I appreciate you fixing the guy sticking out the window

Personally I always think of this when I see him

Lol my Jetta has handled deeper mud than this

…not WELL but I did eventually manage to get it unstuck

That was 2016 and we also got Trump shortly after. Can we just settle for 2015 instead?

Did you just recently purchase it? If you ask steam support will usually give you the difference

When will we learn to stop using television stars for economic policy? That’s how we got in this mess

Hey I got this email in my inbox figured I’d try to fill it out

It required a donation to submit the survey. The data presented here is worth less than the paper it’s printed on, and it’s displayed on a fucking LCD

To be fair, I don’t think they put any language about high speed internet in the Constitution.

Not that it’d stop him.

Entrapta is not with the horde, she’s with science!

In the venn diagram between me and the target demographic the circles are not touching

Binged the whole series from start to finish this weekend (first time watch) because of these posts

I’d settle for it being feasible to bike to work. I don’t have to get paid the experience

To be fair, many of the things we do are bad for your heart

Live fast and leave a sexy corpse

Don’t forget to support FOSS software you’re using, including lemmy & your home instance

https://en.m.wikipedia.org/wiki/British_Museum

Looking forward to the results!

Is this from the local connection or over RDP? The issue they’re trying to point out seems to be that while it’ll stop working for local sessions, RDP sessions will continue to accept the old password

As far as I can tell, this applies after reconnecting to the domain controller and being able to pull new credentials. It’s not 100% clear in the article, but

Old credentials continue working for RDP—even from brand-new machines.

Even after users change their account password, however, it remains valid for RDP logins indefinitely. In some cases, Wade reported, multiple older passwords will work while newer ones won’t. The result: persistent RDP access that bypasses cloud verification, multifactor authentication, and Conditional Access policies.

While the password change prevents the adversary from logging in to the Microsoft or Azure account, the old password will give an adversary access to the user’s machine through RDP indefinitely.

However

The mechanism that makes all of this possible is credential caching on the hard drive of the local machine. The first time a user logs in using Microsoft or Azure account credentials, RDP will confirm the password’s validity online. Windows then stores the credential in a cryptographically secured format on the local machine. From then on, Windows will validate any password entered during an RDP login by comparing it against the locally stored credential, with no online lookup. With that, the revoked password will still give remote access through RDP.

Which makes it sound like it has to be logged in successfully first, directly contradicting the first quote.

Either way, it does appear to be an issue that an online device will accept expired passwords before it will pull new credentials from the inter/intranet

This has been happening for years. Microsoft forces users to create an account at setup then conveniently makes sure you never remember that password again by having you setup a pin. Saw a decent number of customers have to setup their PCs again because bitlocker triggered and they didn’t know the user or password the recovery code was associated with.