sfwarlock posted:^ This is why truecrypt had the ability for a "hidden volume". Enter password A, and your "embarrassing but not life ending stuff" gets revealed; password B reveals the critical stuff. The problem then becomes, you can never prove you don't have a password B... I never understood that. Wouldn't it be obvious something is there taking up space when you say, try to put 3GB in a 4GB container and get a full disk error?
|
|
# ? May 5, 2016 00:52 |
|
|
# ? Jun 5, 2024 20:06 |
|
skooma512 posted:I never understood that. Wouldn't it be obvious something is there taking up space when you say, try to put 3GB in a 4GB container and get a full disk error? If you mount the outer container without also providing the password (and thus block mappings) for the inner container, writing any data to the outer container will happily destroy the blocks of the inner container. It's a little more obvious if you use dynamically-resized container files, since there might only be 2GB written to the outer filesystem but the file is actually 4GB on disk, but that can also happen when you delete files. For this reason, Truecrypt strongly encourages you to preallocate the entire file in one go, and then it is filled with random data that can conceal the inner filesystem. Paul MaudDib fucked around with this message at 00:57 on May 5, 2016 |
# ? May 5, 2016 00:54 |
|
A (reply to a ) ticket just came in... colleague sent a proposal to a manager about updating their backup setup to include an additional server, with prices and why its needed etc. Manager replied with: "OK thanks for this, I will revert" what? I've met the guy and he's not a vert skater, and the email contained no other opinions that he may want to change his mind about, anyone got any guesses on what buzzword bingo this is ?
|
# ? May 5, 2016 09:04 |
|
Usually used in "please do the needful and revert", asking for you to report back afterwards. In this situation I'd imagine he hasn't decided yet (or probably even read a word) and will get back to you later with an actual response.
|
# ? May 5, 2016 09:10 |
|
^ Still, that's a frightening lack of clarity for something as important as your backups.
|
# ? May 5, 2016 12:04 |
|
Potato Salad posted:^ Still, that's a frightening lack of clarity for something as important as your backups. If I got that email, I would legitimate reply and ask for clarification on what was meant. To me "revert" means rolling back a change. And I would keep doing it, every time it was sent. Right now, as part of my passive aggressive war against this poo poo, whenever someone use "ask" in place of question or request (i.e. "can you please detail your ask to this group"), I make it point to never, ever use that word in my response. I always use "question" or "request" in my replies. I may be King Canute with this, but I'm damned if I'm going to contribute to it. I've already lost the war to "irregardless".
|
# ? May 5, 2016 12:51 |
|
spiny posted:A (reply to a ) ticket just came in... I'm assuming this is him being lazy, using his phone, and autocorrect. He probably meant 'review'
|
# ? May 5, 2016 13:01 |
|
MrMojok posted:Anybody have any experience with Cylance? Just saw a demo at INTEROP that was pretty amazing, but I'd never even heard of it before. They ran the same two hundred malware files on a VM with their product, another one with mcafee, another with sophos, and another with Symantec and it kicked all their asses. We've started using Cylance at our company recently after running a test for a month or so. It's a great solution. It needs no virus database and it updates maybe four times a year. The memory footprint is about 35MB and it uses about 1% CPU while it does it's thing. We're dumping both McAfee and Symantec for it. It is pricey tho. Between $40-$50 a seat. However for the protection it provides its completely worth it. Great control panel portal too. It is a little over protective, so you might find it nuking things that are legit, so you'll have to add exceptions in the control panel, but for the protection you get a few false positives shouldn't be a big deal. As for the customer service and sales support, they were very helpful. During our demo period they held weekly meetings and during those meetings we added features to our group of machines as we went along. Overall my impression of them and their product has been very positive.
|
# ? May 5, 2016 13:24 |
|
I had a meeting with them yesterday as a solution for some remote machines, but I'm still not sure it can do some of the things it says it can do. I think we'd be up for testing it though. It's good to hear you had a positive experience with them. Although that price kind of scares me. I asked about cylance in the infosec thread as well, but those guys are rear end in a top hat. Should have asked here first.
|
# ? May 5, 2016 13:31 |
|
spiny posted:A (reply to a ) ticket just came in...
