Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«190 »
  • Post
  • Reply
The Fool
Oct 16, 2003



D. Ebdrup posted:

(password)

Oh cool, let's see if it works for me

LowtaxH4zHugeB4llz

Adbot
ADBOT LOVES YOU

ChubbyThePhat
Dec 22, 2006

Who nico nico needs anyone else


The Fool posted:

Oh cool, let's see if it works for me

LowtaxH4zHugeB4llz

Don't doxx me please.

Volmarias
Dec 31, 2002


Please stop posting old bash.org jokes

That's actually my passphrase, let's see if it works for them too!

The Fool
Oct 16, 2003



Volmarias posted:

Please stop posting old bash.org jokes

(password)


dougdrums
Feb 25, 2005

MORTAL KOMB---
Uh, never mind. You're basically tonguing a nuke's butthole right now.


If only bash did it too

D. Ebdrup
Mar 13, 2009



Volmarias posted:

Please stop posting old bash.org jokes

That's actually my passphrase, let's see if it works for them too!
Uhm actually I think you'll find that they're irc jokes, I say as I push up my glasses.

That's my very secure password.

D. Ebdrup
Mar 13, 2009



And now for a non-waste of bytes:
A really loving interesting article about shellcode en-/de-coders, their history and even a brief mention of FreeBSD.

Docjowles
Apr 9, 2009



dougdrums posted:

Every once in a while I'll do the ol:
code:
$ suod chown foo:bar baz
...
$ (password)
gently caress

It hasn't actually happened, but I live in constant fear of Slack stealing focus and making me dump important credentials into a public channel. When I'm typing a password I always triple check that the correct app has focus out of total paranoia.

Teammates have definitely done it and immediately had to change passwords. The worst I've done is :q :wq ZZ gently caress

Coxswain Balls
Jun 3, 2001



College Slice

Docjowles posted:

It hasn't actually happened, but I live in constant fear of Slack stealing focus and making me dump important credentials into a public channel. When I'm typing a password I always triple check that the correct app has focus out of total paranoia.

Teammates have definitely done it and immediately had to change passwords. The worst I've done is :q :wq ZZ gently caress

Some sales manager did this in our national SPOC room once and their password had the bonus of being really misogynistic. It's not often you get to see someone accidentally torpedo their job like that in front of a bunch of director-level folks across the country.

RFC2324
Jun 7, 2012

Http 418


ChubbyThePhat posted:

I've typed domain and enterprise admin passwords in username fields before. Never uploaded one to a public repo though.... not yet.

Fortunately, I did not make this mistake in prod. It was just my home servers IPMI credentials hardcoded in a script(I have since started using a prompt to get the password at runtime for everything I write)

Docjowles
Apr 9, 2009



Coxswain Balls posted:

Some sales manager did this in our national SPOC room once and their password had the bonus of being really misogynistic. It's not often you get to see someone accidentally torpedo their job like that in front of a bunch of director-level folks across the country.

Thanks for sharing that

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!

Docjowles posted:

Thanks for sharing that

He needs to now share the password in question. This is important for Sunday hilarity reasons. The guy has obviously changed it. Please.

Schadenboner
Aug 15, 2011



apropos man posted:

He needs to now share the password in question. This is important for Sunday hilarity reasons. The guy has obviously changed it. Please.

OSU_Matthew
Aug 23, 2010


Gun Saliva

Docjowles posted:

It hasn't actually happened, but I live in constant fear of Slack stealing focus and making me dump important credentials into a public channel. When I'm typing a password I always triple check that the correct app has focus out of total paranoia.

Teammates have definitely done it and immediately had to change passwords. The worst I've done is :q :wq ZZ gently caress

Only really good for windows OS, but KeepAssí auto type feature is loving fantastic. You pick a target window in the database entry for that credential, and then next time you log in, Ctrl-alt-a auto types the credentials when you have the correct window or login url pulled up.

Guy Axlerod
Dec 29, 2008


Hey, why is this log full of "Penis1"?
Me to dev lead: "Hey, one of your guys put their debugging statement into prod here."
Oh, wait. Those are POST bodies, Penis1 is somebody's password.
"Uh, Penis1 isn't a thing they typed, but they still need to fix that."

RFC2324
Jun 7, 2012

Http 418


Guy Axlerod posted:

Hey, why is this log full of "Penis1"?
Me to dev lead: "Hey, one of your guys put their debugging statement into prod here."
Oh, wait. Those are POST bodies, Penis1 is somebody's password.
"Uh, Penis1 isn't a thing they typed, but they still need to fix that."

are you saying someones password hashed to Penis1?

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate

RFC2324 posted:

are you saying someones password hashed to Penis1?

I think they're saying it didn't

Space Gopher
Jul 31, 2006
BLITHERING IDIOT

RFC2324 posted:

are you saying someones password hashed to Penis1?

Are you saying you trust a client to handle hashing a password?

The mistake is logging sensitive request bodies. There's nothing wrong with sending unhashed passwords over https, as long as you don't store them.

RFC2324
Jun 7, 2012

Http 418


Cup Runneth Over posted:

I think they're saying it didn't

Space Gopher posted:

Are you saying you trust a client to handle hashing a password?

The mistake is logging sensitive request bodies. There's nothing wrong with sending unhashed passwords over https, as long as you don't store them.

This is why I ask.

Guy Axlerod posted:

Penis1 isn't a thing they typed

Logging passwords and trusting clients are yes, obviously bad.

Docjowles
Apr 9, 2009



My Dick 5 hash algorithm (TM)

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate

Short and rarely used anymore, eh?

Volmarias
Dec 31, 2002


Docjowles posted:

My Dick 5"

dougdrums
Feb 25, 2005

MORTAL KOMB---
Uh, never mind. You're basically tonguing a nuke's butthole right now.


S-box had a backdoor

Adbot
ADBOT LOVES YOU

OSU_Matthew
Aug 23, 2010


Gun Saliva

Docjowles posted:

My Dick 5 hash algorithm (TM)

Cup Runneth Over posted:

Short and rarely used anymore, eh?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«190 »