|
newer hyundais run android. there's an escape for my 2017 ioniq floating about that is more or less useless for me since i use iOS the password to get into engineering mode is literally the clock's time https://forum.xda-developers.com/general/connected-car/hack-navigation-multimedia-systems-kia-t3892333 Lain Iwakura fucked around with this message at 15:02 on Apr 30, 2019 |
# ¿ Apr 30, 2019 14:58 |
|
|
# ¿ Mar 29, 2024 07:14 |
|
considering when i scanned afrinic a almost a decade ago, i found multitudes of telnet servers tagged as belonging to vodaphone and were not huawei equipment either (like nortel, qualcomm, nokia, and cisco)
|
# ¿ Apr 30, 2019 21:10 |
|
pre-masscan, scanning a /8 took a long time
|
# ¿ Apr 30, 2019 21:38 |
|
code:
[edit] thanks radium
|
# ¿ May 3, 2019 23:47 |
|
https://blitter.net/blog/2019/05/04/exploring-the-pippin-roms-part-7-a-lot-to-digestcode:
|
# ¿ May 6, 2019 18:28 |
|
https://techcrunch.com/2019/05/07/freedom-mobile-data-leak/ nothing like logging passwords in plaintext in a log collector
|
# ¿ May 8, 2019 14:52 |
|
https://twitter.com/KateLibc/status/1125963290050359301 i'm having fun with this. i wonder what sort of sensitive data exists within
|
# ¿ May 8, 2019 16:02 |
|
https://twitter.com/filosottile/status/1125840275346198529
|
# ¿ May 8, 2019 17:16 |
|
Subjunctive posted:I’m going to abuse my relationship with Lain to post a job description here. I don’t read YOSPOS anymore so PM me or sbjnctv@gmail.com if you’re a loser without plat. there's a decent vegan place near your work too
|
# ¿ May 9, 2019 14:21 |
|
this new title is great
|
# ¿ May 10, 2019 18:37 |
|
i gave myself domain admin rights via an obfuscated account i created in grade 11 when the lab teacher went to go coach basketball after school and left the domain controller unlocked while i was in the room everyone got to play starcraft for my remaining 1.5 years in high school thanks to me
|
# ¿ May 10, 2019 19:22 |
|
BES only exists for the three people left using a blackberry at your company
|
# ¿ May 14, 2019 19:32 |
|
https://twitter.com/business/status/1128294423585071104?s=20 bloomberg is a reputable publication that should report on security more often because it does a good job at that
|
# ¿ May 14, 2019 19:39 |
|
Schadenboner posted:Is Chronicle’s Backstory IDS any good? All IDSes are trash in a sense that they're anti-virus for network traffic. They have their purpose though--I like them being in ICS environments because it's easy to setup baselines for what is acceptable. However, your corporate environment will probably generate so much trash that you'll probably never find the good.
|
# ¿ May 15, 2019 21:24 |
|
COACHS SPORT BAR posted:so what's the best E2E encrypted chat with a desktop client not written in electron these days https://www.donationcoder.com/software/mouser/other-projects/mircryption
|
# ¿ May 16, 2019 20:31 |
|
https://twitter.com/briankrebs/status/1132026003386241029
|
# ¿ May 24, 2019 22:25 |
|
i have strong opinions about splunk despite being someone who maintains a splunk environment. it's not recommended also https://twitter.com/notdan/status/1134559331989434368 also lol https://twitter.com/nginxorg/status/1134524968052690944
|
# ¿ May 31, 2019 22:18 |
|
it's very likely that when i return to work late in the summer that i'll be migrating off of splunk to something else. elastic is a consideration but i am all ears on what everyone else is doing. humio does interest me but i am also nervous about a company green in the enterprise state right now we're looking to do 600 GB/day by the end of the year and i can tell that the splunk sales rep we have is dying for us to ask for a quote. he also knows that i am extremely unhappy with him as well as my boss so this ought to be entertaining
|
# ¿ May 31, 2019 22:34 |
|
Wiggly Wayne DDS posted:lain you've got to stop repeating yourself https://twitter.com/notdan/status/1134820610570313728?s=21
|
# ¿ Jun 1, 2019 15:01 |
|
as per usual, a lot of non-technical people are mad that taviso dropped it at the 90-day deadline https://twitter.com/taosecurity/status/1138490944347619329
|
# ¿ Jun 12, 2019 16:24 |
|
have i been pwned is up for sale https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/
|
# ¿ Jun 12, 2019 16:55 |
|
Diva Cupcake posted:should we really be considering Bejtlich non-technical? in this case, yes
|
# ¿ Jun 12, 2019 17:28 |
|
Wiggly Wayne DDS posted:he's sitting on a trove of questionably sourced dumps with public access and an expectation for it to forever expand and let's ignore the legal pitfalls with a global userbase the "questionably sourced dumps" part combined with massive burn out is why i got out of this
|
# ¿ Jun 12, 2019 21:35 |
|
https://www.yubico.com/support/security-advisories/ysa-2019-02/quote:An issue exists in the YubiKey FIPS Series devices with firmware version 4.4.2 or 4.4.4 (there is no released firmware version 4.4.3) where random values leveraged in some YubiKey FIPS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up. The buffer holding random values contains some predictable content left over from the FIPS power-up self-tests which could affect cryptographic operations which require random data until the predictable content is exhausted. This issue occurs only during the power-up of the YubiKey FIPS Series, version 4.4.2 or 4.4.4. After the predictable content in the random buffer is consumed, the buffer will be filled with the intended full random number generator output, and all subsequent use of randomness will not be affected.
