Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



obstipator posted:

what a strange title. i dont think theres nazis on these forums

sure there's not, guy i only remember because of that time you got made fun of by lowtax for unironically using the term "social justice warrior"

Adbot
ADBOT LOVES YOU

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Captain Foo posted:

warby parker is legit but lol who authorized that

i'm sure they just went "hey app company, can you make us an app that sees what kind of glasses you need? thanks" and literally every app designer i know would come up with a solution like that without even thinking twice about how stupid it is

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



that reminds me, we once had a customer that demanded the ability to log in (over the network!) using just their badges and no password or anything else. no problem, they must be smart card badges and we can just use PKI right?

lol no, they're laminated cardstock from a laser printer with a barcode on them, and the barcode encodes the username and nothing else. they'd been using these for years and couldn't understand why we had such a problem with the whole thing. :thumbsup:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



graph posted:

the client..... doesn't understand poo poo about anything ???

thats good tho

but their "security guy" said it was fine, so it's fine!

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



yeah if the password was not only not required but not allowed and you could only use (actual) smart cards that's fine, if it was just not required that's... different

i doubt it's the same company because the system in question isn't using active directory and was a custom thing they had patched into the particular (cash register! :stonk:) software they were using

but it's fine because if you tried to log in manually (in the UI, not in the actual network endpoints they made of course) it would require the password, the only way to log in without the password was to scan your barcode and it's not like just anyone can generate a barcode right? i bet it requires some special machine

or, you know, take a picture of the manager wearing their ID on a lanyard with the barcode prominently displayed and just zoom in on the barcode and hold your phone up to the scanner

god the more i think about it the stupider it gets

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Boiled Water posted:

either is equally likely

or it costs extra, or better yet changes how you have to license the thing so every SSO user requires a seat, or something like that, because oracle

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



i bought a real fancy scanner on ebay cuz i make bad decisions with money and it was super cheap cuz it was used. it's got a lot of very advanced ~enterprisey~ security features, and was clearly used by some big company that was probably getting rid of surplus or something.

anyway it finally showed up today and i try to use it only to realize it needs an admin login to even do a factory reset. oh no, did i just waste my mon-

oh the username is "admin" and the password is "password", ok :geno:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



saved credentials and path to their file sharing server and saved credentials for their sharepoint instance but it doesn't really have any internal file storage beyond an initial ram cache (though it does have a secure erase feature which they didn't use of course)

however they did have one saved network admin account, I assume for maintenance, and that admin account was named like "pyxis-service". the only major thing I can find with the name 'pyxis' is a brand of pharmacy management / drug dispensing things, so i'm guessing this scanner was originally from a pharmacy and sold as part of a complete system along with a service contract, maybe for scanning prescriptions

you know, exactly the kind of place that should run the loving secure erase feature before selling it

e: at least i think it has sharepoint credentials, it says sharepoint is configured according to the on-device configuration thing but i think to actually access the config for that you need to use the admin tool which requires some ancient version of internet explorer and i can't be assed to set that up right now. i could definitely see the fileshare credentials and the user accounts though so :v:

Shame Boy fucked around with this message at 19:18 on Apr 28, 2019

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Midjack posted:

pyxis is more commonly seen in hospitals to track and dispense sensitive but high volume drugs, so rather than the pharmacy sending a dude up to the icu with a bottle of morphine they stock the cabinet in the icu with 20 of them at the start of the day and when the order comes in and is approved, the hospital pharmacy just punches a button and the bottle drops right out into the icu nurseís hand. it would be weird to have that at a retail pharmacy, though.

i know at least one retail pharmacy with a robotic filling... cabinet... thing, my friend was the pharmacist there, is that something else?

i mostly know about it because they had just installed it and it had tons of problems and was loving up all the time and he had to manually re-check everything it did because a few times he caught it giving out way too many pills (and once, the wrong pills altogether) so that was fun.

