mozilla :: #security

19 May 2017
00:01Peng_I'd bet a beer that a vulnerability will be found someday, but not a six pack :P
00:04IntelaBitelet me tell you about a global beer threat
00:05IntelaBiteThis is a global threat
00:06IntelaBiteand dont pour it on your head and start licking your lips please
00:06IntelaBitefucken gross
00:13IntelaBite[WM]A hacking attack bigger than WannaCry is quickly spreading:
01:28kpcyrdok, a more ontopic question: if somebody would build a website that distributes malware samples for researchers to analyse them, what should it do to prevent it getting flagged by safe-browsing?
01:30kpcyrdhaving samples in encrypted archives in a login-only area to make sure nobody browses there by accident seems to be the best bet, but cumbersome to use
01:36kpcyrdyou certainly don't want regular people to click on bad files, also avoid getting flagged by your hoster or browsers, but still allow researchers to download files collected by honeypots
03:21IntelaBitequarantine upon solving is better the re analization. technically reanalization of a solved error tends to be a resecurity risk
03:22IntelaBitebest i dont personally need to educate into the codes that do wrong. if one never learn the chances of one being a risk is less in spans of time
03:23IntelaBitethe idea is that codes that do things in positive are the ones worth learning
03:23IntelaBiteand less of a waste of "time" depending on how one sees the "word"
03:24IntelaBite2 years to make it and 10 behind bars = 12 years wasted time
03:28IntelaBiteno matter what with the last attack it will have points of origin on peaces of it.. point is is the way they did it ends up being a problem sence it put people at risk anyway.. alittle far for a practical joke
03:31IntelaBitebut stuff like that dont effect me so its still whatever
03:33IntelaBitefrom spam level i had to put like 15medias and 20 security companys on tempoary timeout though lol
03:41IntelaBiteshit even for employees leting "it" go wild with shit ends up being just a psychological threat for both custumers and employees
03:42IntelaBitestill one of the no offence but very real middlefingers i got to the bitcoin operations
03:43IntelaBitefunny how they wanted to advrotize there company mid time from of the spamming of it
03:43IntelaBitejust all looked low class to me
03:43IntelaBiteall that shits bs to me
03:44IntelaBitewell bbl
03:44* IntelaBite teleports
03:45IntelaBitelol even if you had offencive web weapons the secret is you dont ever have to use them because someone else is going to do some crazy ass wierd shit anyway
03:45IntelaBitebut for real bbl
17:02davidwalshkang: andrew: With regard to Flask-pyoidc, it would be nice if we could add some sort of functionality to make logging easier; i.e. knowing when the user has been logged out. At present, the oidc_logout decorated view must have its session info cleared out before we can log which user has been logged out
17:02andrewIt has basic stream logger bindings it it
17:02andrew*in it
17:02andrewIf you initialize a regular logger you should get the outputs
17:03andrewOf course ... we ( infosec ) get the auth0 logs for user logouts and what not. So we see all that anyway.
17:05davidwalshandrew: Ahh, nice
17:06andrewkan.g and I are doing a bit of an overhaul on our fork right now
17:48kangdavidwalsh: logout is a difficult thing to achieve with sso - because most SaaS dont do it anyway so it sets wrong expectations from users
17:48kangthey dont always understand either that if you logout "SSO style" you're logged out of auth0 but if the app has only local logout, you're not
17:49kanggenerally i suspect its easier to just send people to though your mileage may vary
20 May 2017
No messages
Last message: 127 days and 6 hours ago