely than MS brute forcing files open.
|
|
#
?
May 18, 2023 01:25
|
|
|
Wiggly Wayne DDS posted:it's a memory dump cve, really embarassing that it's taking up cve space if i'm being honest. i'd put this on the same level as that 1password vuln of calling the export function... loving thank you, i've been biting my tongue on this but not wanting to come on too strong and this is very good to hear from someone whose security acumen i very much respect
|
|
#
?
May 18, 2023 01:29
|
|
|
Truga posted:ram is too cheap to waste precious disk space on swapfiles anyway can’t get over 64G on AM5 systems without lovely speeds, sadly
|
|
#
?
May 18, 2023 03:50
|
|
|
haveblue posted:what was the legitimate purpose of the .zip tld it’s simple. we simply want to kill zip
|
|
#
?
May 18, 2023 04:32
|
|
|
also gently caress tar. I don’t care
|
|
#
?
May 18, 2023 04:35
|
|
|
nudgenudgetilt posted:how does keepassxc's mfa support actually secure the data though? is the yubikey being used for a cryptographic operations, or is it keepassxc just "lol, yeah, you got the static yubikey and master password, take what you need" It uses the OTP generator part of the yubikeys, keepassxc docs are kinda lame but keepassium uses the same logic to work and explain how to set them up https://keepassium.com/articles/how-to-use-yubikey/ You set up a seed on one of the two HMAC-SHA1 slots on one(better if multiple) yubikey and it will provide the codes if the correct button is pressed.
|
|
#
?
May 18, 2023 10:22
|
|
|
edit: nm, cram.
|
|
#
?
May 18, 2023 11:19
|
|
|
Subjunctive posted:I was on the Trinitron weightlifting plan. I had a widescreen Trinitron CRT display I found in a dumpster in high school. Probably weighed over 100lbs. 
|
|
#
?
May 18, 2023 21:07
|
|
|
b0red posted:it’s simple. we simply want to kill zip …you work for Big Stuffit?
|
|
#
?
May 18, 2023 22:29
|
|
|
"lol time to put a penny in the 'copilot wrote an SQL injection vulnerability' jar" spotted in work slack tonight 
|
|
#
?
May 19, 2023 02:26
|
|
|
successfully convinced security to block all .zip and .mov tlds from zscaler 
|
|
#
?
May 19, 2023 18:04
|
|
|
|
|
#
?
May 19, 2023 19:11
|
|
|
gnatalie posted:successfully convinced security to block all .zip and .mov tlds from zscaler 
|
|
#
?
May 19, 2023 22:12
|
|
|
Subjunctive posted:I was on the Trinitron weightlifting plan. one of those put a hole through the floor of my Camry’s trunk when I slipped and dropped it (the monitor was fine of course)
|
|
#
?
May 19, 2023 22:28
|
|
|
El Mero Mero posted:one of those put a hole through the floor of my Camry’s trunk when I slipped and dropped it (the monitor was fine of course) did you try degaussing the camry?
|
|
#
?
May 19, 2023 23:35
|
|
|
One time that we went to pick up a monitor when I was a teen and my parents did the turn too tight into a sidewalk I was "hopefully that didn't damage it" and they promptly replied that if anything it might have bent the trunk instead. And yeah the monitor was fine
|
|
#
?
May 20, 2023 23:34
|
|
|
i found a monitor someone had just thrown in the woods once and being a teenager decided i needed to smash it, and it took an enormous fuckin' rock to finally implode the drat tube, like basically the size of the monitor itself
|
|
#
?
May 20, 2023 23:37
|
|
|
Carthag Tuek posted:did you try degaussing the camry? Car sized B W A U M M M as the windshield flickers
|
|
#
?
May 21, 2023 01:24
|
|
|
Volmarias posted:Car sized B W A U M M M as the windshield flickers glitch in the matrix
|
|
#
?
May 21, 2023 03:16
|
|
|
attn: Kenny Logins https://www.kennylog-in.com
|
|
#
?
May 23, 2023 05:40
|
|
|
unauthenticated RCE as root on Mikrotik RouterOS
|
|
#
?
May 23, 2023 05:58
|
|
|
fun. at least there's a firmware update available that specifically references this
|
|
#
?
May 23, 2023 13:35
|
|
|
what does "network adjacent" mean here?
|
|
#
?
May 23, 2023 13:46
|
|
|
it looks like anything that could access the router advertisement service, which in theory would be running on LAN scoped interfaces, but idk for sure
|
|
#
?
May 23, 2023 13:58
|
|
|
Cybernetic Vermin posted:what does "network adjacent" mean here? infernal machines posted:it looks like anything that could access the router advertisement service, which in theory would be running on LAN scoped interfaces, but idk for sure neat to see an unauth rce for mikrotik that isn't leaning on smb the zdi disclosure timeline is also wrong but i can't expect them to be able to read
|
|
#
?
May 23, 2023 16:33
|
|
|
IPv6 RA is link-local. To steal a joke from irc: this is just an undocumented rescue method.
|
|
#
?
May 23, 2023 16:35
|
|
|
Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and ARM SoCsquote:The drive to create thinner, lighter, and more energy efficient devices has resulted in modern SoCs being forced to balance a delicate tradeoff between power consumption, heat dissipation, and execution speed (i.e., frequency). While beneficial, these DVFS mechanisms have also resulted in software-visible hybrid side-channels, which use software to probe analog properties of computing devices. Such hybrid attacks are an emerging threat that can bypass countermeasures for traditional microarchitectural side-channel attacks. Given the rise in popularity of both Arm SoCs and GPUs, in this paper we investigate the susceptibility of these devices to information leakage via power, temperature and frequency, as measured via internal sensors. We demonstrate that the sensor data observed correlates with both instructions executed and data processed, allowing us to mount software-visible hybrid side-channel attacks on these devices. To demonstrate the real-world impact of this issue, we present JavaScript-based pixel stealing and history sniffing attacks on Chrome and Safari, with all side channel countermeasures enabled. Finally, we also show website fingerprinting attacks, without any elevated privileges.
|
|
#
?
May 23, 2023 18:52
|
|
|
Wiggly Wayne DDS posted:they ignore dns rebinding to get a remote attacker to send arbitrary data to a local host that'd otherwise be inaccessible, Is dns rebinding actually possible here? I thought RAs went over icmpv6, which (unlike the example of transmission and using rebinding to send http to a local interface despite the sop) a browser shouldn't be emitting at all
|
|
#
?
May 23, 2023 19:27
|
|
|
I don't think this has anything to do with dns rebinding at all.
|
|
#
?
May 23, 2023 19:45
|
|
|
Rufus Ping posted:Is dns rebinding actually possible here? I thought RAs went over icmpv6, which (unlike the example of transmission and using rebinding to send http to a local interface despite the sop) a browser shouldn't be emitting at all
|
|
#
?
May 23, 2023 19:54
|
|
|
happy 10th birthday, Let's Encrypt 
|
|
#
?
May 24, 2023 23:04
|
|
|
|
| # ? Sep 30, 2023 03:36 |
|
|
Winkle-Daddy posted:happy 10th birthday, Let's Encrypt Let's!
|
|
#
?
May 24, 2023 23:16
|
|