|
Quote: but businesses are still not ready for it, survey shows If only business were not ready...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
2024 Java Developer Productivity Report finds most companies plan to add Java developers this year, though most tool budgets not rising. Java developers say Java's great. News at 11.
|
|
|
|
|
Where? Who? How much?
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
Researchers herald new system as key step to an "infinite generator" of training data. Never mind image generation, we now have game generation
|
|
|
|
|
Quote: when AI watches 30K hrs of video games I hope they do not feed data from Call of Duty, Counter Strike and all other human vs human shooters
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The engineer found that Copilot Designer generated disturbing scenes that have gone unaddressed by Microsoft, CNBC reports. That should go over great during his next annual review
|
|
|
|
|
Microsoft said that the use of CodeQL will eventually analyze 100 percent of its commercial products. Security in the future, for what wasn't in the past
|
|
|
|
|
I hate CodeQL, flags WAY too many false positives about injection.
Warning! You have injection into your LOGGING message!
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
Kent Sharkey wrote: Security in the future, for what wasn't in the past From not checking anything to disturb you to the point you are not able to work anymore.
Nice evolution.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Building a cross-platform application is challenging. This is where Uno Platform becomes essential. Because it's #1?
|
|
|
|
|
|
MarkTJohnson wrote: There's a card game call Uno and you have to announce Uno when you lay down your penultimate card.[^] My kids love it
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. In case you have more than zero trust with the NSA
|
|
|
|
|
Kent Sharkey wrote: is sharing new guidance and probably asking you to install / run something to check for vulnerabilities.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
|
First two sentences of that article just blow my mind!! 🤯🤯🤯
Forbes said: [1] Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise. [2] Recently, a security researcher discovered an unsecured database on the internet containing millions of such codes, which could be easily accessed by anyone.
1. "They" (almost every company out there) give us no other choice but 2FA via text
2. It is obvious that devs have no idea what they are doing. Why would the codes be in a freaking DB? They should be generated on the fly and expire very quickly. It is obvious that companies have no idea what security even means and they assign security solutions to devs who have no idea what they are doing.
And, oh, here's a meme I creatd for 2FA : https://i.stack.imgur.com/R6EvV.png[^]
|
|
|
|
|
raddevus wrote: Why would the codes be in a freaking DB? I think they would need to be persisted to a database due to the challenge of maintaining a large in-memory store across geographical boundaries.
raddevus wrote: They should ... expire very quickly. Agreed. A cron job should delete them from the database as they expire.
/ravi
|
|
|
|
|
Ravi Bhavnani wrote: I think they would need to be persisted to a database due to the challenge of maintaining a large in-memory store across geographical boundaries.
I was thinking about this myself and there is a way around it that isn't that difficult -- a solution that makes it so they never have to store codes.
1. They could generate SHA-256 hashes based on time and some other salt.
2. Then they can either:
2a. return 6 chars of the SHA-256 (from anywhere within the 64 character hex-based hash) -- this would be the code that the user would type into the form to verify. Later the server side would just generate the hash again and match to the 6 chars that the user typed.
2b. or calculate a number from the sha-256 hash
The point here is that they use a reproduceable method for generating a sha-256 hash so that they don't have to store values anywhere.
Since these codes would expire within 10 minutes it is unlikely a hacker could recreate the hashes in time anyways.
There are definitely ways -- that aren't that difficult -- so they don't have to store these codes in a db.
it would be very similar to the old key fobs used for vpn sign on. see image[^]
here's a wiki article about them: RSA SecurID - Wikipedia[^]
The vulnerabilities are man-in-the-middle attack but that is true for the other codes too.
modified 6-Mar-24 13:27pm.
|
|
|
|
|
The database is of codes that were used. They are expired.
|
|
|
|
|
Joe Woodbury wrote: The database is of codes that were used. They are expired.
oh, what!?! How do those expired codes matter?
I'm completely confused!
|
|
|
|
|
Forbes wrote: Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise I am more for: The problem is not the SMS per se, the problem is the way the codes are generated and validated and the SIM duplication / phone clone (vendors fault)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The Lost Universe offers a free deep-space adventure that can be adapted to your favorite TTRPG system. Roll D20 to launch
|
|
|
|
|
Kent Sharkey wrote: Roll D20 to launch and 5D20 to land (and stay straight)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Why do we spend so much time on a process nobody wants? If you’re doing it right, the performance review process should be unnecessary. No one *needs* them
Middle management *wants* them, because it gives them an actual purpose in life.
modified 8-Mar-24 12:26pm.
|
|
|
|
|
Exactly. Everyone is being reviewed every day.
|
|
|
|