|
https://twitter.com/MalwareTechBlog/status/1118275308543549440 More like Kim Dot DUMB
|
# ? Apr 16, 2019 23:11 |
|
|
# ? Apr 25, 2024 08:55 |
|
I had a daydream moment today of a service like like Spotify introducing a feature where you can chat with people listening to a certain song and all the guys in ISIS sticking Scatman John on a loop and hanging out in the chat.
|
# ? Apr 16, 2019 23:31 |
|
Absurd Alhazred posted:https://twitter.com/MalwareTechBlog/status/1118275308543549440
|
# ? Apr 16, 2019 23:37 |
|
I need to be more careful posting tweets linked from here into work chat, twitter embeds the referrer in the url.
|
# ? Apr 17, 2019 00:08 |
|
It's ok bro, it was a ZERO DAY https://twitter.com/briankrebs/status/1118202707318382593
|
# ? Apr 17, 2019 00:22 |
|
Thanks Ants posted:I had a daydream moment today of a service like like Spotify introducing a feature where you can chat with people listening to a certain song and all the guys in ISIS sticking Scatman John on a loop and hanging out in the chat. I'd end up getting radicalized in 2 days
|
# ? Apr 17, 2019 00:26 |
|
The Fool posted:I need to be more careful posting tweets linked from here into work chat, twitter embeds the referrer in the url. I always open the tweet and then copy it from Twitter. Doesn't embed the referrer.
|
# ? Apr 17, 2019 02:15 |
|
I let Firefox's content blocking prevent the tweet load entirely.
|
# ? Apr 17, 2019 04:53 |
|
Millions using 123456 as password, security study findsquote:For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. I blame Mel Brooks. https://www.bbc.com/news/technology-47974583
|
# ? Apr 22, 2019 03:15 |
|
I wonder how many of those are for accounts people don't really care about vs regularly used or important accounts. Probably still a significant percentage, but hopefully not quite as bad. That being said the finding isn't that surprising, pretty sure I've seen this same article dozens of times over the last 15 or so years.
|
# ? Apr 22, 2019 03:52 |
|
Proteus Jones posted:Millions using 123456 as password, security study finds Hell, millions still use CommieGIR fucked around with this message at 21:51 on Apr 22, 2019 |
# ? Apr 22, 2019 03:56 |
|
CommieGIR posted:Hell, millions still use plane dictionary words. We had a load balancer get hit like that. Like NATO alphabet spelling of their name?
|
# ? Apr 22, 2019 04:01 |
|
CommieGIR posted:Hell, millions still use plane dictionary words. We had a load balancer get hit like that.
|
# ? Apr 22, 2019 04:16 |
|
Subjunctive posted:Like NATO alphabet spelling of their name?
|
# ? Apr 22, 2019 04:20 |
|
CommieGIR posted:Hell, millions still use plane dictionary words. We had a load balancer get hit like that. Plane dictionary words should be a pretty flat load though. No balancing required.
|
# ? Apr 22, 2019 05:18 |
|
CommieGIR posted:Hell, millions still use plane dictionary words. We had a load balancer get hit like that. Holy poo poo
|
# ? Apr 22, 2019 07:01 |
|
What types of systems are these passwords still being used on? The article doesn't say, but I'm guessing these are passwords they use for internal applications at work?
|
# ? Apr 22, 2019 19:52 |
|
CommieGIR posted:Hell, millions still use plane dictionary words. We had a load balancer get hit like that. The new LB password is: elevon canard Immelmann pitot
|
# ? Apr 22, 2019 21:16 |
|
I love spellcheck, and you guys are all great.
|
# ? Apr 22, 2019 21:52 |
|
E2E Soccer is recognized as a leader in IT solutions for soccer organizations with solutions in club and league management, referee assignment, and scheduling. Their forgot password form sends the previously registered password in plain text.
|
# ? Apr 22, 2019 22:27 |
|
Volguus posted:E2E Soccer is recognized as a leader in IT solutions for soccer organizations with solutions in club and league management, referee assignment, and scheduling. Bonus points if the e-mails were sent unencrypted!
|
# ? Apr 22, 2019 22:47 |
|
Volguus posted:E2E Soccer is recognized as a leader in IT solutions for soccer organizations with solutions in club and league management, referee assignment, and scheduling. When you're the only one in the field, you're the defacto leader.
|
# ? Apr 24, 2019 01:57 |
|
Volmarias posted:When you're the only one in the field, you're the defacto leader. Whoa whoa, they’re a leader.
