|
Swagger Dagger posted:For the people asking about learning infosec, I think you could do a whole lot worse than reading through these: https://www.humblebundle.com/books/no-starch-hacking-books That looks really nice. I may pick that up. I was quite impressed with Bulletproof SSL and TLS. Its more a set of best practices accompanied by well written explanations but it also has a number of very interesting stories of how PKI has been breached in the past. Sometimes via actual malicious acts and sometimes just through incompetence. Its specific to just one protocol. But given how incredibly common TLS is on the internet I feel its worth picking up. Antillie fucked around with this message at 16:13 on Apr 28, 2016 |
# ? Apr 28, 2016 16:01 |
|
|
# ? May 13, 2024 10:46 |
|
e: Wrong thread nvm
Rufus Ping fucked around with this message at 16:50 on Apr 28, 2016 |
# ? Apr 28, 2016 16:47 |
|
ItBurns posted:In the end it comes down to whether or not you trust facebook. I just.. what? Did you read my post? I laid out explicitly the technical reasons it doesn't come down to trusting facebook. The entire point is the provability of the encryption. Like, you're arguing with math here. I'm seriously just confused.
|
# ? Apr 28, 2016 19:08 |
|
pr0zac posted:I just.. what? Did you read my post? I laid out explicitly the technical reasons it doesn't come down to trusting facebook. The entire point is the provability of the encryption. Like, you're arguing with math here. I'm seriously just confused. Noted. Edit: You also ignored my post, especially why you should funnel your communications, encrypted or not, through fb's servers, when they have at the very least the ability to log them and tie them with other information. Fake second edit: Also try to post your replies here and not in yospos so I don't have to hunt for them. ItBurns fucked around with this message at 19:29 on Apr 28, 2016 |
# ? Apr 28, 2016 19:12 |
|
ItBurns posted:Noted. Why bother using the Internet if your ISP can log your encrypted connections and tie them with other information?
|
# ? Apr 28, 2016 19:43 |
|
ItBurns posted:Noted.
|
# ? Apr 28, 2016 19:46 |
|
Wiggly Wayne DDS posted:lick lick slurp slurp um ok OSI bean dip posted:Why bother using the Internet if your ISP can log your encrypted connections and tie them with other information? Why bother posting if you're just a third-tier coattail rider? (USER WAS PUT ON PROBATION FOR THIS POST) (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Apr 28, 2016 19:58 |
|
ItBurns posted:Noted. Exactly what, in your mind, would logging encrypted messages allow for? Have you actually signed up for whatsapp before? Do you understand how iOS device tokens work? Do you need me to explain why the answers to those last two questions make avoiding metadata collection on whatsapp trivial for anyone whos concerned about that? Do you actually have any knowledge about anything technical being discussed? Do you need help dragging those goal posts?
|
# ? Apr 28, 2016 20:02 |
|
<< lol drat
|
# ? Apr 28, 2016 20:08 |
|
pr0zac posted:Do you understand how iOS device tokens work? Do you need me to explain why the answers to those last two questions make avoiding metadata collection on whatsapp trivial for anyone whos concerned about that? I'd unironically like to know more about both of these
|
# ? Apr 28, 2016 20:49 |
|
Thank you for the SIEM advice, Splunk is actually one I was looking at already and am looking into FIDO now. Appreciate the help.
|
# ? Apr 28, 2016 21:38 |
|
Adix posted:I'd unironically like to know more about both of these
|
# ? Apr 28, 2016 21:40 |
|
How do I get in on the coat tails thing? Sounds p sweet.
|
# ? Apr 28, 2016 22:01 |
|
Boris Galerkin posted:Is let's encrypt actually worth taking the x minutes to set up? I remember ready somewhere that all having a cert from them says is "this guy has a cert from us" but doesn't actually mean/do much else. Could be wrong though. Considering how much your average internet user knows about certificates, PKI, and encryption, this about all that any cert from any CA does. Even the EV ones. Antillie fucked around with this message at 22:13 on Apr 28, 2016 |
# ? Apr 28, 2016 22:06 |
|
Subjunctive posted:How do I get in on the coat tails thing? Sounds p sweet. hold a non-insane opinion
|
# ? Apr 28, 2016 22:19 |
|
Dex posted:hold a non-insane opinion "Computer security is hard and I'm willing to admit I don't understand everything about it/pr0zac might know more than me." Am I in?
|
# ? Apr 28, 2016 22:22 |
|
ultramiraculous posted:"Computer security is hard and I'm willing to admit I don't understand everything about it/pr0zac might know more than me." Sure.
