|
obstipator posted:what a strange title. i dont think theres nazis on these forums sure there's not, guy i only remember because of that time you got made fun of by lowtax for unironically using the term "social justice warrior"
|
#
¿
Apr 23, 2019 03:07
|
|
|
|
| # ¿ Apr 26, 2024 10:04 |
|
|
Captain Foo posted:warby parker is legit but lol who authorized that i'm sure they just went "hey app company, can you make us an app that sees what kind of glasses you need? thanks" and literally every app designer i know would come up with a solution like that without even thinking twice about how stupid it is
|
|
#
¿
Apr 24, 2019 15:30
|
|
|
that reminds me, we once had a customer that demanded the ability to log in (over the network!) using just their badges and no password or anything else. no problem, they must be smart card badges and we can just use PKI right? lol no, they're laminated cardstock from a laser printer with a barcode on them, and the barcode encodes the username and nothing else. they'd been using these for years and couldn't understand why we had such a problem with the whole thing. 
|
|
#
¿
Apr 24, 2019 15:32
|
|
|
graph posted:the client..... doesn't understand poo poo about anything ??? but their "security guy" said it was fine, so it's fine!
|
|
#
¿
Apr 24, 2019 16:50
|
|
|
yeah if the password was not only not required but not allowed and you could only use (actual) smart cards that's fine, if it was just not required that's... different i doubt it's the same company because the system in question isn't using active directory and was a custom thing they had patched into the particular (cash register!  ) software they were usingbut it's fine because if you tried to log in manually (in the UI, not in the actual network endpoints they made of course) it would require the password, the only way to log in without the password was to scan your barcode and it's not like just anyone can generate a barcode right? i bet it requires some special machine or, you know, take a picture of the manager wearing their ID on a lanyard with the barcode prominently displayed and just zoom in on the barcode and hold your phone up to the scanner god the more i think about it the stupider it gets
|
|
#
¿
Apr 25, 2019 14:43
|
|
|
Boiled Water posted:either is equally likely or it costs extra, or better yet changes how you have to license the thing so every SSO user requires a seat, or something like that, because oracle
|
|
#
¿
Apr 26, 2019 14:57
|
|
|
i bought a real fancy scanner on ebay cuz i make bad decisions with money and it was super cheap cuz it was used. it's got a lot of very advanced ~enterprisey~ security features, and was clearly used by some big company that was probably getting rid of surplus or something. anyway it finally showed up today and i try to use it only to realize it needs an admin login to even do a factory reset. oh no, did i just waste my mon- oh the username is "admin" and the password is "password", ok 
|
|
#
¿
Apr 28, 2019 05:26
|
|
|
saved credentials and path to their file sharing server and saved credentials for their sharepoint instance but it doesn't really have any internal file storage beyond an initial ram cache (though it does have a secure erase feature which they didn't use of course) however they did have one saved network admin account, I assume for maintenance, and that admin account was named like "pyxis-service". the only major thing I can find with the name 'pyxis' is a brand of pharmacy management / drug dispensing things, so i'm guessing this scanner was originally from a pharmacy and sold as part of a complete system along with a service contract, maybe for scanning prescriptions you know, exactly the kind of place that should run the loving secure erase feature before selling it e: at least i think it has sharepoint credentials, it says sharepoint is configured according to the on-device configuration thing but i think to actually access the config for that you need to use the admin tool which requires some ancient version of internet explorer and i can't be assed to set that up right now. i could definitely see the fileshare credentials and the user accounts though so 
Shame Boy fucked around with this message at 20:18 on Apr 28, 2019 |
|
#
¿
Apr 28, 2019 20:14
|
|
|
Midjack posted:pyxis is more commonly seen in hospitals to track and dispense sensitive but high volume drugs, so rather than the pharmacy sending a dude up to the icu with a bottle of morphine they stock the cabinet in the icu with 20 of them at the start of the day and when the order comes in and is approved, the hospital pharmacy just punches a button and the bottle drops right out into the icu nurse’s hand. it would be weird to have that at a retail pharmacy, though. i know at least one retail pharmacy with a robotic filling... cabinet... thing, my friend was the pharmacist there, is that something else? i mostly know about it because they had just installed it and it had tons of problems and was loving up all the time and he had to manually re-check everything it did because a few times he caught it giving out way too many pills (and once, the wrong pills altogether) so that was fun.
