Cyrezar posted:

i work there, they don't tell us to print anything unless we have to. definitely not emails

minivanmegafun posted:

yeah, uh, what problem does cryptocat solve that pidgin/Adium + OTR don't

Wiggly Wayne DDS posted:

time to get a judge to handover microsoft's domains to fix this malware issue

OSI bean dip posted:

code:

>>> import requests
>>> r = requests.get('http://reddit.com')
>>> r.headers
{'content-length': '19692', 
'x-xss-protection': '1; mode=block', 
'x-content-type-options': 'nosniff', 
'content-encoding': 'gzip', 
'vary': 'accept-encoding', 
'server': "'; DROP TABLE servertypes; --", 
'connection': 'keep-alive', 
'date': 'Thu, 03 Jul 2014 14:47:30 GMT', 
'x-frame-options': 'SAMEORIGIN', 
'content-type': 'text/html; charset=UTF-8'}

Mido posted:

you could say there has been a privilege elevation vulnerability

Aleksei Vasiliev posted:

i later got prescribed vyvanse

LARD LORD posted:

congrats on ur ADHD

duTrieux. posted:

http://krebsonsecurity.com/2014/06/the-fly-has-been-swatted/#more-26555

OSI bean dip posted:

thanks canada post. it also specifies that the maximum is 12

on a related note, i am moving and found out through my gf that the forwarded uhaul e-mail i gave her had a link that signed her right into my account

Nintendo Kid posted:

it really isn't, privatization of the usps essentially halted long ago

Nintendo Kid posted:

it is true.

Snapchat A Titty posted:

who dat

Snapchat A Titty posted:

in that case i do not want darrel issa talking points

american politics has become so skewed that i dont want any part of it at all. i vote red/green alliance and i am proud.

Bloody posted:

yeah but thats not free software

Heresiarch posted:

False Intelligence Spreading Heuristic MECHanism

infernal machines posted:

windows admins are shitlords of the highest caliber given the chance. they're like any other kind of greybeard, but smug about not actually knowing anything

infernal machines posted:

novell was amazing for allowing security fuckups of the highest order.

at my highschool we had netware auth with a four month password change policy, you were forced to change your password once it expired. when it expired you could log in to the account with any or no password whatsoever, then set a password as prompted.

since no one removed or audited old accounts there were several board-wide admin accounts that had been idle for more than a year

student accounts(e.g. unprivileged user accts.) were able to access the netware user admin tool, they couldn't make changes, but could see a list of accounts domain wide.

guess what happened.

Luigi Thirty posted:

remember when i said that a site emailed me my pw in plaintext when my subscription was up

guess who got hacked and had all their cc numbers leaked last week

guess who got a phone call from their bank about fraudulent activity this morning

Powercrazy posted:

Is it a security gently caress-up to have your internal CA issue certs that don't expire for almost 100 years?

BeOSPOS posted:

to paraphrase Ledar this evening, "I enjoy reading about bit coiners losing their passwords or accidentally destroying their hard drives."

someone buy him an account

ultramiraculous posted:

the ~forensics tool~ needed here is a demo copy of iexplorer.

Kuvo posted:

http://arstechnica.com/security/2014/07/undocumented-ios-functions-allow-monitoring-of-personal-data-expert-says/

OSI bean dip posted:

it's only criminal if the dropbox gets breached and this information comes out

flakeloaf posted:

encryption legorithm

Bloody posted:

anybody else uncomfortable with assisting recaptcha in their quest to ocr photographs of peoples addresses

scroogle nmaps posted:

as if the govt uses anything that modern

some bureaucrat in their 70s writes each returned page's html by hand and feeds the punchcard into the mainframe

at least that's the only explanation i have for websites that close after 5pm in the evening.

Just-In-Timeberlake posted:

Optimus_Rhyme posted:

The only reason you keep a mainframe is because it's job security for greybeards.

Broken Machine posted:

That looks fairly real to me.

The following is a hypothetical. Suppose you're . You contact HP / Intel, anyone who makes prebuilt computers. You request that they provide you with any and all bios source before they're released for public consumption. They then insert whatever code they want, compile the image and send it back to the company to be released. Do you suppose that happens?

Wiggly Wayne DDS posted:

that wasn't what was said at all but okay fishmech

Wiggly Wayne DDS posted:

i recall him theorising on machine-to-machine communication, it reinfecting in an unknown way and those seperate ideas being muddled together through chinese whispers

Wiggly Wayne DDS posted:

yeah to be clear it's this part:

that i'm complaining about

uncurable mlady posted:

it's kinda hard to keep track of what badbios is or isn't because he basically stopped posting about it and i don't really recall a thorough writeup

Broken Machine posted:

I don't really mess with anything that low-level either, but yes if you actually took the time to read through the machine code or assembly, it's possible you could find a compromised bios. It'd be like looking through all of OpenSSL for security holes. I don't know if UEFI allows just a straight executable.

uncurable mlady posted:

i think my favorite part has to be "if you've ever actually used a computer then it's impossible to trust your forensic results because they might have already gotten to you"

papa_november posted:

i was under the impression that the ultrasound bit was pure science fiction due to the fact that the lovely speakers and microphones built into most laptops/desktops (to say nothing of the lovely piezo beepers built into motherboards) had no hope in hell of reaching the frequencies needed

like all good science fiction though, badbios had some interesting if not plausible ideas for future technology

Kuvo posted:

you all are fishmeching pretty hard here

Luigi Thirty posted:

lol that tweet didn't last long

briankrebs (@briankrebs) August 4, 2014 posted:

Nice! A relic from Target's early (and, sadly, ill-fated) experiment with Chip-and-PIN tech, for sale on eBay http://t.co/BUkVrqgRSk