|
# ? Apr 28, 2016 22:54 |
|
Adix posted:I'd unironically like to know more about both of these Me too.
|
# ? Apr 29, 2016 08:55 |
|
Tavis Ormandy turned his terrible gaze towards Symantec and hit paydirt. Expect big rounds of emergency patching in the next 3 months if you're running their products. Or maybe they don't do anything and you get some 0day CVEs when he goes public. https://twitter.com/taviso/status/725816306209951744
|
# ? Apr 29, 2016 18:15 |
|
BangersInMyKnickers posted:Tavis Ormandy turned his terrible gaze towards Symantec and hit paydirt. Expect big rounds of emergency patching in the next 3 months if you're running their products. Or maybe they don't do anything and you get some 0day CVEs when he goes public. But AV is a good idea because reasons!
|
# ? Apr 29, 2016 18:22 |
|
"remote ring0 vulns" is my John McAfee cover band.
|
# ? Apr 29, 2016 18:33 |
|
Is that the sort of thing where you're vulnerable because you're running a Symantec product? You'd be safer with nothing?
|
# ? Apr 29, 2016 18:37 |
|
doctorfrog posted:Is that the sort of thing where you're vulnerable because you're running a Symantec product? You'd be safer with nothing? He found the vulnerabilities in the Symantec products, so it's running those products that exposes you to whatever he found.
|
# ? Apr 29, 2016 18:39 |
|
doctorfrog posted:Is that the sort of thing where you're vulnerable because you're running a Symantec product? You'd be safer with nothing? Yes. Vastly so.
|
# ? Apr 29, 2016 18:39 |
|
doctorfrog posted:Is that the sort of thing where you're vulnerable because you're running a Symantec product? You'd be safer with nothing? Symantec.txt
|
# ? Apr 29, 2016 18:42 |
|
apseudonym posted:Symantec.txt AV.gif (it loops)
|
# ? Apr 29, 2016 18:43 |
|
doctorfrog posted:Is that the sort of thing where you're vulnerable because you're running a Symantec product? You'd be safer with nothing? You can replace "Symantec" with other vendor names too.
|
# ? Apr 29, 2016 19:44 |
|
Like Microsoft.
|
# ? Apr 29, 2016 19:59 |
|
Lots of AV vendors like to run their analysis/sandbox engine under a system context for whatever reason (stupidity, wrote the thing back in XP days, sloth) which is just begging for problems when a vulnerability is inevitably discovered. It's crap.
|
# ? Apr 29, 2016 20:45 |
|
doctorfrog posted:Is that the sort of thing where you're vulnerable because you're running a Symantec product? You'd be safer with nothing? You really shouldn't be running any sort of Antivirus product in 2016.
|
# ? Apr 29, 2016 21:01 |
|
Twerk from Home posted:You really shouldn't be running any sort of Antivirus product in 2016. I would qualify this by saying "you shouldn't be running antivirus as a primary line of defense in 2016". There are some use cases for it, but it's better supplemented with additional tools (on endpoints at least). I can point to a real world example with a customer I just finished working with that had no security software on approximately 1000 endpoints in a healthcare environment, even though they had a standing contract with a major AV vendor. They didn't replace AV with anything, they just didn't have anything on their systems. When they got hit by a 7-year-old worm and came screaming to us, we pointed out that the exact hashes they had would have been picked up by their AV solution and they really had no excuse as to why it hadn't been deployed. Traditional AV is on life support, but as a last line of defense (e.g. if AV detects something you're already hosed but maybe it might save you a little bit) it's worth having. EDIT: I should note that there were a lot of internal politics that led to that decision (due to acquisitions and such) but people are literally taking the saying "AV is dead" at face value and running with nothing, in the real world, in 2016. The security industry needs to be careful about what they soapbox. co199 fucked around with this message at 22:55 on Apr 29, 2016 |
# ? Apr 29, 2016 22:52 |
|
co199 posted:Traditional AV is on life support, but as a last line of defense (e.g. if AV detects something you're already hosed but maybe it might save you a little bit) it's worth having. No. quote:people are literally taking the saying "AV is dead" at face value and running with nothing, in the real world, in 2016 Hi.
|
# ? Apr 29, 2016 23:21 |
|
Bleep blorp I am computer super user my brainpan is plugged directly in 2 "da net" every piece of software I run is hashed and you better believe I check it three times for extra safety I understand every single thing my software is doing at all time and my brain runs native assembly get that amateur "anti-VIRUS" crap outta here! ! !