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Sagebrush posted:

what does the scanner do that makes it so desirable?

it's a real good scanner, like i can put a stack of 100 papers in the feeder and it will quickly but accurately take them one at a time, scan them, exclude blank ones, flip them to be right-side-up if I hosed it up, and even run ocr on them to make the resulting pdf's text-searchable. then it can just drop the resulting file on a windows file server or ftp server, or email it, or send it directly to a printer so it acts like a copier, without any sort of interaction from a computer or drivers needing to be installed. plus it can be managed using active directory and a central config server, there's a bunch of fine-grained access controls and encryption, even a goddamn sdk if you want to write your own software to run on the scanner (it's got a touch screen interface)

i totally would not pay retail for it even if i was going to use all the features because it's massively overpriced but i got it real cheap on ebay and the only thing i had to do was replace a ~$20 worn-out roller and it's good for another 50,000 pages

it's total overkill for what i'm actually using it for but drat if it isn't fun from a dork-rear end computer janitor perspective

e: i think the reason the hospital or w/e would want it is because it's explicitly hipaa compliant in some way according to the specs, so i'm guessing they're the primary customers

Shame Boy fucked around with this message at 20:02 on Apr 28, 2019

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



simble posted:

whats the make/model of this mega scanner? kind of curious...

it's a fujitsu scansnap n1800

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



pseudorandom posted:

Thanks for this response, I was curious about it too. As a nerd who frequents The Dorkroom most of my scanner priorities are centered around DPI, but even just the concept of a multi-page feeder is enough to make something like this sound appealing.

I'm glad others have bought up checking internal storage, because that was my second question.

gently caress, pharmaceutical software and security is giving me flashbacks to my summer internship at a security company when I was helping with a pen test of some pharma web app. I'm really glad I worked that job, because it helped me quickly realize that, while I enjoyed the concept of pen testing, it was not what I wanted to do for a career.

oh yeah this is very much just a document scanner, if you kick its dpi up to the eye-watering maximum of 600 whole dots per inch it gets massively slower and a bunch of limits kick in, like you can't use a bunch of the features because (i assume) it can't process stuff that big. however for documents 200 to 300dpi is completely fine, it generates very good scans with that, and it has a weird feature where it will like, scan a small slice of it and determine what dpi it should use to get legible results? not quite sure how that works but so far i like it :shrug:

i have a bunch of mail i've been wanting to scan that i can't get delivered online yet (stuff like the contract for my renter's insurance, something i really want a copy of but at the same time will probably never actually need the physical stack of 50 pages that it's made of) and after using a crummy all in one inkjet printer to do this previously one page at a time, just being able to drop in a big-rear end stack of papers and hit a button is real satisfying

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Lutha Mahtin posted:

my work badge is a piece of plastic with just my name, title, and a low-res image of the company logo that you can probably find an exact .jpg of on our public website. no chips, no barcodes, no photo. this was instituted because some manager(s) with enough clout are obsessed with mass shootings. so yeah now we have to watch an awful training video every year that instructs us to take down an active shooter if we can't escape or hide

oh btw like 80% of people with this type of badge forget to bring it when they come to the central office :thumbsup:

how is that going to stop an active shooter

i mean the badge part, the "throw yourself at them to save the executives" bit makes perfect sense

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



really glad i got the last model year of my car that has a basic radio without a big screen or usb connections or anything and the only vaguely modern part of it is simple bluetooth pairing for music

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR




i sat here for like 10 to 15 seconds carefully reading the left-hand text to figure out why you'd link this, then was just like "oh" out loud

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



favorite bit from the yearly security "training" i just "took": telnet, ftp and http are the "less secure" versions of ssh, sftp and https

i mean i guess that's correct in that completely insecure is less secure than secure

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



turns out it was made internally by the junior IT guy, i chatted him up about it and he said he was just in a hurry and worded it a bit weird :shrug:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Lain Iwakura posted:

code:
$ ssh [email]user@hostname.somethingawful.com[/email] -L 2222: hostname.somethingawful.com:23
secure telnet

[edit]

thanks radium

we have a thing at work that operates by SSH'ing into a box and forwarding a port like that, then automatically launching netcat to further forward the port from the box to something else

i mean it works i guess

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



i just got some fun spam

quote:

Magecart, a cyber attack that steals credit card details from unsecured online forms, is rapidly becoming the number one threat for e-commerce websites. Donít let it reach your platform.

