|
Methanar posted:Apple Exec: ‘We Are The Greatest Platform For Distributing Child Porn’ I thought iMessage backups in iCloud specifically were not encrypted.
|
#
?
Aug 22, 2021 22:34
|
|
|
|
| # ? Apr 28, 2024 05:45 |
|
|
Ansible Adams posted:I thought iMessage backups in iCloud specifically were not encrypted. no, they are still encrypted and the key is in the backup too
|
|
#
?
Aug 23, 2021 07:44
|
|
|
https://twitter.com/j0nh4t/status/1429049506021138437
|
|
#
?
Aug 23, 2021 08:16
|
|
|
Methanar posted:Apple Exec: ‘We Are The Greatest Platform For Distributing Child Porn’ I didn't think the NSA plants would be that obvious
|
|
#
?
Aug 23, 2021 12:40
|
|
|
lol nice we use some wonky home rolled session RDP wrapper for access to database servers and it gives you local admin on the host so you can pop an elevated command prompt by going to the save as menu even if you're logged on with what should be a read only account I've raised this like 4 times
|
|
#
?
Aug 23, 2021 12:50
|
|
|
delivering whql certified drivers via windows is great, but maybe dont include the totally untested support software with it.
|
|
#
?
Aug 23, 2021 18:12
|
|
|
but how will the mouse company provide the value-added service of spying on the browsing habits of their customers?
|
|
#
?
Aug 23, 2021 22:26
|
|
|
on the subject of "caught you jacking off" blackmail spam and some weird 'emails my browsing history to my wife to stop me jacking it software called 'covenant eyes'", a gift!BaseballPCHiker posted:I had an encounter with Covenant Eyes at my job as an InfoSec guy.
|
|
#
?
Aug 24, 2021 00:03
|
|
|
lol a guy asked to install that software on his work computer at oldjob. i said no.
|
|
#
?
Aug 24, 2021 00:10
|
|
|
please stop kink shaming
|
|
#
?
Aug 24, 2021 00:14
|
|
|
I feel like mentioning that we actively filter porn at work should counter that, and adding that being found getting around those filters is a firing would drive it home
|
|
#
?
Aug 24, 2021 00:20
|
|
|
just get a burner phone plan for your office porn habit jeez
|
|
#
?
Aug 24, 2021 07:45
|
|
|
RFC2324 posted:I feel like mentioning that we actively filter porn at work should counter that, and adding that being found getting around those filters is a firing would drive it home sounds like an element of added risk to me! 
|
|
#
?
Aug 24, 2021 08:50
|
|
|
i thought God was omnipotent? how to they rationalise this lol
|
|
#
?
Aug 24, 2021 09:06
|
|
|
your children dying of easily-preventable diseases is something god did deliberately to test you no they don't actually care what the children dying of easily-preventable diseases think, they don't have any agency within the religious power structure so their opinions don't matter
|
|
#
?
Aug 24, 2021 09:37
|
|
|
children are a bunch of scroungers anyway. if they want to be good for anything but dying to test their parents faith then they should get a Job
|
|
#
?
Aug 24, 2021 09:48
|
|
|
c bank s: still poo pooCBC posted:
|
|
#
?
Aug 24, 2021 12:47
|
|
|
Penisface posted:just get a burner phone plan for your office porn habit jeez  flakeloaf posted:c bank s: still poo poo these are the absolute worst kyc questions I've ever seen. a single statement in the mail can crack the whole account open which is just  i thought there was a better baseline for these. that must be a stateside requirement so nope no reason to see any value there edit: i should say, since the bank is neighboring the u.s. i would have expected some bleed-over of stateside kyc practices since they may do banking across the border, but that's not the case here Agile Vector fucked around with this message at 13:27 on Aug 24, 2021 |
|
#
?
Aug 24, 2021 13:17
|
|
|
Don't understand how the scammer circumvented chip and pin???
|
|
#
?
Aug 24, 2021 13:25
|
|
|
they stole the pin during the catfish call but yeah, even if you have hte means to clone cards you still need to know what to write to them?
|
|
#
?
