|
Shame Boy posted:oh it's apparently a FREE BONUS FEATURE that comes with my loving health insurance from work for some reason okay just think of it as free insurance for your drivers license please submit your drivers license to continue, for free, NOW submit goddamnit
|
# ¿ May 6, 2022 16:29 |
|
|
# ¿ Apr 25, 2024 09:27 |
|
sb hermit posted:dang man, all my health insurance gives me is a free $10K in life insurance don't ask me man i just got this sweet binance card with this one weird trick you can buy cryptos on margin then sell it before the bill comes! it's free money
|
# ¿ May 6, 2022 17:15 |
|
just really awkwardly drop the u/p in the middle of your conversation, bonus points if it's alphanumeric plus extra for punctuation and whitespace
|
# ¿ May 6, 2022 20:09 |
|
ZeusCannon posted:Arent those the crypto nazis or am I misremembering as in nazi gold digital krugerrands maybe yes, just yes
|
# ¿ May 6, 2022 22:50 |
|
BlankSystemDaemon posted:It's nice to know that CloudFlare, who present themselves as the only company who can solve security issues, isn't excempt from being a secfuck. lol also their stock crashed like 40% over the past two days
|
# ¿ May 7, 2022 18:34 |
|
i am moving into a position where i do infosec analysis for literally 10s of millions of people, things are going to be interesting i will be issuing many yospos-esque reports
|
# ¿ May 8, 2022 00:17 |
|
A Man With A Plan posted:Where I work a lot of business processes depend on a basically defunct software suite that has 90s era password requirements like no punctuation except exclamation points, no more than 3 of the same character class in a row, etc. So if you don't want random things to fail, your domain password also has to follow these requirements this is sadly the case in a lot of massive businesses, especially banks and financial services because they rely on a bunch of crap running on old rear end mainframes that don't really support modern authentication because accounts were meant for timesharing
|
# ¿ May 8, 2022 03:46 |
|
Zamujasa posted:i looked for a result on that's loving horseshit, and not just because Shame Boy posted:sounds like a great way to make sure i can't log in if i'm even slightly drunk, or if my keyboard is at a different angle, or a bunch of other reasons while that's a valid concern, even if you're completely sober i guarantee your typing habits on a touch keyboard vs a physical one are very different
|
# ¿ May 8, 2022 07:03 |
|
Penisface posted:cant take nist advice, its the us which means its basically cia and the recommendations are in some clever way actually weakening your security nist has nothing to do with the cia or encryption (beyond publishing standards other agencies or entities come up with). they send out a rfc and get responses, pick one and publish it. the cia actually has to follow their guidelines, not the other way round e: you might be thinking of the nsa, which is responsible for cryptanalysis. they did modify some pseudorandom number generator, but that's the nsa's remit anyway Beeftweeter fucked around with this message at 07:50 on May 8, 2022 |
# ¿ May 8, 2022 07:43 |
|
Penisface posted:my point is that an american security recommendation ended up being malicious, thereby tainting subsequent recommendations well, until the eu starts mandating standards for this poo poo i don't know if some other country or intergovernmental agency would be much better or less susceptible to pressure (and tbh the eu would be a stretch to trust too)
|
# ¿ May 8, 2022 07:52 |
|
fins posted:now i want to see a NIST procedural drama. bustin' down doors and kickin rear end for crimes against the metric system, or a hot tip on a group policy enorcing allll the password complexity requirements, rotated weekly. nist actually prefers metric (which by law is optional) because they're not loving insane
|
# ¿ May 8, 2022 17:37 |
|
oh no doubt those came from NSA, they're the primary agency in charge of cryptography generally. whether or not it's meant to be used offensively or covertly almost certainly doesn't factor into NIST's decision making, and the fact they were just as pissed about DRBG as everyone else would seem to confirm this. there's just literally nobody better within the federal govt to consult on e: that said i'm sure they have a classified analysis or some poo poo explaining the choice, but we're not going to see it for like 70 years unless it leaks. i'm not defending the practice and i think they should absolutely be more transparent, that's just how it is Beeftweeter fucked around with this message at 20:48 on May 8, 2022 |
# ¿ May 8, 2022 20:45 |
|
sb hermit posted:And the kicker to all of this is that using just EC for asymmetric crypto is not quantum resistant, so we'll be seeing new algorithms in the next decade that replace all of this. Hopefully it'll be an open process so that, internationally, we won't be seeing any algorithms that give architects any pause before using them. It already sucks balls to have to modify good implementations because they don't work with standards you are contractually obliged to work with. and a pony!
