Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«193 »
  • Post
  • Reply
Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

CVE-2019-5490 Default Privileged Account Vulnerability in the NetApp Service Processor

Adbot
ADBOT LOVES YOU

astr0man
Feb 21, 2007

hollyeo deuroga


Nap Ghost

Ghidra is out now: https://ghidra-sre.org/

https://twitter.com/RGB_Lights/stat...019876203978752

evil_bunnY
Apr 2, 2003



WHAT YEAR IS THIS

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate



evil_bunnY posted:

WHAT YEAR IS THIS

September 2017

The Fool
Oct 16, 2003
Probation
Can't post for 7 days!


Ah, endless September

Inept
Jul 8, 2003

3 olives has a payment plan with his phone company for his cell phone


My NetApp guy when I forward him the notice "I'm looking into this, but we changed default passwords when we set it up"

D. Ebdrup
Mar 13, 2009



Cup Runneth Over posted:

September 2017

The Fool posted:

Ah, endless September
Good to see that someone's picking up the slack on this joke, since I've apparently forgotten it.

pmchem
Jan 21, 2010


Is there a preferred free Windows VPN option in this thread? I just need it for one day to access The Division 2 (game) via Australia or New Zealand.

Volmarias
Dec 31, 2002


If the VPN is free, you're the product, and malware is the best case scenario. Don't do it.

pmchem
Jan 21, 2010


Volmarias posted:

If the VPN is free, you're the product, and malware is the best case scenario. Don't do it.

It looks like some use a free version to upsell the paid version? https://www.pcmag.com/roundup/28578...ee-vpn-services

Mustache Ride
Sep 11, 2001



Pillbug

Set up Algo using GCP in Australia. GCP has a $300 free trial.

Absurd Alhazred
Mar 27, 2010


Mustache Ride posted:

Set up Algo using GCP in Australia. GCP has a $300 free trial.

Australia? Didn't they pass a law mandating lower privacy and/or encryption standards?

Mustache Ride
Sep 11, 2001



Pillbug

Yes, but I don't know how they could enforce it, especially if he's using it for a few days

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.

Yam Slacker

pmchem posted:

Is there a preferred free Windows VPN option in this thread? I just need it for one day to access The Division 2 (game) via Australia or New Zealand.

My preferred VPN service is Mullvad, for a lot of reasons. Looks like they have a few nodes in Australia and one in New Zealand. The way their free trial thing works is that you can create an account number anonymously on the website, and it'll work free for three hours, then stop unless you've bought more time. If you're really hard up, there's nothing stopping you from making a new account every few hours, but come on, it's five whole euros to add a month of time.

Absurd Alhazred posted:

Australia? Didn't they pass a law mandating lower privacy and/or encryption standards?

That law, while terrible, is vague as hell and has yet to be tested in court, as far as I've heard. It also doesn't require anything of individuals, saying only that the government can now order tech companies to essentially do the impossible. It won't have any effect on someone VPNing through to play a video game.

Pablo Bluth
Sep 7, 2007

I've made a huge mistake.


There's been another dozy... In an alert from haveibeenpwned:

Breach: Verifications.io
Date of breach: 25 Feb 2019
Number of accounts: 763,117,241
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Description: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

DaveKap
Feb 5, 2006

Pickle: Inspected.



Powered Descent posted:

My preferred VPN service is Mullvad, for a lot of reasons. Looks like they have a few nodes in Australia and one in New Zealand. The way their free trial thing works is that you can create an account number anonymously on the website, and it'll work free for three hours, then stop unless you've bought more time. If you're really hard up, there's nothing stopping you from making a new account every few hours, but come on, it's five whole euros to add a month of time.
I'm also trying to use VPNs for the first time for the early vidya game unlocking and that Mullvad client, as nice and simple as it is, cannot hold a connection to any server I've tried to connect to. Something about firewall setup failure. The only support Mullvad's site has for that is linux-specific, nothing for Windows 10 folks like me. Any other free trial options?
Well you can ignore this because I figured out it's just my Windows firewall botching the works up. Things are working now.

DaveKap fucked around with this message at Mar 11, 2019 around 09:23

Rexxed
May 1, 2010

Dis is amazing!
I gotta try dis!


Pablo Bluth posted:

There's been another dozy... In an alert from haveibeenpwned:

Breach: Verifications.io
Date of breach: 25 Feb 2019
Number of accounts: 763,117,241
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Description: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

No passwords in that one, so you just have to change your DoB, email, employer, gender, location, ip address, job title, name, phone number, and physical address. Easy!

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate



Rexxed posted:

No passwords in that one, so you just have to change your [...] gender

Finally, the excuse I've been looking for

RFC2324
Jun 7, 2012

Http 418


Cup Runneth Over posted:

Finally, the excuse I've been looking for

did you really need one tho?

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.


Taco Defender

Gender is a mistake

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate



I feel like some people need a restraining order from Javascript https://twitter.com/fs0c131y/status/1105260936305274880

Subjunctive
Sep 12, 2006

careful now


Cybernetic Crumb

Sounds like Super Meat Boy again, kinda.

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




Cup Runneth Over posted:

I feel like some people need a restraining order from Javascript https://twitter.com/fs0c131y/status/1105260936305274880

I'm going to be employed forever.

Proteus Jones
Feb 28, 2013




Hair Elf

CLAM DOWN posted:

I'm going to be employed forever.

