|
fortinet has scummy recruiters
|
![]() |
|
![]()
|
# ? Jun 10, 2024 20:29 |
|
ewiley posted:Also, holy loving poo poo This is the visual of someone slamming their hands in a drawer over and over.
|
![]() |
|
Shame Boy posted:lmao dammit you said the thing we all know but that you're not supposed to say out loud!!! three letter agencies are still customers, as long as they're paying
|
![]() |
|
CommieGIR posted:This is the visual of someone slamming their hands in a drawer over and over. In that they bought an Fortinet?
|
![]() |
|
EssOEss posted:taviso just recommended lastpass am i in a mirror universe LastPass... Not bad? I'm actually curious how he stacks Chrome's built in password manager here.
|
![]() |
|
I'm sure it's not perfect, but lastpass is better than the alternative of not using a password manager. Keepass was a pain in the rear end when I used it back in the day.
|
![]() |
|
https://twitter.com/campuscodi/status/1167440284269121540
|
![]() |
|
ewiley posted:Also, holy loving poo poo Whats this in response to?
|
![]() |
|
Methanar posted:Whats this in response to?
|
![]() |
|
Methanar posted:Whats this in response to? Kevin's been on a tear about SSLVPN for a while after Fortigate, Pulse, *and* Palo Alto were revealed to have had backdoors in their VPN products. Fortigate being the absolute worst. https://twitter.com/GossiTheDog/status/1164601729347981312?s=20
|
![]() |
|
akadajet posted:I'm sure it's not perfect, but lastpass is better than the alternative of not using a password manager. Keepass was a pain in the rear end when I used it back in the day. What was a pain in the rear end about it for you?
|
![]() |
|
Fortinet was formed by a group of people who previously made the Juniper Netscreen firewalls before they split off and made their own company. Juniper Screen firewalls also had a hardcoded backdoor: https://blog.rapid7.com/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/ Not a great track record.
|
![]() |
|
yeah but to be fair here's a list of firewall vendors without a backdoor/plausible vuln in the past:
|
![]() |
|
Wiggly Wayne DDS posted:but that is how ssns work? do you not pay the yearly renewal fee? it’s frustrating that I have to pay the government in iTunes / amazon gift cards though
|
![]() |
|
Wiggly Wayne DDS posted:yeah but to be fair here's a list of firewall vendors without a backdoor/plausible vuln in the past: mikrotik, because nobody cares enough to find it so it's not there!
|
![]() |
|
FortiOS more like FartyOS
|
![]() |
|
Shame Boy posted:mikrotik, because nobody cares enough to find it so it's not there! Kinda, at least it's not a network vuln: https://twitter.com/Dinosn/status/1167069161970966529?s=20
|
![]() |
|
@jack’s account got hacked lol that it was to post racist stuff what a waste of effort
|
![]() |
|
Ur Getting Fatter posted:@jack’s account got hacked how would anyone notice?
|
![]() |
|
This shouldn't come as much of a surprise. https://twitter.com/wongmjane/status/1167463054709334017
|
![]() |
|
seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system.
|
![]() |
|
Has anyone seen writeups on indicators of compromise on the recent iOS findings? Actually, given that iOS is so opaque, do we really ever get IOCs on it?
|
![]() |
|
Raere posted:Has anyone seen writeups on indicators of compromise on the recent iOS findings? Actually, given that iOS is so opaque, do we really ever get IOCs on it? There's an app for that! https://www.securityweek.com/new-ios-app-helps-detect-compromised-iphones
|
![]() |
|
that has to be a joke right? "is your iphone compromised? download this app to find out!"
|
![]() |
|
infernal machines posted:that has to be a joke right? But I thought Apple would keep you safe from unsafe apps? ![]()
|
![]() |
|
CommieGIR posted:But I thought Apple would keep you safe from unsafe apps? Well, the unsafe apps don't come pre-installed at least.
|
![]() |
|
Ur Getting Fatter posted:@jack’s account got hacked Why not get trump's account instead and announce the nukes had been launched in a scary credible sounding way I mean, they shouldn't do that, but to think that we were *this* close from the entire earth getting surprise nuked today, wiping out all life without any of the fair warning people would expect to get that something was going down, and how nobody really is going to do anything about it now because it just won't matter in the busy news cycle, is amazing. Instead the hackers just wanted to post like @jack for a minute and nothing else
|
![]() |
|
Dumb Lowtax posted:trump's account ![]() If someone figured out what I'm assuming is the creaky screen door security on the emergency warning system, now we're talking.
|
![]() |
|
oh, so the way to get gross racist tweets deleted from Twitter is to hack @jack and retweet them? now we know, I guess
|
![]() |
|
Dumb Lowtax posted:Why not get trump's account instead and announce the nukes had been launched in a scary credible sounding way there's a bunch of people on twitter (including but not limited to trump) where tweeting the wrong thing could very realistically lead to thousands of deaths now that i'm thinking about it so that's a nice thought to have rattling around in my head, thanks
|
![]() |
|
https://twitter.com/TwitterComms/status/1167591003143847936 SMS ![]()
|
![]() |
|
You'd think they would see this as a wake-up call for the SMS-based 2FA, but no, they just end up blaming the mobile provider.
|
![]() |
|
well it is the mobile providers loving fault that they'll just give anybody's account to anybody who asks
|
![]() |
|
so did jack have sms tweeting enabled, or is it still not optional?
|
![]() |
|
Shaggar posted:seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system. yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence.
|
![]() |
|
Cybernetic Vermin posted:yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence. https://twitter.com/wongmjane/status/1167463077748436993 and no a company doesn't have the right to copy anything they can see just because it makes things potentially more convenient for them while disregarding any user choice in the matter re: twitter sms, you can opt out via sms but it also removes 2fa silently - and tweeting/DMs via sms bypasses 2fa naturally
|
![]() |
|
i can't claim they have the *right*, but i can very easily see myself making the same decision. the metadata is bound to be trash on a non-trivial number of handsets, and if the library doesn't match any fingerprint you've seen before, and your apps are crashing and the users are livid, you'll need to get this stuff out to figure out what the gently caress the platform you're trying to run on even is. might not be quite right, but i also don't see much of an ethical problem in this. system libraries isn't very private info, and you are grabbing it from users who are agreeing to be fingerprinted in an actually personal way already.
|
![]() |
|
i want to say we're a few steps past your regular crash reporting when you're uploading per-user system libraries quietly in the background without any informed consent
|
![]() |
|
actual crash dumps have way more potential for ethical issues though, messenger and whatsapp crashes may contain plaintext that facebook could not otherwise get at, and in general there may be unposted private things in the memory map. the system libraries just get dumped into the memory space of any dumb application with no checks or questions. if there are secrets to them i think there is some pretty heavy rethinking of platform security needed.
|
![]() |
|
![]()
|
# ? Jun 10, 2024 20:29 |
|
Wiggly Wayne DDS posted:and no a company doesn't have the right to copy anything they can see just because it makes things potentially more convenient for them while disregarding any user choice in the matter dunno what timeline you come from, but over here that's fine and expected
|
![]() |