User Controls
Posts by Sophie
-
2022-11-03 at 4:44 AM UTC in ebin graffik design thread for my ππ π― [some reposted material]Granted you're not running a hardened browser it could be as quick as forcing it or tricking you into opening a special web page. And before anyone says "but sophie browsers are sandboxed" yes, yes they are. Doesn't matter. We can go from webpage to dynamically built payload -> sandbox escape -> sRDI injected reflected position independent shellcode -> live in memory -> load in everything we need like kernel primitives until we can steal user tokens. Steal the NT Authority/System token. Bingo bango bongo, game over.
-
2022-11-03 at 3:32 AM UTC in wish me luck guys
-
2022-11-03 at 3:31 AM UTC in Someone with Twitter should hit up Kanye and get him to join NISI could have sworn i heard someone say something about hacking and scripts just now.
-
2022-11-03 at 3:30 AM UTC in If u post ur password in this thread it will dissappear fr frBonkers i tell ya.
-
2022-11-03 at 3:21 AM UTC in ebin graffik design thread for my ππ π― [some reposted material]
Originally posted by Meikai Maybe if I get better at java one day I can accept this offer tho, on the condition that you write it in java and hand it to me uncompiled.
EDIT: Embarrassing mistake was briefly made for the span of 2 seconds before common sense and google corrected it. Sadly, my ninja edit window closed during those 2 seconds. FML.
You're going to become The Javatar, and i am going to look upon what you will wreak with pride. And it would be my great privilege to one day write a program together, in the spirit of cooperation, in the spirit of friendship. -
2022-11-03 at 3:10 AM UTC in ebin graffik design thread for my ππ π― [some reposted material]
Originally posted by Meikai For what it's worth, I actually am more inclined to trust you than anyone else I know who could credibly make me a similar offer. And I figured you weren't offering to write me something malicious in hopes that I'd accept the offer and use it against myself.
I might honestly be the evil one here, like… if I were you, I'd include a little something. You know? A lil something to make it easy to mess with them. Just in case. What if I ever became big mad with the person in the future? No harm preparing for the possibility. "I'll probably never use it", I'd tell myself. "It's benign, harmless, accessible only to me - it's a stretch to even call including it malicious!" And if I do decide to use it, they'll deserve it! So including it is only harmful if they deserve it, in which case I should include it. That's how I'd see it and what I'd do in the case of people I like.
If I was even just ambivalent towards them, I probably wouldn't be able to help myself from actively messing with them a little in "harmless and fun" ways, just for being silly enough to run whatever I wrote. They'd deserve it. I will not speak of the depths I'd go to if I actually hated that person, because my ignorance makes it impossible to do justice to the level of harm I would seek to cause.
And like I said: the only kind of defense or security I'm capable of having an effect on is social engineering stuff. Even though you wouldn't need me to manually run a program, it's still not in my interests to accept such an offer. For the same reason it's not in a loving mother's interests to take a pill which will make her want to kill her toddler, or even just make her open to the idea of killing the toddler. My computer is my baby and while I might not be strong enough to protect it from every threat, it's exceedingly easy for me to protect it from myself by simply… not becoming willing to become a walking talking ACE exploit.
Having one foot in the door as it were just in case, means you're not acting in good faith when presenting someone with what amounts to a gift of time and effort. Speaking of time, having one foot in, would save me approximately a minute or two. And if you are going to open the door anyway, you might as well walk in and pop their box right then and there, set up persistence, and simply connect when you feel like it. I believe in reciprocity, i need a good reason to A) violate your trust B) Turn you into a Borg drone. Like i was alluding to, should i open the door i'm not gonna leave it open and walk away snickering to myself, no, i'm coming in. Half measures are no measures.
Also if i were to operate on a "just in case" mode of behavior, what's stopping me from turning everything i touch into another drone. -
2022-11-03 at 2:47 AM UTC in Password managers
-
2022-11-03 at 2:46 AM UTC in Password managers
Originally posted by aldra yeah, but when you're using keys to protect keys one of them will eventually have to be stored plain and I couldn't memorize a 32 char mix of upper, lower, symbols and numbers.
I guess I could've stored it on a usb stick or something but didn't want to risk losing it
Passphrase as compromise, you can very easily remember a sentence that has more than 32chars, also, use special chars and upper/lower case according to a little scheme. For instance first letter is always capitalized, skip changing the next three then capitalize or if it's an A change it to an @.