|
# ? May 5, 2016 13:54 |
|
I'm sure a lot of people are already aware of it but just in case. If you're running WSUS on Server 2012 R2 hold off on KB 3148812. Also a new Win10 update/nagware for Win7 with KB 3150513.
|
# ? May 5, 2016 14:21 |
|
Mustache Ride posted:I asked about cylance in the infosec thread as well, but those guys are rear end in a top hat. Should have asked here first.
|
# ? May 5, 2016 14:53 |
|
Nulldevice posted:We've started using Cylance at our company recently after running a test for a month or so. It's a great solution. It needs no virus database and it updates maybe four times a year. The memory footprint is about 35MB and it uses about 1% CPU while it does it's thing. We're dumping both McAfee and Symantec for it. It is pricey tho. Between $40-$50 a seat. However for the protection it provides its completely worth it. Great control panel portal too. It is a little over protective, so you might find it nuking things that are legit, so you'll have to add exceptions in the control panel, but for the protection you get a few false positives shouldn't be a big deal. As for the customer service and sales support, they were very helpful. During our demo period they held weekly meetings and during those meetings we added features to our group of machines as we went along. Overall my impression of them and their product has been very positive. Thank you.
|
# ? May 5, 2016 16:49 |
|
Mustache Ride posted:
Their response is always "anti-virus doesn't help, and can hurt." It's a legitimate view if you have full control over the domain. Not as helpful if you're working in a segmented environment where others are controlling elements.
|
# ? May 5, 2016 19:13 |
|
Avenging_Mikon posted:Their response is always "anti-virus doesn't help, and can hurt." It's a legitimate view if you have full control over the domain. Not as helpful if you're working in a segmented environment where others are controlling elements. This answer is unhelpful though If that's your stance fine, but some people have a need for AV. We have customers that fall in HIPAA and PCI lands, which (I could be incorrect) I believe require that you have AV installed to "protect" your systems. If it doesn't specifically require AV, I believe it has some requirement to scan your systems for malware/virii and AV is the easiest/traditional way of doing that. Sure, there are devices that can do this (fortinets do AV on the wire and IPS, and other security minded appliances), but they also have issues. I dealt with a fun one yesterday where our fortinet decided that a linux server, which basically runs this entire retail store, was part of a botnet (still haven't determined the root cause) and happily added it to the IPS threat list and quarantined all traffic from it, the problem is that it never alerted us of this fact, after a few hours of looking at routing tables and confirming the box itself was fine and it wasn't a config issue on the router, we checked and found the issue.
|
# ? May 5, 2016 19:37 |
|
Speaking of Indian English vernacular, had this update on one of my tickets from support in Indiaquote:Spoke with cx cx <customer> on <case> and cx said they are waiting for <us> revert on POA and cx said after confirmation of downtime they will send a mail to <us> kindly suggest, Updated By <agent>
|
# ? May 5, 2016 19:39 |
|
Avenging_Mikon posted:Their response is always "anti-virus doesn't help, and can hurt." It's a legitimate view if you have full control over the domain. Not as helpful if you're working in a segmented environment where others are controlling elements. It's that except exponentially ruder and less helpful. EDIT: Oh, cool. Totally disproves my point. Inspector_666 fucked around with this message at 21:13 on May 5, 2016 |
# ? May 5, 2016 19:49 |
|
It's a good thread for being told AV doesn't work and to get better users but if that's not possible it's not exactly filled with ideas.
|
# ? May 5, 2016 19:53 |
|
Inspector_666 posted:It's that except exponentially ruder and less helpful. Ditto. Plus they forget that its not just the latest and greatest virus's you have to worry about. Yeah most AV's will let 0-days slip through just fine. But I have idiot users who still fall for the "enable macro to decode" bs. Having any sort of AV can probably stop that. Add that to the fact that most companies have some sort of compliance or audit that requires AV.
|
# ? May 5, 2016 19:53 |
|
Inspector_666 posted:It's that except exponentially ruder and less helpful. Yeah I don't trust my AV but I have it. It covers me and I can point to it failing if something does happen. "It was brand new, slipped by the Anti-Virus, which can now detect it, they updated 2 days after we were infected". This can sometimes prompt a "We need to change AV vendors" but it's not gong to result in "IT is incompetent for letting this by" Even if the fix is roll back an hour to backups and re image the machine for under an hour of downtime. When I go to switch AV vendors I look for low foot print and easy to deploy and maintain.
