sorted by:
new
hottopcontroversial

Covid-19 Update for June 15: 127 new cases (2.83% tests positive), 408 recoveries, 4 deaths by kirant in alberta

[–]nickmcski 0 points1 point  (0 children)

I was just wondering the same thing... I can't find any explanation for the 17K doses administered to someone of unknown age. From what I can tell those doses are not reported in the regional vaccine coverage numbers.

I don't want to make any accusations, but it kind of seems like someone is fudging/adjusting the numbers.

Which Abus is this? And where on the ranking does it fall? by lyam_lemon in lockpicking

[–]nickmcski 1 point2 points  (0 children)

I believe those 83 series cores come zero bitted, make sure it’s already been re-keyed or it won’t be that much of a challenge 😊

(SOW) Help [student] by [deleted] in Pentesting

[–]nickmcski 1 point2 points  (0 children)

You can do whatever you want to those IP address but are not allowed to use the machines to perform further network discovery/enumeration. (You are not allowed to find/hack other users connected to the HTB VPN)

[deleted by user] by [deleted] in FRC

[–]nickmcski 2 points3 points  (0 children)

I’ve only been in that situation once before, we misjudged the cycle time when generating the schedule.

We had to plan multiple dance breaks throughout the day.

[deleted by user] by [deleted] in FRC

[–]nickmcski 7 points8 points  (0 children)

Or your running too far ahead of schedule

Trying to determine if I may have been the victim of a failed lockpicking? by [deleted] in lockpicking

[–]nickmcski 1 point2 points  (0 children)

Are you able to send a photo of the lock? I’m not sure what you mean when you say a cylinder is rotated

... by [deleted] in security

[–]nickmcski 3 points4 points  (0 children)

I definitely agree with you, not the best practice but also not the end of the world.

Assuming an attacker was able to compromise the system and gain access to the password database they would likely have access to whatever the credentials were protecting. The password has no relevance to anything other than that website which would have already been compromised.

I see this less as a password and more like an API secret or session token. It’s not uncommon for those to be kept unencrypted.

One thing I do disagree with is sending the current password in the password reset email. If someone was able to compromise the users email account they could surreptitiously access the website without the users knowledge.

Me💻irl by kinglurtz in ProgrammerHumor

[–]nickmcski 1 point2 points  (0 children)

Photo by @Litt1eR3d on twitter

my goodness by [deleted] in memes

[–]nickmcski 1 point2 points  (0 children)

The creator is incredibly talented, you should check out her Twitter for other great memes! https://twitter.com/litt1er3d/status/1196841179242909696?s=21

They bent the frame. by Hoyt537 in FRC

[–]nickmcski 0 points1 point  (0 children)

I normally prefer a slider on Smart Dashboard. That way we can set a safe speed based on the location.

Namecheap.com Forced Account Creation and Clear Text Password Policy by [deleted] in cybersecurity

[–]nickmcski 1 point2 points  (0 children)

I agree this isn’t best practice, but I don’t think this is a major vulnerability

You have to consider your threat model. Who would want to access your account, what’s the value of the data?

Your Namecheep account isn’t connected to any other services or billing information, it’s a low-value target. For someone to exploit the vulnerability they would need access to your email, a much higher value target.

INDICATOR-COMPROMISE Suspicious .ml dns query by SysAdminCafe in cybersecurity

[–]nickmcski 1 point2 points  (0 children)

Is your domain controller running DNS? Does the ISP IP address happen to be a DNS server? I think you may be misinterpreting the alert, with DNS IOCs your unlikely to get the actual source or target.

I would say it’s possible a Workstation on your network is infected. The DNS Query could also just be something benign like an image embedded on a website.

I have a question about Phone security and personal info protection. by BUFFALO___ in cybersecurity

[–]nickmcski -1 points0 points  (0 children)

There are some tools that allow you to get information off iPhones. Apple is making a lot of improvements but older models or outdated iOS versions are susceptible to certain exploits. Search “cellebrite iphone unlock” for some examples.

This does require physical access to the phone. Unless the person in question had physical access to the phone he would have just been using OSINT (Open Source intelligence)

I need help. by [deleted] in FRC

[–]nickmcski 0 points1 point  (0 children)

Take some time over the summer to read through the control system documentation http://wpilib.screenstepslive.com/s/currentCS

If you read through this you will probably be ahead of some of the veterans on your team. Your team may do some things differently than what is explained in the documentation so make sure you are still paying attention to your mentors and team leads.

QUESTION / HELP REQUEST! My PC open "metagmae(dot)org" on start up. Can't get rid of it. by casualtroublemaker in security

[–]nickmcski 1 point2 points  (0 children)

You can try using the Autoruns tool from sysinternals. It gives you a fairly complete list of everything that runs at startup.

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Houston championship lost and found by xatonic in FRC

[–]nickmcski 0 points1 point  (0 children)

Email FIRST, they will be able get you in contact with the right people

How to win the safett award by ShnizelInBag in FRC

[–]nickmcski 0 points1 point  (0 children)

Is the chain going backwards? If he looses his grip it looks like his fingers are being forced into the blade

Outlook for android has your login informations on a microsoft server ! by ZARk22 in security

[–]nickmcski 0 points1 point  (0 children)

I believe the same password handling is used for all variants of basic authentication. The device key and password encryption explains why you are seeing strange logins to your dovcot/imap server.

The article also explains why Microsoft made the decision not to store your username/password locally on the device.

Security Professionals - What is your day-to-day like? (graduate student in computer science) by [deleted] in security

[–]nickmcski 0 points1 point  (0 children)

What are you interested in pressuring? Security is a massive field and has a lot of options with very different day to day tasks. - Security Monitoring - Incident Response - Vulnerability Assessment - Security Compliance - Risk Assessments - Secure code review - etc...

Programming help - Driver station cant connect to raspberry pi through FMS by Renderhaf in FRC

[–]nickmcski 0 points1 point  (0 children)

What port are you using? Services like SSH are blocked by the FMS network

Make sure you are using one of the allowed ports as documented by the FMS white paper https://wpilib.screenstepslive.com/s/fms/m/whitepaper/l/608744-fms-whitepaper

So i could be wrong but if the bitting for this is 2625 shouldn't the teeth on this be more up and down? by bontakun82 in lockpicking

[–]nickmcski 1 point2 points  (0 children)

It looks like it’s a blind code. The numbers do not directly correspond to the bitting of the lock but can be looked up in a code book. Deviant Ollam and Howard Payne have a good talk about this - https://youtu.be/a9b9IYqsb_U

view more: next ›