|
mine was working until about 20 minutes ago then suddenly popped up that it had disabled add-ons, so i'm guessing it does periodic checks. using the debugging side-load method works
|
#
¿
May 4, 2019 15:57
|
|
|
|
| # ¿ Dec 5, 2023 05:02 |
|
|
you can use about:debug and sideload your addons if you need to, the xpi files are stored in the profile folder.
|
|
#
¿
May 4, 2019 23:38
|
|
|
pseudorandom name posted:side-loading your add-ons will just gently caress them up when your installation fixes itself how so? i just checked an i don't have the fix yet, and all attempts to install addons from the store fail, but i'd prefer not to run without ad blocking
|
|
#
¿
May 4, 2019 23:50
|
|
|
Pile Of Garbage posted:from what i understand side-loading extensions with extension debugging enabled only affects the current browser session and doesn't persist when the browser is restarted. i was using the feature as a workaround prior to installing v66.0.4 and haven't experienced any issues. it is single session only, you have to re-do it if you restart the browser, and there was no problem whatsoever re-installing the add-ons from the store after they pushed 66.0.4
|
|
#
¿
May 6, 2019 12:47
|
|
|
fml. they have my credit card number for my mother's phone service. welp. time for a new card.
|
|
#
¿
May 8, 2019 14:02
|
|
|
javascript card skimming via merchant services analytics in the wild
|
|
#
¿
May 9, 2019 12:32
|
|
|
i like that the exfiltration is just appending all the details to an image load request
|
|
#
¿
May 9, 2019 12:52
|
|
|
Volmarias posted:The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do. the old peel district school board netware configuration was set such that passwords would expire after 6 months. once the password expired any password would be accepted and allow you to set a new password for the account. generally all the passwords on the system would expire within about a week of each other. comedy would ensue oh, and we had board-wide federated authentication set up like this, meaning it was possible to take over global admin accounts if their passwords expired.
|
|
#
¿
May 10, 2019 21:46
|
|
|
Subjunctive posted:they probably interviewed multiple people before selecting whoever made those choices i've never met the cto for pdsb, probably for the best. i wound up doing admin/tech work for the schools on and off for a while as a teen.
|
|
#
¿
May 11, 2019 04:47
|
|
|
Are y'all sure this isn't one of those NN generated papers?
|
|
#
¿
May 11, 2019 19:21
|
|
|
flakeloaf posted:https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114 security is a process, and a big part of that process is you not being an absolute goddamned idiot just every second of every day
|
|
#
¿
May 13, 2019 15:41
|
|
|
Wiggly Wayne DDS posted:been a while since the last pre-auth rdp rce thank christ we've moved everyone off windows 7
|
|
#
¿
May 14, 2019 17:43
|
|
|
|
|
#
¿
May 14, 2019 18:36
|
|
|
it is a joke
|
|
#
¿
May 16, 2019 15:57
|
|
|
do people still use QQ? is that a thing anymore?
|
|
#
¿
May 16, 2019 18:47
|
|
|
those bitcoin extortion messages are gender targeted (presumably based on the email address)
|
|
#
¿
May 21, 2019 02:11
|
|
|
very clever, but it's exploits all the way down
|
|
#
¿
May 22, 2019 22:31
|
|
|
funnily enough, some of those taxes probably help organize and operate the fdic shame about that, really
|
|
#
¿
May 28, 2019 13:49
|
|
|
haveblue posted:the fdic is funded not by taxes but by charging premiums to participating banks so unfortunately there is less irony than there could have been ah, my mistake
|
|
#
¿
May 28, 2019 14:01
|
|
|
Subjunctive posted:that’s all bullshit left over from people getting cute with address parsing in the BSD inet4 utilities. it’s not in a standard (afaik) and nothing should support it. no legitimate use case needs to express a v4 address as undifferentiated 32-bit integer syntax; its only useful for phishing and such. I tried to kill it from Firefox like 15 years ago because people also wanted to support the IE nonsense of http://531.202.330.721/, but nooooo. that's been a thing since forever tho. i used that poo poo back in high school to bypass our web filtering. if you see a number in an address location you should assume it's a routable address
|
|
#
¿
Jun 1, 2019 20:12
|
|
|
oh and also not run random poo poo off the web that pipes something arbitrarily into the shell
|
|
#
¿
Jun 1, 2019 20:14
|
|
|
D. Ebdrup posted:Heck, why not broaden the scope: "Don't pipe things into other things when you don't understand what they do" yeah, this thing
|
|
#
¿
Jun 1, 2019 20:52
|
|
|
Wait, did someone suggest this was good design as opposed to just "the way it works"?
