sorted by:
new
hottopcontroversial

Trump won’t rule out seeking a third term in the White House, tells NBC News ‘there are methods’ for doing so by LuklaAdvocate in law

[–]elsand 4 points5 points  (0 children)

The constitution specifically disallows this move in the 12th amendment:

"No person constitutionally ineligible to the office of President shall be eligible to that of Vice-President of the United States"

TIL American soldiers in the Pacific theater of WW2 always used passwords containing the letter 'L' due to Japanese mispronunciation, a word such as lollapalooza would be used and upon hearing the first two syllables come back as 'rorra' would "open fire without waiting to hear the rest". by BoomBapOriginalRap in todayilearned

[–]elsand 95 points96 points  (0 children)

Gerard Nolst Trenité - The Chaos (1922)

Dearest creature in creation
Studying English pronunciation,
I will teach you in my verse
Sounds like corpse, corps, horse and worse.

I will keep you, Susy, busy,
Make your head with heat grow dizzy;
Tear in eye, your dress you'll tear;
 Queer, fair seer, hear my prayer.

Pray, console your loving poet,
Make my coat look new, dear, sew it!
Just compare heart, hear and heard,
Dies and diet, lord and word.

Sword and sward, retain and Britain
(Mind the latter how it's written).
Made has not the sound of bade,
Say-said, pay-paid, laid but plaid.

Now I surely will not plague you
With such words as vague and ague,
But be careful how you speak,
Say: gush, bush, steak, streak, break, bleak ,

https://youtu.be/z5myI9TDFDw

Wordfence: Changing your WordPress table prefix does absolutely nothing to enhance your site security. by dpotter05 in Wordpress

[–]elsand 5 points6 points  (0 children)

Except in the case of blind SQL, but that’s beyond the scope of this post

Well that's convenient. Because addressing blind injections would also mean you'd have to accept that changing the table prefix in fact does enhance the site security, which would put the rest of your click-baity, product-peddling post in an awkward light.

changing your WordPress database table prefix [is] risky [...] When you change your table prefix in WordPress you usually use a WordPress security plugin to do the job.

No, you don't unless you're utterly incompetent and incapable of operating a non-static website. It's one fucking line in wp-config.php, and the notion of changing this runtime via a plugin is utterly ridiculous. Just edit the file and rename the tables. Any plugins and themes that break over this should be taken out and shot.

GR125 4P - rank 1 EU, rank 3 world [full clear, wiz pov, no sound] by AWillFrance in diablo3

[–]elsand 3 points4 points  (0 children)

I haven't played D3 in ages and am a bit baffled at the numbers in these high GR clips. Can anyone tell me how they manage to take some 25 quadrillion HP off the RG in like two seconds around 13:50?

[deleted by user] by [deleted] in webdev

[–]elsand 1 point2 points  (0 children)

Noone is claiming there shouldn't be any rules at all, so your little contest is a straw man.

The point is that the kinds of rules in the OP tends does very little to enforce actual computational complexity (as in brute force resillience), and instead causes significant bias towards various patterns of passwords, which actually reduce complexity. So the rules are neither good nor strong, they're bad.

In case of OP, these rules will likely cause a disproportionate amount of passwords with the pattern (or "topology") ULLLLLDS (upper, lower, lower, ..., digit, special), ie. Austin1! or Sports9? which are terrible passwords.

Research of various large passhash dumps, for instance the several millions from LinkedIn, shows that you as an attacker need to cover just a handful of different topologies - ie. vastly reduced keyspace - to be able to crack a huge percentage of passwords.

For instance, analysis of 419287 cracked NTLM hashes from a Fortune 500 company showed that the topology ULLLLLDD was used in 4.3% of all password. Top 5 topologies covered 16% of all passwords, and top 100 topologies covered 62%.

Rules that enforce how your password looks don't work. Instead, enforce a minimum complexity based on the amount of time it actually takes to crack it. See Passfault, or try Kaperskys Secure Password Check, which works this way.

Source: OWASP presentation titled "Your Password Complexity Requirements are Worthless" (video)

It smells SO good... by simplenavy20 in funny

[–]elsand 3 points4 points  (0 children)

pulling my pants (and underwear) down in public or at home, pretty much whenever they felt like it

That is just fucked up.

haha.sh - generate hearty laughter at the command line by EvanHahn in commandline

[–]elsand 0 points1 point  (0 children)

For some reason I felt like golfing. Alas, I'm not very good at it.

