Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 0 Posts
  • 33 Comments
Joined 1 year ago
cake
Cake day: March 27th, 2024

help-circle


  • I understand the inherit issues/limitations with PGP, but this would be a non-issue if services just stored messages encrypted on disk internal to prevent leaks in case of a breach, but were otherwise unencrypted, and everyone just sent messages like: -----BEGIN PGP MESSAGE-----\nVersion: GnuPG v2.2.0\nhQEMA+gAAKCRBKxZ12345678EBAAIAAAQABAoAB+P/234567890-=+QWErT\n... (a long string of seemingly random characters) ...\n=sdfsdf\n-----END PGP MESSAGE-----

    A lot of the issues with PGP would go away if applications had first party support for encryption and decryption with personally managed keys. You’d still have the issues that come along with personally managed keys though, but if the alternative is every government can compel central services to hand over managed keys, I’m fine with yelling “skill issue” at people who permanently lose access to all their messages.







  • Recommending that somebody upgrade their hardware that is currently working fine because your hardware took a dump is the literal definition of anecdotal evidence.

    I’m not saying that you did anything wrong by updating, I’m saying that you shouldn’t be implying that your experience “dodging a bullet” means other people have bullets coming at them.

    When does it stop btw? How many years old does hardware have to be for you to feel like you need to upgrade when nothings wrong? (Am I misinterpreting what you said? I thought you said you ordered new stuff before your current system threw a bsod.) Why not buy two of everything when you upgrade and just have cold spares lying around?

    To be completely fair though, a 3600 is prolly a bit long in the tooth for certain games, if that’s what you do. I mainly play the finals and I’m having to fight the urge to upgrade my 5800x. It’s good enough, but a 5800x3d isn’t enough of an uplift to justify it and the current performance isn’t bad enough to justify the price of an upgrade to a new socket. I feel like if I was still on a 3600 I’d have pulled the trigger on the upgrade already.

    Edit - Also that can absolutely be a transient error. It can be related to too high fclk and/or vsoc voltage, etc. But you’ve already replaced the parts so it doesn’t matter.


  • No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

    Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.






  • That’s what the blocking vouchingedit system is for though, right?

    And while I understand where you’re coming from, what would you do to prevent the following hypothetical?

    A vote to defederate from a community causing active harm in the real world is started, say some group like 7*4 spins up a Lemmy instance after dealing with discord bans. I’m a member of that group. I throw up tasks on fiverr to have people create local db0 accounts at scale, then vote against the action against my server. These are real human created accounts, not bot accounts, not being created through the same vpn, by the same user, in the same country, etc.

    How do you stop the vote manipulation that will occur? You have no way of differentiating those accounts from your regular users.