|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments  son
|
#
?
Jun 29, 2016 00:41
|
|
|
|
| # ? Jun 3, 2024 18:01 |
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments 
|
|
#
?
Jun 29, 2016 00:50
|
|
|
notices email server is down uses rdp to access windows 2000 computer in the closet and restart email server process "hmm I wonder why calculator.exe was open"
|
|
#
?
Jun 29, 2016 01:59
|
|
|
friend of the boss' friend got hit with a cryptolocker so backup strategy is being re-evaluated today current strategy: "never back up, hope really hard that nothing hits us ever" i'm fairly sure i want to write to worm lto but i'm not sure what software is good these days is there a thing out there à la git that would take an initial snapshot then update changes very frequently? like i'd love having weekly full backups with like hourly-ish change snapshots or whatever, so that every tape has at least a full image. that would work especially well since we're at a point where we store about 60% of an lto-6 tape, and the remainder would dictate the snapshot freq or whatever
|
|
#
?
Jun 29, 2016 12:17
|
|
|
COACHS SPORT BAR posted:Lol this is older but I must have missed it. This was the sandbox escape ormandy discovered in bromium: holy gently caress that's great
|
|
#
?
Jun 29, 2016 13:11
|
|
|
Chris Knight posted:holy gently caress that's great at least they're good sports about it, they paid the bug bounty, tavis donated it to Amnesty International, and they matched the donation.
|
|
#
?
Jun 29, 2016 13:15
|
|
|
anthonypants posted:https://twitter.com/skooooch/status/747308496580812800 Will you be at unrestcon?
|
|
#
?
Jun 29, 2016 13:29
|
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments lmao
|
|
#
?
Jun 29, 2016 13:47
|
|
|
http://www.bleepingcomputer.com/news/security/the-educrypt-ransomware-tries-to-teach-you-a-lesson/quote:A new ransomware (eduware?) called EduCrypt was discovered by AVG security researcher Jakub Kroustek that tries to teach its victims a lesson about ransomware. Like other encrypting malware, EduCrypt will encrypt a victim's files, but instead of demanding a ransom, it gives the victim the password for free along with a reprimand.  
|
|
#
?
Jun 29, 2016 13:51
|
|
|
http://www.sciencealert.com/new-algorithm-will-help-make-sure-random-numbers-really-are-randomquote:Scientists find a way to make computers generate totally random numbers 
|
|
#
?
Jun 29, 2016 13:56
|
|
|
Jewel posted:http://www.sciencealert.com/new-algorithm-will-help-make-sure-random-numbers-really-are-random That's adorable 
|
|
#
?
Jun 29, 2016 14:06
|
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments 
|
|
#
?
Jun 29, 2016 14:50
|
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments a++
|
|
#
?
Jun 29, 2016 14:59
|
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments read this as person of color, I think it still works
|
|
#
?
Jun 29, 2016 15:09
|
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments https://www.sadtrombone.com/?autoplay=true
|
|
#
?
Jun 29, 2016 15:32
|
|
|
https://twitter.com/bcarr/status/748193104004452352 uh oh
|
|
#
?
Jun 29, 2016 18:08
|
|
|
works fine for me. someone probably misconfigured some regional dns settings
|
|
#
?
Jun 29, 2016 18:10
|
|
|
did anyone say SYSTEMantec yet?
|
|
#
?
Jun 29, 2016 20:10
|
|
|
spankmeister posted:did anyone say SYSTEMantec yet? you did already like 20 mins ago
|
|
#
?
Jun 29, 2016 20:24
|
|
|
wheres that one poster who kept demanding "non-academic" examples of anti-virus software loving up big? Because I think today's posts are for him.
|
|
#
?
Jun 29, 2016 20:43
|
|
|
Winkle-Daddy posted:wheres that one poster who kept demanding "non-academic" examples of anti-virus software loving up big? Because I think today's posts are for him.
|
|
#
?
Jun 29, 2016 20:43
|
|
|
Winkle-Daddy posted:wheres that one poster who kept demanding "non-academic" examples of anti-virus software loving up big? Because I think today's posts are for him.
|
|
#
?
Jun 29, 2016 20:49
|
|
|
Who was the yosposter who had a massive meltdown and bought all the red text in that thread ?
|
|
#
?
Jun 29, 2016 20:59
|
|
|
Wiggly Wayne DDS posted:you missed the best part: first time a poc was sent to them it crashed their mail servers as they were actively scanning incoming attachments fantastic
|
|
#
?
Jun 29, 2016 21:07
|
|
|
jre posted:Who was the yosposter who had a massive meltdown and bought all the red text in that thread ? osi got a gift card and decided to spend all his  on shaming people
|
|
#
?
Jun 29, 2016 21:09
|
|
|
ultramiraculous posted:osi got a gift card and decided to spend all his
|
|
#
?
