|
ACAB: All Credentials Are Bcrypted
|
#
¿
Jul 20, 2019 05:00
|
|
|
|
| # ¿ Mar 22, 2023 20:11 |
|
|
thanks for the crop, now it's a gang tag
|
|
#
¿
Nov 19, 2019 06:06
|
|
|
if the people running it are saying things that mean they don't know the difference between encryption and hashing it has to be a troll ...right?
|
|
#
¿
Dec 7, 2019 02:39
|
|
|
no, you count. and no matter how good it was for us not to read it, it must have hurt you to hold that post in there are truly no winners in the posting game
|
|
#
¿
Dec 21, 2019 19:30
|
|
|
seriously don't be sorry. that's what it's called and it's not racist. someone got upset because they didn't know what the words meant. this is not a "it means bundle of sticks" situation.
|
|
#
¿
Dec 31, 2019 18:35
|
|
|
Cocoa Crispies posted:accept that it is possible for people to do good things that they don't want to be implicated in you're obviously correct but do you really think that a usb cable attached to a carabiner will help whistleblowers in a meaningful way?
|
|
#
¿
Jan 3, 2020 15:49
|
|
|
Volmarias posted:The first rule of tautology club is the first rule of tautology club lol
|
|
#
¿
Jan 8, 2020 01:55
|
|
|
mystes posted:Maybe he's thinking nah
|
|
#
¿
Jan 8, 2020 05:25
|
|
|
dregan posted:five minutes of disappointing a computer do not have sex with computer
|
|
#
¿
Jan 23, 2020 14:07
|
|
|
Last Chance posted:what would be the risk in appending the 2fa token to the password like that and lopping it off when checking it? there isn't one. it's not any different from submitting the two items in separate fields. like, it'd be possible to screw up the implementation but only in "screwed up string handling/validation" ways that aren't relevant to the data being a password/2fa code
|
|
#
¿
Jan 30, 2020 04:19
|
|
|
SAVE-LISP-AND-DIE posted:How much of a shitshow is it to sign JWTs with a plain old pub/priv key pair, no CA involved? As you may notice, I'm an idiot who has no idea what is going on. that's fine from a security standpoint, sort of. the actual problem becomes one of orchestration, because everything consuming the JWT needs to trust the keypair. how do you scale that to multiple signers? 1. add another key to a hardcoded list of trusted keys 2. copy the keypair around 3. trust another keypair that signs the keys that actually do the signing (1) obviously eventually falls down with scale, but can get you pretty far (2) is terrible (3) is a rudimentary CA and of course you have to have a decent rotation and revocation workflow figured out for when a dev inevitably uploads a server's private key to github
|
|
#
¿
Feb 7, 2020 01:44
|
|
|
yeah but it's 2020 what about beyondcorp.com?
|
|
#
¿
Feb 8, 2020 20:48
|
|
|
they're dying because they're on fire, not because of budgeting
|
|
#
¿
Feb 21, 2020 01:35
|
|
|
Shaggar I get that you're trying to distinguish "broken encryption" from "send to Apple, Apple flashes the firmware to bypass authentication," but it ends up being a distinction without a difference when you think through the realistic ways in which each would be implemented
|
|
#
¿
Feb 22, 2020 03:50
|
|
|
ya that's one reason it's a distinction without a difference
|
|
#
¿
Feb 22, 2020 04:12
|
|
|
that motherfucker looks like gritty
|
|
#
¿
Mar 6, 2020 14:16
|
|
|
I switched from redhat and Slackware to gentoo in college (early 2000s) and the difference was amazing. not performance, but having a package manager that actually functioned. rpm hell was real and terrible, so I always ended up building from source anyway on redhat, and Slackware didn't do binaries in a meaningful way (they had a few packages but...yikes). being able to use emerge was like a whole new world if I were smarter I would've just started with Debian or something but 🤷♀️
|
|
#
¿
Mar 28, 2020 23:04
|
|
|
Soricidus posted:one if by mac, two if pc one if by LAN, two of IP
|
|
#
¿
Apr 4, 2020 14:58
|
|
|
why not? it's just totp
|
|
#
¿
Apr 6, 2020 00:02
|
|
|
so you play 4K video without networking on a device with neither a hard drive nor a disk drive? that's quite a trick.
