|
secfuck question: is there a "better" way to do sudo than with a password? i'm logging in to my server entirely with public/private key pairs but then wind up typing my password anyway to sudo things. i know i can outright disable it requiring a password but that seems like a Very Bad Idea.
|
# ? Jun 2, 2016 15:15 |
|
|
# ? Jun 3, 2024 16:06 |
|
flakeloaf posted:the information is probably being collected anyway by cell towers and whatever, i'd might as well see some benefit from it I'm the cell tower passing on the recordings of your butt trumpet symphonies.
|
# ? Jun 2, 2016 15:16 |
|
Parallel Paraplegic posted:secfuck question: is there a "better" way to do sudo than with a password? i'm logging in to my server entirely with public/private key pairs but then wind up typing my password anyway to sudo things. i know i can outright disable it requiring a password but that seems like a Very Bad Idea. u could do 2fa with a PAM that will do TOTP authentication so yo would need a phone that is linked to the account and give in a one time code or you could use a smartcard or token to authenticate but then you'd have to worry about losing the phone or token
|
# ? Jun 2, 2016 15:18 |
|
OSI bean dip posted:https://securitysnakeoil.org
|
# ? Jun 2, 2016 15:21 |
|
spankmeister posted:u could do 2fa with a PAM that will do TOTP authentication so yo would need a phone that is linked to the account and give in a one time code oh i forgot it's sitting on top of PAM isn't it, hmm okay
|
# ? Jun 2, 2016 15:41 |
|
anthonypants posted:is it safe to assume you're working with asher langton on this? i've never met him but he's a cool dude who loves to out scams. ask him about arturas some time we're talking yes he and i have shared info in the past
|
# ? Jun 2, 2016 15:43 |
|
OSI bean dip posted:we're talking yes i gave u a shoutout on the tweetz0r machine, 0 likes and 0 RTs i am the irrelevancy in the OP
|
# ? Jun 2, 2016 15:47 |
|
OSI bean dip posted:we're talking yes I'd love to help out with this as well.
|
# ? Jun 2, 2016 16:11 |
|
BattleMaster posted:Mine's empty but the location history is frighteningly accurate and pretty fascinating location history is mad useful its too bad i didn't have it fully functional before like 2012 or so
|
# ? Jun 2, 2016 16:15 |
|
I use Google voice dictation pretty frequently and still there's more in there than I expected. Some pretty clear instances of the voice search triggering in my pocket. My favorite was "no no no no no, C-A-V. Constant angular velocity."
|
# ? Jun 2, 2016 16:30 |
|
Parallel Paraplegic posted:secfuck question: is there a "better" way to do sudo than with a password? i'm logging in to my server entirely with public/private key pairs but then wind up typing my password anyway to sudo things. i know i can outright disable it requiring a password but that seems like a Very Bad Idea. Not exactly what you're asking for but what things do you find you normally need to run sudo for? If it's specific applications that require sudo you could consider creating a non-root account that has permission to run those specific things. So your /etc/sudoers would look something like: code:
code:
|
# ? Jun 2, 2016 16:37 |
|
so until we hire a new it guy i have inherited cj duties the office i'm embedded at basically has no security or compliance in place while we're waiting for an actual sec guy to get hired, is there something like a secfuck checklist i could run with to at least mitigate the most obscene stuff?
|
# ? Jun 2, 2016 16:39 |
|
@SecSnakeOil is a great idea, given you a push from our Edinburgh Skeptics account. I think there should be a greater crossover before skepticism and IT, it's not something that really comes up. Edit: usually alt med and the like is our bread and butter Was gonna do an "IT Security Myths" talk for our group based on things I've learnt from you guys, but it'll be dead boring and boring isn't good for public presentations.
