This is such a powerful poem. Very apropos at this junction in world history.

@wyliecoyoteuk yeah. My core home router is a mikrotik. They’re surprisingly powerful for being so affordable. But they have quirks. I can’t, for example, figure out how to do site-to-site VPN with AWS, despite all the blogs that describe how.

The only thing I am”legendary” at in is dying early.

Paco Hope boosted

Americans are at such risk of identity theft. The fact that there are DOZENS of companies, each with its own opt-out hoops to jump through. There are no laws to protect people. So invasive of #privacy.

@m4iler I do all my coding in visual studio on macOS. I’m shocked at how good it is. I can’t imagine doing real work in vi, much less noticing the nuances of different flavours of vi.

@balibebas no. I’m saying that the RSA conference is a marketing fluff waste of time. It’s not the least bit scientific. I don’t think there’s any connection between that and immigration decisions. My objection was to the idea that this was an example of a “science” conference. The immigration issues are self evident and I’m not really talking about them. This is the flagship conference in my industry and we all groan and roll our eyes at it.

@maxeddy It’s also time to rethink what we call a “major scientific conference”. hasn’t been that in a decade or more. It’s laughable to call it that.

@fallenhitokiri There WAS a lock picking village at the conference. But that’s about as close to Oceans Dundee as we got. :)

@JohnsNotHere As @qsrmvt said, it’s a zip file. If you know there’s some alternate text “foo” in the doc, do:
unzip doc.docx
grep -ril foo *

Now you know which XML file “foo” appears in. Open that file and look at it. Depending on your purposes you either need to use an xpath search utility or just grep. I don’t know whether you’re trying to do this once, so any quick hack works, or whether you’re trying to solve this at scale so you need precision and detail.

I just spent the day in Dundee, Scotland at . If you are looking for the best talent coming out of UK universities, this is the con to go to. They’re such great kids, incredibly clever, and the conference is a great time.

After the con I always pull out a box of cigars and we have “cigar-itay”.

Brexit UK politics Show more

Paco Hope boosted

Worst feature ever: Netflix’s brutal automatic preview. It’s so against the user that is clearly designed to be that way.

@m4iler This is important. I agree with you. It’s all in intent. If you MEANT to mis-gender someone, you’re an asshole. But if you do it accidentally and you don’t mean harm, it should be a forgivable offence.

@tinker The case against NTLM was made a decade ago. The fact that it went from double digit hours to single digit hours isn’t going to motivate someone who wasn’t motivated by all the other sound reasoning. As I said, if they are knowledgable of the risks, and yet somehow still comfortable running NTLM, this isn’t going to change their mind.

Paco Hope boosted

OK. Just saw someone posting "8 Character Passwords are Dead"

To support this they say how a 2080Ti GPU has passed 100 Billion guesses per second and how that means in 2.5 hours they can try every single possible password.


That's in the case of NTLM hash. A notoriously bad hash that has *no* *salt*. Even more ridiculous, because the NTLM hash is just as good as having the password. You don't need to crack the hash.

Yes, 8 character passwords should be dead, but this is bogus.

@tinker my main disappointment with people demonstrating has strength on NTLM hashes is the same as when a pen tester tells me they got my /etc/passwd file. That hasn’t been an important security control for decades. It’s like cracking single DES passwords from 1974 unix systems. If, in 2019, NTLM hashes are protecting something important to someone, the fact that they are easier to crack is not their big problem.

Super cool and simultaneously creepy. It’s now an arms race between things like fingerprint scanners and facial recognisers and GANs.

@r000t I agree. The social media tools are too easy to abuse. The difference for me is that if you turn my ISP on me, then all my web sites, email, everything gets clobbered. Losing a social accout is not as pervasive. The only saving grace is how much harder it is (for now) to cause that kind of trouble.

@r000t I’m sympathetic. This sucks. But you can get banned on your own equipment. They send the complaints to your isp who is probably just as hamfisted as YouTube. You can have that cut off just as easily. Whether it’s a VPS or a business DSL line, all of it can be attacked this way. It’s just YouTube’s automation that makes it particularly bad at this moment in history.

@gcluley Like what? Something you know: a password, plus something you are: loud snorer ?

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.