|
# ? Apr 29, 2016 23:24 |
|
co199 posted:I would qualify this by saying "you shouldn't be running antivirus as a primary line of defense in 2016". There are some use cases for it, but it's better supplemented with additional tools (on endpoints at least). co199 posted:I can point to a real world example with a customer I just finished working with that had no security software on approximately 1000 endpoints in a healthcare environment, even though they had a standing contract with a major AV vendor. They didn't replace AV with anything, they just didn't have anything on their systems. When they got hit by a 7-year-old worm and came screaming to us, we pointed out that the exact hashes they had would have been picked up by their AV solution and they really had no excuse as to why it hadn't been deployed. co199 posted:Traditional AV is on life support, but as a last line of defense (e.g. if AV detects something you're already hosed but maybe it might save you a little bit) it's worth having. co199 posted:EDIT: I should note that there were a lot of internal politics that led to that decision (due to acquisitions and such) but people are literally taking the saying "AV is dead" at face value and running with nothing, in the real world, in 2016. The security industry needs to be careful about what they soapbox.
|
# ? Apr 29, 2016 23:42 |
Any professional security researchers or academics in here? My iPhone 6 keeps unlocking itself randomly despite me not touching it, trying to figure out exactly what the cause is but not sure how to go about doing that. I'm guessing some hardware component is faulty and sending a touch id passed event when it shouldn't or something, regardless I'd like to pin down the exact cause and possibly report it to Apple, but have no idea where to start on something like this. Any suggestions? Latest iOS, no past jailbreaking or anything. Haven't downloaded any apps in ages so I'd say it's unlikely that it's some strange virus, but can't really rule that out yet.
|
|
# ? Apr 29, 2016 23:49 |
|
But who are we to not trust AV.
|
# ? Apr 29, 2016 23:55 |
|
Wiggly Wayne DDS posted:The current use cases for AV are checking a box on audits and providing an entrypoint for everyone else. The circumstances around this engagement were more complicated than just "oh they weren't running AV lol it would have fixed them". I think we're all aware of the travesty that is the healthcare IT environment, especially concerning legacy applications and operating systems. You're absolutely correct that they weren't keeping systems securely up-to-date and again, it's more than just a case of AV solving the problem - I was simply using it as an example where actually having an AV product deployed would have helped with one aspect of the issue. There are other, better answers (including tools like Carbon Black) for getting visibility into endpoints, and I'm certainly not hopping on the AV dick to say everyone "needs" AV. I agree completely that there are better tools out there - again, not saying AV is a necessity - in this case it would have been better than the nothing they had, even if not the optimal (multiple layer) solution. You obviously have to balance hardware, software and personnel solutions along with actual effective policies internally. We were deployed in an IR capability, predominantly to identify just what the gently caress was happening as the customer had no visibility and no idea what the gently caress was going on. Our initial reaction was "burn the whole thing to the ground and start again", but unfortunately that wasn't realistic so we actually engaged other teams that had standing relationships with the customer (and SMEs on the tools in their environment) to help with remediation.
|
# ? Apr 30, 2016 00:01 |
|
co199 posted:I was simply using it as an example where actually having an AV product deployed would have helped with one aspect of the issue It's also possible that wearing a seatbelt can kill you by trapping you in a car, but the seatbelt soapbox is still exactly the right one to stand on. You can have a fatal reaction to a vaccine, but you should still get them. The most likely outcome of having AV installed is worse than the most likely outcome of skipping it.
|
# ? Apr 30, 2016 00:06 |
|
Subjunctive posted:It's also possible that wearing a seatbelt can kill you by trapping you in a car, but the seatbelt soapbox is still exactly the right one to stand on. You can have a fatal reaction to a vaccine, but you should still get them. The most likely outcome of having AV installed is worse than the most likely outcome of skipping it. I'm not trying to be an rear end in a top hat here, but can you give me a real-world example of securing an environment of say, 10,000 endpoints (we'll softball it with a mix of XP, 7 and 10, Server2k3,2k8r2 and 2k12) without using AV and without getting laughed out of a boardroom for presenting a cost of $texas?
|
# ? Apr 30, 2016 00:15 |
|
|
# ? May 13, 2024 10:46 |
|
co199 posted:I'm not trying to be an rear end in a top hat here, but can you give me a real-world example of securing an environment of say, 10,000 endpoints (we'll softball it with a mix of XP, 7 and 10, Server2k3,2k8r2 and 2k12) without using AV and without getting laughed out of a boardroom for presenting a cost of $texas? My company has > 10K end-user machines and we don't run AV. But I'm curious: what would you do that would replace AV but be really expensive?
|
# ? Apr 30, 2016 00:17 |