|
# ¿ May 8, 2022 21:48 |
|
Ulf posted:kind of annoying independent evaluator harassing you on Usenet in the 90s sounds like they did some independent evaluation on your posts
|
# ¿ May 9, 2022 02:00 |
|
Crime on a Dime posted:viewed any images or links on any of these lately? crab rave. SHREK IS LIFE efb
|
# ¿ May 9, 2022 13:58 |
|
wondering which hardcore shrek fanfic cosplay community they are trying to phish
|
# ¿ May 9, 2022 14:01 |
|
CommieGIR posted:The problem is cost associated with providing those tokens. I'm pushing for FIDO Keys like Yubikey for our privileged users, but man it adds up fast. am i stupid or do nfc stickers seem like a cheap way of doing this
|
# ¿ May 9, 2022 14:02 |
|
CommieGIR posted:It would be cheaper, but then you have to ensure everyone has NFC readers or laptops/machines with NFC readers built in. which a lot of enterprise laptops do have and i think a bulk purchase of usb readers or something would probably be cheaper than $30-50/yubikey
|
# ¿ May 9, 2022 14:12 |
|
Jabor posted:a hundred bucks of yubikeys for each person is like, several orders of magnitude smaller than the other costs you have associated with that employee when you have a gazillion users they're not gonna do gently caress all unless it's as cheap as conceivably possible even if a security breach would be infinitely more expensive
|
# ¿ May 9, 2022 15:27 |
|
Shame Boy posted:can't you get the cheap yubikeys that only do fido or whatever, if you wanna be real cheap sure, but "as cheap as conceivably possible" in my book also includes burning the fido tags to a 3¢ sticker that could also work with phones
|
# ¿ May 9, 2022 16:06 |
|
pseudorandom name posted:Isn't FIDO an interactive protocol? Which NFC stickers won't support? well yeah, that's why i threw in "that works with phones". i could see unique tags being used to bring up an authentication prompt that gives you an actual token, kinda like microsoft authenticator
|
# ¿ May 9, 2022 16:15 |
|
pseudorandom name posted:If the 2FA is being run on the phones then what's the point of the NFC tag? some physicality to make sure the person is present? e: it was just a half-baked idea in response to a post anyway, i don't actually implement this poo poo. i just analyze it, recommend alternatives, etc. to make sure the cost-cutting doesn't seriously impact security. if i had my way we'd be spending hundreds of millions that are truly necessary Beeftweeter fucked around with this message at 16:36 on May 9, 2022 |
# ¿ May 9, 2022 16:34 |
|
Beeftweeter posted:am i stupid (the answer is yes)
|
# ¿ May 9, 2022 16:38 |
|
Crime on a Dime posted:beside them biometricaly unlocking their phone and app and approving auth? tbf you can't always assume phones have a biometric lock. alot of our workers have lifeline phones that do not
|
# ¿ May 9, 2022 16:39 |
|
Beeftweeter posted:
|
# ¿ May 9, 2022 16:51 |
|
real talk i actually use this thing and i like it fine. it's pretty versatile
|
# ¿ May 9, 2022 17:01 |
|
sb hermit posted:Real talk. All the NFC usb stuff that's good for desktops is like $100, maybe $50 for sketchy stuff. Does anyone have a recommendation from a reputable vendor? Or are all the $20 readers only available on aliexpress or something? idk, a lot of aliexpress poo poo is just rebranded with like xyzzy or some poo poo and then sold on amazon with a 75% markup. i wouldn't entirely count it out
|
# ¿ May 10, 2022 15:12 |
|
RFC2324 posted:My understanding was that it was the other way, with the AliExpress poo poo being stuff where the batch failed QA but individual units are (probably) still good? it's both, really. i've bought poo poo from amazon that was clearly from an ODM because i saw the same thing on aliexpress sans branding. yup, it still failed the only benefit of getting it from amazon in that case imo is so you can easily return it, but whether or not that justifies the markup is up to you
|
# ¿ May 10, 2022 16:50 |
|
first things first! is everything secure? no? well, secure it. but don't spend a lot of money
|
# ¿ May 10, 2022 19:47 |
|
dpkg chopra posted:you guys *snort* I just told the intern to go to the CEO and tell him he has to use MFA from now on ...guys, the CEO says he lost his yubikey and i locked myself out of the AD console. guys?
|
# ¿ May 10, 2022 20:28 |
|
ate poo poo on live tv posted:I don't broadcast my IP, because I run IPv6 aha! ::1, owned, op
|
# ¿ May 10, 2022 20:55 |
|
speaking of shorting pins, can't you just (in theory) force the tpm to reset to bypass the rate limiting though? e: i guess what i'm asking, since i'm also unfamiliar with bitlocker, is basically "is that seriously the only limitation?" Beeftweeter fucked around with this message at 21:56 on May 10, 2022 |
# ¿ May 10, 2022 21:53 |
|
Dylan16807 posted:a reasonable design would keep a counter in flash and when you restart your countdown to the next attempt starts all over again yeah but we're talking about a ms technology from the age of ballmer, reason doesn't really work here
|
# ¿ May 10, 2022 22:17 |
|
sb hermit posted:Resetting the TPM will clear its registers, making it unable to provide the correct values needed to unlock the PC. at which point, you'll need a bitlocker recovery key. However, you could potentially setup LUKS or other encryption systems to be less stringent about how much tpm deviation is acceptable. ah okay, for some reason i thought the tpm's registers were static until purged forcefully via bios or efi or what have you
|
# ¿ May 10, 2022 23:17 |
|
dpkg chopra posted:https://twitter.com/lrvick/status/1523787247706951680?s=21&t=Eazn4CHXYX-jOXuH0HhiWQ lol js
|
# ¿ May 11, 2022 00:28 |
|
Achmed Jones posted:wait so this person's job is to help you get hired and her advice is "don't look at me, ask people you already know"? no no you've got it all wrong. her job is "career support", which apparently consists of "idk, bother someone else. i'm on pinterest" e: is pinterest even still a thing Beeftweeter fucked around with this message at 16:58 on May 11, 2022 |
# ¿ May 11, 2022 16:55 |
|
also, the honeypot is the bootcamp. you already built it and got owned, op
|
# ¿ May 11, 2022 17:30 |
|
i really loving hate that "good at reeling in chumps on linkedin" is now a viable career path
|
# ¿ May 11, 2022 17:32 |
|
lol, kinda reminds me of when you could replace winlogon.scr with cmd or whatever. it is a bad hole
|
# ¿ May 11, 2022 18:24 |
|
|
# ¿ Apr 25, 2024 09:27 |
|
KirbyKhan posted:Two years ago I spent too much time in LinkedIn researching and launching a career change and it was the most psychically damaging platform to post on I have ever been. out.
|
# ¿ May 11, 2022 18:39 |