Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 0 Posts
  • 34 Comments
Joined 1 year ago
cake
Cake day: March 27th, 2024

help-circle
  • I work on a computer at a desk all day. I’m do penetration testing and red team operations, so I spend a fuck ton of time doing training and development courses and labs which usually just involve typing a bunch of shit into a terminal window, both during work and on my own time (I genuinely enjoy it, it’s not a shitty workplace colonizing my off time situation), and I’ve played games my entire life.

    Idk I’ve never had this problem. Screens recharge me, it’s people that drain me. I’d have the same flipped question for product vendors that are always at conferences and stuff, or business insurance sales people, just wondering how they get through all these small talk conversations, sales calls, dinners with clients, etc., without a chance to just sit behind a screen and answer people at whatever pace they need.

    Oh. I have a variable height desk I got from DeskHaus. I love it. I’m standing a fair amount of the time I’m working. I have a decent SteelCase chair I bought during the beginning of covid. I got it from a refurb reseller, but even brand new it’s not their nicest chair, but it’s expensive enough and holding up well enough that I don’t see a reason to replace it yet. Standing through the workday helps me not feel exhausted and tired of sitting in the same chair for 12 hours since I haven’t been.




  • I understand the inherit issues/limitations with PGP, but this would be a non-issue if services just stored messages encrypted on disk internal to prevent leaks in case of a breach, but were otherwise unencrypted, and everyone just sent messages like: -----BEGIN PGP MESSAGE-----\nVersion: GnuPG v2.2.0\nhQEMA+gAAKCRBKxZ12345678EBAAIAAAQABAoAB+P/234567890-=+QWErT\n... (a long string of seemingly random characters) ...\n=sdfsdf\n-----END PGP MESSAGE-----

    A lot of the issues with PGP would go away if applications had first party support for encryption and decryption with personally managed keys. You’d still have the issues that come along with personally managed keys though, but if the alternative is every government can compel central services to hand over managed keys, I’m fine with yelling “skill issue” at people who permanently lose access to all their messages.







  • Recommending that somebody upgrade their hardware that is currently working fine because your hardware took a dump is the literal definition of anecdotal evidence.

    I’m not saying that you did anything wrong by updating, I’m saying that you shouldn’t be implying that your experience “dodging a bullet” means other people have bullets coming at them.

    When does it stop btw? How many years old does hardware have to be for you to feel like you need to upgrade when nothings wrong? (Am I misinterpreting what you said? I thought you said you ordered new stuff before your current system threw a bsod.) Why not buy two of everything when you upgrade and just have cold spares lying around?

    To be completely fair though, a 3600 is prolly a bit long in the tooth for certain games, if that’s what you do. I mainly play the finals and I’m having to fight the urge to upgrade my 5800x. It’s good enough, but a 5800x3d isn’t enough of an uplift to justify it and the current performance isn’t bad enough to justify the price of an upgrade to a new socket. I feel like if I was still on a 3600 I’d have pulled the trigger on the upgrade already.

    Edit - Also that can absolutely be a transient error. It can be related to too high fclk and/or vsoc voltage, etc. But you’ve already replaced the parts so it doesn’t matter.


  • No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

    Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.






  • That’s what the blocking vouchingedit system is for though, right?

    And while I understand where you’re coming from, what would you do to prevent the following hypothetical?

    A vote to defederate from a community causing active harm in the real world is started, say some group like 7*4 spins up a Lemmy instance after dealing with discord bans. I’m a member of that group. I throw up tasks on fiverr to have people create local db0 accounts at scale, then vote against the action against my server. These are real human created accounts, not bot accounts, not being created through the same vpn, by the same user, in the same country, etc.

    How do you stop the vote manipulation that will occur? You have no way of differentiating those accounts from your regular users.