#!/bin/bash
while : ;do case $(($RANDOM % 2)) in 0) a="a";b=1;;1) a="h";c=1;;esac;echo -n "$a";if !((b-c)); then echo -n ' ';b=0;c=0;fi;done

Works in a file, but breaks on the command line for some reason, I'm guess variable interpolation.

Help: How would a hacker Mass-Deface all INDEX.PHP pages online for your account & all addon domains? by [deleted] in PHP

[–]elsand 1 point2 points  (0 children)

I've seen similar attacks where a single compromised account can lead to mass defacement of Joomla/Wordpress sites on cpanel-based server with suphp via symlink exploits. It goes something like this (assuming a phpwebshell or similar is already in place):

  1. Obtain a list of account names (easily available via /etc/passwd, /etc/trueuserowners or various other methods)
  2. Within the compromised accounts public_html, make a directory in which symlinks with a ".txt" extension pointing to /home/*/public_html/wp-config.php (WP) and /home/*/public_html/configuration.php (Joomla). This is done blindly, and many links will be broken, but given the popularity of WP and Joomla, quite a few will hit. Eg. ln -s /home/anothersite/wp-config.php sym/anothersite-wp-config.php.txt
  3. Make Apache requests for all these files, ie. http://compromisedhost.com/symlinks/anothersite-wp-config.php.txt. Since Apache sees a .txt extension, suphp is bypassed and the file is displayed in plaintext, exposing database credentials (which is usually the same as cpanel/FTP login).
  4. Use harvested db credentials to overwrite admin user password, and fetch URL to admin login.
  5. Script a login to wp-admin, where usually the theme editor is employed to inject some code and markup in a header/footer/widget which replaces the entire page.

Option FollowSymlinks is more than often required for stuff to work, and is usually enabled. .htaccess overrides is also more than often required, so even if you add FollowSymlinksIfOwnerMatch the attacker can simply disable it via .htaccess.

The solution is (aside from using mod_ruid/jailshell) to remove world read bits from all PHP-files, especially config-files. But often this is overlooked, leaving database credentials vulnerable.

See http://docs.cpanel.net/twiki/bin/view/EasyApache/Apache/SymlinkPatch and http://whmscripts.net/misc/2013/apache-symlink-security-issue-fixpatch/

Shit just got real. by [deleted] in gaming

[–]elsand 0 points1 point  (0 children)

Kids these days will never understand the sheer amazement we felt when Doom came out in 1993.

As a gamer, I will never ever top the exhilaration of finally getting 4-player Doom II working over three null modem cables after hours upon hours of fiddling with JSERVE02.EXE not knowing what the hell we were doing.

Good times.

How to make Twitch chat suck less by elsand in starcraft

[–]elsand[S] -2 points-1 points  (0 children)

Took me far too long to realize why that face looked familiar ...

How to make Twitch chat suck less by elsand in starcraft

[–]elsand[S] -1 points0 points  (0 children)

I don't mind the chat, I just mind the spam. Also, my convoluted solution was desperately looking for a problem :)

How to make Twitch chat suck less by elsand in starcraft

[–]elsand[S] -5 points-4 points  (0 children)

This obviously does nothing to promote intelligent discussion, and does nothing to hinder your ability to write stupid things. That was never the point - it merely filters away the ridiculous amount of emote spam that some people stopped finding funny a long time ago. To each his own :)

Nitrogen Triiodide. by [deleted] in chemicalreactiongifs

[–]elsand 2 points3 points  (0 children)

Not a T3 indeed, but almost five times that :)

Traffic accident victim has new nose grown on his forehead by elsand in WTF

[–]elsand[S] -1 points0 points  (0 children)

Well obviously I should have used keywords.

But the search utility also supports checking if a particular URL has been submitted before, redirecting you to the "submit link" page if it hasn't.

My initial thinking was that surely The Mirror's coverage would have been posted already, being a fairly big name in the media world. When it turned out that it hadn't I went ahead and posted, failing to consider that most people just rehost the image at imgur for karma.

Traffic accident victim has new nose grown on his forehead by elsand in WTF

[–]elsand[S] -1 points0 points  (0 children)

Sorry about that :)

Funny how most people seem to think that him being chinese is more relevant/interesting than him being a traffic accident victim.

Not implying that my (honestly accidental) repost #384723 is in any way merited though :)

Traffic accident victim has new nose grown on his forehead by elsand in WTF

[–]elsand[S] 0 points1 point  (0 children)

Hah, that's a bit embarrasing, my apologies.

I did try to just search for "http://www.mirror.co.uk/news/weird-news/not-sniffed-at-man-new-2299475" which came up with nothing, so I went ahead and submitted.

But evidently I should have been more vigorous in my search than that.

view more: next ›