|
EAT THE EGGS RICOLA posted:Cryptolocker yourself but have the bitcoin wallet address be one that you control and see if they'll pay. That might actually be breaking the law, one you are getting 2 scammers to scam each other, the other you are scamming a scammer and stealing stolen money.
|
#
?
Jun 2, 2016 14:18
|
|
|
|
| # ? May 29, 2024 22:27 |
|
|
pixaal posted:That might actually be breaking the law, one you are getting 2 scammers to scam each other, the other you are scamming a scammer and stealing stolen money. Yes, but who is going to report it? "Hello, police? We were trying to steal this guy's information and we paid for a cryptolocker unlock and it turns out he crypto'ed this himself and scammed us into paying a bitcoin! Can you have him arrested?" "Sure. We'll be right over to....take a statement."
|
|
#
?
Jun 2, 2016 14:22
|
|
|
It's for sure illegal but: 1) they're never going to realize what you did 2) See Arsten's post. Edit: Actually I wonder if it would be illegal at all. "Oh yeah I have a cryptolocker thing on my computer and don't have the bitcoin to unlock it" is certainly not a lie in any way. EAT THE EGGS RICOLA fucked around with this message at 14:36 on Jun 2, 2016 |
|
#
?
Jun 2, 2016 14:31
|
|
|
demonicon posted:Totally not pissing me off: That sounds amazing. I think about all of things I could get done and learn with even just a month off. Congratulations you're living the dream. A former company I worked for did this. The writing was on the wall and I got out early. A friend who stayed behind got 6 months severance pay, gave him enough time to study and get a few new certs and then find an even better job.
|
|
#
?
Jun 2, 2016 15:29
|
|
|
Guy just called returning the call of the person I replaced who left two months ago to complain about his iPhone not syncing the calendar. I explained that I manage the voip system and he should contact apple and he got pissed. Sorry you forgot your password dude.
|
|
#
?
Jun 2, 2016 16:00
|
|
|
 We all know its true.
|
|
#
?
Jun 2, 2016 17:14
|
|
|
Sirotan posted:
I thought it was +1 per ASCII value, what encoding method is this and what are the 5 missing numbers between each letter for?
|
|
#
?
Jun 2, 2016 17:25
|
|
|
Daylen Drazzi posted:I'm waiting for the dick-punch that invariably comes when too many good things happen to me all at once. Mods, pls revert and do the needful. More poo poo that pisses you off: Waiting for the dick-punch.
|
|
#
?
Jun 2, 2016 17:26
|
|
|
pixaal posted:I thought it was +1 per ASCII value, what encoding method is this and what are the 5 missing numbers between each letter for?
|
|
#
?
Jun 2, 2016 17:28
|
|
|
pixaal posted:I thought it was +1 per ASCII value, what encoding method is this and what are the 5 missing numbers between each letter for? That's exactly what the computers wanted you to ask!! 
|
|
#
?
Jun 2, 2016 17:30
|
|
|
You're asking for logic from numerologists, that was where you went wrong.
|
|
#
?
Jun 2, 2016 17:32
|
|
|
The on call guy tonight is taking the day off. Nobody stepped up to volunteer to take his shift, so numbers were drawn. I won the on call lotto and also have outstanding plans that have been in place for a couple weeks for this evening. I love my luck sometimes. Here's to hoping nobody calls in cause the response time isn't going to be very flattering. gently caress.
|
|
#
?
Jun 2, 2016 18:36
|
|
|
Vendors and returns piss me off. Honestly, that's all that needs to be said.
|
|
#
?
Jun 2, 2016 18:41
|
|
|
That's kind of bullshit you got no one in your group willing to fall on that grenade, even it's for consideration on a future conflict. It's super easy to get time off where I'm at, even if you're on call. Because we all like each other and get along.
|
|
#
?
Jun 2, 2016 18:43
|
|
|
Yeah but what can you do. The guys all get along great, so don't know why nobody took this one before it went to a lotto. Hell I would have volunteered for it if I didn't have previous engagements. I'm just bringing my laptop and work phone out with me and if anyone calls they can deal with my suboptimal response time; but it's better than no response at all.
|
|
#
?
Jun 2, 2016 18:46
|
|
|
Sirotan posted:
This also works with Kissinger - who is still not dead!
|
|
#
?
Jun 2, 2016 20:02
|
|
|
Teamviewer can lie about it all they want, they have definitely been breached. The reports keep pouring in: https://www.reddit.com/r/teamviewer/ A few IT colleagues I pointed out the breach to also discovered unauthorized logins to their account, even with two factor turned on!
|
|
#
?
Jun 2, 2016 20:45
|
|
|
stevewm posted:Teamviewer can lie about it all they want, they have definitely been breached. The reports keep pouring in: https://www.reddit.com/r/teamviewer/ Godammit what the hell am I gonna use to remotely support my parents now.
|
|
#
?
Jun 2, 2016 21:01
|
|
|
They are handling this issue so loving badly.
|
|
#
?
Jun 2, 2016 21:02
|
|
|
Inspector_666 posted:Godammit what the hell am I gonna use to remotely support my parents now. Same boat here. No clue what to use now :/
|
|
#
?
Jun 2, 2016 21:02
|
|
|
Thanks Ants posted:They are handling this issue so loving badly. I don't understand how the attackers are sidestepping 2FA.
|
|
#
?
Jun 2, 2016 21:04
|
|
|
Whats worse is that some people are seeing connections as far back as the end of March in their logs.
|
|
#
?
Jun 2, 2016 21:08
|
|
|
Siochain posted:Same boat here. No clue what to use now :/ This really sucks. It's bad enough for me just using it to help out my family and friends with the occasional issue, I can't imagine how awful this will turn out to be for commercial users. I can't think of any good alternative either.
|
|
#
?
