|
cheese-cube posted:same but only about 1 year ago. we're going to 2012 domain functional in a couple of weeks!
|
# ? Jun 28, 2016 16:39 |
|
|
# ? Jun 3, 2024 15:54 |
|
anthonypants posted:update: we are not going to raise the forest/domain functional level tonight because it is end of month AND end of quarter so i won't be able to change anything at all on the servers for about three more weeks. oh well~ again, same. hazard a guess: you've got a SAP environment in-house?
|
# ? Jun 28, 2016 16:52 |
|
https://www.reddit.com/r/technology/comments/4q8ywp/til_that_someone_can_change_your_facebook_email/ tldr: facebook support will remove any protection on an account and give a hacker access as long as their fake ID is convincing enough
|
# ? Jun 28, 2016 17:01 |
|
cheese-cube posted:again, same. hazard a guess: you've got a SAP environment in-house?
|
# ? Jun 28, 2016 17:03 |
|
anthonypants posted:nope it's all oracle edit: double if you're using middleware like primavera or whatever the garbagefires are called!
|
# ? Jun 28, 2016 17:07 |
|
cheese-cube posted:
|
# ? Jun 28, 2016 17:12 |
|
ymgve posted:https://www.reddit.com/r/technology/comments/4q8ywp/til_that_someone_can_change_your_facebook_email/ Perhaps not allowing requests like this from Pakistan for businesses in Michigan
|
# ? Jun 28, 2016 17:19 |
|
anthonypants posted:no we're just using oracle. it's awful because the two other it people don't know anything about linux and actively try to do as little as possible with them, so they're all managed by the oracle contractors. we have about 50 linux servers doing various things but no one patches them and everyone logs on as root and there's gnome vnc sessions running as root and it's a huge garbage fire 1000xSAME. our DBAs are expected to support ODAs but only one of them knows linux. que me getting called in at 5AM one morning because the on-call DBA had been on the phone to oracle all night (it was a kvm fault, just needed restarting in correct order). biggest sec-gently caress: our customer has been approving RHEL builds without maintaining entitlements. none of them are or can be patched. our senior secops guys asked me yesterday whether we can just patch from centos repos...
|
# ? Jun 28, 2016 17:29 |
|
wyoak posted:The really dumb part is that 'convincing enough' is apparently just the name, birthday and stuff was wrong. Although I'm not sure how Facebook would know that stuff in the first place if you don't supply it to them ahead of time....I'm not sure how FB should handle something like this. Require proof of identity when opening a business page? Woah Woah Woah, slow down there, you don't want to hurt their adoption numbers by introducing unnecessary red tape, do you???
|
# ? Jun 28, 2016 17:32 |
|
cheese-cube posted:1000xSAME. our DBAs are expected to support ODAs but only one of them knows linux. que me getting called in at 5AM one morning because the on-call DBA had been on the phone to oracle all night (it was a kvm fault, just needed restarting in correct order).
|
# ? Jun 28, 2016 17:43 |
|
anthonypants posted:we have a "production" dr server on rhel 5.10 in a xen vm when our actual production server, i think, is on centos 6.6 in a vmware vm. our server documentation is a excel spreadsheet that for linux servers says "linux" as the os and most of them have don't have a role defined. like there's a "PROD" and a "PROD (not in production yet)", and it's a nightmare this is too real (exceot the xen bit, im so so sorry). just wait till your org grows and they establish a transition/release dept which will codify the hosed up "PROD" env as "PRE-PROD" every day i yearn to return to the sweet embrace of the crypt.
|
# ? Jun 28, 2016 17:50 |
|
try having anything from 3 to 6 non prod environments per app with different names, 2 or 3 different platforms, different release schedules and different levels of support then watch the lols roll in when the project management division demands "complete end to end testing"
|
# ? Jun 28, 2016 18:14 |
|
Blinkz0rz posted:e: everything is behind a private subnet with restrictive security groups. it's more a question of how to federate access to secrets in such a way that they're not available to all apps, including those that might not need them. case in point, we have a service that needs cassandra credentials and one that needs mysql creds. there's no reason the app that needs c* creds should ever be able to get mysql creds. use PKI to allocate, rotate, and revoke per-instance client certificates; auth secrets don't move over the network, each client can be revoked or rotated independently, and your server config can be just validate clients are signed by the CA and acceptable by OCSP
|
# ? Jun 28, 2016 18:15 |
|
anthonypants posted:here's a sec fuckup: https://www.documentcloud.org/documents/2911707-18917316433.html they use the same reasoning for TOR too: there are known vulnerabilities so there's no reasonable expectation of privacy. oh and they cite other cases for that so it's not a new thing it's not wrong exactly but jfc
|
# ? Jun 28, 2016 18:21 |
|
Powerful Two-Hander posted:try having anything from 3 to 6 non prod environments per app with different names, 2 or 3 different platforms, different release schedules and different levels of support then watch the lols roll in when the project management division demands "complete end to end testing" oh you mean DEV, QA0, QA1, QA2, BAU, PRE-PROD and PROD right kill meeeeeeee
|
# ? Jun 28, 2016 18:26 |
|
we only have dev and test and prod environments and my boss thinks we're going to be able to wash our hands of the entire accounting side and shut down all those servers once they move to oracle's cloud platform and he's just going to insulate himself from the entire thing and farm it out to contractors and i'm going to sit here grinding my teeth
|
# ? Jun 28, 2016 18:32 |
|
anthonypants posted:we only have dev and test and prod environments and my boss thinks we're going to be able to wash our hands of the entire accounting side and shut down all those servers once they move to oracle's cloud platform and he's just going to insulate himself from the entire thing and farm it out to contractors and i'm going to sit here grinding my teeth lol that's exactly what our AMS team said back when we only had DEV, UAT and PROD. look at us now to contribute: each of the environments is increasingly a secfuck compared to the last. today im going to get our senior secops guy to configure qualys to just scan all poo poo including the "dev" and "test" subnets because lol i idgaf if your server is "UAT" its hitting my infra services kill yourself
|
# ? Jun 28, 2016 18:38 |
|
cheese-cube posted:lol that's exactly what our AMS team said back when we only had DEV, UAT and PROD. look at us now
|
# ? Jun 28, 2016 19:02 |
|
It's that time again... Bekijk de Tweet van @taviso: https://twitter.com/taviso/status/747804671654264834?s=09
|
# ? Jun 28, 2016 19:03 |
|
spankmeister posted:It's that time again...