|
|
#
¿
Apr 14, 2020 05:35
|
|
|
I just make up some nonsense that could be plausible. like for my childhood dog's name it might be "sir boddington fluffpaws, duke of the terlet". and then i put that in the password manager
|
|
#
¿
May 2, 2020 02:54
|
|
|
so this the first i'd heard of raidforums, and i was poking around. they have a subforum for buy/sell/tradeing hackthebox flags lmao
|
|
#
¿
May 7, 2020 21:10
|
|
|
Subjunctive posted:no, you’re thinking of pretty much every language
|
|
#
¿
May 29, 2020 22:05
|
|
|
redleader posted:just avoid executing malicious code what's the big deal gently caress i never brb, writing a conference talk
|
|
#
¿
Jun 9, 2020 21:03
|
|
|
Pile Of Garbage posted:i had to enable voice callback MFA for a single co-worker in a Duo account because the guy has a fuckin iPhone 5 in TYOOL 2020 which he can't install the app on. i deliberately disabled voice callback and SMS OTP in the account because they're less secure than push MFA smdh lmao your company fucks up the entire org's security posture to save $200 or was this just for his account and the rest are still disabled?
|
|
#
¿
Jun 10, 2020 23:08
|
|
|
lmao holy poo poo on the one hand I can't really fault somebody for not knowing the difference between an application and an application programming interface but on the other hand if you don't know what words mean, don't pretend that you do
|
|
#
¿
Jun 20, 2020 06:31
|
|
|
poo poo you're right now im the rear end in a top hat
|
|
#
¿
Jun 20, 2020 06:51
|
|
|
I don't have any links, but adversarial firmware on a printer isn't generally in my threat model for personal docs. Printers aren't expensive, though 
|
|
#
¿
Aug 5, 2020 16:51
|
|
|
read that as dickeyes.app
|
|
#
¿
Aug 22, 2020 14:14
|
|
|
i mean you could go all secret squirrel or just use plus addressing. they don't ever bother to strip it
|
|
#
¿
Aug 30, 2020 19:19
|
|
|
i registered my old hAcKeR name as an alias at work
|
|
#
¿
Aug 31, 2020 02:16
|
|
|
xtal posted:Flowers for alg=none name change looking tempting
|
|
#
¿
Sep 2, 2020 02:42
|
|
|
a decent story poorly-told imo. worth reading but be prepared to skim over the twee affectations
|
|
#
¿
Sep 17, 2020 02:19
|
|
|
I'd just like to interject for a moment. What you’re referring to as mods, is in fact, GNU/mods, or as I’ve recently taken to calling it, GNU plus mods.
|
|
#
¿
Sep 18, 2020 23:50
|
|
|
good luck copy and pasting from your password manager into an OS login screen though
|
|
#
¿
Sep 23, 2020 02:48
|
|
|
I mean there were lots of OSes. I'm not sure they were really competing or you could use them in any meaningful way
|
|
#
¿
Sep 25, 2020 04:28
|
|
|
Midjack posted:many of them were in fact pieces of poo poo 
|
|
#
¿
Sep 25, 2020 04:37
|
|
|
Trabisnikof posted:how about a write protect screw instead? text me
|
|
#
¿
Oct 17, 2020 15:04
|
|
|
there's a doomthread if you want to gnash your teeth and rend your garments about how you're going to die in the next decade due to global warming or whatever.
|
|
#
¿
Oct 29, 2020 22:51
|
|
|
|
| # ¿ Mar 22, 2023 20:11 |
|
|
I got to the rest of yospos through this thread, a real life friend told me to read it when I started doing hacker poo poo professionally i may never forgive him
|
|
#
¿
Oct 30, 2020 01:13
|
|