|
# ¿ Jun 18, 2019 03:07 |
|
Hed posted:This seems like a good time to ask... are there any winners in the non-smartphone hardware token (like RSA SecurID, not Yubi) that aren't the SecurID? That also integrate with hosted exchange or GSuite for multifactor? they’re all their own flavour of bad
|
# ¿ Jun 18, 2019 10:42 |
|
https://twitter.com/mjg59/status/1141786872387010561?s=21
|
# ¿ Jun 20, 2019 21:16 |
|
I wonder when I will get a call from them offering credit checks for a year. also I completely forgot about Sucuri but seem to recall them being clowns years ago
|
# ¿ Jun 21, 2019 11:00 |
|
CRIP EATIN BREAD posted:what could go wrong? he should tell us his social security number then
|
# ¿ Jul 23, 2019 19:58 |
|
cinci zoo sniper posted:https://www.zdnet.com/article/remote-code-execution-vulnerability-in-vlc-remains-unpatched/ new day new vlc vuln https://twitter.com/videolan/status/1153715138333220864 they're mad
|
# ¿ Jul 23, 2019 22:34 |
|
https://trac.videolan.org/vlc/ticket/22474
|
# ¿ Jul 24, 2019 00:46 |
|
just link to a thread about video codecs and keep this thread security-related jfc
|
# ¿ Jul 24, 2019 04:13 |
|
so this got posted to the grey thread saphirecalypso posted:I have always been a fan of elliptic curve. Is there anything that you suggest which is better? apparently there is a crypto challenge involved. if you look at his rap sheet it appears that they posted another thread and people took a crack at it
|
# ¿ Jul 24, 2019 16:28 |
|
https://twitter.com/taviso/status/1154094837647331328
|
# ¿ Jul 25, 2019 01:17 |
|
dating profiles were posted on pastebin
|
# ¿ Jul 25, 2019 05:06 |
|
hello fellow gay tattoo haver
|
# ¿ Jul 27, 2019 17:30 |
|
their service is off a stellar start with me https://twitter.com/KateLibc/status/1155650247403511809
|
# ¿ Jul 29, 2019 02:26 |
|
this thread is great if you're an ex-AV industry person like me or just hate AV like me https://twitter.com/popepoperet/status/1155545502831845381
|
# ¿ Jul 29, 2019 03:51 |
|
so i am failing to read anything on dashlane's website on how it even works and i am guessing it's just a lastpass clone https://support.dashlane.com/hc/en-us anyone got a clue? i am trying to avoid installing it before i know what is going on their release notes give some clue but still vague https://support.dashlane.com/hc/en-us/articles/206553939-Release-notes but then there is this other poo poo so are they scanning the passwords server-side or is your client pinging back? because then there is this poo poo i am going to say that this is possibly worse than lastpass and that is impressive
|
# ¿ Jul 29, 2019 18:44 |
|
Last Chance posted:Dashlane has always sketched me the gently caress out and I wouldn't touch it with a ten foot pole that is my logic too. there is nothing about it that really makes me go "yeah that is good"
|
# ¿ Jul 29, 2019 21:50 |
|
|
# ¿ Mar 29, 2024 07:14 |
|
evil_bunnY posted:Isn't that hash comparison with hibp? i am asking if this is server-side or client. my gut says client but i am failing to see any mention of how they manage any of this quote:I mean having so many is weird but why wouldn't you want your partner able to access your poo poo if you get yourself 6ft under? Does it work differently than I'm assuming? there are other, better ways to do this and relying on the server to dictate when to give the keys to someone else is pretty problematic
|
# ¿ Jul 29, 2019 21:59 |