|
# ? Jun 28, 2016 19:09 |
|
wyoak posted:The really dumb part is that 'convincing enough' is apparently just the name, birthday and stuff was wrong. Although I'm not sure how Facebook would know that stuff in the first place if you don't supply it to them ahead of time....I'm not sure how FB should handle something like this. Require proof of identity when opening a business page? Maybe not using facebook as an ecommerce page and "caveat emptor" those that are dumb enough to do so?
|
# ? Jun 28, 2016 19:20 |
|
Lol this is older but I must have missed it. This was the sandbox escape ormandy discovered in bromium: https://twitter.com/taviso/status/741063403985240064
|
# ? Jun 28, 2016 19:38 |
|
Cocoa Crispies posted:use PKI to allocate, rotate, and revoke per-instance client certificates; auth secrets don't move over the network, each client can be revoked or rotated independently, and your server config can be just validate clients are signed by the CA and acceptable by OCSP that still doesn't really solve the problem because the app has to query the db somehow. we've thought about putting another dal app in front that handles cert validation, auth, etc. but that's a huge bottleneck even if we scale horizontally and doesn't buy us anything over temporary credentials like vault does.
|
# ? Jun 28, 2016 20:10 |
|
Powercrazy posted:Maybe not using facebook as an ecommerce page and "caveat emptor" those that are dumb enough to do so? bbbbut my brand engagement!
|
# ? Jun 28, 2016 20:11 |
|
Powercrazy posted:Maybe not using facebook as an ecommerce page and "caveat emptor" those that are dumb enough to do so? I'm confused on how the guy was making money on the page, something about having lots of likes allowed him to promote blogs or YouTube channels or something. Monetizing social is a mystery to me but people are doing it apparently
|
# ? Jun 28, 2016 20:22 |
|
Hopefully this new VPN fairs better than the others, "faster than IPsec" is the claim.
|
# ? Jun 28, 2016 20:36 |
|
quote:Symantec attempts to clean or remove components from archives or other multipart containers that they detect as malicious. The code that they use to remove components from MIME encoded messages in CMIMEParser::UpdateHeader() assumes that filenames cannot be longer than 77 characters. wtf
|
# ? Jun 28, 2016 20:37 |
|
Number19 posted:wtf maybe they assume that the max filename length is 64 characters plus a null terminator, and then DELETED.TXT is 11 characters plus a null terminator so they add those together for whatever reason and then you get 77 characters? it doesn't make it any better but it would explain why it's 77 instead of a power of two maybe it's that way to confuse hackers maybe there are complex technical reasons which can only be understood by crack av programmers and/or people with serious brain damage
|
# ? Jun 28, 2016 23:04 |
|
They posted a writeup about some of the Symantec vulns
|
# ? Jun 28, 2016 23:08 |
|
quote:On Linux, Mac and other UNIX platforms, this results in a clean heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption.
|
# ? Jun 28, 2016 23:21 |
|
COACHS SPORT BAR posted:Lol this is older but I must have missed it. This was the sandbox escape ormandy discovered in bromium: oh wow
|
# ? Jun 28, 2016 23:36 |
|
wyoak posted:I'm confused on how
|
# ? Jun 28, 2016 23:48 |
|
I like how
|
# ? Jun 28, 2016 23:57 |
|
Hahaha quote:Symantec dropped the ball here. A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn’t updated them in at least 7 years.
|
# ? Jun 28, 2016 23:58 |
|
anyone else wanna go with me to get tavis tattoos?
|
# ? Jun 29, 2016 00:02 |
|
invision posted:anyone else wanna go with me to get tavis tattoos?
|
# ? Jun 29, 2016 00:06 |
|
you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments
|
# ? Jun 29, 2016 00:16 |
|
holy poo poo Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments pisssssssss!
|
# ? Jun 29, 2016 00:16 |
|
|
# ? Jun 3, 2024 15:54 |
|
whoops, the nessus scans were set up to go to my coworker and a guy who doesn't work here anymore. let's send them to the it distribution group and watch my boss flip out over how much poo poo is busted
|
# ? Jun 29, 2016 00:28 |