Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
The Fool
Oct 16, 2003



klosterdev posted:

Performas were awful for a kid who couldn't play his friend's DOS/Win95 computer games

but good for escape velocity

Adbot
ADBOT LOVES YOU

klosterdev
Oct 10, 2006

Na na na na na na na na Batman!

Spaceway 2000 man

D. Ebdrup
Mar 13, 2009



Microsoft Security Response Center has published a pdf report of a security analysis of the CHERI ISA which uses FreeBSD as a basis for a fork called CheriBSD which has been modified to make use of CHERI.
The team estimates that between half and two thirds of all the vulnerabilities that Microsoft have faced in 2019 would have been mitigated.

Martytoof
Feb 25, 2003







That's a really dense read but really cool at the same time.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Barnes and noble apparently don't patch things.

https://www.bleepingcomputer.com/ne...-customer-data/

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




Sickening posted:

Barnes and noble apparently don't patch things.

https://www.bleepingcomputer.com/ne...-customer-data/

So some idiot has been using my gmail address for many years thinking it's his (I have a simple/short gmail addy from the early beta invite-only days), and I got this breach email last night lmao. Now this idiot has gotten....my email? breached. Again. Siiiigh.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

CLAM DOWN posted:

So some idiot has been using my gmail address for many years thinking it's his (I have a simple/short gmail addy from the early beta invite-only days), and I got this breach email last night lmao. Now this idiot has gotten....my email? breached. Again. Siiiigh.

Its funny because i too have a short email alias from the beta days that is lastname.firstinitial. Its like a clear indicator that you are old.

The Fool
Oct 16, 2003



Mine is firstname.lastinitial

Subjunctive
Sep 12, 2006

careful now


CLAM DOWN posted:

So some idiot has been using my gmail address for many years thinking it's his (I have a simple/short gmail addy from the early beta invite-only days), and I got this breach email last night lmao. Now this idiot has gotten....my email? breached. Again. Siiiigh.

I'm a bit out of it today, but how does this actually affect you if it wasn't your account? Presumably you didn't share passwords with him.

Arsenic Lupin
Apr 11, 2012

This particularly rapid unintelligible patter isn't generally heard, and if it is, it doesn't matter.





Subjunctive posted:

I'm a bit out of it today, but how does this actually affect you if it wasn't your account? Presumably you didn't share passwords with him.
I'm in the same situation and the answer is that I keep getting included in group emails, including the occasional legal letter. The worst one is somebody who signed up for a Victoria's Secret credit card account, and there is no way for their credit card company to figure out who owns the account so they can change the email.

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




Sickening posted:

Its funny because i too have a short email alias from the beta days that is lastname.firstinitial. Its like a clear indicator that you are old.

Mine is firstname.lastinitial, it rules but it's too full of spam. I own a domain that's lastname.com so I keep meaning to switch to firstname@lastname.com that I have attached to my personal O365 account.

Subjunctive posted:

I'm a bit out of it today, but how does this actually affect you if it wasn't your account? Presumably you didn't share passwords with him.

Oh, it doesn't really, just means that my email is out there in yet another breach/dump. Because of how simple/short/old my gmail is, it's already out there in a dozen, but yeah it's not a huge deal. Just another facepalm moment because god I don't understand how this idiot can keep using my email as if it's his.

uniball
Oct 10, 2003



i have uniball at gmail and get a lot of other peopleís instagram accounts, in-store loyalty programs, etc. one time the pen company held some kind of contest in india and for some reason i got dozens of submissions

my friend has idontgetit at gmail and he gets way more and way funnier stuff, including some shockingly sensitive personal finance things.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

CLAM DOWN posted:

Mine is firstname.lastinitial, it rules but it's too full of spam. I own a domain that's lastname.com so I keep meaning to switch to firstname@lastname.com that I have attached to my personal O365 account.


Oh, it doesn't really, just means that my email is out there in yet another breach/dump. Because of how simple/short/old my gmail is, it's already out there in a dozen, but yeah it's not a huge deal. Just another facepalm moment because god I don't understand how this idiot can keep using my email as if it's his.

I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well.

Arsenic Lupin
Apr 11, 2012

This particularly rapid unintelligible patter isn't generally heard, and if it is, it doesn't matter.





Sickening posted:

I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well.

Try mailinator.com instead.

astral
Apr 26, 2004



A shocking number of sites block not just mailinator, but also its alternate domains.

Mustache Ride
Sep 11, 2001



Pillbug

I wonder if I'll need to change from dtrump@whitehouse.gov to something else.

Buff Hardback
Jun 11, 2019


Sickening posted:

I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well.

they're probably not a googler

try firstname@google.com

Ynglaur
Oct 9, 2013



Sickening posted:

I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well.

Hey fellow nope user.

Raenir Salazar
Nov 5, 2010

ASK ME ABOUT MY LOVE OF EUGENICS AND MARIO 3


College Slice

Can someone clarify something for me about Shannon Entropy? If I have a really got RNG and I request 128 random bits, as long as the chance of any possible binary number is equally likely as any other number from those 128 bits it is said to have 128 bits of Entropy?

uniball
Oct 10, 2003



when i worked for apple, they were very nonspecific in their training/documentation around how to do software troubleshooting, so it really stood out when they sent out a communication and updated their documentation to say like "When submitting an email address with a form in the process of testing something, you MUST use a nonexistent TLD. We suggest test@test.none"

wonder what kind of stink was raised to result in that!

that wouldn't work for a lot of things these days. all of mailinator's domains being blocked has been common for many years now, but i've occasionally run into things in the last couple years that refuse to accept "anything but the best" (gmail, icloud, etc).

SpaceSDoorGunner
May 4, 2018



Whatís a good starting point for OSINT basics? Or is there a megathread somewhere Iíve missed?

xtal
Jan 9, 2011



SpaceSDoorGunner posted:

What’s a good starting point for OSINT basics? Or is there a megathread somewhere I’ve missed?

https://github.com/jivoi/awesome-osint ?

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!


Pillbug

SpaceSDoorGunner posted:

Whatís a good starting point for OSINT basics? Or is there a megathread somewhere Iíve missed?

Bellingcat has an excellent toolkit and guide as well: https://docs.google.com/document/d/...YoICKOGguA/edit
https://www.bellingcat.com/category/resources/how-tos

SpaceSDoorGunner
May 4, 2018




Thatís the kinda thing Iím looking for, thanks!

Revdomezehis
Jul 26, 2003
OMG a Moose!

For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?"

Potato Salad
Oct 23, 2014

Nobody Cares




Tortured By Flan

Revdomezehis posted:

For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?"

darn near everything, but with approval checkout workflow

RFC2324
Jun 7, 2012

Http 418


Revdomezehis posted:

For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?"

I don't work in them, but have ended up working with them at various companies and the best solution I have seen is read only to everything, but if they want to make a change it's impossible without involving a sysadmin.

Adbot
ADBOT LOVES YOU

xtal
Jan 9, 2011



Revdomezehis posted:

For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?"

Technically everything... I have admin privileges in our UIs which are logged extensively. But as a developer I could also just go siphon it all from the database, or deploy code to email it to me, or something.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply