HackerTrans
TopNewTrendsCommentsPastAskShowJobs

alaxapta7

no profile record

comments

alaxapta7
·3 ปีที่แล้ว·discuss
Same, although I haven't seen this one for a while now. One way to fix the misbehaving explorer (which start menu, tray and others are part of) is to simply kill it and start it over from the task manager. Some applications failed to re-create their tray icons after this, but either all of them fixed it, or it got somehow fixed in Windows.
alaxapta7
·3 ปีที่แล้ว·discuss
Normally I do that too, but this was fairly new and internal application that was still in development, so that's why it was there. And if it wasn't for this incident, they might actually trick our management into thinking they're somehow qualified to carry out such an audit.
alaxapta7
·3 ปีที่แล้ว·discuss
I've seen worse. Couple years back, there was an audit that included an internal system I've been working on. It was running on Debian oldstable because of a vital proprietary library I wasn't able to get working on stable at the time, but it had unattended upgrades set up and all that.

The company made some basic port scan and established that we're running outdated and vulnerable version of Apache. I found the act of explaining the concept of backports to a "pentester" to be physically painful.

They didn't get paid and another company was entrusted with the audit.
alaxapta7
·3 ปีที่แล้ว·discuss
I use and recommend subhook[0].

[0] https://github.com/Zeex/subhook
alaxapta7
·3 ปีที่แล้ว·discuss
You can take full control over the routing using router script, then none of the default rules will apply. To be honest, I really dislike how many applications are wired around some Apache configuration or at least assume some specific hostname or path to be used for no reason. If it works with the built-in webserver, then it will work just as well with pretty much any SAPI.
alaxapta7
·3 ปีที่แล้ว·discuss
The built-in web server can only process one request at a time.
alaxapta7
·3 ปีที่แล้ว·discuss
I used LD_PRELOAD for patching RCE vulnerability in PunkBuster[0]. They did patch the exploit, but that didn't involve many of the older games they dropped support for. The AC itself isn't effective or even operational for the most part in those, but it still serves as a reliable method of identifying players.

Even their server libraries are obfuscated, and hooking open() turned out to be just easier than trying to patch the binaries themselves.

[0] https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36e
alaxapta7
·3 ปีที่แล้ว·discuss
I thought this was the Passwordless account they implemented (EDIT: didn't realize you weren't talking about the Authenticator app), but I had it turned off. I somehow managed to make it stop by re-enabling/re-disabling both Passwordless and 2FA. So now they always ask me for a password and then I get the challenge.

To this day, I can't comprehend how this is supposed to be safe. So someone can just type in my username and wait until i eventually misclick in the Authenticator app? If it was from a browser I have used before at least, but I was getting these challenges from around the globe.
alaxapta7
·3 ปีที่แล้ว·discuss
Did it give you a result leading directly to their canonical campaign website? I can see Sanders and Clinton with international, but can't see DeSantis nor any other Republican candidate (not even Pence).

I can definitelly see pages with lists of candidates, but I couldn't find a single one that would also link their websites and thus satisfy the query, at least indirectly.
alaxapta7
·3 ปีที่แล้ว·discuss
Kagi, location set to United States:

Page 1: Biden, Williamson and link to an article Google hides campaign sites of Trump, RFK Jr. and other Republican candidates

Page 2: Biden again, Pence

No further pages. 5th result contains an article that claims to be linking all presidental candidate websites, but it's a Medium, hidden behind sign-up. I haven't find any result with a comprehensive list of the websites of interest. Kagi does aggregate results from Google and Yandex, so this is probably not too surprising.
alaxapta7
·3 ปีที่แล้ว·discuss
Yeah, that must have been my collegue. Usually he was in charge of implementing all the new stuff, because he was able to deliver fast. And then I had to refactor, or usually just rewrite and redesign the whole thing, because it was immediatelly unmaintenable. I didn't mind, since at the end of the day, he was really good and doing these prototypes and selling them to management. I was good at making the application last and stable, so it kinda worked out.
alaxapta7
·3 ปีที่แล้ว·discuss
That caught my attention too. Right now, the cheapest option out there still seems to be getting a dumbphone and a few pre-paid SIM cards. Sadly, pre-paid cards are no longer an option in many EU countries. Even just the least expensive SMS gateways are like 10 €/month last time I checked.
alaxapta7
·3 ปีที่แล้ว·discuss
Sure, but then VPN might be just as problematic unless it's a one that's not provided by a known VPN company. My point is that VPN is just a way to proxy your traffic to somewhere else and hide the content (but not its existence!) from your ISP. Anything else shouldn't ever be taken for granted.
alaxapta7
·3 ปีที่แล้ว·discuss
Someone else had the IP assigned, then, or you're behind some sort of NAT with someone else. The ISP very likely holds a record of which device had a particular address assigned at any given time. At where I live, addresses are usually lent for pretty much forever. I have mine for 8 years, unchanged. Even my mobile carrier latches the same address for months even.
alaxapta7
·3 ปีที่แล้ว·discuss
> w/o your ISP knowing

I'd be more concerned about everyone else: https://iknowwhatyoudownload.com
alaxapta7
·3 ปีที่แล้ว·discuss
If no-log is a priority, you need Tor, not a VPN.
alaxapta7
·3 ปีที่แล้ว·discuss
I don't have nearly as large sample size, but all the games I used to play on XP work fine on W10. And I don't think I've used the compatibility mode, ever.

Actually yes, C&C Red Alert 2 was running slow, but the community came up with patches that make it play nice, including the multiplayer which now works better than it did back in 2000.
alaxapta7
·3 ปีที่แล้ว·discuss
> faster

It's purely anecdotical, but I'm convinced that Google CAPTCHA (which I don't see more often only because I rarely use Google Search) punishes me for being fast. I can half-ass it or do a perfect score, but if I'm done with it in less than 3 - 5 seconds, I'll only get another puzzle as a reward.
alaxapta7
·3 ปีที่แล้ว·discuss
> It will get bypassed easily.

For now. But we're slowly walking towards the future where you can only consume web using an official and conformant browser running on a locked-down platform. That'd make it considerably harder for spammers, but of course spam isn't what this is about, it's more like a cherry on top.
alaxapta7
·3 ปีที่แล้ว·discuss
To my fake name (from family and friends), anything official goes to the mailbox at my real address to which I have access to. But that rarely happens thanks to e-government. Because of presumed delivery, there's no benefit in receiving that kind of mail on paper, so I opted-in.

For e-mail, I use a domain with a catch-all mailbox. I rot13 the service name or whatever in the local-part to identify where the e-mail got leaked/sold from, which I feel like happens more often than not when buying anything from small e-shops.