Show newer

In 3 days it's gonna look like 

A cloud of dust appears before you,

Akihara the Cool Guy here, stepping in for Doulikemudkipz, who was filling in for JenkinsJinkies.

Any way we can get a complete metabolic panel? Here's instructions on how to get to a clinic....

Attach the blood test results and images of your most recent head CT to this ticket. Thanks so much!

Excelsior!

Akihara, Riot Games Support
( ु⁎ᴗ_ᴗ⁎)ु.。oO It's not rape if she can't say no ( ु⁎ᴗ_ᴗ⁎)ु.。oO

Show thread

"Hi, your game railroads people into a starter mission, complete with an X button to close out of it which does nothing. It's preventing me from giving you money."

>Greetings Summoner! It would be epic gamer of you to submit logs from the iOS app. Here's instructions on how to do it from Windows XP --CoolDude98 "May your sword always be shiny and true"

"Any way we can behave like adults? Me clearing cookies and cache won't fix this, you need to push an update that lets people back out of the starter mission."

GNU/r000t boosted

@splitshockvirus @icedquinn @p Another fun fact is that, while the domain was taken over, there were no DNS records for the backend services that all of the Tesla cars talk to.

Hundreds of thousands of $45,000+ vehicles were temporarily made into paperweights. You couldn't start the car, lock/unlock the doors, or use the infotainment system. If you were inside the vehicle, you were trapped.

One phone call by an unskilled actor.

Still wanna buy a self-driving car from Elon?

If a company says "The breach occurred as the result of a social engineering campaign against our support staff," you're almost tempted to think it was inevitable, that the support staff wasn't 100% to blame for the breach.

If you mentally replace it with "The breach happened after someone called our support staff and asked very nicely for access," you begin to understand that it was totally avoidable and anybody stupid enough to fall for it is criminally negligent.

Show thread

Stop calling it "social engineering", that makes it sounds like a complex operation carried out by a skilled actor.

It's "calling and asking nicely", which properly frames how easy it is to do. You call and ask nicely for access to the account, and you get it. Sometimes, you have to ask more than once.

I've updated the DRM-free collection of videos featuring Ekko to include the Wild Rift teaser that went out yesterday.

r000t.com/ekko/video

Kirk Johnson: Putting the Graphic in Graphic Designer

btw, the upper class wants you to separate everyone you know into buckets like "commie" and "nazi"

It's how they keep your effort and action focused on attacking your neighbor instead of the upper class.

My boomer grandmother told me "You should give up on the computer thing and just get a job at $localGroceryChain; Everyone who graduates high school knows what you know on a computer."

So I smiled, nodded, and let the stupid person who hasn't worked since the 1970s just be wrong.

Massive Compatibility.

That's a goal of mine. It means I work to be compatible with *everyone* who would want to be compatible with me. Even if they aren't compatible with each other.

Sometimes, that means smiling, nodding, and just fucking letting stupid people be wrong.

@p Can I get your unbiased opinion on infosec.exchange/@r000t/108289 ?

I can forward you the entire ticket if you want.

GNU/r000t boosted

Elon Musk lost control of his email, and thus, his Twitter account, because of a single phone call made to a domain registrar.

If it can happen to the richest person on earth, it can happen to you.

"Email compromise is not part of our threat model" is unacceptable from a billion dollar company.

GNU/r000t boosted

Throwback to when Elon Musk (the guy selling you self driving cars) namedropped r000tles because infosec is super super hard.

GNU/r000t boosted
> The retained Option (Option E) builds on Option D, and requires providers to also detect grooming, in addition to known and new CSAM.

discord is finished
GNU/r000t boosted

"A 2FA bypass is not a bug because you'd need to know the username and password to use it"

uhhhhh folks what do you think 2FA is for?

Show thread
GNU/r000t boosted

Riot Games 2FA implementation is inherently broken: The same code can be used multiple times.

The code is also emailed to you, and email is known to be an insecure channel. You do not have the option to use your own TOTP application to generate login codes.

Riot Games responded to a report saying that the system is "working as intended"

Lesson? Phish Riot accounts. They will do nothing to stop you.

Also, HackerOne is an absolute fucking joke.

HackerOne is a fucking joke.

I'm triple checking that nobody's gonna get pissed off if I disclose what I found, but if it's being called "not threatening", I just don't see the problem.

Show older
ligmadon

"pissed everyone off in literally record time" - Recommended by 10 out of 10 people who, for some sad reason, have a dedicated column up to watch #fediblock.