Pages: 1 [2] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Linus Gorp
Ministry of Propaganda and Morale
1585
|
Posted - 2017.06.18 06:18:50 -
[31] - Quote
Aedaxus wrote:OpenSSL = Open Source Keepassx = Open Source
Heartbleed was caused by lack of funding. No, it wasn't insufficient funding. Every software has bugs and closed source software is far more dangerous in that regard than open source software. Let alone that closed source software can not be trusted by design.
I don't feel like wasting my time on educating you about why you're wrong.
When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
|
Aedaxus
Digital Zone Corp
85
|
Posted - 2017.06.18 08:00:22 -
[32] - Quote
Linus Gorp wrote:Aedaxus wrote:OpenSSL = Open Source Keepassx = Open Source Heartbleed was caused by lack of funding. No I guess the development team of OpenSSL disagrees with you but as you are probably more security skilled, who are they to question your general x is more secure than y without any arguments backing it up right?
http://heartbleed.com/ "What can be done to prevent this from happening in future? The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the OpenSSL project."
Linus Gorp wrote:NSA pwnage is bound to be found in both. OMG You are some badass security guy, NSA has "pwnage" ! They should have used that pwnage against those "Russian Hackers" :D Right
Linus Gorp wrote:They've also had spyware code in the Windows Kernel since at least 1999. Imagine that i'm some tinfoil hat wearing freak... just imagine, out of all the people you could nonsense your way out with the load of unsupported general blabla you spew you choose to arguewith me... How come that when I put the windows updates off and some other services I don't need ZERO information passes my router to the internet. Now you'd blab about _your_ router but why don't you have passive and active scans and reporting and logging like me ? If you would you could know that IF NO PACKETS GO OUT they can't spy on you. I'm sorry that I spend my time talking to some security wannebee but as I saw the news you could as well be the Top Security guy at Homeland Security. Good job, and good luck in the fututre as you will have to crutch on luck instead of skill and knowledge, Mr. SuperSecurity.
|
Linus Gorp
Ministry of Propaganda and Morale
1587
|
Posted - 2017.06.18 12:22:12 -
[33] - Quote
Aedaxus wrote:Linus Gorp wrote:Aedaxus wrote:OpenSSL = Open Source Keepassx = Open Source Heartbleed was caused by lack of funding. No I guess the development team of OpenSSL disagrees with you but as you are probably more security skilled, who are they to question your general x is more secure than y without any arguments backing it up right? http://heartbleed.com/ "What can be done to prevent this from happening in future? The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the OpenSSL project." Linus Gorp wrote:NSA pwnage is bound to be found in both. OMG You are some badass security guy, NSA has "pwnage" ! They should have used that pwnage against those "Russian Hackers" :D Right Linus Gorp wrote:They've also had spyware code in the Windows Kernel since at least 1999. Imagine that i'm some tinfoil hat wearing freak... just imagine, out of all the people you could nonsense your way out with the load of unsupported general blabla you spew you choose to arguewith me... How come that when I put the windows updates off and some other services I don't need ZERO information passes my router to the internet. Now you'd blab about _your_ router but why don't you have passive and active scans and reporting and logging like me ? If you would you could know that IF NO PACKETS GO OUT they can't spy on you. I'm sorry that I spend my time talking to some security wannebee but as I saw the news you could as well be the Top Security guy at Homeland Security. Good job, and good luck in the fututre as you will have to crutch on luck instead of skill and knowledge, Mr. SuperSecurity Your reading comprehension skills are an utter failure. No surprise there.
As I already wrote, I won't waste my time trying to educate the likes of you.
When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
|
Aedaxus
Digital Zone Corp
85
|
Posted - 2017.06.18 12:32:52 -
[34] - Quote
Linus Gorp wrote:Your reading comprehension skills are an utter failure. No surprise there. As I already wrote, I won't waste my time trying to educate the likes of you. Aw man, i'll be totally insecure unlike the people you advise... :D Anyways have a good day.
|
Linus Gorp
Ministry of Propaganda and Morale
1587
|
Posted - 2017.06.18 12:50:50 -
[35] - Quote
Aedaxus wrote:Linus Gorp wrote:Your reading comprehension skills are an utter failure. No surprise there. As I already wrote, I won't waste my time trying to educate the likes of you. Aw man, i'll be totally insecure unlike the people you advise... :D Anyways have a good day. Yeah, don't think that would be a bad thing. At least then there's an ever so tiny chance you'll learn from your own misery.
When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
|
Gogela
Caldari Provisions Caldari State
3456
|
Posted - 2017.06.18 16:38:03 -
[36] - Quote
Axhind wrote:Linus Gorp wrote:Axhind wrote:While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember.
In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative. KeepassX doesn't run on Android. My bad. I mixed it up with the android version. Anyway keepass is excellent software that I also use and I have no idea why anyone would not use it. Offline password manager is far safer than online ones like lastpass. I'm 100% on the KeePass train too. When you have it, there is absolutely no reason not to have long, strong passwords that are unique to everything you might log into. No recycled passwords. 2 stage authentication anywhere it's available. I do a lot of web work and can't take any chances... but knowing what I know now I would say some kind of password vault it crucial these days. Most of the time when I research a site hack or something it wasn't the site that got hacked... it was a stupid client that used the same 8 character password for everything for the last 10 years.