Hell yeah.

Volguus
Mar 3, 2009


Cup Runneth Over posted:

I feel like some people need a restraining order from Javascript programming

FTFY

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA


CLAM DOWN posted:

I'm going to be employed forever.

How long before every IDE has a 'sanitize code' button that's mandatory during the compile phase that does nothing but look for anything like a credential and pitches a shitfit about it?

"ATTN: IDIOT: It appears you left admin credentials in your code, this TRIVIALLY RECOVERABLE, and you really should make sure this won't see the light of day, much less an app store, thanks!

duz
Jul 11, 2005

Excellent. The Arkham Asylum shower cam is operational once more.


SonarQube and other tools do that already. The kind of people that do this sort of thing doesn't use these tools.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

MS have a tool as well

https://secdevtools.azurewebsites.net/helpcredscan.html

Diva Cupcake
Aug 15, 2005



Good write-up on TPM sniffing. Or why pre-boot auth PINs are necessary with BitLocker.

https://pulsesecurity.co.nz/articles/TPM-sniffing

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate



63red Safe guy posted:

We see this person's illegal and failed attempts to access our database servers as a politically motivated attack, and will be reporting it to the FBI later today. We hope that, just as in the case of many other politically motivated Internet attacks, this perpetrator will be brought to justice, and we will pursue this matter, and all other attacks, failed or otherwise, to the utmost extent of the law. We log all activity against all our servers, and will present those logs as evidence of a crime.

Aaaand there's the usual "I don't understand security" meltdown from Mr. I Hardcoded My Server Credentials In Javascript.

dougdrums
Feb 25, 2005

MORTAL KOMB---
Uh, never mind. You're basically tonguing a nuke's butthole right now.


That quote reminds me of when the local uni caught some people using a usb keylogger, and the FBI found out about it through a message broadcast on the uni's alert system. I'm almost certain most orgs are required to report breaches anyways, so why not get the help right away?

Should pull himself up by his own bootstrap.js imo

Potato Salad
Oct 23, 2014

Nobody Cares



Tortured By Flan

Powered Descent posted:

My preferred VPN service is Mullvad, for a lot of reasons. Looks like they have a few nodes in Australia and one in New Zealand. The way their free trial thing works is that you can create an account number anonymously on the website, and it'll work free for three hours, then stop unless you've bought more time. If you're really hard up, there's nothing stopping you from making a new account every few hours, but come on, it's five whole euros to add a month of time.


That law, while terrible, is vague as hell and has yet to be tested in court, as far as I've heard. It also doesn't require anything of individuals, saying only that the government can now order tech companies to essentially do the impossible. It won't have any effect on someone VPNing through to play a video game.

5eyes secfuck

"Hasn't been tried in court" friend, they've been compelling companies/employees to decrypt data or build in vulnerabilities for ages.

That they've passed legislation permitting them to do so in broad daylight only changes one thing. Australia can now use surveillance information to steer decryption warrants to gather properly-gathered evidence for use in public court, and Australian citizens can't refuse.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.

Yam Slacker

Methylethylaldehyde posted:

How long before every IDE has a 'sanitize code' button that's mandatory during the compile phase that does nothing but look for anything like a credential and pitches a shitfit about it?

"ATTN: IDIOT: It appears you left admin credentials in your code, this TRIVIALLY RECOVERABLE, and you really should make sure this won't see the light of day, much less an app store, thanks!

A co-worker of mine accidentally checked in a file with credentials in it (fortunately nothing serious, just a Slack token so it could post notices to a channel) to our public repo, and some automated system at GitHub actually saw it and notified us by the next morning. Pretty neat, actually.

D. Ebdrup
Mar 13, 2009



Powered Descent posted:

A co-worker of mine accidentally checked in a file with credentials in it (fortunately nothing serious, just a Slack token so it could post notices to a channel) to our public repo, and some automated system at GitHub actually saw it and notified us by the next morning. Pretty neat, actually.
Think about how many people commited much worse than that to their public repos, for GitHub to implement that. Then shake your head in disgust.

RFC2324
Jun 7, 2012

Http 418


D. Ebdrup posted:

Think about how many people commited much worse than that to their public repos, for GitHub to implement that. Then shake your head in disgust.

I've had to quickly figure out how to delete a commit that had passwords in it once or twice. Hope the notification tells people how to do that lol

ChubbyThePhat
Dec 22, 2006

Who nico nico needs anyone else


I've typed domain and enterprise admin passwords in username fields before. Never uploaded one to a public repo though.... not yet.

Wiggly Wayne DDS
Sep 11, 2010





Nap Ghost

ChubbyThePhat posted:

I've typed domain and enterprise admin passwords in username fields before.
does it count if they're the same?

dougdrums
Feb 25, 2005

MORTAL KOMB---
Uh, never mind. You're basically tonguing a nuke's butthole right now.


Every once in a while I'll do the ol:
code:
$ suod chown foo:bar baz
...
$ (password)
gently caress

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate



dougdrums posted:

code:
$ suod chown foo:bar baz
...
$ (password)

Wow, I didn't know SA automatically hid your password like that if you typed it in a post

Adbot
ADBOT LOVES YOU

D. Ebdrup
Mar 13, 2009



Cup Runneth Over posted:

Wow, I didn't know SA automatically hid your password like that if you typed it in a post
hunter2

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«193 »