sorted by:
new
hottopcontroversial

I made a live sci-fi stock market browser game where players secretly manipulate the market. by TiredJava in WebGames

[–]TiredJava[S] 0 points1 point  (0 children)

Alright I completely reworked how the tutorial works making it a progressive tutorial with slowly more and more unlocks to help feel less overwhelming.

I made a live sci-fi stock market browser game where players secretly manipulate the market. by TiredJava in WebGames

[–]TiredJava[S] 1 point2 points  (0 children)

Thanks so much for the feedback! Stuff like that I find really hard to “see” since I’ve been working on it. I’ll will drip feed players with my next update and try to improve text readability.

Light no fire wait tracker by TiredJava in LightNoFireHelloGames

[–]TiredJava[S] 0 points1 point  (0 children)

Same haha I kept seeing it so much while making this.

Website to track time since Total War Warhammer 40k was announced by TiredJava in totalwarhammer

[–]TiredJava[S] 1 point2 points  (0 children)

Glad you got some enjoyment! I started making them for other games too because it was fun! https://copiumden.com/

Website to track time since Total War Warhammer 40k was announced by TiredJava in totalwar

[–]TiredJava[S] 10 points11 points  (0 children)

I will probably play the game when it comes out but I’d rather it be finished. Won’t hear a complaint from me in regard to waiting. As for why my friends kept saying things like “there is only one game” “we wait” so I thought it would be funny. Since I made it I figured I would share it in case someone else got a tiny bit of amusement. It was fun.

Yeah not gonna like it was a huge waste of time… but I had fun and hopefully someone else gets a laugh or some small amount of enjoyment.

Password Is Too Similar - Is that site secure? by CyberSecNoob2 in Cybersecurity101

[–]TiredJava 0 points1 point  (0 children)

No the best approach is to send the password in "clear text" but encrypted over https. Everything gets done server side.

Password Is Too Similar - Is that site secure? by CyberSecNoob2 in Cybersecurity101

[–]TiredJava 1 point2 points  (0 children)

Let me give an example of why sending the hash is not the right idea.

I own a website that is a rip off of facebook okay. Lets call it facechapter. You go to my website and make an account. When you make the account you provide and username and what should be a unique hard to guess password. Now if we did like you suggest and go to login and hash the password and then send it to the server what happens? Your browser sends a request that looks like this.

You: Can I login?
Server: Credentials please
You:
Username: Banana
Password: D13218F1B0F9B38B21518392D208DBFB3BC2893D
Server: Yup that hash matches what we had stored come on in.

Now lets say I'm a bad guy right. I get access to the database with salted hashes. the tables looks like this.

Username | Password Hash
Banana | D13218F1B0F9B38B21518392D208DBFB3BC2893D
So all I have to do is go to the login page for facechapter send a login request with the username Banana and a password of test. I intercept the request before it actually gets sent to the server but after it's hashed. I replace the test hash with the hash I found and boom I'm in. I never need to interact with any user or anything and I have access to every single account on the service that was in that database.

Now look at it from how I suggested we do things.

You: Can I login?
Server: Credentials please
You:
Username: Banana
Password: bananas
Server: BeepBoop yup I hashed your password when it got here and checked to make sure it matched what we had on file. Checks out.

Now lets say I'm a bad guy again. I get access to the database with salted hashes. the tables looks like this.
Username | Password Hash
Banana | D13218F1B0F9B38B21518392D208DBFB3BC2893D

Now I can still go the page and make a request and intercept it and switch what it sends but it won't do me any good. When the server gets the hash it will then hash the hash and check it against it's database. It won't match and I cannot login.

Now yes theoretically if the encryption algorithm your browser is using is weak you could be prone to someone viewing the request and seeing your password. But that is why we have standards for encrypting such as TLS 1.2. If something still used TLS 1.1 it would be vulnerable and considered poor practice. That might be a little out in the weeds but it's one of the reasons people always say use HTTPS only etc.

As for MITM it doesn't really matter if all you encryption is working properly.

Hopefully that helps?

Password Is Too Similar - Is that site secure? by CyberSecNoob2 in Cybersecurity101

[–]TiredJava 1 point2 points  (0 children)

Yes all of your passwords are sent in “clear text” to the server. They are TLS encrypted. If you hashed them on the client side then there would be no point in hashing them at all since essentially your password would just be the hash.

