|
OSI bean dip posted:
Could you maybe explain it to those of us who are interested? Or is this thread just for people who are already so smart they don't need to actually discuss anything because holy poo poo you guys are gooning it up so loving hard.
|
#
¿
Nov 20, 2015 23:43
|
|
|
|
| # ¿ Apr 26, 2024 10:16 |
|
|
Right but why is 9521, 9533 the last pair in that guy's code? (Is it something hilarious like him using a variable type that can't handle 5-digit numbers or something?) EDIT: Or did you just mean that having the range all be so close makes it so dumb as to be entirely pointless and not worth thinking about at all.
|
|
#
¿
Nov 21, 2015 00:00
|
|
|
Main Paineframe posted:Typically, people just didn't think about preventing it, or simply didn't bother. Preventing brute-forces requires at least a little extra effort above and beyond just implementing the authentication. It's not that there's any particular use in letting a client attempt 1,000,000 passwords, it's that it takes extra work to put something in to prevent them from doing so, and not everyone does that extra work. It seems like when people get to brute force passwords these days it's because they were able to get the hashes via a compromised account and download the table, rather than somebody hammering a webserver or something.
|
|
#
¿
Nov 24, 2015 15:48
|
|
|
I also only know of one "breach" that Lastpass has had, and all it did was release stuff that's already encrypted up the wazoo.
|
|
#
¿
Dec 21, 2015 16:00
|
|
|
Wiggly Wayne DDS posted:Those are issues for people needing multi-platform solutions, I doubt that is the majority of the userbase and doesn't excuse using an insecure manager. Isn't the entire draw of cloud-based password managers multi-platform support? I've thought about going back to just KeePass from Lastpass, but I figure if the biggest threat to my Lastpass info requires somebody have local control over my computer I'm hosed either way.
|
|
#
¿
Dec 21, 2015 16:45
|
|
|
I feel like if you think LastPass is insecure "just throw your entire password DB into Dropbox!" isn't really much better...
|
|
#
¿
Dec 21, 2015 20:59
|
|
|
OSI bean dip posted:Please explain how you have come to this conclusion. You're (mostly) in control and provided that you don't set your KeePass file to some dumb password, putting it on Dropbox or some other hosting service is far better than trusting that the algorithm used on LastPass isn't being hobbled by any inadequately written software. Hell, you can combine it with a keyfile if you're even less trusting of this method. Last time there was a discussion about this the overwhelming opinion from goons was that Dropbox was a security joke and your data might as well just be publically accessible. Then again that conversation was just as dripping with toxic condescension as this thread has been so maybe I missed something.
|
|
#
¿
Dec 21, 2015 21:07
|
|
|
TheQat posted:http://www.ibtimes.co.uk/john-mcafee-i-can-hack-san-bernardino-iphone-fbi-apple-backdoor-like-giving-our-enemies-1544651 He's gonna social engineer the password out of a dead guy? poo poo, McAfee is running his own little Fringe division now, isn't he.
|
|
#
¿
Feb 18, 2016 18:35
|
|
|
CLAM DOWN posted:
You fuckin' know it.
|
|
#
¿
Oct 19, 2016 20:22
|
|
for real?
|
CLAM DOWN posted:Ahahaha what the gently caress is this world we live in When I first saw this, the article I found had waaay more amazing tweets, but I forget where it was from.
|
|
#
¿
Oct 19, 2016 20:30
|
|
|
keseph posted:You're an ISP and have successfully identified a customer participating in a botnet. You know they have an infected machine on their network, no expertise to fix it, and even if you do send a tech who knows the specific device that's the problem, what're they going to do with it when the device is unpatchable? Now consider the cost born by the ISP in this process and multiply by 500 million clueless subscribers. I was going to say it seems like the solution is mostly just "User education and not being idiots" so pretty much it's unsolvable.
|
|
#
¿
Oct 24, 2016 16:45
|
|
|
Doug posted:Totally! If we can just teach users how to change the telnet password on an interface they don't know exists without common tools like passwd, then we can totally solve this! This is not a user education issue. This is absolutely a device manufacturer issue. We need some kind of 'connected things' alliance to create some standards around this poo poo, create some kind of quality seal and teach users to buy those things. Yeah I wrote that still in the "Download some sweet tunage off of Kazaa and join a botnet!" headspace. 
|
|
#
¿
Oct 24, 2016 18:06
|
|
|
Doesn't PoisonTap exploit poor HTTP(S) implementation more than anything else? Or is the main concern here that you have hashes you can work against on your own time.
|
|
#
¿
Nov 22, 2016 19:24
|
|
|
OSI bean dip posted:I rail against anti-virus and disk encryption for the primary reason of that I know the risks of using them and have no problem pointing out their flaws. Wait do you mean disk encryption is fundamentally hosed or (I'm assuming it's this from your example) that people treat it as way better/unbreakable than it is?
|
|
#
¿
Nov 22, 2016 21:36
|
|
|
OSI bean dip posted:What is FDE going to do for you once you're in handcuffs and someone has access to your unlocked computer? Even if you epoxyed the USB ports, whoever has your machine has at least the option to keep smashing keys on the keyboard until they get what they need. OK cool, just wanted to be sure I got you.
|
|
#
¿
Nov 22, 2016 21:54
|
|
|
Subjunctive posted:scott/tiger cisco/cisco
|
|
#
¿
Dec 5, 2016 16:31
|
|
|
|
| # ¿ Apr 26, 2024 10:16 |
|
|
Trabisnikof posted:Sure your 3D scans of your butt might seem safe now, until you buy a tesla with rear end ID and forget you have those scans sitting in a folder on drop-box, until your tesla gets stolen by a 3D printed fake butt. This is the world I want to live in.
|
|
#
¿
Dec 6, 2016 21:11
|
|