|
power botton posted:In a similar vein we had some eval company freak out because we flagged like all their admin accounts and service accounts having PASSWORD_NOT_REQD being set (and a bunch of them not having passwords) as an issue.
|
#
¿
Apr 25, 2019 11:33
|
|
|
|
| # ¿ Mar 26, 2023 05:37 |
|
|
SIGSEGV posted:so firefox just shat itself bigtime. Apparently, you can disable addons signature checking to bypass that but it didn't work, i guess the brendan eichmann sleeper agents are good at their job
|
|
#
¿
May 4, 2019 23:40
|
|
|
haveblue posted:this timecube remake sucks
|
|
#
¿
May 11, 2019 22:08
|
|
|
BangersInMyKnickers posted:AMD is about to have superior 4-way SMT across their entire range of of Zen2 silicon while Intel is constantly telling people to turn it off because theirs is a liability and they can only do 4-way on their most high-end xeons. Of course they're going to be downplaying it now
|
|
#
¿
May 15, 2019 14:03
|
|
|
Subjunctive posted:
|
|
#
¿
May 19, 2019 17:11
|
|
|
Squinky v2.0 posted:Nigerian bank scammers using segmented marketing aimed at their core demographic of people who are currently entangled in a Nigerian bank scam
|
|
#
¿
May 29, 2019 02:31
|
|
|
I'm amazed that notepad even does enough stuff with the document data to have a vulnerability (there's no syntax highlighting so I wouldn't think there would be any parsing at all?), but maybe it's one of the new features they recently added? Edit: I'm going to assume the vulnerability is in the "search with Bing" feature they apparently added because lol why would they add that to notepad? mystes fucked around with this message at 15:24 on Jun 4, 2019 |
|
#
¿
Jun 4, 2019 15:20
|
|
|
power botton posted:lets not forget persistant malware in your bios that exfiltrates data through microwaves or morse code or something
|
|
#
¿
Jun 5, 2019 14:53
|
|
|
Tankakern posted:if your really worried install linux on it
|
|
#
¿
Jun 5, 2019 16:22
|
|
|
Also by "re-install from USB" do you mean re-install the os (which won't help against firmware malware) or re-install the firmware (which a malicious firmware will feel free to ignore)?
|
|
#
¿
Jun 5, 2019 21:52
|
|
|
I guess.
|
|
#
¿
Jun 5, 2019 21:54
|
|
|
Winkle-Daddy posted:where do you think the firmware on the HD lives?
|
|
#
¿
Jun 5, 2019 22:14
|
|
|
Winkle-Daddy posted:because replacing the drive with a totally different one as well as re-installing the OS will remove this kind of malware as described that previously called fud?
|
|
#
¿
Jun 5, 2019 22:17
|
|
|
Perplx posted:if you encrypt your drive using your cpu you should be safe from HD firmware Also, isn't nvme just pci-e basically? Could a malicious nvme drive just read arbitrary host memory after booting?
|
|
#
¿
Jun 5, 2019 23:58
|
|
|
Sagebrush posted:do you get to design any of the UX? go and stand around a self-checkout for at least one working day and write down everything you see people doing, particularly if they're struggling. the user interaction with those machines could be so so much better Probably the best ones I've used so far are at Sam's Club because you don't have to weigh items and there's no bagging anyway, so all you have to do is use the wand to scan each item and then slide them to the other side of your cart (so you know which ones you've scanned). They're so fast there's basically never any line (they then gently caress this up by having a huge line to have your receipt checked, of course.) There are pure UX issues like searching being really slow, but I think normal grocery stores could be a lot faster if they stopped requiring you to weigh the items and then moved bagging to a separate location *after* the self-checkout machines. For produce it would probably be better to have preprinted barcodes that you could stick on the bags. Also, the idea of devices that you take around the store to prescan stuff (or a smartphone app) is good but in practice stores screw this up by making you wait in the same lines as assholes who get into the self-checkout line with 10,000 things in their cart and then sometimes making you have an employee come over to see if you've actually checked everything. mystes fucked around with this message at 16:36 on Jun 6, 2019 |
|
#
¿
Jun 6, 2019 16:32
|
|
|
Shaggar posted:are you saying you have to weigh every item not just the ones that are priced by weight? When supermarkets have the weight sensor in the bag area activated the whole process is really slow and finicky because you have to put each item on it and weight for it to (presumably) decide if the weight is within some sort of range of a programmed value, but it's very error prone. If you can just keep the items in the cart and scan it's much, much faster. mystes fucked around with this message at 17:26 on Jun 6, 2019 |
|
#
¿
Jun 6, 2019 17:24
|
|
|
BangersInMyKnickers posted:I knew a girl in college who was all about shoplifting her rear end off. Came from means, didn't need to, still did it all the time. Loved those early self-checkout systems because it made it so much easier for her The dumbest was when I tried to use the scanner devices you can carry around with you in the supermarket in a Giant supermaket (same as Stop and Shop). I was biking to the store so I thought it would save time if I could just scan stuff and put it in my bag so I didn't have to rebag it when I got to the register. However, it seemed that as long as the store wasn't busy it would always make me have an employee check what i was buying for security. The amazing thing was that rather than having them look for expensive items or something, the way it worked was that they would grab the top three items from my bag to check if I had really scanned them. This pissed me off a lot because it would take like 10 minutes (mostly trying to get the attention of an employee) and there was no effort to see if *all* items had been scanned (even counting) so someone who wanted to shoplift could have just put expensive unscanned items at the bottom of their groceries. Why waste my time for something that's obviously not going to stop shoplifters?! Also, as I said it seemed to be based purely on how busy the store was so a shoplifter could have just gone at a busy time (I tended to go later in the evening when the store was quiet). Also even if it didn't make you have your groceries checked, there was some stupid part of the process you were supposed to scan a barcode by the register so the data could be transferred from the scanner to the register where if you did it in the wrong order it would just stop working and you would have to wait for someone to help you. Lol, I clearly care about self-checkout machines way too much.
|
|
#
¿
Jun 6, 2019 17:41
|
|
|
The home depot self-checkout scanners seem like they actually have some way to enter quantity but the interface is insane (there's no UI on the touchscreen and there are zillion unlabelled buttons on the scanner) so I couldn't figure it out the other day and I ended up entering the extremely long barcode for a bolt over and over again by hand (for some reason the barcode wasn't working either). It was actually really weird. Don't hardware stores sometimes have envelopes for you to put small hardware in so you can label it so you can be charged properly? At home depot I ended up taking a picture of the label/barcode when I grabbed the bolts on my smartphone because I literally couldn't figure out how else I would be able to pay for them. I would have just gone to a normal checkout aisle rather than self-checkout but they didn't seem to have any. I guess this is what it's like living in the future?
|
|
#
¿
Jun 6, 2019 17:46
|
|
|
Shame Boy posted:one of our customers a/b tested other stuff to stop shoplifters that's a lot less inconvenient, and the most effective was just shaming them. like if you have a picture of a person looking them in the eye on your app or checkout koisk or screen or whatever, people shoplift much less even though it's just a picture.
|
|
#
¿
Jun 6, 2019 18:01
|
|
|
fishmech posted:fairway app just lets you use your phone to scan as you shop and then you don't need to be in the regular lines to finalize and pay. p dece
|
|
#
¿
Jun 6, 2019 19:51
|
|
|
A couple things seem interesting if it works that way: 1) As long as you have the private key, there's no way for apple to know whether the device belongs to you. Moreover, if I'm reading it correctly, apple never knows the identity of the device even after you've searched for it. This is good in terms of protecting your location data, but it also means this means that if you can somehow steal the private key from someone's phone you might be able to track them forever without anyone knowing, unless apple publishes a public list of every hash that's ever been searched for and phones periodically check it against the hashes they've generated to show a warning. 2) Actually forget tracking someone else's iphone. There's probably no way for apple do know whether the hashes are actually from apple devices, so it will be fun when you can get a tiny $1 bluetooth device from aliexpress that hijacks this system to allow you to track anything (cars, luggage, pets, people, you name it!)
|
|
#
¿
Jun 6, 2019 20:32
|
|
|
Shaggar posted:wrt the rotating public key could you take the base private key that they all share and then do like a totp thing to generate a new private key based on time? if all devices generate the second key on the same schedule they should have the same secondary private key which can be used to generate the same public key. that public key could be used to encrypt the data and then when you go to find the device you just need to look back thru ur list of keys to find the matching one.
|
|
#
¿
Jun 6, 2019 21:08
|
|
|
Subjunctive posted:“doesn't correlate with previous versions of the public key” is doing some confusing work in that piece The whole point of this complicated approach seems to be that apple never knows the locations of any phones, even when you use the system to locate them.
|
|
#
¿
Jun 6, 2019 21:14
|
|
|
Subjunctive posted:I have no idea what they intend “correlate” to be. neither can be computed from the other? they are not equal? It's pretty obvious what they're trying to say so I wouldn't worry too much about the exact meaning of "correlate." mystes fucked around with this message at 21:24 on Jun 6, 2019 |
|
#
¿
Jun 6, 2019 21:21
|
|
|
Shaggar posted:they must also be using some device identifier that is preshared with the various trusted devices, otherwise each device would broadcast the same public keys on the same interval. Obviously if everyone's devices were all broadcasting the same public keys at the same time it would be stupidly easy for apple to deanonymize the data.
|
|
#
¿
Jun 6, 2019 21:26
|
|
|
Also I was half joking about making cheap third party devices that would take advantage of this system, but based on the way it works they could probably easily allow you to find small bluetooth-only devices like airpods with it or even launch their own tile clones to allow people to buy tags for their keys or whatever. It would actually work a lot better then tile because every iphone in the world would be looking for your keys, rather than just people running the tile app.
|
|
#
¿
Jun 6, 2019 21:31
|
|
|
CmdrRiker posted:Would those other devices need a way to locate themselves or can they just act as beacons and broadcast themselves to other GPS enabled iPhones? It does seem like a lot of overhead though.
|
|
#
¿
Jun 6, 2019 22:44
|
|
|
flakeloaf posted:also my first thought
|
|
#
¿
Jun 7, 2019 14:24
|
|
|
Guy Axlerod posted:Is there anything to stop large scale aggregate pulling of all points? Wondering if you could pull a bunch and aggregate where people go in military installations or whatever like people did with fitness trackers. But isn't this is a moot point? The devices transmitting the data are cellphones which are being located all the time anyway even without this new system.
|
|
#
¿
Jun 7, 2019 15:16
|
|
|
Ur Getting Fatter posted:i know that it's extremely unnecessary, but I keep a shutdown EC2 ubuntu instance with Wireguard installed that I can spin up via the AWS app at any time.
|
|
#
¿
Jun 18, 2019 14:14
|
|
|
No? Isn't the default that the IP will change unless you allocate an elastic ip address? Plus, if you do that aren't you paying $3.6/mo just for the IP address even if you just keep the instance stopped? Ur Getting Fatter said he/she was paying less than a dollar a month, so I don't think that can be how he/she had it set up.
mystes fucked around with this message at 15:07 on Jun 18, 2019 |
|
#
¿
Jun 18, 2019 15:04
|
|
|
They presumably already have a backdoor in the Intel ME code, so I imagine this is just because they want a bios that's actually secure for their internal use.
|
|
#
¿
Jun 22, 2019 18:26
|
|
|
The NSA is supposed to also be doing things that will help US security. It seems like they've been more interested in finding vulnerabilities to exploit recently, but they do sometimes actually do release useful software, like Ghidra. When they're doing stuff to help security, they might as well release the source for reasons similar to other organizations (good PR, getting input from the community may be useful, if they're modifying existing software it might be easier to push it upstream rather than maintain a fork, etc.) They probably tend to be secretive by nature so they may not be that focused on PR in general, but it wouldn't surprise me if the PR effects of the Snowden leaks have made hiring somewhat harder, and releasing cool stuff like Ghidra might help a lot.
|
|
#
¿
Jun 22, 2019 19:14
|
|
|
If they order flowers, immediately call customer service and ask to change the note to say "From, an idiot who doesn't know what his/her email address is."
|
|
#
¿
Jun 24, 2019 20:11
|
|
|
It's sort of like how banks refused to believe transactions could be fraudulent after the rollout of chip and pin in various countries, because even if the cards were stolen the thieves shouldn't know the pin. Except, because of a flaw in the protocol it turned out that it was possible to do a trick to effectively downgrade the cards to chip and signature or something like that.
|
|
#
¿
Jun 25, 2019 03:41
|
|
|
Shame Boy posted:this morning BBC had a story on ransomware that was pretty standard, except at the end they went and interviewed a company that's apparently ransomware consultants or something? where companies will contract the whole "deal with the criminals" part out to them, and they'll try to negotiate the price down and handle buying the bitcoins and stuff like that. seems like a fun job Reportedly most ransomware consultants claim to try to decrypt the files on their own but actually secretly just pay the ransomware authors (a lot of companies/municipalities don't want to pay the ransomware authors, or at least don't want to have to admit that they knew they were paying the ransomware authors). The problem is that now everyone knows that all these local governments are vulnerable to multiple-year-old exploits and will pay tons of money to get their data back from ransomware, which means that ransomware is probably going to become even more widespread in the near future. Incidentally, I think this makes a very strong case for forced automatic updates for software. mystes fucked around with this message at 14:28 on Jun 26, 2019 |
|
#
¿
Jun 26, 2019 14:24
|
|
|
Midjack posted:which would last right up until someone force updates something that breaks an especially critical system, and then force updating goes away forever.
|
|
#
¿
Jun 26, 2019 17:17
|
|
|
Shame Boy posted:e: ^^ no you see a "user friendly system" will detect it and get rid of it and ban the IP address (?) ^^
|
|
#
¿
Jun 27, 2019 16:09
|
|
|
infernal machines posted:where do you think qnap as a company comes from? But it is funny how uploading 100% of your private data, location history, etc. to a server in the US is okay but even pinging a Chinese server is automatically Chinese espionage/treason now. It's also interesting how people are freaking out how AMD licensed it's CPU designs to a company in China because suddenly it's like, "How dare AMD give away American secrets to China?!" Apparently even Americans who are anti-Trump are 100% on board with the trade war. mystes fucked around with this message at 09:53 on Jun 28, 2019 |
|
#
¿
Jun 28, 2019 09:50
|
|
|
|
| # ¿ Mar 26, 2023 05:37 |
|
|
GnuPG is fine for the things most people actually use it for but the whole web of trust thing is dumb so it's unsurprising that someone maintaining the keyserver software would be delusional.
|
|
#
¿
Jun 30, 2019 11:02
|
|