Jun 29, 2016 21:11
|
|
|
https://major.io/2013/04/15/seriously-stop-disabling-selinux/ The comments are amazing. 90% of the comments are: "It's too hard/I don't want to learn it" or "I did something incredibly stupid and SELinux told me no so gently caress SELinux!" FlapYoJacks fucked around with this message at 21:18 on Jun 29, 2016 |
|
#
?
Jun 29, 2016 21:15
|
|
|
SELinux is too complex. I have 100+ servers to manage. Do you think I have the time to set the policy, domain, type and level for a directory tree. Now I have to upgrade 25 servers tonight with a 2 hour maintenance window... If I only had 4 or 6 servers I could do stuff with SELinux.... Honestly, it's too complex for the time + number of systems I manage. It's like having a fleet of cars and I have to fine tune the fuel injection port on each cylinder, change the amperage going into the radio and polish all the windows by hand. Too complex to be useful.
|
|
#
?
Jun 29, 2016 21:23
|
|
|
Winkle-Daddy posted:wheres that one poster who kept demanding "non-academic" examples of anti-virus software loving up big? Because I think today's posts are for him. uhh no this is clearly still an academic vulnerability (by their stupid standard) because it was found by an academic rather than being a zero-day exploited in the wild already 
|
|
#
?
Jun 29, 2016 21:24
|
|
|
That is a loving awesome honey pot for incompetent adminsquote:You manage 100+ servers and you're not using something like Ansible/Chef/Puppet? I agree SELinux is a huge pain in the arse (and I'm here searching something related) but come on, only you can make your job easier! quote:Lots of us have been managing 100's and 100's of Linux system long before Chef/Puppet/etc... and honestly they are no easier to use for an experienced Linux system admin than a couple bash scripts. Plus I don't have to deal with the overhead putting up an entire Ruby stack just to copy a couple freggin public keys.
|
|
#
?
Jun 29, 2016 21:25
|
|
|
jre posted:SELinux is too complex. I have 100+ servers to manage. Do you think I have the time to set the policy, domain, type and level for a directory tree. Now I have to upgrade 25 servers tonight with a 2 hour maintenance window... If I only had 4 or 6 servers I could do stuff with SELinux.... Honestly, it's too complex for the time + number of systems I manage. It's like having a fleet of cars and I have to fine tune the fuel injection port on each cylinder, change the amperage going into the radio and polish all the windows by hand. Too complex to be useful. think of how much time and money we could save if our drivers never buckled their seatbelts and we remove those pesky airbags!
|
|
#
?
Jun 29, 2016 21:25
|
|
|
quote:SElinux bites again. Here's what I was talking about above. I get an error message like this:
|
|
#
?
Jun 29, 2016 21:26
|
|
|
Parallel Paraplegic posted:think of how much time and money we could save if our drivers never buckled their seatbelts and we remove those pesky airbags!
|
|
#
?
Jun 29, 2016 21:28
|
|
|
quote:What I can grasp of SElinux: like a house I protect my windows and doors with good locks and keys (IPtables) but SElinux now tags every item in my house and when I move a chair from one room to another I'm no longer allowed to sit in it. So fundamentally SElinux is wrong. If you want a better or safer system, put an extra layer on the outside of your house, or let a daemon like an inti-viral software sweep the system real-time, but please leave the content as is. we need some combo of and 
|
|
#
?
Jun 29, 2016 21:32
|
|
|
Parallel Paraplegic posted:we need some combo of  or 
|
|
#
?
Jun 29, 2016 21:52
|
|
|
ratbert90 posted:https://major.io/2013/04/15/seriously-stop-disabling-selinux/ At the end of the day, SELinux is dying, and will continue to die explicitly because of posts and attitudes like this. While SELinux may provide better security than other options, its difficulty and obscurity for use, and the sanctimonious attitude of the SELinux community will ensure it continuous demise e: i'm the guy hit-and-run posting the privilege escalation for seandroid anthonypants fucked around with this message at 21:58 on Jun 29, 2016 |
|
#
?
Jun 29, 2016 21:55
|
|
|
anthonypants posted:e: i'm the guy hit-and-run posting the privilege escalation for seandroid Specifically this one? Anon posted:Just thought i'd leave this here. It's a entire treasure trove of idiots.
|
|
#
?
Jun 29, 2016 22:02
|
|
|
ultramiraculous posted:osi got a gift card and decided to spend all his nope also quote:I was being way over the top, but again, the loving statement "LOL DON"T RUN AV IT IS INSECURE" is still not an acceptable stance/answer for a good portion of people, and parroting it like the secbros does not change the fact that a bunch of people in this thread still have to have AV to be within whatever compliance standard. "secbros"
|
|
#
?
Jun 29, 2016 22:11
|
|
|
oh man someone change the baud dudes gangtags to SECBROS
|
|
#
?
Jun 29, 2016 22:12
|
|
|
|
| # ? Jun 3, 2024 18:01 |
|
|
OSI bean dip posted:"secbros"
|
|
#
?
Jun 29, 2016 22:28
|
|