Obviously more vulnerable to mutations than totally random but you can remember it. Which is infinitely better than storing it as plaintext. -
2022-11-03 at 2:34 AM UTC in Password managersYou need to have it hashed and salted at the very least.
-
2022-11-03 at 2:33 AM UTC in Password managers
-
2022-11-03 at 2:27 AM UTC in Password managers
Originally posted by Kafka I keep mine
As a rule you don't want to share how you do passwords. All the information about how you structure passwords can be used to configure something called a mutator. A mutator will take a long list of words and change each word according to a set of rules/patterns i give it. The more i know about your passwords the better the rules will be; increasing my chances of cracking your password. -
2022-11-03 at 2:21 AM UTC in Password managers
Originally posted by AngryOnion Ya I know tonight I had to come up with three passwords for one company log in bullshit.
One for punching in one for training and one for workday bullshit.
This shit is just not manageable.
And this was just for a new part time job WTF?
I also have to keep track of my other jobs login bullshit to.
As a compromise you could get an app, a text editor that can encrypt the textfiles you write with it. Then just keep a set of text files like: CompanyA pass1 pass2 pass3 and a separate one for CompanyB etc. This way all your passwords are neatly organized, and decently safe -if the text editor employs the crypto API properly-. -
2022-11-03 at 2:15 AM UTC in Lanny, Can you limit Private Message sentYou redacted one PM sender, i am now more curious about the mystery messenger than i was before looking at that screencap.
-
2022-11-03 at 2:12 AM UTC in Indians successfully stress-test bridge
Originally posted by vindicktive vinny they only respect violent forces.
they shit in the street not because theyre too poor to construct toilets.
its because its less of a hassle.
Street shitting takes the proverbial cake, but i know for a fact you can't flush toilet paper down the toilet anywhere in Chiner. The poorest EU countries have better toilets than the whole of China. -
2022-11-03 at 1:57 AM UTC in Password managers16 digit upper/lower case plus special character, preferably scrambled as in randomized is pretty good password policy. If i ran systems in an enterprise setting i would force workstation level users to use a similar policy just to get permission jailed user session going. Gotta log into anything else? 2 factor auth with a time based/HMAC one time key, every time.
An inescapable problem with saving passwords even in encrypted form is that when your master password gets popped you're basically fucked.
Password managers automate password generation, and will remember the passwords for you and even store them securely. But you'll probably have a master password you ought to make hard to crack and that one you need to store in your brain. -
2022-11-03 at 1:43 AM UTC in Wozny is a softie who will not commit sex crimes again.
-
2022-11-03 at 1:24 AM UTC in Quantum communications and why we are alone in the the universe.
Originally posted by β β β β β β Zok made a site-wide rule which stated that if anyone posted the personal information of another member, they would be banned, but then he let his anti-Totse mods doxx users they didn't like, and they were too afraid to report it, so I made a fake Facebook account and moved some details from a random profile into it, then leaked some crumbs to it to the nazi mods. They bit, and broke the PI rule, so I brought it to zok, and he asked me to confirm the Facebook account, which I did. The mods were then banned. Everybody already knows not to mess with me. TheDarkRodent here has been harping on that rused account for years, not at all realizing that's not me. Ironically, I found him, with absolutely nothing to go on, in about an hour, nose hole and all.
The only time anyone got in trouble for targeting you was that one time when Lanny gave you 40k infraction points. I saw it happen and since i was super mod at the time i could infract normal mods with a "disobeying an administrator", for 5 points so two of those means you're banned. I told Lanny to stop gave him one of those, then he stopped. I wasn't comfortable outright banning him, but Mizled quickly made that the decision when she saw the shit show in the logs. -
2022-11-03 at 1:02 AM UTC in Military Genius Zelensky wants Ukrainians to throw molotovs at Russian tanks
-
2022-11-03 at 12:47 AM UTC in What are the chances an average person can identify a fake gun
Originally posted by Speedy Parker It doesn't matter to me. If you pretend it's a gun I'll pretend right along with you and respond with the appropriate level of violence.
The collective you so relax…
Fair. You shouldn't even have to consider whether it's real or not. The intention is to threaten with death in order to at the very least steal property. If a person threatens death, and they seem to have what looks like a gun, why would you even risk it. You take care of the problem as soon as you have the opportunity to do so. -
2022-11-03 at 12:33 AM UTC in Psychopathic/Narcissistic Scale: A Discussion