|
pos software is aptly named
|
# ¿ Apr 25, 2019 14:46 |
|
|
# ¿ Apr 25, 2024 18:53 |
|
changing the password regularly (e.g. daily) is also a good way to make people actually look it up in the appropriate system every time, instead of writing it on a post-it or something
|
# ¿ Apr 27, 2019 07:47 |
|
more like "root shell"
|
# ¿ May 4, 2019 03:43 |
|
Volmarias posted:"Your parents now have to figure out wtf to do with you during this time, when they would normally be at work, they will punish you far more effectively than we will" yeah, but that stops working once you're talking about kids that are old enough for the parents to just say "whatever just stay home and play videogames all day"
|
# ¿ May 11, 2019 15:47 |
|
Winkle-Daddy posted:doesn't sound terrible to fix: my read of that is that the code that decides what to do when secure boot can't verify the firmware can itself be modified, so all you need to do is modify it to just boot anyway.
|
# ¿ May 14, 2019 01:49 |
|
there's probably some amd designer that's been spending years trying to do fast speculative execution that doesn't leak a bunch of state between virtual cores, and being frustrated that they just can't quite get it as fast as intel. i guess they'd be feeling a little vindicated now.
|
# ¿ May 15, 2019 17:39 |
|
there's a massive difference between knowing a language via hearing it a lot while the language centers of the brain are forming, vs. learning a language through the application of hard work and effort once those structures are already in place.
|
# ¿ May 21, 2019 15:30 |
|
I'm the binaries checked into source control, which may or may not be compiled from the accompanying code.
|
# ¿ May 22, 2019 10:44 |
|
i mean, notepad does do text layout (break into lines, tab spacing, etc.), and unicode so i wouldn't be too surprised if it turned out some obscure combination of those things blew a stack buffer
|
# ¿ Jun 4, 2019 17:10 |
|
lolnovo
|
# ¿ Jun 5, 2019 19:20 |
|
"Buying a new hard drive (which you were going to do anyway)" is "going all cloak and dagger"?
|
# ¿ Jun 6, 2019 01:50 |
|
it's a good thing we have an elaborate and expensive certification process to ensure that cryptographic solutions work correctly and aren't broken. it would really suck if it was just bureaucratic horseshit that made it very expensive to create compliant implementations while not actually providing any meaningful benefit
|
# ¿ Jun 18, 2019 04:35 |
|
fails in providing security
|
# ¿ Jun 19, 2019 01:39 |
|
wanna bet that it gets changed instantly the moment a politician or rich person ends up getting scammed that way?
|
# ¿ Jun 25, 2019 01:03 |
|
dang, you must have made a typo because the auto-* feature didn't pick it up
|
# ¿ Jun 28, 2019 06:56 |
|
akadajet posted:did star citizen come out? It depends on what the discussion is. If you're talking about how they're incompetent and take forever to implement the things they've promised then actually the game is out and you can play it right now! If you're talking about how the thing they've released is buggy as poo poo and laughably incomplete compared to what they've promised then actually it's just a test build, the game isn't released yet and it will be awesome when it is.
|
# ¿ Jul 1, 2019 06:18 |
|
it's a start
|
# ¿ Jul 13, 2019 09:31 |
|
if you really thought it was worthy, you'd emptyquote it and eat the probe
|
# ¿ Jul 15, 2019 06:36 |
|
i'm not really getting how that's more of a problem for someone looking to fork the kernel than it is for the current kernel developers themselves
|
# ¿ Jul 18, 2019 16:22 |
|
CRIP EATIN BREAD posted:if they really mean backdoor in the encryption and not the app, then the minute the government says "you HAVE to use encryption scheme/cipher X", everybody and their brother is going to be going over it with a fine-toothed comb to figure out what the exploit is. it'll be something like dual-ec-drbg where it's only exploitable if you were the one that generated the parameters and know how they're related
|
# ¿ Jul 23, 2019 18:02 |
|
of course i have a girlfriend, no it's a long-distance thing you can't meet her yes the only pictures she sends me are publically available photos of a porn star
|
# ¿ Jul 26, 2019 18:03 |
|
my understanding is you can get a low-limit credit card if you have income but no credit history, and then by paying that off you establish yourself as "someone who knows how to transfer money from their bank account in order to pay their debts"
|
# ¿ Jul 30, 2019 12:04 |
|
Kazinsal posted:if it were 1972 I'd want to go into compsci research but every actual game-changing research paper has been written this is a pretty self-centered way of saying "i can't think of anything that hasn't been done already"
|
# ¿ Aug 2, 2019 04:19 |
|
whoever wrote that complaint really likes italicising the phrase three months
|
# ¿ Aug 3, 2019 05:56 |
|
the delete link is actually perfectly idempotent, in that opening it multiple times will still only delete the post once what you want is for opening it zero times to have the same effect as opening it one or more times
|
# ¿ Aug 8, 2019 02:00 |
|
you need physical access to the unlocked device, lol here's another security flaw for ya: a hacker can browse through your contacts and copy the information with a pen and paper
|
# ¿ Aug 12, 2019 00:53 |
|
if apple is storing plaintext passwords somewhere for this to leak then yeah that's a fuckup, but i don't see that mentioned in the article? the entire passwords line seems to be "the hacker could set up malware that steals your password if you type it in later" and again, need physical access and for the device to already be unlocked.
