Email or username:

Password:

Forgot your password?
stacksmashing's posts Post Back to profile
stacksmashing
9 comments
cR0w h0 h0

@stacksmashing Is this a common thing that I've been lucky enough to miss? This was the first one I remember seeing.

8 December at 16:46 | Open on infosec.exchange
stacksmashing

@cR0w In my professional life I've seen it multiple times

8 December at 16:48 | Open on infosec.exchange
cR0w h0 h0

@stacksmashing (⁠╯⁠°⁠□⁠°⁠)⁠╯⁠︵⁠ ⁠┻⁠━⁠┻

8 December at 16:52 | Open on infosec.exchange
stacksmashing

We run this security-sensitive service but only keep the logs for 7 days😔

Obviously hindsight is 20/20, but a good example on why at companies I always want as much log retention as possible.

The good news is that it's believed no official images from downloads.openwrt.org were affected nor any custom images from the 21.10.0-rc2 release. OpenWrt developers were only able to verify the build logs for the past seven days due to automatic clean-up of older build logs. Users are thus encouraged to carry out in-place upgrades to the same version to eliminate any possibility of being affected.
8 December at 16:47 | Open on infosec.exchange
The Doctor

@stacksmashing That's seven days longer then a lot of places!

8 December at 19:07 | Open on hackers.town
dercraig

@stacksmashing people are very often privacy aware and angry with entities saving logs for more than a few days (or at all) UNTIL the entity was compromised and then they are suddenly considered morons for not saving way more logs... :'-)

8 December at 19:29 | Open on infosec.exchange
nytpu ‮

@stacksmashing I like to link people this if they think it's too difficult to brute-force a short hash prefix lol github.com/zegl/extremely-line

8 December at 18:46 | Open on tilde.zone
none gender with left politics

@stacksmashing @Lyude isn't finding truncated SHA-256 hash collisions literally how bitcoin mining works

8 December at 21:20 | Open on beach.city
Go Up