Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
spankmeister
Jun 15, 2008








Krankenstyle posted:

swedish retail chain ICA's supplier of toilet paper has been hacked, so they cant supply any lol

But it is the one we deserve

Adbot
ADBOT LOVES YOU

spankmeister
Jun 15, 2008








Mods, ban this sick filth.

spankmeister
Jun 15, 2008








Squatting is the Russian's natural pose.

spankmeister
Jun 15, 2008








COACHS SPORT BAR posted:

so what's the best E2E encrypted chat with a desktop client not written in electron these days

lol j/k i know there aren't any, ftge

Web whatsapp

spankmeister
Jun 15, 2008








Second language, thrice removed.

spankmeister
Jun 15, 2008








iirc steam had the same issue too a couple years back

spankmeister
Jun 15, 2008








Yeah splunk is good but it is stupidly expensive

spankmeister
Jun 15, 2008








Subjunctive posted:

the IE nonsense of http://531.202.330.721/, but nooooo.


What's that?

spankmeister
Jun 15, 2008








Wiggly Wayne DDS posted:

i have bad news if you try connecting to http://127.257 in a modern browser - how many users are seeing that as 127.0.1.1?

spankmeister
Jun 15, 2008








Lol as if the NSA is interested in y'all goony asses.

spankmeister
Jun 15, 2008








"Oh no, I'd better not buy a second hand computer because there is the infinitesimally small chance there is NSA malware on the hard drive controller"

lmbo

spankmeister
Jun 15, 2008









Gonna get some good privesc with this.

spankmeister
Jun 15, 2008








spb posted:

Just heard there was a legendary gently caress up. LOL

It's u

spankmeister
Jun 15, 2008








Lmfao you dorks

spankmeister
Jun 15, 2008








I use the apps on my LG they suit my needs.

spankmeister
Jun 15, 2008








Jabor posted:

it's a good thing we have an elaborate and expensive certification process to ensure that cryptographic solutions work correctly and aren't broken.

it would really suck if it was just bureaucratic horseshit that made it very expensive to create compliant implementations while not actually providing any meaningful benefit

It was probably a good idea in like, the 90's

spankmeister
Jun 15, 2008








duz posted:

love to put success conditions in the url and not validate them anywhere


http://fcpacompliancereport.com/2019/06/day-reckoning-kpmg-failures-ethics/

Hahah, well earned imo

spankmeister
Jun 15, 2008








pseudorandom name posted:

there should be a new form of code golf that is just mercilessly publishing zero days

It's known as Tavising

spankmeister
Jun 15, 2008








That one episode of Black mirror with the robot dogs is our future

spankmeister
Jun 15, 2008








Danish is incomprehensible gibberish so I would not at all be able to identify a phishing mail.

spankmeister
Jun 15, 2008








BUG JUG posted:

Yeah I mean half of us are running open https servers on our machines already soooooo...

Yet none of us run an entire Telco from their machines...


Or do they? :thunk:

spankmeister
Jun 15, 2008








How do expats coming into the country as adults get a credit score?

spankmeister
Jun 15, 2008








One credit is 1/64th of a Freedom.

spankmeister
Jun 15, 2008








Yo break me off a piece of whatever these guys are smoking


https://www.youtube.com/watch?v=yd_2HwAmge8

spankmeister
Jun 15, 2008








They gave a talk at BH and it's a doozy

https://twitter.com/veorq/status/1159559785068429312?s=19

spankmeister
Jun 15, 2008








All that matters for AV now is telemetry that they can monetize.

spankmeister
Jun 15, 2008








pseudorandom name posted:

wouldn’t it be easier to just set the Exec= key to your shell code?

That only triggers when you click on it. This does it when trying to render the icon.

spankmeister
Jun 15, 2008








Janitor Prime posted:

iirc there are some quick prime checking algorithms that will tell you if a number is probably prime. Not reading that bullshit, but I'm guessing maybe they found some numbers that fool those into thinking they are prime?

That's what pseudoprimes are. I've never heard of quasi-primes but I'm no mathematician.

[A]sk me about having to patch SAGE's ECM factorization implementation to support pseudoprimes since those work juuust fine when you're doing weird stuff to RSA.

spankmeister
Jun 15, 2008








I use a Secrid and it's very needs suiting and totally blocks rfid/nfc

spankmeister
Jun 15, 2008








Lain Iwakura posted:

https://seclists.org/fulldisclosure/2019/Aug/24


i am the grill master who cannot visually determine if the meat is ready

tbf i am vegetarian so i wouldn't know somewhat

Lierda more like Mierda

spankmeister
Jun 15, 2008








It doesn't matter. Facebook does not get the benefit of the doubt. They're untrustworthy.

spankmeister
Jun 15, 2008








Certbot even does the config for you ffs

spankmeister
Jun 15, 2008








Look, port knocking is dumb because if I'm on the same network as you, which can easily happen if say we're at the same Starbucks and I arp spoof the gateway, or I'm on your router because Comcast or whoever has lovely cheap vulnerable crap, or I'm a nation state tapping your poo poo, or I'm at any of the networks in between you and the server, or for any myriad of reasons, then the port knocking sequence is no longer a secret.

You have to expect the network between you and your server to be compromised somehow at some point in between. That's precisely why we even use authentication and encryption. Might as well use telnet otherwise.

So, that's why, your port knocking doesn't add anything on top of the security you already have which is encryption, public key authentication and MFA with Google authenticator.

You kept going on about how your poo poo is secure because defense in depth and etc, but really it doesn't add anything.

spankmeister
Jun 15, 2008








Yeah doing all that parsing and stuff in-kernel? Idk about that. I'm gonna stick with openvpn for a couple years.

spankmeister
Jun 15, 2008








ewiley posted:

Somewhere djb starts gently weeping and doesn't know why

It's because nobody uses his stupid mailserver

spankmeister
Jun 15, 2008








Port knocking worked for synful knock :smuggo:

spankmeister
Jun 15, 2008








lol zimperium is trash

spankmeister
Jun 15, 2008








Soricidus posted:

come to Europe. uk banks all hand out chip devices where you stick in your debit card and enter your pin to get a one-time code, or some of them just have authenticated tokens that are the same principle but the thing-you-have is the token rather than the card

not perfect probably but a hell of a lot better than loving sms

Some Dutch banks had this, and the devices were rather expensive. As it turned out, they spent millions on those things, and the fraud prevented was less than that, so they lost money.

Instead they have an app now to provide the second factor. Which works well enough, they gave it some thought and it's decently secure.

spankmeister
Jun 15, 2008








Winkle-Daddy posted:

the article doesn't mention the contract at all. My experience has been that pentesters (especially in the last 5-ish years) are not one to invent scope. I would be shocked if physical access was not spelled out in the contract the SCA signed, agreed to and failed to read. But I guess we'll have to wait and see.

Maybe, but this ain't tinkersec's first rodeo so I'm sure they know what to put in the contract.



lol tinkersex

Adbot
ADBOT LOVES YOU

spankmeister
Jun 15, 2008








hot

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply