|
CommieGIR posted:And BMW, and Mercedes, and basically everyone.
|
#
¿
May 16, 2019 04:26
|
|
|
|
| # ¿ Apr 25, 2024 14:30 |
|
|
it feels lame to post articles from the research group of my day job but everyone loves an AV fuckup right? https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 quote:The signature check was simply bypassed however by….wait…let’s see if you can see the problem. Here is CmdAgent.exe resolving the COM client’s process name to later invoke a signature check from disk:
|
|
#
¿
Jul 23, 2019 00:59
|
|
|
CommieGIR posted:Caveat: SSH should always be behind a VPN. Always. edit: to be clear: for a home network
|
|
#
¿
Sep 3, 2019 01:45
|
|
|
it's never a conscious choice, just a series of decisions between the benefits/risks of just-one-more-line vs a rewrite
|
|
#
¿
Sep 3, 2019 17:51
|
|
|
https://twitter.com/kcimc/status/1099934485301276673 was this already in the thread? w/e it was new to me.
|
|
#
¿
Oct 1, 2019 16:31
|
|
|
https://www.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/ suspicious charges repeatedly show up on amazon account despite 2fa etc, is maybe tracked to hidden smart TV attached to account 
|
|
#
¿
Nov 1, 2019 04:35
|
|
|
Midjack posted:iirc there’s something in the pci spec that requires a human readable number on the card for offline processing (there is a fixed number, you can reveal it using the phone app, or it’s autofilled in macOS / iOS as needed. and the magstrip has it encoded)
|
|
#
¿
Dec 20, 2019 06:53
|
|
|
motoh posted:possibly stdh, but also, brilliant capturing of hostile resources
|
|
#
¿
Jan 16, 2020 01:12
|
|
|
i don't see that anyone pasted the actual details of yesterday's windows vuln. i guess you can spoof any EC-using CA by using the spoofed CA's pubkey as the generator https://twitter.com/tqbf/status/1217518138885115906
|
|
#
¿
Jan 16, 2020 01:22
|
|
|
Diva Cupcake posted:this should be fun. ms08-067 and eternalblue redux. "Correction: This post has been updated to remove mention of a vulnerability that Microsoft had not actually disclosed." https://mobile.twitter.com/malwrhunterteam/status/1237445289914634240
|
|
#
¿
Mar 10, 2020 22:24
|
|
|
i was reading taviso's twitter timeline and i just got to the part where he doesn't have fingerprints https://twitter.com/taviso/status/1173366802333626368
|
|
#
¿
Mar 11, 2020 21:17
|
|
|
edit: i was pages behind, n/m
|
|
#
¿
Apr 7, 2020 02:08
|
|
|
did they get a bearhug at least
|
|
#
¿
May 14, 2020 17:20
|
|
|
https://www.youtube.com/watch?v=1hs451PfFzQ using Bayesian analysis on the Zelda Windwaker RNG to write tools to help speedrunners get through the battleship minigame.
|
|
#
¿
Jun 7, 2020 17:37
|
|
|
https://www.howmanydayssinceajwtalgnonevuln.com Hahahahahahahaha How The gently caress Is Alg=none Real Hahahaha Just Reject The Token Like Say No Haha
|
|
#
¿
Sep 1, 2020 22:47
|
|
|
speaking of, look who still uses WordPerfect 6.2 For DOS: https://news.ycombinator.com/item?id=24411333
|
|
#
¿
Sep 9, 2020 03:16
|
|
|
https://twitter.com/Laughing_Mantis/status/1308220848981962753 this subthread was fun too.
|
|
#
¿
Sep 22, 2020 18:05
|
|
|
Context: Microsoft has already confirmed next update for Windows 10 will automatically remove Flash Player.quote:While millions of kids are doing remote learning? That seems like a terrible idea, there is tons of educational sites using flash. quote:my kids' teachers have still been assigning Flash websites as school tasks - "play this educational game" sort of stuff - in recent months. quote:My teachers are also using Flash-enabled sites for their quiz and presentation 
|
|
#
¿
Dec 30, 2020 22:57
|
|
|
evil_bunnY posted:my favorite secfuck was a customer putting a not-free coffee machine by the consultants' offices, and us figuring out how to make it spit free coffee in exactly one day.
|
|
#
¿
Dec 31, 2020 18:53
|
|
|
some HN commenter posted:I'm surprised congressional office's laptops do not embed remotely detonated explosives/destruction devices triggered with sat or cellular comms. 
|
|
#
¿
Jan 8, 2021 22:22
|
|
|
Most of mine are locked away behind forums search.
|
|
#
¿
Mar 15, 2021 19:10
|
|
|
https://cookieconsentspeed.run
|
|
#
¿
Mar 19, 2021 21:42
|
|
|
https://twitter.com/kenklippenstein/status/1376572360770383876quote:An Amazon engineer thought @amazonnews had been hacked because its tweets are so “unnecessarily antagonistic”, per internal problem ticket leaked to me (screenshot below) quote:According to Recode, the suspicious tweets in fact came at the behest of Amazon CEO Jeff Bezos, who had recently conveyed disappointment to Amazon officials that the company was not pushing back against criticisms that he considered misleading. it never occurred to me that i can just report lovely exec behavior to our infosec team
|
|
#
¿
Mar 29, 2021 18:27
|
|
|
not looking good for my newborn son i named "asdf lkjasdf;"
|
|
#
¿
Apr 9, 2021 18:10
|
|
|
related tweet https://twitter.com/tonyhawk/status/1117312699703152645code:
|
|
#
¿
Apr 9, 2021 18:28
|
|
|
it is also a "security button"Buck Turgidson posted:couldn't you just make it one key this way you can have 7 different passwords tho
|
|
#
¿
May 6, 2021 22:28
|
|
|
the crime is... in the computer?