|
# ? Jun 2, 2016 16:41 |
|
surebet posted:so until we hire a new it guy i have inherited cj duties you're going to need to be more specific, are you talking about being in charge of app security or network security or what,
|
# ? Jun 2, 2016 16:41 |
|
fishmech posted:location history is mad useful where are u in boston
|
# ? Jun 2, 2016 16:46 |
|
surebet posted:so until we hire a new it guy i have inherited cj duties im twitching
|
# ? Jun 2, 2016 16:50 |
|
Suspicious Dish posted:where are u in boston right on the border of allston and brighton
|
# ? Jun 2, 2016 16:51 |
|
fishmech posted:right on the border of allston and brighton apparently i live very close 2 fishmech
|
# ? Jun 2, 2016 16:52 |
|
surebet posted:so until we hire a new it guy i have inherited cj duties gonna quote this post back at you in ~3 months when this is your
|
# ? Jun 2, 2016 16:52 |
|
Podima posted:gonna quote this post back at you in ~3 months when this is your yeah start lookin for a new job because 1. they aint hiring anyone 2. you are now branded as The Computer Man
|
# ? Jun 2, 2016 16:53 |
|
Parallel Paraplegic posted:oh i forgot it's sitting on top of PAM isn't it yes it is we use centrify directcontrol to bind it to AD so at least it hooks into our strong password policy
|
# ? Jun 2, 2016 17:02 |
|
fishmech has been very near me according to one of those red dots
|
# ? Jun 2, 2016 17:02 |
|
OSI bean dip posted:https://securitysnakeoil.org FYI - this is being blocked by whatever feed we subscribe to at work. I'll try to find out what it is so if you care you can ask why they blocked you. (they're probably afraid you'll call out their lovely security practices) E: We're using Palo Alto which uses BrightCloud. You can request a change here: https://urlfiltering.paloaltonetworks.com/testasite.aspx if you care to. Winkle-Daddy fucked around with this message at 17:16 on Jun 2, 2016 |
# ? Jun 2, 2016 17:04 |
spankmeister posted:mines empty
|
|
# ? Jun 2, 2016 17:15 |
|
Winkle-Daddy posted:FYI - this is being blocked by whatever feed we subscribe to at work. I'll try to find out what it is so if you care you can ask why they blocked you. (they're probably afraid you'll call out their lovely security practices) i am behind a PA and it's not having any issues. let me know if this persists though thehustler posted:@SecSnakeOil is a great idea, given you a push from our Edinburgh Skeptics account. I think there should be a greater crossover before skepticism and IT, it's not something that really comes up. Edit: usually alt med and the like is our bread and butter i am planning a talk on this at some point later this year gfsincere posted:I'd love to help out with this as well. feel free to pm me if you have any ideas or just tweet at me
|
# ? Jun 2, 2016 17:39 |
|
OSI bean dip posted:i am behind a PA and it's not having any issues. let me know if this persists though Our policy is to block "unknown" which probably just means you haven't been scanned yet.
|
# ? Jun 2, 2016 17:42 |
|
I had some really nice google location history , but for reasons i still didnt understand, one day i checked the website and it had all been deleted and went back from zero
|
# ? Jun 2, 2016 18:04 |
|
OSI bean dip posted:i am planning a talk on this at some point later this year if you ever come to the UK and fancy doing the talk over here let me know and you can come do it for us and maybe a few other groups if you're interested? expenses/accommodation on us (not the loving ritz or whatever jeez)
|
# ? Jun 2, 2016 18:33 |
|
Captain Foo posted:you're going to need to be more specific, are you talking about being in charge of app security or network security or what, general office best practices, software recommendation/restrictions (assume 95% of the people use basic office/web stuff), temporary infrastructure & backup solutions (i don't want to commit the future hire to something so for now i'd only buy common core stuff like an lto drive) and other bare basics sec stuff basically is there a list that shows the 7 deadly sins of enterprise it or something is what i'm looking for graph posted:im twitching i wanted to roll up in a ball and cry when i saw all the financial stuff un-backed and spread across ad hoc network shares Podima posted:gonna quote this post back at you in ~3 months when this is your i would be hilariously underqualified to do this long term graph posted:yeah start lookin for a new job because 1. they aint hiring anyone 2. you are now branded as The Computer Man while i do have computer stank on me (and have for a while) i've seen the money for the hire and the only reason the last one bailed was for medical issues i have been unfucking people's excel stuff for a while though, but so far it's been a fairly good side gig
|
# ? Jun 2, 2016 18:33 |
|
surebet posted:i've seen the money for the hire seems safe then
|
# ? Jun 2, 2016 18:51 |
|
surebet posted:
fix this asap; are you using AD or no?
|
# ? Jun 2, 2016 18:54 |
|
sort the backups and then worry about other stuff
|
# ? Jun 2, 2016 19:25 |
|
surebet posted:i would be hilariously underqualified to do this long term Aren't we all!
|
# ? Jun 2, 2016 19:42 |
|
Volmarias posted:Aren't we all!
|
# ? Jun 2, 2016 20:16 |
|
Volmarias posted:Aren't we all!
|
# ? Jun 2, 2016 20:29 |
|
surebet posted:i would be hilariously underqualified to do this long term that you've apparently convinced someone otherwise implies you're not as thats 90% of being qualified since its basically impossible to hire security people
|
# ? Jun 2, 2016 20:39 |
|
thehustler posted:if you ever come to the UK and fancy doing the talk over here let me know and you can come do it for us and maybe a few other groups if you're interested? expenses/accommodation on us (not the loving ritz or whatever jeez) i'll be visiting london and the cotswolds for a wedding in october so maybe?
|
# ? Jun 2, 2016 21:02 |
|
TeamViewer carnage today. Nefarious forces are looting Paypals and Amazons. https://www.reddit.com/r/teamviewer/comments/4m6omd/teamviewer_breach_masterthread_please_post_your/
|
# ? Jun 2, 2016 21:06 |
|
flosofl posted:TeamViewer carnage today. Nefarious forces are looting Paypals and Amazons. quote:As far as password sniffers go, I did not check and cannot check, as I have used Samsung's tool to securely wipe his SSD and install Zorin (Ubuntu). I've changed all of his passwords and enabled the use of LastPass, which requires a 45-character passphrase when saving/accessing/utilising passwords each time. this seems like worse punishment than losing your money goddamn
|
# ? Jun 2, 2016 21:13 |
|
|
# ? Jun 3, 2024 16:06 |
|
lmao
|
# ? Jun 2, 2016 21:18 |