Aug 24, 2021 13:30
|
|
|
my bank (Bankwest, an aussie bank) makes you use your PAN (Personal Access Number) as your username to login to internet banking. said PAN is an eight-digit number printed on your debit and credit cards... they do have MFA, although not at login and only when you go to do important stuff like add a new pay-anybody (EFT) recipient or raise your withdrawl/online transfer limit. also it's SMS only (no TOTP or push). last time i called em out on twitter they did a multi-tweet reply using a third-party service that meant i was supposed to click a link in their tweet to see the other ~72 characters they were sending me jfc fuckin banks!
|
|
#
?
Aug 24, 2021 13:30
|
|
|
Pile Of Garbage posted:i thought God was omnipotent? how to they rationalise this lol i posted this in the bwm thread when it came up: Midjack posted:There are some Protestant churches that lean really hard into "accountability" where you're supposed to be in a small group with some other people of your gender (but it's mostly for dudes) and tell each other about what you struggle with. The idea is that it's easier to overcome whatever is bringing you down in a group with people backing you up. Kind of like Catholic confession I guess, just that instead of one person knowing your dirty laundry you have half a dozen people in on it. Unsurprisingly porn is a really common complaint, and software like that sits on your box, monitors your DNS requests, and tattles on you to your church group when you're looking at butts on the internet. The shame is supposed to inhibit the behavior but they aren't hard to get around. Basically it's rebranding of the internet blocklists marketed to parents, it just emails a different group of people. the one being described is a little different since it's emailing screenshots out rather than just tattling on your dns requests.
|
|
#
?
Aug 24, 2021 13:54
|
|
|
this keeps happening and the stance of banks in canada seems to be that chip and pin is "uncrackable" so if fraud happens it must be because you shared your card and pin: https://www.cbc.ca/news/business/pin-fraud-customer-liable-rbc-surveillance-1.5444554 https://www.thestar.com/business/personal_finance/spending_saving/2011/06/18/roseman_man_sues_cibc_for_81276_visa_charge.html
|
|
#
?
Aug 24, 2021 14:14
|
|
|
this is why i won't use services like mint either, btw. canadian banks will absolutely tell you to pound sand if you share your pin or credentials
|
|
#
?
Aug 24, 2021 14:14
|
|
|
Cold on a Cob posted:this keeps happening and the stance of banks in canada seems to be that chip and pin is "uncrackable" so if fraud happens it must be because you shared your card and pin:
|
|
#
?
Aug 24, 2021 14:18
|
|
|
Pile Of Garbage posted:got a new QNAP NAS and just been setting it up, was amused to find that it defaulted to plain HTTP for the login page unless you tick a "Secure Login" checkbox which redirects you to HTTPS. also found that this was enabled by default, lmao (device is running latest QuTS firmware): as someone that works for a company that makes network appliances with a web interface the lack of https is so you can actually log into it in the first place. modern browsers are increasingly making it difficult to find the “proceed to insecure page” display you’d get with a self signed or mismatched cert so the initial provisioning is significantly easier for everyone involved if http is used instead of https. after initial login you have to secure the device yourself based on your own security posture and the device’s settings.
|
|
#
?
Aug 24, 2021 14:21
|
|
|
Rufus Ping posted:Don't understand how the scammer circumvented chip and pin??? [everyone in yospos after years and years of this thread and touching computers in general] there is no such thing as unhackable, everything is vulnerable [also yospos posters] how did someone bypass the security measures on this lovely chip designed and manufactured by the lowest bidder at the request of an industry that limits maximum password length and still uses 4 digit PINs
|
|
#
?