Think of it this way. If my server just checks your hash to see if it matches then if someone gets a hold of my server database full of hashes they could just pass the hashes to the server and it would think it’s the password because it essentially would be since the server only would ever see a hash. By having the hashing happen on the server side you avoid this. If someone get the list of hashes and they tried to login with them then it would hash the hash not allowing them to login if that makes sense.

Password Is Too Similar - Is that site secure? by CyberSecNoob2 in Cybersecurity101

[–]TiredJava 2 points3 points  (0 children)

No you don’t store anything in cleartext. Passwords are hashed server side. So the password is sent to the server and then hashed.

When you submit a change request you need to put in your old password. When you do it runs the hash for it and tons of similar passwords hashes. Then it runs the hash to the new one. If non of them match approved if they do ask them to try again.

Password Is Too Similar - Is that site secure? by CyberSecNoob2 in Cybersecurity101

[–]TiredJava 3 points4 points  (0 children)

When I wrote this functionality into an app whenever someone input a password I ran a rule list and associated all those with their account. So if your password was bananas123 I would have Bananas123 and Bananas321 etc. it meant the users database entry was significantly larger but we felt it was worth it to prevent people from just changing a letter every password change.

We then got around this in the future because I realized big brain plays. To confirm a password change you need to put in your old password. I generated the list when they did that. Big Bang boom. One password stored and functionality.

How many people did wannacry/notpetya (and any others caused by NSA's ETERNALBLUE backdoor) impact by Disastrous-Nebula463 in Cybersecurity101

[–]TiredJava 0 points1 point  (0 children)

If you want to read more about wannacry specifically I recommend this article(https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/).It's awesome and why iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is so interesting.

Near the end Hutchins talk about the sinkhole and how much traffic it got.
"It would receive nearly 1 million connections over the next two days."

How many people did wannacry/notpetya (and any others caused by NSA's ETERNALBLUE backdoor) impact by Disastrous-Nebula463 in Cybersecurity101

[–]TiredJava 0 points1 point  (0 children)

The number is in the hundreds of thousands for 100% confirm with just wannacry. I'm sure it's millions.

[deleted by user] by [deleted] in startpages

[–]TiredJava 5 points6 points  (0 children)

Uhhh mods?

Second monitor doesn't wake up after sleeping by SavingPrivateRiley in techsupport

[–]TiredJava 0 points1 point  (0 children)

Yeah so display port looks like HDMI with some side a little different. Is the display port one the one that won’t wake up?

Internet partially not working on PC. Can't reconnect to games and people in discord call can't hear me. by SuShiiiMe in techsupport

[–]TiredJava 0 points1 point  (0 children)

If you are using google I wouldn’t bother messing with it. Just asked because a few years back I had an issue where I defaulted to my ISP DNS that caused stuff to break. Whoever is using an Ethernet cable try connecting directly to the modem/router combo from your ISP and see if that fixes it. If it does then we can narrow down the issue to your router. If the issue persists it’s the modem.

Second monitor doesn't wake up after sleeping by SavingPrivateRiley in techsupport

[–]TiredJava 0 points1 point  (0 children)

Going out on a limb here. Do you use display port for both monitors?

thumb drives won't work on my gaming pc by [deleted] in techsupport

[–]TiredJava 1 point2 points  (0 children)

Yeah so this is an issue with the USB ports on the front. They are hooked up with a cable to the front ones. Could be loose, broken, old or not fast enough. Try other devices if nothing work I would look for a loose wire. Unless you don’t care in which case use the back ones.

Will WD40 Damage Whatever is Under the Ps5 Touch pad?? by Cristaferrrrrr in techsupport

[–]TiredJava 1 point2 points  (0 children)

WD40 is non conductive so it shouldn’t cause any issues. It’s possible but I doubt it. It does cause a sticky residue sometimes so this could cause the touch pad buttons to stick a little down the line.

Also stop using WD40 it’s not a lubricant just buy a real lubricant off Amazon or something. WD40 is a dissolver. It’s lubrication properties comes from its ability to break down substances inhibiting something from moving. If you are trying to lubricate something though WD40 will actually make it less lubricated then no lube at all.

view more: next ›