|
|
#
¿
Apr 28, 2019 20:34
|
|
|
Sagebrush posted:what does the scanner do that makes it so desirable? it's a real good scanner, like i can put a stack of 100 papers in the feeder and it will quickly but accurately take them one at a time, scan them, exclude blank ones, flip them to be right-side-up if I hosed it up, and even run ocr on them to make the resulting pdf's text-searchable. then it can just drop the resulting file on a windows file server or ftp server, or email it, or send it directly to a printer so it acts like a copier, without any sort of interaction from a computer or drivers needing to be installed. plus it can be managed using active directory and a central config server, there's a bunch of fine-grained access controls and encryption, even a goddamn sdk if you want to write your own software to run on the scanner (it's got a touch screen interface) i totally would not pay retail for it even if i was going to use all the features because it's massively overpriced but i got it real cheap on ebay and the only thing i had to do was replace a ~$20 worn-out roller and it's good for another 50,000 pages it's total overkill for what i'm actually using it for but drat if it isn't fun from a dork-rear end computer janitor perspective e: i think the reason the hospital or w/e would want it is because it's explicitly hipaa compliant in some way according to the specs, so i'm guessing they're the primary customers Shame Boy fucked around with this message at 21:02 on Apr 28, 2019 |
|
#
¿
Apr 28, 2019 20:59
|
|
|
simble posted:whats the make/model of this mega scanner? kind of curious... it's a fujitsu scansnap n1800
|
|
#
¿
Apr 29, 2019 00:21
|
|
|
pseudorandom posted:Thanks for this response, I was curious about it too. As a nerd who frequents The Dorkroom most of my scanner priorities are centered around DPI, but even just the concept of a multi-page feeder is enough to make something like this sound appealing. oh yeah this is very much just a document scanner, if you kick its dpi up to the eye-watering maximum of 600 whole dots per inch it gets massively slower and a bunch of limits kick in, like you can't use a bunch of the features because (i assume) it can't process stuff that big. however for documents 200 to 300dpi is completely fine, it generates very good scans with that, and it has a weird feature where it will like, scan a small slice of it and determine what dpi it should use to get legible results? not quite sure how that works but so far i like it  i have a bunch of mail i've been wanting to scan that i can't get delivered online yet (stuff like the contract for my renter's insurance, something i really want a copy of but at the same time will probably never actually need the physical stack of 50 pages that it's made of) and after using a crummy all in one inkjet printer to do this previously one page at a time, just being able to drop in a big-rear end stack of papers and hit a button is real satisfying
|
|
#
¿
Apr 29, 2019 15:11
|
|
|
Lutha Mahtin posted:my work badge is a piece of plastic with just my name, title, and a low-res image of the company logo that you can probably find an exact .jpg of on our public website. no chips, no barcodes, no photo. this was instituted because some manager(s) with enough clout are obsessed with mass shootings. so yeah now we have to watch an awful training video every year that instructs us to take down an active shooter if we can't escape or hide how is that going to stop an active shooter i mean the badge part, the "throw yourself at them to save the executives" bit makes perfect sense
|
|
#
¿
Apr 29, 2019 15:48
|
|
|
really glad i got the last model year of my car that has a basic radio without a big screen or usb connections or anything and the only vaguely modern part of it is simple bluetooth pairing for music
|
|
#
¿
Apr 30, 2019 17:12
|
|
|
i sat here for like 10 to 15 seconds carefully reading the left-hand text to figure out why you'd link this, then was just like "oh" out loud
|
|
#
¿
May 2, 2019 18:29
|
|
|
favorite bit from the yearly security "training" i just "took": telnet, ftp and http are the "less secure" versions of ssh, sftp and https i mean i guess that's correct in that completely insecure is less secure than secure