|
# ¿ Aug 12, 2019 01:06 |
|
ctfmon? run strings on it and see if there's a flag{} somewhere
|
# ¿ Aug 13, 2019 16:04 |
|
Bug is still locked down, so it's hard to see the details. Are they literally storing plaintext passwords and the master password only controls whether the ui lets you see them?
|
# ¿ Aug 15, 2019 10:42 |
|
it'd be great if there was a way for a mitm proxy to say "hey i'm mitming your traffic, here's my certificate, here's what the website presented" and then the browser could validate the original cert appropriately and even still do meaningful cert pinning. but apparently the sort of people that want to run an mitm proxy for enterprise monitoring or whatever also throw a massive fit if you dare tell users that their employer is monitoring their connection, so that sort of thing is basically a non-starter.
|
# ¿ Aug 15, 2019 16:36 |
|
you can run an mitm proxy already, if you can install your own root ca on your user's computers. people literally do this, today, for various reasons. yes, there would be interest in letting people be more secure while their employer is doing that.
|
# ¿ Aug 15, 2019 16:51 |
|
mystes posted:Are the browser developers and the people designing TLS interested in providing a way for the browser to independently verify the integrity of the page while simultaneously allowing the connection to be intercepted by a proxy (using a CA cert)? the people running mitm proxies were literally throwing their toys out of the pram after android started showing a notification when you had an enterprise ca cert installed on your device
|
# ¿ Aug 15, 2019 17:06 |
|
Love to have my kernel code read values directly from userspace, and then read them again assuming they haven't changed.
|
# ¿ Aug 30, 2019 09:16 |
|
it'd still be real problematic even if they were only uploading the library hashes, hth
|
# ¿ Sep 1, 2019 11:53 |
|
CommieGIR posted:Because it can easily be MITM if you are on a public connection, it increases your attack surface, and its just not good in practice. If you are also not setting up Fail2Ban or some sort of MFA alongside it, someone someday is going to get in. It sure sounds like that's what you're implying? What else does this mean?
|
# ¿ Sep 3, 2019 01:58 |
|
CommieGIR posted:Shared key and Pub key are different words for the same things. This is emphatically not true. Where are you getting your security ideas from anyway? Well-meaning-but-totally-naive blog posts?
|
# ¿ Sep 3, 2019 02:41 |
|
All security is about usability. If your goal is something that is secure but unusable you should just turn your computer off and be done with it. Port knocking is dumb as hell because sending a second password in cleartext doesn't add any security at all while majorly impacting usability. It's a bad tradeoff no matter how you look at it. Using a nonstandard port could be fine, since it's not a significant penalty to usability, but the main upsides aren't actually security related and are more about just not having your network clogged with lovely scanner traffic.
|
# ¿ Sep 3, 2019 02:54 |
|
CommieGIR posted:Port knocking is not a password. And it opens the ssh port, which is closed until you execute the knocks. The sequence of ports is de facto a password. Sending your password in cleartext doesn't magically become more secure just because you put it in the port number field instead of in the payload.
|
# ¿ Sep 3, 2019 03:11 |
|
So you're admitting that your scheme adds no security at all, merely impairs usability by making it so that you, the legitimate user, need to jump through hoops before you can connect?
|
# ¿ Sep 3, 2019 03:18 |
|
|
# ¿ Apr 25, 2024 18:53 |
|
Remember that my position here was "port knock schemes are dumb as hell, because they cripple usability while not adding any security" - thanks for helping prove that to everyone else. My server requires you to recite ten Hail Mary's and three Lord's Prayer's before connecting, and yes it's inconvenient and also trivial for anyone to bypass that requirement, but hey layered security and defense in depth, right?
|
# ¿ Sep 3, 2019 03:29 |