Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Adbot
ADBOT LOVES YOU

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Subjunctive posted:

work places where recruiting has been told that certifications arenít necessary, instead

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

fisting by many posted:

in a general sense convenience is security, if the alternative is users choosing not to do it at all.

i am absolutely not putting 20 things into google authenticator and spending a whole day resetting things when i get a new device again

i found this post searching for authy alternatives because i have 44 totp generators in my life right now and it's making me hate the internet even more than ever

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
it does, but it only backs up to their servers

i'd rather have a backup of my own (in fact i already do, in a keep rear end xc file, but that took running a random go program i compiled from a random github repo and i'd rather not do that again)

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Shaggar posted:

microsoft authenticator is the best general purpose authenticator app. it would be nice if they made their push auth a service available to other identity providers cause its so much better than everything else.

coincidentally tried it earlier tonight and it doesnít let you search by name so thatís an automatic fail for me. oh well.

Iíll probably stick with authy or google authenticator because searching is absolutely vital for me

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
see, this is why you keep a gun by the printer :colbert:

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

klosterdev posted:

They Gottm

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

lollllll

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
the right way to do a poll for this stuff is to give the internet two or maybe three choices and then let them vote only on these choices

capitalism is already quite familiar with this strategy when it comes to democratic elections so idk why they keep loving it up with naming products or whatever

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
lmao

surprised it wasn't wrapped in a try catch block that also returned login ok

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/

quote:

KiwiSDR is hardware that uses a software-defined radio to monitor transmissions in a local area and stream them over the Internet. A largely hobbyist base of users does all kinds of cool things with the playing-card-sized devices. For instance, a user in Manhattan could connect one to the Internet so that people in Madrid, Spain, or Sydney, Australia, could listen to AM radio broadcasts, CB radio conversations, or even watch lightning storms in Manhattan.

On Wednesday, users learned that for years, their devices had been equipped with a backdoor that allowed the KiwiSDR creatoróand possibly othersóto log in to the devices with administrative system rights. The remote admin could then make configuration changes and access data not just for the KiwiSDR but in many cases to the Raspberry Pi, BeagleBone Black, or other computing devices the SDR hardware is connected to.





https://twitter.com/vk5qi/status/1415440183982391298?s=20

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

MononcQc posted:

just playing SIM ant

:getin:

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

too bad, looks like most of these ones have been fixed. but still lmfao

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

tk posted:

Ad intermediaries being taken over/hacked was a big problem back when I was working on anti-malware like 10 years ago. Iím surprised this doesnít happen more often.

i got malware from the nyt this way once. then i installed an ad-blocker and haven't turned it off since and never will. the well is POISONED and if your job depends on ads, well, sorry. if microtransactions ever actually take off i'll happily pay a quarter for every article i read but i'm not subscribing to your goddamn website either.

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
bad as they are yt ads arenít even close to the worst offenders

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

lol but also lol @ using a vpn for anything more than hiding your IP from hbo

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

ewiley posted:

Wait i had it on good authority from mister taviso that browsers are the best way to store passwords

https://threatpost.com/npm-package-steals-chrome-passwords/168004/


once you're running exploited code locally i don't think anything is all that secure for password storage, the second you unlock your vault if it's being targeted it's game over

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

CRIP EATIN BREAD posted:

operating systems have the concept of secure memory and any decrypted passwords should be stored there and not to disk

anything else is clown poo poo for idiots (like web devs)

"should" is doing a lot of heavy lifting there. a few years ago i remember reading that all the major pwm vendors did a poo poo job at it, hopefully they've improved.

i use a pwm (bitwarden these days) but i still assume if i get tricked into running a compromised executable i'm hosed

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
https://twitter.com/matthew_d_green/status/1423071186616000513

can't wait to get swatted because a picture of my dog has a hash collision with a bomb schematic or something

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

cinci zoo sniper posted:

on actual thread topics, what is bitwardenís client coded in

electron afaik

takes around 120mb on my machine, but i pretty much never run the client anyway vOv

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

cinci zoo sniper posted:

possibly stupid question. am i wrong thinking that using the same app for pw management and totp generation means reducing your 2fa to 1fa? i guess itís a question of threat model, with physical access like that they could just hit me a few times with a 2x4 and my specific choice of apps would cease to matter at all

only if your pwm is breached. itís still better than only a password, which could be captured/leaked/brute forced some other way.

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
i keep mine separate too (bitwarden + ms authenticator) but i've considered moving some totp into bitwarden because i have way too loving many. For now i pushed the frequent/important ones to the top of ms authenticator.