|
|
#
¿
May 3, 2019 15:35
|
|
|
turns out it was made internally by the junior IT guy, i chatted him up about it and he said he was just in a hurry and worded it a bit weird
|
|
#
¿
May 3, 2019 17:29
|
|
|
Lain Iwakura posted:
we have a thing at work that operates by SSH'ing into a box and forwarding a port like that, then automatically launching netcat to further forward the port from the box to something else i mean it works i guess
|
|
#
¿
May 5, 2019 01:13
|
|
|
i just got some fun spamquote:Magecart, a cyber attack that steals credit card details from unsecured online forms, is rapidly becoming the number one threat for e-commerce websites. Don’t let it reach your platform. thank god we have Digital Experience Specialist James Carter to walk us through how to prevent data access
|
|
#
¿
May 7, 2019 19:52
|
|
|
ewiley posted:Getting extremely tired of the scam emails obviously culling addresses from credential dumps then sending 'lol I infected the porn site you were watching with malware and now I know your password, pay me bitcoin!'. It's just so lazy. at least the ones you get actually have your old password still, most of the ones i've gotten lately don't even have that and just want you to trust them that they definitely stole your account pinky swear
|
|
#
¿
May 8, 2019 14:35
|
|
|
i want that database to get compromised so i can see how many people used "boners" or "weed" or "gently caress"
|
|
#
¿
May 8, 2019 19:32
|
|
|
Subjunctive posted:I’m going to abuse my relationship with Lain to post a job description here. I don’t read YOSPOS anymore so PM me or sbjnctv@gmail.com if you’re a loser without plat. what kind of software is this developing, or at least what languages? it's not php is it  also I have stories of fixing security fuckups but i feel they're not as good as other posters' stories because the place i was working was appallingly bad so it was stuff like "make it so you actually need a password to access this private server" or "replace unsalted MD5 with something less stupid" or my favorite, "discover that one of the main servers had been running an ancient version of tomcat that was vulnerable to literally everything and hadn't been updated in a decade and I was the first person to ever notice because everyone thought the dozens of different malwares that had been installed on it was just part of our software"
|
|
#
¿
May 9, 2019 15:13
|
|
|
Subjunctive posted:I should say that I don't care what languages you know already, because learning languages while working in a code base with co-workers to ask is not a tall order. I care how you think about security problems in the context of software, policy, tooling, product features, etc. yeah i think "be able to learn new languages" is something any developer should be able to do just as part of their job, i was more asking just out of curiosity cuz there are certainly some languages i enjoy working with more than others
|
|
#
¿
May 10, 2019 14:42
|
|
|
i'd never even heard of "hendry county" yet apparently I live like a two and a half hour drive away from it so lol. i guess i never realized anyone lived in that area, i thought it was all like, dredged everglades wasteland anyway good job kids 
|
|
#
¿
May 10, 2019 20:49
|
|
|
all the networks in the entire school district were connected together into one massive network so by like 4th grade i figured out i could open up network neighborhood and send dumb poo poo to printers all across the county then in highschool i cracked the wep wifi because i was a cool hackboi and it was just the school number repeated to however many digits wep requires which was kinda disappointing honestly, but at least i got to use the school internet (via my cool hackboi SSH tunnel proxy thing to get around the content filter) for the rest of highschool 
Shame Boy fucked around with this message at 20:58 on May 10, 2019 |
|
#
¿
May 10, 2019 20:56
|
|
|
i've got a question about old cryptography that y'all can probably answer: so i know that in world war 2, the allies used that weird robotic voice SIGSALY system for their highest-level communications. what did the axis powers use for that same role? was it just some more complicated variant of a rotor-based system like the enigma machine?