|
# ? Apr 24, 2019 02:21 |
|
Hurray, sanity prevails! Password1, Password2, Password3 no more: Microsoft drops password expiration rec For years, Microsoft's baseline security policy has expired passwords after 60 days.
|
# ? Apr 25, 2019 20:56 |
|
The cynic in me thinks it's because password expiry works so poorly with Azure AD Connect, though it's still a positive change.
|
# ? Apr 25, 2019 21:00 |
|
AES128 is stupidly strong and effectively unbreakable unless we're talking about theoretical quantum computers in the hands nation states. It should have always been the recommendation for just about every reasonable BitLocker use case.
|
# ? Apr 25, 2019 21:17 |
|
Diva Cupcake posted:AES128 is stupidly strong and effectively unbreakable unless we're talking about theoretical quantum computers in the hands nation states. Its one of those things where we won't know the relative strength until it's pretty much broken. AES256 isn't AES128 with twice the key size, its a different algorithm using the same fundamentals with a key chaining method to increase the key size. Similar to DES and 3DES. The thing we don't know is does this key chaining reduce the effective strength of AES256 and if it does, does this reduce its functional security to less than AES128? Overhead is pretty much identical these days for systems supporting AES-NI, so its a bit of a pick your poison situation, but you have to be supporting some seriously sketchy hardware where you need to opt for AES128 for performance reasons.
|
# ? Apr 25, 2019 21:33 |
|
Internet Explorer posted:Hurray, sanity prevails!
|
# ? Apr 25, 2019 22:17 |
|
Diva Cupcake posted:AES128 is stupidly strong and effectively unbreakable unless we're talking about theoretical quantum computers in the hands nation states. I was under the impression that quantum computing was only a problem for asymmetric algorithms. Symmetric stuff like AES would be (mostly) unaffected.
|
# ? Apr 25, 2019 22:20 |
|
Powered Descent posted:I was under the impression that quantum computing was only a problem for asymmetric algorithms. Symmetric stuff like AES would be (mostly) unaffected. Grover's algorithm?
|
# ? Apr 26, 2019 00:06 |
|
Nah that just produces an unusable mess
|
# ? Apr 26, 2019 00:11 |
|
Load-bearing ciphers
|
# ? Apr 26, 2019 00:26 |
|
cergos posted:Grover's algorithm? Hence the "mostly". But I went back and checked, and you're right, it has more impact there than I had remembered, but still not fatally. Grover's reduces the effective keyspace to the square root of what it would be when brute-forcing classically. In other words, cut the exponent in half: a 128-bit key becomes effectively 64-bit security. That's in the range of nation-state capabilities, so I was wrong to think that AES-128 would remain secure if we should end up in a quantum-computing future. But the way to secure it again is very simple -- just bump up the key size. AES-256 would give you 128 bits of security against a quantum computer, which should still be fine for a long time to come. Making asymmetric algorithms resistant to quantum computers will be... more complex. https://www.schneier.com/blog/archives/2018/09/quantum_computi_2.html
|
# ? Apr 26, 2019 00:35 |
|
I haven't been following it closely but I thought TLS 1.3 was mandating ECDHE with curves that were at least quantum resistant
BangersInMyKnickers fucked around with this message at 14:50 on Apr 26, 2019 |
# ? Apr 26, 2019 01:37 |
|
Had to open an.l incident because a user shared his private key rather than his public.
|
# ? Apr 26, 2019 02:48 |
|
CommieGIR posted:Had to open an.l incident because a user shared his private key rather than his public.
|
# ? Apr 26, 2019 12:22 |
|
wyoak posted:now to wait a decade for PCI to update their standards If both NIST and Microsoft are not recommending password expiries, that's at least some ammo to push back against auditors. Maybe no PCI, but enough that we should be pushing.
|
# ? Apr 27, 2019 06:53 |
|
Docker Hub hacked. 190k accounts exposed via usernames, hashed passwords, and github/bitbucket auth tokens. https://news.ycombinator.com/item?id=19763413 FYI docker hub doesn’t support 2fa, makes you register an account just to download things (can be circumvented by googling for direct links but come on), and requires full github account access for those exposed tokens to take advantage of many features.
|
# ? Apr 27, 2019 07:53 |
|
Anybody have context on why Kevin Mitnick is harassing @notdan? https://twitter.com/notdan/status/1122130594475991040
|
# ? Apr 27, 2019 16:40 |
|
|
# ? Apr 25, 2024 08:55 |
|
Cos he's an one trick pony / attention seeking charlatan like Krebs
|
# ? Apr 27, 2019 17:01 |