In this webinar, Digital Experience Specialist James Carter will walk you through how Magecart groups operate, why these attacks are dangerous, and why preventing data access is your only best defense against them. Watch it now to protect your website and your customersí most important data.

thank god we have Digital Experience Specialist James Carter to walk us through how to prevent data access

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



ewiley posted:

Getting extremely tired of the scam emails obviously culling addresses from credential dumps then sending 'lol I infected the porn site you were watching with malware and now I know your password, pay me bitcoin!'. It's just so lazy.

at least the ones you get actually have your old password still, most of the ones i've gotten lately don't even have that and just want you to trust them that they definitely stole your account pinky swear

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



i want that database to get compromised so i can see how many people used "boners" or "weed" or "gently caress"

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Subjunctive posted:

Iím going to abuse my relationship with Lain to post a job description here. I donít read YOSPOS anymore so PM me or sbjnctv@gmail.com if youíre a loser without plat.

Iím going to need a software developer focused on security soon. Hit me if thatís you.

- Iíd be your bossí boss, and youíll never have as supportive a management chain as this one. Iím not kidding even a little.
- you need to make good decisions about tooling vs process vs just writing the diffs and tests yourself
- someone else handles all the certification/audit poo poo, you just deal with real problems and getting ahead of them
- our office is attached to a downtown subway station (line 1, west line best line)
- other software developers want to do a good job and will thank you for helping them not gently caress up
- when you tell a PM they shouldnít ship because of a security issue, they listen
- strong privacy and tech ethics values, and we spend to honour them
- training? conferences? working from Tbilisi for two weeks because youíve never been there (actual example)? tell your boss how it makes sense and sure. youíre an adult
- more than a year of runway
- actual paying customers
- you should be able to tell me about how you fixed a security fuckup and made sure it stayed fixed
- we have fired recruiting agencies for bringing us only white dudes for leadership and tech positions
- you donít need to know about AI, but youíll sure learn about it, including privacy and bias pieces
- talking to people (internal mostly) is part of the job. you can get coached to gently caress and back, but you canít dodge it
- youíre moving to Toronto or convincing me that you can kick all the rear end if youíre here 1 out of 3 weeks
- your options are meaningfully in the black on day one because Canadian tax accounting is amazing

e: Lain isnít even OP, well whatever

what kind of software is this developing, or at least what languages? it's not php is it :ohdear:

also I have stories of fixing security fuckups but i feel they're not as good as other posters' stories because the place i was working was appallingly bad so it was stuff like "make it so you actually need a password to access this private server" or "replace unsalted MD5 with something less stupid" or my favorite, "discover that one of the main servers had been running an ancient version of tomcat that was vulnerable to literally everything and hadn't been updated in a decade and I was the first person to ever notice because everyone thought the dozens of different malwares that had been installed on it was just part of our software"

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Subjunctive posted:

I should say that I don't care what languages you know already, because learning languages while working in a code base with co-workers to ask is not a tall order. I care how you think about security problems in the context of software, policy, tooling, product features, etc.

yeah i think "be able to learn new languages" is something any developer should be able to do just as part of their job, i was more asking just out of curiosity cuz there are certainly some languages i enjoy working with more than others :shrug:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR




i'd never even heard of "hendry county" yet apparently I live like a two and a half hour drive away from it so lol. i guess i never realized anyone lived in that area, i thought it was all like, dredged everglades wasteland

anyway good job kids :golfclap:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



all the networks in the entire school district were connected together into one massive network so by like 4th grade i figured out i could open up network neighborhood and send dumb poo poo to printers all across the county

then in highschool i cracked the wep wifi because i was a cool hackboi and it was just the school number repeated to however many digits wep requires which was kinda disappointing honestly, but at least i got to use the school internet (via my cool hackboi SSH tunnel proxy thing to get around the content filter) for the rest of highschool :c00lbert:

Shame Boy fucked around with this message at 19:58 on May 10, 2019

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



i've got a question about old cryptography that y'all can probably answer: so i know that in world war 2, the allies used that weird robotic voice SIGSALY system for their highest-level communications. what did the axis powers use for that same role? was it just some more complicated variant of a rotor-based system like the enigma machine?

