Re: Those damned reboots
And count yourself lucky if it's only 1 reboot necessary and not 2 or 3!
864 publicly visible posts • joined 7 Jan 2015
Anyone involved in Vulnerability Management cares very much about the CVSS rating, because they use it to determine how quickly they need to patch their machines. When downtime costs you money, you don't want to be forced into a rushed patching operation because a vuln was incorrectly assigned a High or Critical rating.
That's what bothers me with these events. How many of these bounty hunters sit on critical vulns for months waiting for the right moment to disclose them and cash in the rewards? Bug hunters should have an incentive to find vulns and be rewarded for it immediately - and it's good to see many companies have such a policy in place - not just a couple days a year.
"The US State Department will offer $10 million to anyone who can provide it with information leading to the identification or location of LockBit's leadership team."
So when they were teasing us with a "Who is LockBitSupp?" countdown on the pwned Lockbit website 2 days ago (Pic), all they meant was they would announce the bounty offer? I was hoping for a real info there.
Consulting: If you're not a part of the solution, there's good money to be made in prolonging the problem (Despair, Inc)
That would be the first hurdle cleared, yes. Next you'd probably have to overcome other controls like threshold validations if you start asking for payments in the millions, but again all this depends on the maturity of the organization you are targeting in terms of payment security.
First, it's not stated that the company itself was a financial institution, only that the victim worked in the finance department.
Second, I think you underestimate today's existing controls in the finance sector. Payments can only be made to referenced accounts, which require extensive KYC procedures and multi-level validations. If someone pretending to be a client asks you to change their payment details, you are supposed to call them back on a trusted phone number (e.g on the company's website) to validate the legitimacy of the request. I've seen multiple occurences of email or phone scam attempts being foiled by users following procedures and engaging their brains. I'm afraid non-banking institutions don't operate yet at the same level.
Nah, butter has almost nothing to do with which side the bread lands on.
It's essentially due to the height of the table and the speed at which the toast is pushed that prevent it from performing a full flip. If the table is 10-ft high the toast will be more likely to land butter-side up.
"What happens when other sites (Google, FB, ChatGPT, et. al. as mentioned) offer ways around age blocks?"
I don't know, let's see:
PornTube homepage: "Hey, we need to check your age before we let you in, but you may be interested in this shiny VPN" ==> illegal
VPN provider homepage/Google ad: "Install this and say goodbye to age checks on YouSmut" ==> legal
It's a moot point anyway, porn sites won't even bother promoting bypass solutions when a simple Google search will give you all you need in a few clicks.
"Laws made to generate votes are generally a bad idea and this is no excpetion."
No sane person on this forum is doubting this.
The way I understand it, this may not be the very first flight, but still a practice test, hence the high-risk qualification by NASA. There's no way the New Glenn rocket will have performed enough test flights by August to take on the ESCAPADE satellites as a full commercial payload.
It is open-source, is not owned by a company and has been audited and recommended by several national security bodies.
It is an offline, standalone tool but offers sync features with most online storage provides (Google Drove, Dropbox, Onedrive...) if you want to use them - or not if you're paranoid.
You can protect the database with a master password, a keyfile (random file that you keep separate from your database) or Yubikey.
Keepass keeps a history of your passwords, and its Autotype features allow you to input any number of TAB, ENTER keystrokes to navigate between the input fields, with delays to take into account paghe loading times. Of course every now and then you need to reconfigure because the provider has redesigned their login page, but I can live with that.
The only difference is whether it takes a few seconds or a few minutes to find it
I'd like to see a source for this.
A 12-digit password combining uppercase, lowercase, digits and special chars gives you 10^22 combinations. Assuming a compute power of a trillion (10^12) combinations per second, it would take roughly 400 years to try them all, so on average you'll crack that in 200 years.
NIST dropped that requirement a few years ago, and at corporate level we're starting to see implementations of new authentication methods (biometrics, PINs, HelloForBusiness) which ultimately will lead to the disappearance of the password, or at least its quarterly rotation (which generally consistis in incrementing the last character, so provides no additional security).
So far Starship carries no payloads, this is way too early, so there's nothing to insure.
Once SpaceX have had a few successful tests, we'll start seeing candidates happy to risk their payload for a reduced fee, though probably still uninsured. Then when the reliablity improves, commercial missions will become a reality and insurers will be happy to take on the payloads as the risk has gone down.
>> 1) You own the car, and it retaining your information is no different than it being stored on your phone, PC, etc.
> Except the maker / dealer / service tech / government can read the messages and you didn't know
How does that differ from it being stored on your phone/PC..?
First rule of AWS IAM: delete access keys, use roles to give temporary privileges to resources. Then, if you need specific credentials, store them in ParameterStore or SecretsManager. There is absolutely no reason to store credentials in clear text in your code, especially if you make it available in GitHub.