|
|
#
¿
May 12, 2019 22:52
|
|
|
Soricidus posted:I don’t think there was an exact equivalent, ie a cipher developed specifically for top level communications between different axis powers. they didn’t trust each other that much or work together as closely as the uk and usa did. for example, German communications with japan pretty much all went through the Japanese ambassador - hitler didn’t talk to hirohito directly or anything - and the ambassador just used standard Japanese codes, which were terrible and regularly broken by the allies. yeah ok, that fits with the gist i was getting when looking into it myself, it just seemed weird that i couldn't find anything that flat out said like, "this thing served a similar purpose as SIGSALY"
|
|
#
¿
May 13, 2019 00:32
|
|
|
Lain Iwakura posted:https://twitter.com/business/status/1128294423585071104?s=20 the bbc this morning covered the story by opening with "hackers have broken whatsapp's secure encryption!" guys words mean things
|
|
#
¿
May 14, 2019 22:10
|
|
|
thread favorite telegram is currently having what appears to be a worldwide outage so that's fun i wish my friends would use something that doesn't suck as much
|
|
#
¿
May 16, 2019 18:07
|
|
|
Soricidus posted:telegram desktop isn’t electron. (shame about all your other criteria!) wait it's not? it sure as hell seems like it, if it's not electron it at least follows the same design philosophy of "gently caress your local OS style, we're just going to design this like a web app and you'll deal with it"
|
|
#
¿
May 16, 2019 20:49
|
|
|
oh hey i got a variant of the "i have your password honest!!!" spam emails that assumes i'm a woman, how novel. most of it is the same but some of it is fun:quote:Hello, minx! it also goes into more effort than usual to explain how hacking works in simple stupid terms because girls r dum after all
|
|
#
¿
May 20, 2019 23:42
|
|
|
oh i thought it was english as a secondary language this whole time, which doesn't really have that problem, but ok
|
|
#
¿
May 21, 2019 14:56
|
|
|
Sagebrush posted:But what if it's not their secondary language? What if they speak Vietnamese and Tagalog and Mandarin and then English as their quaternary language, hmmmmm? then they have 3 secondary languages and one primary language 
|
|
#
¿
May 21, 2019 15:53
|
|
|
PCjr sidecar posted:so my executive got a cold call sales email from our current vpn appliance vendor identifying our current firewall mfr and product family (based on ‘research’) helpfully letting us know that gartner doesn’t think the firewall vendor is cutting edge and that they are see this is what i always imagined would happen if you don't uncheck that "send anonymous data to help us make our products better" box in every single piece of software
|
|
#
¿
May 24, 2019 14:50
|
|
|
Wiggly Wayne DDS posted:ah so you opted out of it being anonymous 
|
|
#
¿
May 24, 2019 15:01
|
|
|
obviously we need to replace everything with public/private partnerships
|
|
#
¿
May 26, 2019 22:13
|
|
|
BIGFOOT EROTICA posted:the only reason to have a Mexican bank account as a primary account with that much money in it as an American is if you’re dodging taxes or are laundering money it sounds like they're dodging taxes and building a retirement house in mexico so they can live cheaper and also dodge taxes
|
|
#
¿
May 28, 2019 14:46
|
|
|
Munkeymon posted:the process was pretty bad and may be the reason insulin prices weren't capped it's called blockchain
|
|
#
¿
May 28, 2019 14:58
|
|
|
haveblue posted:someone pointed out that "windows" has the same first three letters as a certain children's book character windows the poo
|
|
#
¿
May 28, 2019 20:58
|
|
|
|
| # ¿ Apr 26, 2024 10:04 |
|
|
flakeloaf posted:good: encrypt your stuff even if this dude didn't get arrested i bet the organized criminals he's selling to wouldn't really take kindly to that either
|
|
#
¿
May 29, 2019 17:59
|
|