|
|
#
¿
Jun 2, 2019 06:45
|
|
|
Ur Getting Fatter posted:I remember some stuff being posted here about certain laptop manufacturers hiding code in hidden partitions that would reinstall their poo poo even if you completely formatted the drive and reinstalled windows from a clean media install. that was in efi, so replacing the hard drive wouldn't prevent it from pushing the app back into the install
|
|
#
¿
Jun 5, 2019 14:54
|
|
|
assuming you can disable vpro/amt and any other remote asset management stuff in the bios then a wipe and reinstall from USB media should be good enough
|
|
#
¿
Jun 5, 2019 15:19
|
|
|
Subjunctive posted:I think he’s going to use it for work, which likely involves PII and credentials to valuable services. not likely a state target, but consequences to getting owned maybe don't do that? or at least don't allow PII to touch anything outside of your own infrastructure and use 2fa for services and remote access idk, you already know this stuff e: by don't do that i mean don't buy used equipment for business use if this is a concern. that's probably easier than going all cloak and dagger on the system on the off chance it has some persistent malware or something infernal machines fucked around with this message at 00:45 on Jun 6, 2019 |
|
#
¿
Jun 6, 2019 00:42
|
|
|
worrying about it at all is going all cloak and dagger. if doing a wipe and reload is not sufficient for your security purposes, then you already have larger problems because you're trying to manage endpoint security on employee owned devices.
|
|
#
¿
Jun 6, 2019 00:52
|
|
|
evil_bunnY posted:Doesn't exfiltrate poo poo, windows will happily run it elevated i'm p. sure that was a "badbios" reference
|
|
#
¿
Jun 6, 2019 13:38
|
|
|
dehumanize yourself and face to PCI DSS
|
|
#
¿
Jun 6, 2019 15:41
|
|
|
mystes posted:It would actually work a lot better then tile because every iphone in the world would be looking for your keys, rather than just people running the tile app. there has to be a shitload of overhead here though, no?
|
|
#
¿
Jun 6, 2019 21:53
|
|
|
is that some ancient-rear end pci dss mode or did someone actually do a GPO to limit it like that on purpose?
|
|
#
¿
Jun 11, 2019 15:25
|
|
|
i don't know how that guy isn't waking up with a horse's head in his bed every day
|
|
#
¿
Jun 11, 2019 18:37
|
|
|
and ecc won't save you https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/
|
|
#
¿
Jun 11, 2019 19:07
|
|
|
BangersInMyKnickers posted:browsers mitigated by reducing the resolution on you can achieve with time sampling in javascript to the point that it wasn't possible to execute the attack. You need to be running outside the browser sandbox these days so you can go hog-wild with memory access. Or exploit the lovely JRE that a bunch of people still have installed isn't oracle doing a thing where you can't use the newer versions of the jre for anything on pain of death, oh and btw every previous release ever has critical exploits
|
|
#
¿
Jun 11, 2019 21:38
|
|
|
people: we want microsoft to be more responsive to security issues also people: we want microsoft to stop blowing up our machines with half-baked updates microsoft: 
|
|
#
¿
Jun 12, 2019 15:27
|
|
|
qa is just a subset of development, right? we already pay developers, so why would we pay for qa?
|
|
#
¿
Jun 12, 2019 15:29
|
|
|
Ur Getting Fatter posted:it's me, im the sec fuckup that clicked the obvious One Drive phishing link from a clearly compromised client (i did not give credentials but lol if I didn't blindly click those links). I really wish microsoft could figure out how to effectively filter those because they explicitly target o365 domains and it's a huge pain in the dick explaining to clients why they can't actually trust shared document links sent from people they know irl because there's a good chance it's one of these
|
|
#
¿
Jun 12, 2019 19:52
|
|
|
lmao. literally just had a client in o365 almost certainly hit by one of these. whoever got their credentials used it to organize a wire transfer for like fml e: n/m they flagged it and it didn't go through, well good new there i guess e2: they flagged it as suspicious, then the account manager violated policy and processed the transaction anyway. lmao. someone is getting hosed for this. infernal machines fucked around with this message at 22:12 on Jun 12, 2019 |
|
#
¿
Jun 12, 2019 20:23
|
|
|
otoh the bug is in every secure channel thing in every version of windows, so wherever it's located it's exposed to a lot of stuff. possibly stuff that breaks in exciting ways if some specific stupid behaviour changes
|
|
#
¿
Jun 12, 2019 22:40
|
|
|
|
| # ¿ Dec 5, 2023 05:02 |
|
|
Subjunctive posted:I wonder how to do that in gsuite. i think it goes something like this https://www.youtube.com/watch?v=BpsMkLaEiOY
|
|
#
¿
Jun 13, 2019 01:54
|
|