Jun 2, 2016 21:18
|
|
|
VNC. It's free and has no issues whatsoever!  (chrome remote desktop is pretty cool too, for personal use at least)
|
|
#
?
Jun 2, 2016 21:32
|
|
|
I tried Chrome Remote Desktop but it had issues with UAC prompts
|
|
#
?
Jun 2, 2016 21:36
|
|
|
I would hate to be the person behind their Twitter account right now: https://twitter.com/TeamViewer_help/with_replies
|
|
#
?
Jun 2, 2016 21:37
|
|
|
xzzy posted:VNC. It's free and has no issues whatsoever! Doesnt VNC send everything unencrypted though, like you'd have to setup ssh tunnels between hosts to be on a secure connection?
|
|
#
?
Jun 2, 2016 21:39
|
|
|
stevewm posted:I would hate to be the person behind their Twitter account right now: https://twitter.com/TeamViewer_help/with_replies Poor Julia.
|
|
#
?
Jun 2, 2016 21:42
|
|
|
BaseballPCHiker posted:Doesnt VNC send everything unencrypted though, like you'd have to setup ssh tunnels between hosts to be on a secure connection? Yes, VNC is actually pretty terrible. Its only strength is it runs on everything.
|
|
#
?
Jun 2, 2016 21:49
|
|
|
I'm not too sold on the "TeamViewer was compromised" thing yet.. I was freaking out yesterday when they were down as I maintain 110 remote systems for our company. Seems that TV doesn't really randomize the default passwords and they are somewhat guessable or brute-forceable. Thinking that with the HUGE install base of TV, and the default security, it's easy to gain access. If you pay for TV, you can define policies for all settings to push out instantly. I have since shoved strict whitelists, 2FA, disabled random password login and changed all passwords to crazy generated ones. Setting account passwords and locking the workstation goes a long way also. Update: Login to the teamviewer management console website here: https://login.teamviewer.com/nav/home Then in the upper right corner click on your username and edit profile, then click on "Active Logins", for me it lists every device and location in the last year that accessed my account. Slack3r fucked around with this message at 22:10 on Jun 2, 2016 |
|
#
?
Jun 2, 2016 22:02
|
|
|
It's almost a philosophical question - if you use the bare minimum security an application which provides access to your PC offers, is that application still responsible for a breach? I would like to see tangible evidence of a breach on 2FA.
|
|
#
?
Jun 2, 2016 22:08
|
|
|
My dev board has the sound soc and camera on the same i2c bus. Thanks guys!
|
|
#
?
Jun 2, 2016 22:09
|
|
|
One of our customers has brought in a third party security firm to audit them, which I don't have a problem with. But they appear to have just run a scan and decided everything it flagged is an issue. Internal-only configuration page for an appliance? Not using a valid SSL cert signed by a CA, write it down! This sort of approach would prefer a non-HTTPS admin interface which sounds backwards.
|
|
#
?
Jun 2, 2016 22:31
|
|
|
Thanks Ants posted:One of our customers has brought in a third party security firm to audit them, which I don't have a problem with. But they appear to have just run a scan and decided everything it flagged is an issue. Internal-only configuration page for an appliance? Not using a valid SSL cert signed by a CA, write it down! This sort of approach would prefer a non-HTTPS admin interface which sounds backwards. If you only need the certificate to set up encrypted communication and don't care about authenticating the legitimacy of the service you're connecting to (which is typical for internal systems), then who cares. A lot of these fly-by-night "security" companies basically use scanning software with default settings and their "customized reports" are simply a PDF of the results generated by the scan. If it's an overall assessment of your security profile, any team worth its salt will take time to understand your environment and what your needs are from a security perspective.
|
|
#
?
Jun 2, 2016 22:52
|
|
|
 
|
|
#
?
Jun 2, 2016 23:25
|
|
|
BaseballPCHiker posted:Doesnt VNC send everything unencrypted though, like you'd have to setup ssh tunnels between hosts to be on a secure connection? Plain old VNC does, but there are various pairs of clients and servers that have extended the VNC protocol to include encryption, and not bad encryption at that. RealVNC and UltraVNC both offer this.
|
|
#
?
Jun 2, 2016 23:55
|
|
|
flosofl posted:If you only need the certificate to set up encrypted communication and don't care about authenticating the legitimacy of the service you're connecting to (which is typical for internal systems), then who cares. No, the security team is right and they should have a internal CA to Auth against.
|
|
#
?
Jun 3, 2016 00:05
|
|
|
Probably wasn't clear enough in the post - their issue with the cert was that it didn't come from a public provider, not that it was specifically self-signed. As in they want to see a valid Verisign or whatever certificate on the device for a domain that doesn't exist in public DNS.
Thanks Ants fucked around with this message at 00:24 on Jun 3, 2016 |
|
#
?
Jun 3, 2016 00:21
|
|
|
Thanks Ants posted:Probably wasn't clear enough in the post - their issue with the cert was that it didn't come from a public provider, not that it was specifically self-signed. As in they want to see a valid Verisign or whatever certificate on the device for a domain that doesn't exist in public DNS. Oh, then yeah, that's utter Bullshit.
|
|
#
?
Jun 3, 2016 00:27
|
|
|
|
| # ? May 29, 2024 22:27 |
|
|
I had the discussion with the testing people and they were happy if I turned HTTPS off on the device so people had to use HTTP because then it wouldn't give a cert error  . I have advised this customer not to work with them any more.
|
|
#
?
Jun 3, 2016 00:28
|
|