|
# ? May 5, 2016 20:02 |
|
AV is just another line of defense.
|
# ? May 5, 2016 20:27 |
|
go3 posted:AV is just another line of defense. Eh, it's actual effectiveness these days is incredibly low and there's been an amazing run of horrifically bad security vulnerabilities found in the most common vendors software. Google "project zero" if you want more details. For instance https://bugs.chromium.org/p/project-zero/issues/detail?id=693&redir=1 quote:When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. Using anti virus has become more of a compliance thing than actually improving the security of your network.
|
# ? May 5, 2016 20:46 |
|
go3 posted:AV is just another line of defense. a really lovely one don't browse the internet like a moron, use adblockers and don't open shady emails and don't download shady poo poo from wehavefiles4u.ru
|
# ? May 5, 2016 20:51 |
|
jre posted:Eh, it's actual effectiveness these days is incredibly low and there's been an amazing run of horrifically bad security vulnerabilities found in the most common vendors software.
|
# ? May 5, 2016 20:56 |
|
MSRT is actually extremely good if you use unix (including os x), clamav these are more often than not for PROACTIVE scanning, not REACTIVE scanning so don't plop them in your filesystem and just expect them to do a thing without your intervention RISCy Business fucked around with this message at 20:58 on May 5, 2016 |
# ? May 5, 2016 20:56 |
|
goddamn someone got really mad
|
# ? May 5, 2016 21:15 |
|
go3 posted:goddamn someone got really mad The funny thing is that I didn't even say they were wrong, just rude about it. Gonna miss you Slade
|
# ? May 5, 2016 21:16 |
|
go3 posted:goddamn someone got really mad
|
# ? May 5, 2016 21:16 |
|
Inspector_666 posted:The funny thing is that I didn't even say they were wrong, just rude about it. there is no mercy here
|
# ? May 5, 2016 21:16 |
|
go3 posted:goddamn someone got really mad
|
# ? May 5, 2016 21:17 |
|
online friend posted:there is no mercy here Sure. I don't work in infosec and that thread was not the helpful resource I was hoping it would be, and this is the price I pay. ~flew too close to the sun, etc.~
|
# ? May 5, 2016 21:20 |
|
jre posted:Eh, it's actual effectiveness these days is incredibly low and there's been an amazing run of horrifically bad security vulnerabilities found in the most common vendors software. Sure, but it's also integrated into the OS these days in the first place, so it's essentially impossible to go without it unless you're pulling the sort of bullshit where you run hacked up "slimdown" OS installs to begin with. Installing a third-party AV in 8/8.1/10 is kinda like insisting on still installing Trumpet WinSock to handle TCP/IP.
|
# ? May 5, 2016 21:21 |
|
So is the plan to just keep the people who browse like a moron off the internet?
|
# ? May 5, 2016 21:21 |
|
odiv posted:So is the plan to just keep the people who browse like a moron off the internet? this is an acceptable alternative
|
# ? May 5, 2016 21:24 |
|
fishmech posted:Sure, but it's also integrated into the OS these days in the first place, so it's essentially impossible to go without it unless you're pulling the sort of bullshit where you run hacked up "slimdown" OS installs to begin with. Windows 7 ? 4 eva Also in some environments (PCI) you need to be able to provide regular reports on when virus updates were installed to prove you are keeping things up to date and third party tools make this easier.
|
# ? May 5, 2016 21:25 |
|
odiv posted:So is the plan to just keep the people who browse like a moron off the internet? nothing is perfect. turn it all off.
|
# ? May 5, 2016 21:27 |
|
odiv posted:So is the plan to just keep the people who browse like a moron off the internet? In a business environment locking poo poo down via group policy so that only approved software can be run is way more effective. That and being on top of patching
|
# ? May 5, 2016 21:29 |
|
jre posted:In a business environment locking poo poo down via group policy so that only approved software can be run is way more effective. That and being on top of patching and in non-business environments?
|
# ? May 5, 2016 21:33 |
|
go3 posted:goddamn someone got really mad
|
# ? May 5, 2016 21:36 |
|
|
# ? Jun 5, 2024 20:06 |
|
I mean I'd rather spend $80 on basically anything else but that's just me.
|
# ? May 5, 2016 21:40 |