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

MononcQc posted:

I use 1Password and Authy, but I kept forgetting my Authy backup password so I put it in 1Password and that sort of defeats the purpose.

if you turn off multi-device authy should be safe anyway, even if you get simjacked

(or so i've been told)

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
this keeps happening and the stance of banks in canada seems to be that chip and pin is "uncrackable" so if fraud happens it must be because you shared your card and pin:

https://www.cbc.ca/news/business/pin-fraud-customer-liable-rbc-surveillance-1.5444554
https://www.thestar.com/business/personal_finance/spending_saving/2011/06/18/roseman_man_sues_cibc_for_81276_visa_charge.html

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
this is why i won't use services like mint either, btw. canadian banks will absolutely tell you to pound sand if you share your pin or credentials

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
one of my bank accounts only lets me use a 6 digit numeric pin

to sign in online

ityool 2021

(tangerine.ca for the curious)

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

ate poo poo on live tv posted:

As long as I'm not liable cash-wise for the banks fuckup for verifying identity, I dont' give a gently caress about chip+pin or not.

the problem (for me, as a canadian) is there are several cases where that wasn't how it played out at all for people. this is what prompted the discussion in the first place.

the only way i can mitigate is i have my phone set to alert me for every single debit and visa transaction made with my accounts/cards so i can call them immediately if fraudulent activity happens.

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

DoomTrainPhD posted:

It's a shame email addresses aren't case sensitive. It would be a train wreck in fast-motion we are all forced to watch every day forever. :allears:

nah i'm good, i already get a shitload of emails from being one letter off from someone else as it is

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
i spent a week in maine once. i only saw one black person the entire time i was there and it was the day i went to portland. i saw a few asians but much like my partner they were all tourists.

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice
huh, Stack Overflow had an xss issue for 44 minutes.

https://meta.stackoverflow.com/questions/411177/adding-html-tags-or-html-tag-like-to-a-title-breaks-rendering

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Fart Sandwiches posted:

just chased down a bug where someone editing a csv in Excel caused all the quotation characters to change and broke the processing script. it also changed the date format argh gently caress you Excel now my whipped together script needs to be actually developed on

not a suggestion but this is why i have changed code in places to just load from excel files instead :negative:

at least the file format is stable enough that decent libraries are available to do this now

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

abigserve posted:

yeah, not sure where else to put this, I just bought a brand new ipad from apple.com, opened the photos app and uh



Excuse me?

Translates to

when i was 17 i worked as a line cook. although i wasn't there for this, the owner forgot to order hashbrowns from the supplier one day and they were running out. so he told the busser + cook to salvage any uneaten hashbrowns that were sent back, reheat them, and send them out again. the cook quit on the spot and i quit when i found out too, and told anyone that would listen to never eat there again.

so anyway i'm sure every company is now selling returns as new instead of refurbs like they used to and this may or may not be the case here.

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

mystes posted:

You should have just taken the story to Bloomberg.

lol ya

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

infernal machines posted:

phishing is easier with outlook. on the subject of the pages long language chat, outlook client falls prey to homoglyph domains and shows the information for contacts from the spoofed domain instead.

lol

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Shaggar posted:

imo a better solution would just be to reject email from any domain

shaggar.... was right

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

haveblue posted:

hacker please
just want to say
please do not
watch anime
burma shave

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Ulf posted:

a little sneak peek at the QUIC page that I'm writing up.

while reading through the key derivation processes for QUIC i ran into this value used to create the init-phase encryption keys:
code:
initial_salt = 0x38762cf7f55934b34d179ae6a4c80cadccbb7f0a
... snip ...
in cryptography you don't use constants like this without some explanation of how you derived it, a concept called a "nothing-up-my-sleeve number". you make it the first 32 digits of pi in hex, or the first hundred primes, or the hash of an empty string, or whatever. i went looking for how they'd come up with this one, expecting a link to some ietf list email.

this value wasn't derived in any of the usual ways. it's a trophy. when google research co-created the SHAttered attack on SHA-1 this was the first collision they found.

they put the corpse of SHA-1 into their next cryptographic protocol. :black101:

kick rear end

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

Shame Boy posted:

this just made me realize, there's absolutely going to be people killed (if there haven't been already) when someone murdery uses one of those "where is this IP address located" lookup services and assumes its at all accurate

*fires a shitload of missiles into the middle of a lake*

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

not anymore, they relocated it after that kansas couple kept having scam victims and vigilantes show up on their door

Adbot
ADBOT LOVES YOU

Cold on a Cob
Feb 6, 2006

i've seen so much, i'm going blind
and i'm brain dead virtually
College Slice

it's finally happening? neat

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply