|
hooray thread name change
|
#
?
Jun 10, 2016 03:40
|
|
|
|
| # ? Jun 3, 2024 16:58 |
|
|
Rufus Ping posted:Has someone/something hosed up a firewall rule intended to punch a hole for DNS and failed to distinguish between src and dst ports There's clearly an oversight in the firewall policies somewhere. If this were a Linux server then it would be trivial for me to sort this out in a few minutes. However, this is just a Mac Pro running El Capitan, and the user of this machine isn't the kind of person who would even know how to open Terminal let alone start mucking around with pfctl. Which means that firewall policies that are in place are whatever Apple is doing in its PF anchors. So I thought maybe this might be documented somewhere, but I didn't find anything after Googling for a while. So I thought maybe someone here might be familiar with this.
|
|
#
?
Jun 10, 2016 03:52
|
|
|
pf may very well be tarpitting and confusing your auditor's scanners. again, do you have any useful specifics?
|
|
#
?
Jun 10, 2016 03:54
|
|
|
ErIog posted:I don't have a lot of information about how their scan was done. I just know it was a port scan from port 53 and also from their randomly chosen port of 21659. I was able to reproduce their findings with netcat. im the udp connection refused.
|
|
#
?
Jun 10, 2016 03:57
|
|
|
NAT-T Ice posted:im the udp connection refused. aaaaaaaa how did i overlook the moron who doesn't understand how stateless protocols work (there is kind of a "connection refused" in UDP but it's actually Destination Host Unreachable and the response comes over ICMP)
|
|
#
?
Jun 10, 2016 03:59
|
|
|
minivanmegafun posted:pf may very well be tarpitting and confusing your auditor's scanners. again, do you have any useful specifics? So I googled part of a sentence that came back in the auditor's report and found an expert sexchange with someone having the same issue come back from an auditor. expert sexchange posted:The following UDP port(s) responded with either an ICMP (port closed) or a UDP (port open) to our probes using a source port of 53, but they did not ErIog fucked around with this message at 04:20 on Jun 10, 2016 |
|
#
?
Jun 10, 2016 04:14
|
|
|
OSI bean dip posted:https://securitysnakeoil.org/2016/06/10/mydataangel-ends-kickstarter-and-then-feigns-being-a-victim/ Good post, but can you pls fix the typo 'helf-pul'?
|
|
#
?
Jun 10, 2016 06:01
|
|
|
tell your auditor to PoC why a port responding to his automated scan is relevant to security of the system or gently caress off osx has a heap of weird lovely stuff listening for network traffic
|
|
#
?
Jun 10, 2016 10:33
|
|
|
wouldnt you not want it responding to traffic from random ports?
|
|
#
?
Jun 10, 2016 10:41
|
|
|
Daman posted:tell your auditor to PoC why a port responding to his automated scan is relevant to security of the system or gently caress off I would love to. If I had my way I wouldn't be bothering with this at all, but my boss wants it dealt with because he doesn't want to deal with it. So I either need a write-up that's going to convince every single person up the chain or I can just muck around with PF to make everybody happy even though that would accomplish nothing. That's why I thought to ask about it here. I was hoping someone could point me to a website I could link, and say, "yo, here's why, get hosed, not fixing." :feelsshitty: A Pinball Wizard posted:wouldnt you not want it responding to traffic from random ports? You'd think, but unfortunately decisions are being made based on "auditing" that treats port scans as gospel. And because of the nature of UDP, not responding is considered to be "open" by these port scanning tools. ErIog fucked around with this message at 12:42 on Jun 10, 2016 |
|
#
?
Jun 10, 2016 12:36
|
|
|
tell your boss the auditor is much larger security fuckup than the Mac Pro is
|
|
#
?
Jun 10, 2016 13:05
|
|
|
ErIog posted:That's why I thought to ask about it here. I was hoping someone could point me to a website I could link, and say, "yo, here's why, get hosed, not fixing." tell your boss that because "port scans so often come from random ports", pf was activating "stealth mode" and thus is actually extra secure. for bonus points, reference https://www.grc.com/su/portstatusinfo.htm as an authority.
|
|
#
?
Jun 10, 2016 13:09
|
|
|
any port in a pwn
|
|
#
?
Jun 10, 2016 13:31
|
|
|
cheese-cube posted:any port in a pwn any any in a broadcast storm
|
|
#
?
Jun 10, 2016 14:00
|
|
|
Carbon dioxide posted:Good post, but can you pls fix the typo 'helf-pul'? It is not a typo but how the CSS works
|
|
#
?
Jun 10, 2016 14:48
|
|
|
OSI bean dip posted:It is not a typo but how the CSS works I don't think he meant the hyphenation but helfpul vs helpful
|
|
#
?
Jun 10, 2016 14:57
|
|
|
Isn't that a direct quote from one of their emails?
|
|
#
?
Jun 10, 2016 14:59
|
|
|
git pull --helf
|
|
#
?
Jun 10, 2016 14:59
|
|
|
ah i see now. fixed 
|
|
#
?
Jun 10, 2016 15:30
|
|
|
it helps a lot that you're right, but this article is full of weird typos and grammatical errors that deprive it of the authority it should reasonably have. do you want an editor?
|
|
#
?
Jun 10, 2016 15:39
|
|
|
NAT-T Ice posted:im the udp connection refused. lol
|
|
#
?
Jun 10, 2016 15:42
|
|
|
LordSaturn posted:it helps a lot that you're right, but this article is full of weird typos and grammatical errors that deprive it of the authority it should reasonably have. do you want an editor? pm me your e-mail address
|
|
#
?
Jun 10, 2016 15:47
|
|
|
Soldier of Fortran posted:tell your boss that because "port scans so often come from random ports", pf was activating "stealth mode" and thus is actually extra secure. for bonus points, reference https://www.grc.com/su/portstatusinfo.htm as an authority. lol please don't cite steve gibson as an authority on anything other than being a dingus
|
|
#
?
Jun 10, 2016 15:53
|
|
|
Winkle-Daddy posted:lol please don't cite steve gibson as an authority on anything other than being a dingus 
|
|
#
?
Jun 10, 2016 16:13
|
|
|
I didn't know if ErIog would know it's a joke 
|
|
#
?
Jun 10, 2016 16:15
|
|
|
The developer we hired to work on our web product (thank god I'm not working on it) my company sells just found out that our entire web-api is available without any sort of credentials. Thanks previous-poo poo developer!
|
|
#
?
Jun 10, 2016 16:22
|
|
|
ratbert90 posted:The developer we hired to work on our web product (thank god I'm not working on it) my company sells just found out that our entire web-api is available without any sort of credentials. Thanks previous-poo poo developer! ahahaha
|
|
#
?
Jun 10, 2016 16:23
|
|
|
ratbert90 posted:The developer we hired to work on our web product (thank god I'm not working on it) my company sells just found out that our entire web-api is available without any sort of credentials. Thanks previous-poo poo developer! if you fix this and it doesn't break anyone's workflow or product, your product is shite
|
|
#
?
Jun 10, 2016 16:28
|
|
|
this is really embarrassing but the first time i've ever found out about someone leaking my details (10 days ago, just catching up to thread now) was motherfucking scrum dot org thanks for sharing my shame with the world good thing it was a random password from keep a- bicycle posted:KeePass 2 Update Check, vulnerable to a MitM i've long complained itt both about the site lacking https, and about them still unironically using sourceforge (though apparently the latter may not be an issue any more as they're no longer owned by DICE? though when I first noticed it was, and DICE were using a https cert for the single purpose of redirecting to http, lol). and yet i'm still dumb enough to keep using it but yeah, finding out that a literal security product is not only avoiding https but doing so for the purpose of serving "ads" (malware) is a pretty big deal
|
|
#
?
Jun 10, 2016 16:49
|
|
|
also gently caress if i'd kept pulling that thread i apparently could've got a cve
|
|
#
?
Jun 10, 2016 16:50
|
|
|
Cocoa Crispies posted:frightfully common, and seems corollary to that single-beam german radar thing from wwii so maybe there could be a case for 404s in that github example. having a guessable repo name that needs to be kept secret does seem extremely edgecasey to me though, so really a 403 or whatever would still be better for ux reasons. but i guess i kind of see what they're doing? what they're doing has nothing to do with security, they're just reusing the same error out of laziness
|
|
#
?
Jun 10, 2016 17:26
|
|
|
Daman posted:tell your auditor to PoC why a port responding to his automated scan is relevant to security of the system or gently caress off lol if you think auditors give a poo poo about issue relevance, [external] audits are basically blackmail where they wont sign off until you jump through hoops while they rack up an hourly rate like, i had to run a webex so auditors could watch me run some sql (that they didn't understand) because they wouldnt trust me to just send them the output
|
|
#
?
Jun 10, 2016 17:39
|
|
|
re: first.last@gmailchat from like 20 pages ago, lately i've just been getting stuff from some woman who thinks i'm her teenage son (Fwd: James has detention), but i used to get internal stuff from some company or volunteer group or something, including a followup to an earlier one that had a group contact list in a word doc, correcting it because another person's email address was wrong also my university student email account used to occasionally receive email from other students that was obviously meant for my dad who was a lecturer there in a different faculty (so i'd actually forward them to him instead of just ignoring them like i do with the gmail ones, lol). our addresses were the same except his was on the main university domain and mine on the student subdomain - an obvious mistake if you're paying attention, but i guess easy enough to make if his (non-STEM  ) students were only used to typing their own address on the student domain  (...and which prompted me to be extra careful when i had to email my own lecturers)PleasureKevin posted:was this posted
|
|
#
?
Jun 10, 2016 17:43
|
|
|
hackbunny posted:if you fix this and it doesn't break anyone's workflow or product, your product is shite It won't and it absolutely is. We plan on completely scrapping it and rewriting in pretty soon.
|
|
#
?
Jun 10, 2016 18:04
|
|
|
jony ive aces posted:hell yeah I loved wasteland 1
|
|
#
?
Jun 10, 2016 18:08
|
|
|
ratbert90 posted:We plan on completely scrapping it and rewriting in pretty soon. lol if i had  every time I heard that
|
|
#
?
Jun 10, 2016 18:15
|
|
|
jony ive aces posted:oh goddammit
|
|
#
?
Jun 10, 2016 18:18
|
|
|
i'm on 2.x but it's an older version with update notifications disabled v v
|
|
#
?
Jun 10, 2016 18:42
|
|
|
From Keepass.info:quote:There have been some articles about automatic KeePass updates being vulnerable. This section clarifies the situation and its resolution. I'm the oddly disjointed 5 paragraphs of explanation about why this isn't a problem, followed by "OK fine we're using signatures and https now". The reaction to this has been nothing short of bizarre but apparently the volume of bitching got the problem solved. 
|
|
#
?
Jun 10, 2016 18:54
|
|
|
|
| # ? Jun 3, 2024 16:58 |
|
|
COACHS SPORT BAR posted:From Keepass.info:
|
|
#
?
Jun 10, 2016 19:09
|
|
