Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

colonel_mortis

Administrator
  • Content Count

    3,923
  • Joined

  • Last visited

Reputation Activity

  1. Like
    colonel_mortis got a reaction from ErykYT3 in Spoiler extending but not correctly   
    I realise that, but it's a link to a specific post within moderators on the forum, and therefore should have notified the author of that post rather than the author of the topic.
  2. Informative
    colonel_mortis got a reaction from Abdullah Bhutta in Is LTT Sever underperforming or having a Bigger Load???   
    I'm not sure what you mean? All you need to do is post the contents of that page, without the IP address part if you like. The forum does store your IP address to combat spam and abuse (see the privacy policy for details), but that's not relevant here.
  3. Like
    colonel_mortis got a reaction from Eschew in Is LTT Sever underperforming or having a Bigger Load???   
    I'm not sure what you mean? All you need to do is post the contents of that page, without the IP address part if you like. The forum does store your IP address to combat spam and abuse (see the privacy policy for details), but that's not relevant here.
  4. Agree
    colonel_mortis got a reaction from jagdtigger in Side channel Attacks strike again! Hackers can clone Google Titan 2FA keys using a side channel in NXP chips   
    These attacks are certainly academically very interesting, and I suspect Google will be releasing a new hardened variant of it in due course. However, once you have the physical security key for a day to exploit it, you may as well just use it to log into their account then, without going to the effort of exploiting a side channel attack. Obviously there are cases where you might not want (or be able) to access the account now, but do want to later, but it's limited to the absolutely most high profile targets by nation state attackers.
  5. Agree
    colonel_mortis got a reaction from tim0901 in Side channel Attacks strike again! Hackers can clone Google Titan 2FA keys using a side channel in NXP chips   
    These attacks are certainly academically very interesting, and I suspect Google will be releasing a new hardened variant of it in due course. However, once you have the physical security key for a day to exploit it, you may as well just use it to log into their account then, without going to the effort of exploiting a side channel attack. Obviously there are cases where you might not want (or be able) to access the account now, but do want to later, but it's limited to the absolutely most high profile targets by nation state attackers.
  6. Agree
    colonel_mortis got a reaction from like_ooh_ahh in Side channel Attacks strike again! Hackers can clone Google Titan 2FA keys using a side channel in NXP chips   
    These attacks are certainly academically very interesting, and I suspect Google will be releasing a new hardened variant of it in due course. However, once you have the physical security key for a day to exploit it, you may as well just use it to log into their account then, without going to the effort of exploiting a side channel attack. Obviously there are cases where you might not want (or be able) to access the account now, but do want to later, but it's limited to the absolutely most high profile targets by nation state attackers.
  7. Like
    colonel_mortis got a reaction from Eschew in Side channel Attacks strike again! Hackers can clone Google Titan 2FA keys using a side channel in NXP chips   
    These attacks are certainly academically very interesting, and I suspect Google will be releasing a new hardened variant of it in due course. However, once you have the physical security key for a day to exploit it, you may as well just use it to log into their account then, without going to the effort of exploiting a side channel attack. Obviously there are cases where you might not want (or be able) to access the account now, but do want to later, but it's limited to the absolutely most high profile targets by nation state attackers.
  8. Agree
    colonel_mortis got a reaction from wkdpaul in Side channel Attacks strike again! Hackers can clone Google Titan 2FA keys using a side channel in NXP chips   
    These attacks are certainly academically very interesting, and I suspect Google will be releasing a new hardened variant of it in due course. However, once you have the physical security key for a day to exploit it, you may as well just use it to log into their account then, without going to the effort of exploiting a side channel attack. Obviously there are cases where you might not want (or be able) to access the account now, but do want to later, but it's limited to the absolutely most high profile targets by nation state attackers.
  9. Like
    colonel_mortis got a reaction from RafaelSoaresP in Is LTT Sever underperforming or having a Bigger Load???   
    There aren't any requests from your IP address that took longer than a second to be served by the server today, so the issue seems to either be somewhere between you and the forum server, most likely an issue with one of your browser, your ISP, or a localised issue with Cloudflare (our CDN).
  10. Agree
    colonel_mortis got a reaction from HanZie82 in Images not displaying when using FF browser   
    FIrefox 56 is more than 3 years old (September 2017), and has a number of security vulnerabilities. The standard for most websites these days is to support the latest and previous versions of major browsers (Firefox, Chrome, Edge and Safari), and not to actively support any older; I am slightly more forgiving, but 3 years old is unreasonable. You say it's not broken, but web standards have progressed a lot since then - there have been 3 new javascript standards, and a new CSS standard, as well as a bunch of living standard changes, so sites that are built for today's web will not function correctly for you - LTT may be the first you have encountered, but it will not be the last.
     
    The forum moves forwards, adding new functionality (such as the image lazy loading that seems to be causing the issue here), updating libraries to get new features or security updates, and removing legacy code that is hard to maintain or that adds unnecessary complexity. It is not fair for us to hold back on all of those simply to support an arbitrarily long tail of people who refuse to update their browser - if we don't draw the line at 3 years old, I don't know where we could. You are in a group of <0.5% of the visitors to the forum on really old FF versions, and I suspect that a sizeable chunk of the others in that group are bots that are pretending to be people. Honestly, I'm surprised that it works as well as it does.
     
    Even if I wanted to support this, that change would have to be made by the forum software devs because it is part of the core forum software and not a custom LTT addition, and there is no way that I would be able to convince them that it is worth their effort to support a 3 year old browser.
  11. Like
    colonel_mortis got a reaction from Eschew in hey guys is it normal for chrome to consume 3 million kilobytes of ram?   
    That isn't how security patches work. The windows registry is just a big collection of configuration, which you can edit with regedit. It doesn't allow you to change the code that actually runs, and that is where security vulnerabilities lie.
     