|
|
#
¿
Jun 1, 2021 14:19
|
|
|
lucida sans? tell it to the judge, hippie
|
|
#
¿
Jul 13, 2021 23:58
|
|
|
dang it i missed text/i18n chat. oh well, posting anyway:Shaggar posted:case sensitive file systems are incredibly stupid so is the fact that your case smashing rules change in e.g. german vs french locales maybe it's human text that is incredibly stupid, has anyone removed humans from computers
|
|
#
¿
Aug 30, 2021 22:46
|
|
|
well it’s definitely an opinion
|
|
#
¿
Aug 30, 2021 23:20
|
|
|
mild effort post: in the Turkish locale “i” and “I” are different letters and each has a corresponding dotted / dotless glyph in the opposite case. in the dutch locale ijssel == IJssel != Ijssel (technically) uppercase ß turns into SS in German, but not always vice versa for lowercase. there’s also a uppercase ß which you shouldn’t use because gently caress you, but you still need to handle it and keep it equivalent to SS and ß. traditionally you are not supposed to keep the accents on capitals in French (but this is changing) speaking of accents there are at least two ways to represent every common accented character in unicode (ref unicode normalizations, NF / NFK) if you want to have case insensitive filesystems (and they’re probably the better choice for users) you need to put all of the above into your stdlib or fs drivers. and it’s going to be full of bugs and probably exploits.
|
|
#
¿
Aug 31, 2021 06:35
|
|
|
forgot to answer the specific question about French vs German capitalization rules. really it’s french vs everyone else in this case but every locale has quirks like this. in french accents on capitals are optional, so in French locale ë == Ë == E but in German ë == Ë != E so what does your filesystem do if your German user makes two files E.txt and Ë.txt, puts it on a drive and gives it to their colleague on the other side of the Rhine? Ulf fucked around with this message at 17:21 on Aug 31, 2021 |
|
#
¿
Aug 31, 2021 06:48
|
|
|
it got adopted into "American style" but it was originally because publishers / typesetters thought it looked "more balanced" / "more pleasing". these days we're moving to "British style" and soon it'll be a relic like double-spacing and New Yorker diaereses. Shaggar posted:non-english languages should just be abandoned rather than trying to cater to all their stupid, pointless edge cases. i think i i18n-pilled shaggar
|
|
#
¿
Aug 31, 2021 17:19
|
|
|
BrianRx posted:So uh... is this thread remarkably linguistically diverse (for a US message board), are polyglots overrepresented in the security community, or what? This is all super interesting to me, but this is not the subforum where I expected to read it. Internationalization is very much on topic for the security thread . Ulf fucked around with this message at 17:37 on Aug 31, 2021 |
|
#
¿
Aug 31, 2021 17:35
|
|
|
spankmeister posted:nah this is one of his gimmicks  )also the fact that "there is no majuscule for ß" and yet it exists (ẞ) is a perfect encapsulation of the joy of text
|
|
#
¿
Aug 31, 2021 20:46
|
|
|
spankmeister posted:Its only saving grace is that it's so ubiquitous. Methanar posted:my favorite language fact is that the finnish language has no future tense. Ulf fucked around with this message at 22:51 on Aug 31, 2021 |
|
#
¿
Aug 31, 2021 22:46
|
|
|
Shame Boy posted:in the specific case of "weird letters for S" it's because the long S and the german ß were both descended from the same original character (do not steal) in ancient roman cursive ß is just a ligature of ſ + s (well, ſ + z according to the name, but it's ſ + s in appearance). This is the fuzzy zone in Unicode where the only difference between a font making a ligature for two characters next to each other such as "fi" or having it be its own code point is the various accidents of history. Security related content: if fuzzing for buffer overflows in displays the widest character in unicode is ﷽ which is a ligature for "In the name of Allah the Merciful". The longest ligature decomposition (afaik) is ﷺ ("peace and blessings of Allah be upon him"), which decomposes to U+0635 U+0644 U+0649 U+0020 U+0627 U+0644 U+0644 U+0647 U+0020 U+0639 U+0644 U+064A U+0647 U+0020 U+0648 U+0633 U+0644 U+0645 and is useful for tickling normalization overflows. The way many of these get into unicode is via unicode's goal of being a superset of all other charsets; if it's gone into any of the hundreds of pre-unicode charsets it gets into unicode.
|
|
#
¿
Sep 1, 2021 23:28
|
|
|
is this an arg
|
|
#
¿
Sep 9, 2021 17:52
|
|
|
kjs501
|
|
#
¿
Sep 26, 2021 15:39
|
|
|
|
| # ¿ Apr 25, 2024 14:30 |
|
|
https://www.pcmag.com/news/microsoft-patent-describes-tracking-brain-activity-to-mine-cryptocurrencylovely cyberpunk near future posted:The application, entitled “Cryptocurrency System Using Body Activity Data” explains how a “brain wave or body heat emitted from the user when the user performs the task provided by an information service provider, such as viewing an advertisement or using certain internet services, can be used in the mining process.” good thing the article is laughable bullshit
|
|
#
¿
Sep 26, 2021 17:06
|
|