Search results

I really didn't like the final season, especially the second half. I think a lot of it is because it's a nostalgia series and I just don't have any nostalgia for 80's movies/series. What really irked me was that it was clear the show had no direction, all of the upside-down as a wormhole, the...

Interesting that the attackers would try to extort Salesforce, but expecting them to pay for their customer's lax security is a real long shot. Certainly you'd have better odds of getting the affected companies to pay up, especially when asking for such a large amount.

I'm intimately familiar with a financial services company with billions in AUM that patched this earlier this year, almost certainly in response to this breach. They at least enforce strong password requirements on service accounts by policy, hopefully in practice, so it sounds like they were...

US is gonna get wrecked by AI. These workers were only offered their jobs back because the union members reported that they were working overtime because volume had not declined. In the US, where none of these jobs have been unionized, corps will just overwork the remaining employees and never...

Ouch, I'm not sure this a downgrade attack either, seems more like a bug in Okta's implementation. This was definitely a big concern around passkeys in general. Part of what made FIDO so secure was that the key can't be transferred between devices, but that also made it really easy to lose. The...

On top of this, with only 20-40 cases annually in the US, the value proposition is tiny. It's a lot easier to control the disease through behavior, much like food safety rules.

Certainly sounds like an excessive amount of MFA checks, but the reason they are running additional verifications is to protect against session jacking rather than SMS interception. This is essentially what they are doing...

Doesn't look like Gaetz is getting confirmed: https://apnews.com/article/gaetz-trump-fbi-justice-department-248b46ba0c882dd46d661568e8bd3bd7 Looks like the revolving door of Trump appointees has already started spinning, get ready for four more years.

A lot of people need to turn in their nerd card: https://itsfoss.com/gnu-linux-copypasta/ HTTP is still the protocol used in an HTTPS connection, the S just denotes that the connection is secure. Seeing as words have specific meaning, did you not consider that HTTP was used specifically to...

Do they want to go back to hybrid, or do they just need an on-prem directory? If they just need an ldap endpoint, there are several options (AADDS Secure LDAP, SCIM -> SCIM gateway -> LDAP/AD, or routing through a third party identity solution). If they need it to be a true hybrid AD and all of...

Yea, this is what kills me. Did they not run this feature by a single person in security? Its password reset 101, only send to previously known emails.

Okta and Entra do have approximate feature parity, but Microsoft's security is so abysmal I would never willing choose them. The CSRB report was particularly damning of Microsoft's security culture. Okta's breaches have been fairly minor in comparison, but at least Okta has taken responsibility...

Can't put the government in jail for murder.

This was my first thought, it's an artificial image generator, not a historical reference, don't expect it to be historically accurate.

I'm also curious if the shape of the lid would help reduce the spray. I can see how a flat lid would direct the spray sideways out of the toilet, but I'm think a bowl shaped lid would capture the plume and would lead to much less spray.

I assume these were pretty shitty people to begin with and were just looking for an excuse to terrorize and abuse some people, Ebay just gave them cover. Edit: The point is that these people didn't behave this way because they were trying to give 110% to their job, or that they tied their...

It's not mentioned here, but in the Kreb's article, BeyondTrust detected an attempt to use the stolen credentials about 30 minutes after uploading the har file to Okta support, so the attacker was stealing data in real-time. No idea how long they might retain old data though.

Yes, TOTP QR codes are just convenient ways to set the seed, and saving a picture of the QR code or writing down the seed value can allow you to backup the enrollment. I don't like TOTP, there numerous ways to defeat TOTP, and FIDO2/passkeys are obviously the future. The point is that shifting...

No idea how much stock factory employees were getting, but I assume at least a few factory managers were getting decent stock options or good discount on employee stock purchase program. But pre-2020 stock was trading at ~$20 so it would only take 2500 shares (valued at $50k in early 2020), and...

From what I can see, MS authenticator only syncs personal accounts, it explicitly excludes work and school accounts. Seeing as Kodesh declined to comment on the second code that was provided, I have a feeling that the password + first code was to log the user into Okta, and the second code was...