    Here's a list of security vulnerabilities that were found in Windows 7 recently, none of which you are protected against and many of which you will not be able to mitigate. Many of them will not be relevant to you, but some of them will be, and some of those will be exploitable even if you follow all security guidelines and don't do anything stupid.
     
    If you insist on remaining on an old, unsupported version of Windows, it is essential that you use a decent antivirus software. It can slow things down, although not a huge amount, but things being slower is far better than being infected with ransomware, being used as part of a botnet to attack other people, or whatever.
  12. Like
    colonel_mortis got a reaction from Luscious in Images not displaying when using FF browser   
    FIrefox 56 is more than 3 years old (September 2017), and has a number of security vulnerabilities. The standard for most websites these days is to support the latest and previous versions of major browsers (Firefox, Chrome, Edge and Safari), and not to actively support any older; I am slightly more forgiving, but 3 years old is unreasonable. You say it's not broken, but web standards have progressed a lot since then - there have been 3 new javascript standards, and a new CSS standard, as well as a bunch of living standard changes, so sites that are built for today's web will not function correctly for you - LTT may be the first you have encountered, but it will not be the last.
     
    The forum moves forwards, adding new functionality (such as the image lazy loading that seems to be causing the issue here), updating libraries to get new features or security updates, and removing legacy code that is hard to maintain or that adds unnecessary complexity. It is not fair for us to hold back on all of those simply to support an arbitrarily long tail of people who refuse to update their browser - if we don't draw the line at 3 years old, I don't know where we could. You are in a group of <0.5% of the visitors to the forum on really old FF versions, and I suspect that a sizeable chunk of the others in that group are bots that are pretending to be people. Honestly, I'm surprised that it works as well as it does.
     
    Even if I wanted to support this, that change would have to be made by the forum software devs because it is part of the core forum software and not a custom LTT addition, and there is no way that I would be able to convince them that it is worth their effort to support a 3 year old browser.
  13. Agree
    colonel_mortis got a reaction from GDRRiley in hey guys is it normal for chrome to consume 3 million kilobytes of ram?   
    That isn't how security patches work. The windows registry is just a big collection of configuration, which you can edit with regedit. It doesn't allow you to change the code that actually runs, and that is where security vulnerabilities lie.
     
    Here's a list of security vulnerabilities that were found in Windows 7 recently, none of which you are protected against and many of which you will not be able to mitigate. Many of them will not be relevant to you, but some of them will be, and some of those will be exploitable even if you follow all security guidelines and don't do anything stupid.
     
    If you insist on remaining on an old, unsupported version of Windows, it is essential that you use a decent antivirus software. It can slow things down, although not a huge amount, but things being slower is far better than being infected with ransomware, being used as part of a botnet to attack other people, or whatever.
  14. Agree
    colonel_mortis got a reaction from TVwazhere in Moderators on the Forum   
    I was actually trying to get to you do exactly this so I could test a bug with following people, but I gave up and confused some moderators instead.
  15. Informative
    colonel_mortis got a reaction from zeusthemoose in Choose what content to receive a notification for from followed members   
    Not very easily, but I've found some bugs with the plugin that we're using so I will have a think at some point about how it could be changed.
  16. Funny
    colonel_mortis got a reaction from FakeNSA in Moderators on the Forum   
    I was actually trying to get to you do exactly this so I could test a bug with following people, but I gave up and confused some moderators instead.
  17. Funny
    colonel_mortis got a reaction from zeusthemoose in Moderators on the Forum   
    I was actually trying to get to you do exactly this so I could test a bug with following people, but I gave up and confused some moderators instead.
  18. Funny
    colonel_mortis got a reaction from sub68 in Moderators on the Forum   
    I was actually trying to get to you do exactly this so I could test a bug with following people, but I gave up and confused some moderators instead.
  19. Funny
    colonel_mortis got a reaction from Eschew in Moderators on the Forum   
    I was actually trying to get to you do exactly this so I could test a bug with following people, but I gave up and confused some moderators instead.
  20. Informative
    colonel_mortis got a reaction from Moonzy in Moderators on the Forum   
    I was actually trying to get to you do exactly this so I could test a bug with following people, but I gave up and confused some moderators instead.
  21. Agree
    colonel_mortis got a reaction from sub68 in Is this website owned By linus media group?   
    The forum is owned by LMG, and moderated by members of the community.
  22. Informative
    colonel_mortis got a reaction from GodSeph in Is this website owned By linus media group?   
    The forum is owned by LMG, and moderated by members of the community.
  23. Agree
    colonel_mortis got a reaction from PlayStation 2 in Is this website owned By linus media group?   
    The forum is owned by LMG, and moderated by members of the community.
  24. Agree
    colonel_mortis got a reaction from Pickles - One of the Jar in Is this website owned By linus media group?   
    The forum is owned by LMG, and moderated by members of the community.
  25. Informative
    colonel_mortis got a reaction from j.son19 in The UK/EU Brexit Agreement contains references to Netscape Communicator & Mozilla Mail   
    If I'm reading the document correctly, the use of SHA-1 here is not actually a problem at all (in the way that it's being used, it is still considered to be secure against even nation state attacks), although the industry is moving away from it.
     
    SHA-1 is broken in that (with a huge amount of computational effort) researchers have managed to construct two different files that hash to the same value. That's not a problem here though, where it's being used to generate a Message Authentication Code (MAC), because generating a MAC involves a secret value that is not known to the attacker. If I'm remembering correctly, even MD5 (which IIRC a modern laptop could find a collision for within a few minutes) is secure enough to use for a MAC.
     
    RSA-1024 is not secure, and could be compromised by a nation state attacker (or very determined criminals), so it should definitely not be used.
×