Aug 24, 2021 14:28
|
|
|
hobbesmaster posted:as someone that works for a company that makes network appliances with a web interface the lack of https is so you can actually log into it in the first place. modern browsers are increasingly making it difficult to find the “proceed to insecure page” display you’d get with a self signed or mismatched cert so the initial provisioning is significantly easier for everyone involved if http is used instead of https. after initial login you have to secure the device yourself based on your own security posture and the device’s settings. i don't ever recall any browser fully breaking self-signed certs for HTTPS, nor do i recall them making it more difficult to navigate to HTTPS sites with self-signed certs beyond adding an extra click (which it then caches and remembers anyway). also this thing advertised plain HTTP on 8080 and if that's a way to get around browser whinging then that's just cooked.
|
|
#
?
Aug 24, 2021 14:40
|
|
|
if it's a consumer device, training users to regularly click past a cert warning as part of a normal setup process seems Bad
|
|
#
?
Aug 24, 2021 14:46
|
|
|
30 TO 50 FERAL HOG posted:[everyone in yospos after years and years of this thread and touching computers in general] there is no such thing as unhackable, everything is vulnerable oh, we have six digit pins now
|
|
#
?
Aug 24, 2021 14:52
|
|
|
one of my bank accounts only lets me use a 6 digit numeric pin to sign in online ityool 2021 (tangerine.ca for the curious)
|
|
#
?
Aug 24, 2021 15:00
|
|
|
i thought their "what did you call this picture" mfa was actually pretty good, not sure why they canned it in favour of sms 2fa of all things microsoft authenticator's been out for five years already, yall have no excuse at this point
|
|
#
?
Aug 24, 2021 15:14
|
|
|
td still wants to send me a text message any time i sign in from my desktop
|
|
#
?
Aug 24, 2021 15:18
|
|
|
my work phone with my work authenticator is packed up from a recent move so to log in to teams they just let me click “give me a call” and I just pressed # and was logged in. seems legit
|
|
#
?
Aug 24, 2021 15:37
|
|
|
Pile Of Garbage posted:i don't ever recall any browser fully breaking self-signed certs for HTTPS, nor do i recall them making it more difficult to navigate to HTTPS sites with self-signed certs beyond adding an extra click (which it then caches and remembers anyway). also this thing advertised plain HTTP on 8080 and if that's a way to get around browser whinging then that's just cooked. why do you need https if you're configuring it from a direct connection from a laptop if you're doing anything else why do you think it is in any way secure if there was a broken padlock in your browser window
|
|
#
?
Aug 24, 2021 15:38
|
|
|
hobbesmaster posted:why do you need https if you're configuring it from a direct connection from a laptop i really don't feel like i need to explain myself when a bunch of other vendors only do HTTPS by default (ok maybe not a bunch but Fortinet deffo do).
|
|
#
?
Aug 24, 2021 15:51
|
|
|
in fact why am i defending HTTPS as a default lmao
|
|
#
?
Aug 24, 2021 15:54
|
|
|
Pile Of Garbage posted:nor do i recall them making it more difficult to navigate to HTTPS sites with self-signed certs beyond adding an extra click (which it then caches and remembers anyway) then your memory isn't very good. the thing to click on has gotten consistently easier to miss over the years because most people shouldn't be clicking on it most of the time. it's good design unless you're a normal person trying to set up a network appliance
|
|
#
?
Aug 24, 2021 15:58
|
|
|
Pile Of Garbage posted:in fact why am i defending HTTPS as a default lmao because what is https to 192.168.1.1 presenting a certificate for CHANGEME.example.com actually proving? hobbesmaster fucked around with this message at 16:03 on Aug 24, 2021 |
|
#
?
Aug 24, 2021 15:58
|
|
|
|
| # ? Apr 28, 2024 05:45 |
|
|
ya'll are mainly right, HTTPS without validation is meaningless, also the end-user impact is bad i guess. my QNAP supports exposing itself not just on WAN but via QNAP cloud services. it even supports ACME and can issues its own certs via LE. it wanted me to set it up via a QR code that i would scan and it assumed my unit would have full internet access (lol yeah right). but idk a lot of this is done well. that said everyone just kinda ignored my main thing: Pile Of Garbage posted:also found that this was enabled by default, lmao (device is running latest QuTS firmware):
|
|
#
?
Aug 24, 2021 16:18
|
|