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Soricidus posted:

I donít think there was an exact equivalent, ie a cipher developed specifically for top level communications between different axis powers. they didnít trust each other that much or work together as closely as the uk and usa did. for example, German communications with japan pretty much all went through the Japanese ambassador - hitler didnít talk to hirohito directly or anything - and the ambassador just used standard Japanese codes, which were terrible and regularly broken by the allies.

so the closest thing was probably the german Lorenz cipher, which hitler used personally to communicate with military commands. it was a rotor-based cipher but quite different from enigma - it was basically an early stream cipher operating on 5-bit characters. the british figured out how it worked just from a few instances of key reuse, then built colossus to break it.

yeah ok, that fits with the gist i was getting when looking into it myself, it just seemed weird that i couldn't find anything that flat out said like, "this thing served a similar purpose as SIGSALY"

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Lain Iwakura posted:

https://twitter.com/business/status/1128294423585071104?s=20

bloomberg is a reputable publication that should report on security more often because it does a good job at that

the bbc this morning covered the story by opening with "hackers have broken whatsapp's secure encryption!"

guys words mean things

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



thread favorite telegram is currently having what appears to be a worldwide outage so that's fun

i wish my friends would use something that doesn't suck as much

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Soricidus posted:

telegram desktop isnít electron. (shame about all your other criteria!)

wait it's not? it sure as hell seems like it, if it's not electron it at least follows the same design philosophy of "gently caress your local OS style, we're just going to design this like a web app and you'll deal with it"

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



oh hey i got a variant of the "i have your password honest!!!" spam emails that assumes i'm a woman, how novel. most of it is the same but some of it is fun:

quote:

Hello, minx!
...
I scanned your hard drive and found enough of your frank and very sexy photos to be surprised.
Oh yeah! You are beautiful and amazing. I would not mind having an affair with you but I need the funds.
...
Be clever girl!

Your respectable observer.

it also goes into more effort than usual to explain how hacking works in simple stupid terms because girls r dum after all

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



oh i thought it was english as a secondary language this whole time, which doesn't really have that problem, but ok

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Sagebrush posted:

But what if it's not their secondary language? What if they speak Vietnamese and Tagalog and Mandarin and then English as their quaternary language, hmmmmm?

then they have 3 secondary languages and one primary language :colbert:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



PCjr sidecar posted:

so my executive got a cold call sales email from our current vpn appliance vendor identifying our current firewall mfr and product family (based on Ďresearchí) helpfully letting us know that gartner doesnít think the firewall vendor is cutting edge and that they are

im pretty sure they fingerprinted it from the vpn appliance inside my net

bye

see this is what i always imagined would happen if you don't uncheck that "send anonymous data to help us make our products better" box in every single piece of software

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Wiggly Wayne DDS posted:

ah so you opted out of it being anonymous

:argh:

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



obviously we need to replace everything with public/private partnerships

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



BIGFOOT EROTICA posted:

the only reason to have a Mexican bank account as a primary account with that much money in it as an American is if youíre dodging taxes or are laundering money

it sounds like they're dodging taxes and building a retirement house in mexico so they can live cheaper and also dodge taxes

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



Munkeymon posted:

the process was pretty bad and may be the reason insulin prices weren't capped

I've been wondering for a while now if selling a dumbed down git clone to legislatures to handle what are effectively giant merge conflicts would be a good business or if they'd just stubbornly refuse to do it electronically

it's called blockchain

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



haveblue posted:

someone pointed out that "windows" has the same first three letters as a certain children's book character

windows the poo

Adbot
ADBOT LOVES YOU

Shame Boy
Mar 2, 2010

THE HORROR
THE HORROR



flakeloaf posted:

good: encrypt your stuff

very good: i will help you encrypt your stuff

very very stupid: gloating about all the crime you're absolutely positive you're helping

even if this dude didn't get arrested i bet the organized criminals he's selling to wouldn't really take kindly to that either

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply