Highly likely to be coincidence. Typically an exposed access key. Exposed password for non-MFA protected console access happens but is less common.
I agree this was a security concern and it was reported and addressed appropriately. With that said as things go this is pretty minor; perhaps a medium severity issue. Information disclosures like this may be leveraged…
The term was used by OpenBSD starting in 1999 for a group of devs getting together for a few days or a week and hacking on specific projects together in person. Not sure about earlier than that but that’s what I still…
The link goes to the press release. The actual advisory (https://www.cisa.gov/news-events/cybersecurity-advisories/aa...), linked from the press release, contains quite a bit more detail. They detail how they have…
Thanks, missed that.
> We're not done with our request payload yet! We sent: > Host: neverssl.com > This is actually a requirement for HTTP/1.1, and was one of its big selling points compared to, uh... > AhAH! Drew yourself into a corner…
This feels akin to excessively auto-completing shells to me. It is pretty awesomely quick when you are starting, but it feels like it has to impact learning/muscle memory which gives you the accuracy and speed in the…
I don't know if this is everyone's reasons but for me it is: - it does too much. doesn't follow the Unix norms of doing one thing and doing it well. things like DNS resolution, time sync, etc all exist as systemd…
This honestly seems like it could be interesting but I don't grok it at all being dropped in with zero context.
The article you linked is from five years ago when the new badges were being initially tested. They have been rolled out for years with color photos. Both styles still work and if you don't go into one of a few big…
That's cool. As another alternative, this is the one I bought at start of lockdown which does everything but the USB-C: https://smile.amazon.com/gp/product/B0851CMHP2/ Not particularly cheap but at least no longer…
I was diagnosed with ADHD almost twenty years ago as a young adult. In my experience learning about how your mind works and spending time to come up with the best system and techniques to keep yourself on task is…
Ah, but there is so much value in fresh eyes. Miod, who has been involved with OpenBSD development for 20 years and has surely seen those function names a thousand times, provided the historical reason (they thought…
That's neat to see. This may not be a big story but as a fan of OpenBSD who doesn't currently have time to read the CVS log I appreciate it. OpenBSD source is one of the cleanest I've had the pleasure to work with. You…
I don't see any additional context but this does appear to be a new thing. Two commits credited to Carmack in the OpenBSD source and they are dated 5/16/2020 and 5/17/2020.
Thank you for even trying to answer my rambles! :-) I think my contention with the iron is the tipping point and how quickly it goes. Pop-sci tv makes it seem like you fused a single iron atom and bam. Maybe it is you…
I'm sure there are great explanations out there but I haven't had time to read up on them, but a few of the space things that always bother me when I watch pop-sci space tv: - "as soon as iron starts to be produced in…
Cool that there are some specialty tools in this space and will use if I hit that performance challenge. Minor nit, I found the performance table (https://github.com/eBay/tsv-utils/blob/master/docs/Performan...)…
I'm sure that will be the case for certain companies. For companies who routinely deal with PII, PCI, or other regulated data the security teams are likely to be much more worried about the potential for sensitive data…
Site doesn't appear to be working in Firefox or Chrome at the moment. No idea what it is supposed to show based on the title.
Mmmkay. Have fun with that. The attempt is also incomplete. I suspect this would miss ranges advertised through AWS's BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoi...) option. It would definitely…
I've worked for a company with a whale client like that (maybe not total shutdown bad but pretty close). The argument for why they never bothered to just acquire the startup was their fear of ruining the agility of the…
Hmm, I'm straining my own analogy already so I won't try to beat that horse any deader. :-) I am mostly trying to argue the positives of centralized inspection at network chokepoints in simplicity and guarantee of…
I don't work for a bank so I can't speak definitively to their applications. A few sample applications I see listed as certificate pinned in Netskope (a CASB) though include: Adobe Creative Cloud Amazon Work Spaces…
The other side of the argument is frequently discounted and as an IT security person myself I understand that. However, there is a real challenge for companies who deal with large amounts of very sensitive data. To be…
Highly likely to be coincidence. Typically an exposed access key. Exposed password for non-MFA protected console access happens but is less common.
I agree this was a security concern and it was reported and addressed appropriately. With that said as things go this is pretty minor; perhaps a medium severity issue. Information disclosures like this may be leveraged…
The term was used by OpenBSD starting in 1999 for a group of devs getting together for a few days or a week and hacking on specific projects together in person. Not sure about earlier than that but that’s what I still…
The link goes to the press release. The actual advisory (https://www.cisa.gov/news-events/cybersecurity-advisories/aa...), linked from the press release, contains quite a bit more detail. They detail how they have…
Thanks, missed that.
> We're not done with our request payload yet! We sent: > Host: neverssl.com > This is actually a requirement for HTTP/1.1, and was one of its big selling points compared to, uh... > AhAH! Drew yourself into a corner…
This feels akin to excessively auto-completing shells to me. It is pretty awesomely quick when you are starting, but it feels like it has to impact learning/muscle memory which gives you the accuracy and speed in the…
I don't know if this is everyone's reasons but for me it is: - it does too much. doesn't follow the Unix norms of doing one thing and doing it well. things like DNS resolution, time sync, etc all exist as systemd…
This honestly seems like it could be interesting but I don't grok it at all being dropped in with zero context.
The article you linked is from five years ago when the new badges were being initially tested. They have been rolled out for years with color photos. Both styles still work and if you don't go into one of a few big…
That's cool. As another alternative, this is the one I bought at start of lockdown which does everything but the USB-C: https://smile.amazon.com/gp/product/B0851CMHP2/ Not particularly cheap but at least no longer…
I was diagnosed with ADHD almost twenty years ago as a young adult. In my experience learning about how your mind works and spending time to come up with the best system and techniques to keep yourself on task is…
Ah, but there is so much value in fresh eyes. Miod, who has been involved with OpenBSD development for 20 years and has surely seen those function names a thousand times, provided the historical reason (they thought…
That's neat to see. This may not be a big story but as a fan of OpenBSD who doesn't currently have time to read the CVS log I appreciate it. OpenBSD source is one of the cleanest I've had the pleasure to work with. You…
I don't see any additional context but this does appear to be a new thing. Two commits credited to Carmack in the OpenBSD source and they are dated 5/16/2020 and 5/17/2020.
Thank you for even trying to answer my rambles! :-) I think my contention with the iron is the tipping point and how quickly it goes. Pop-sci tv makes it seem like you fused a single iron atom and bam. Maybe it is you…
I'm sure there are great explanations out there but I haven't had time to read up on them, but a few of the space things that always bother me when I watch pop-sci space tv: - "as soon as iron starts to be produced in…
Cool that there are some specialty tools in this space and will use if I hit that performance challenge. Minor nit, I found the performance table (https://github.com/eBay/tsv-utils/blob/master/docs/Performan...)…
I'm sure that will be the case for certain companies. For companies who routinely deal with PII, PCI, or other regulated data the security teams are likely to be much more worried about the potential for sensitive data…
Site doesn't appear to be working in Firefox or Chrome at the moment. No idea what it is supposed to show based on the title.
Mmmkay. Have fun with that. The attempt is also incomplete. I suspect this would miss ranges advertised through AWS's BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoi...) option. It would definitely…
I've worked for a company with a whale client like that (maybe not total shutdown bad but pretty close). The argument for why they never bothered to just acquire the startup was their fear of ruining the agility of the…
Hmm, I'm straining my own analogy already so I won't try to beat that horse any deader. :-) I am mostly trying to argue the positives of centralized inspection at network chokepoints in simplicity and guarantee of…
I don't work for a bank so I can't speak definitively to their applications. A few sample applications I see listed as certificate pinned in Netskope (a CASB) though include: Adobe Creative Cloud Amazon Work Spaces…
The other side of the argument is frequently discounted and as an IT security person myself I understand that. However, there is a real challenge for companies who deal with large amounts of very sensitive data. To be…