Signatures should be used responsibly...
|
Axhind
Eternity INC. Goonswarm Federation
374
|
Posted - 2017.06.19 17:03:02 -
[37] - Quote
Gogela wrote:Axhind wrote:Linus Gorp wrote:Axhind wrote:While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember.
In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative. KeepassX doesn't run on Android. My bad. I mixed it up with the android version. Anyway keepass is excellent software that I also use and I have no idea why anyone would not use it. Offline password manager is far safer than online ones like lastpass. I'm 100% on the KeePass train too. When you have it, there is absolutely no reason not to have long, strong passwords that are unique to everything you might log into. No recycled passwords. 2 stage authentication anywhere it's available. I do a lot of web work and can't take any chances... but knowing what I know now I would say some kind of password vault it crucial these days. Most of the time when I research a site hack or something it wasn't the site that got hacked... it was a stupid client that used the same 8 character password for everything for the last 10 years.
One thing to remember is that none of this helps against a spoofed site. If they mess with your DNS you are screwed unless you are lucky enough that your browser has correct cert pinned or you pay a lot of attention. There really needs to be a lot more work done on authenticating the server to the user too.
This is why threema is the only really secure IM. They make the key exchange easy so that even non technical people understand it and that is the only way to have proper security. |
Ima Wreckyou
The Conference Elite CODE.
4197
|
Posted - 2017.06.20 06:51:50 -
[38] - Quote
Aedaxus wrote:Heartbleed was caused by lack of funding. Bugs are caused by lack of founding now? So why did Wannacry happen? Because Microsoft is poor?
OpenSSL is used by a lot of companies who earn money with selling products based on open source. The problem is not that there isn't money around to fix the problems, but that this particular project was neglected for too long by people who should have known better. Well people are aware now and there are multiple new and revived projects to remedy the situation and actually address the core problems of this mess.
But that is kinda offtopic.
Keepass is a very nice program and in my opinion a requirement if you want to keep track of your passwords which should be complex and different for every single site, service and application. I use it on all my devices and distribute the encrypted database with syncthing so it never touches a public cloud.
Even my phone is all free software because I could not use Android. That just reeks of spyware and all the features would be completely useless to me because I could never use them knowing I don't control the device.
the Code ALWAYS wins
Elite PvPer, #74 in 2014
|
Aedaxus
Digital Zone Corp
85
|
Posted - 2017.06.21 07:38:59 -
[39] - Quote
Ima Wreckyou wrote:Aedaxus wrote:Heartbleed was caused by lack of funding. Bugs are caused by lack of founding now? So why did Wannacry happen? Because Microsoft is poor? OpenSSL is used by a lot of companies who earn money with selling products based on open source. The problem is not that there isn't money around to fix the problems, but that this particular project was neglected for too long by people who should have known better. Well people are aware now and there are multiple new and revived projects to remedy the situation and actually address the core problems of this mess. But that is kinda offtopic. Keepass is a very nice program and in my opinion a requirement if you want to keep track of your passwords which should be complex and different for every single site, service and application. I use it on all my devices and distribute the encrypted database with syncthing so it never touches a public cloud. Even my phone is all free software because I could not use Android. That just reeks of spyware and all the features would be completely useless to me because I could never use them knowing I don't control the device. Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. |
Ima Wreckyou
The Conference Elite CODE.
4205
|
Posted - 2017.06.21 08:40:38 -
[40] - Quote
Aedaxus wrote:Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. You really bend backwards to make your stupid argument work right? They have billions, so the issue is probably not funding but that software just has bugs my super cyber specialist forum friend.
Evil RatKid
|
|
Aedaxus
Digital Zone Corp
85
|
Posted - 2017.06.21 11:07:03 -
[41] - Quote
Ima Wreckyou wrote:Aedaxus wrote:Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. You really bend backwards to make your stupid argument work right? They have billions, so the issue is probably not funding but that software just has bugs my super cyber specialist forum friend. It is not up to them to fix the base code. No company will fix another company's problem for free. Capitalism -corpotrations maybe inject that skill. No amount of nonsense can counter the fact that there were not sufficient resources to fix the problem.i |
Ima Wreckyou
The Conference Elite CODE.
4205
|
Posted - 2017.06.21 14:26:42 -
[42] - Quote
Aedaxus wrote:Ima Wreckyou wrote:Aedaxus wrote:Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. You really bend backwards to make your stupid argument work right? They have billions, so the issue is probably not funding but that software just has bugs my super cyber specialist forum friend. It is not up to them to fix the base code. No company will fix another company's problem for free. Capitalism -corpotrations maybe inject that skill. No amount of nonsense can counter the fact that there were not sufficient resources to fix the problem.i But the problem was actually fixed once discovered. And since it is open source and used by a lot of companies in their products there are a lot of people who can potentialy discover and fix those bugs, which actually happens.
While on the other hand microsoft is the only one able to fix their codebase and they have repeatedly shown that they are really lazy fixing bugs and security problems people discover while sitting on more than enough funding.
This my mislead slave of proprietary software is a problem and the cause is that closed source and solitary access to that source code tends to create a monopole like situation and we all know that a monopole is the natural enemy of a free market. Capitalism, maybe inject that skill.
Evil RatKid
|
|
|
|
Pages: 1 [2] :: one page |
First page | Previous page | Next page | Last page |