|
to contrast in a rare work un-sec fuckup ive managed to get my good reference schannel config into the VM template used for server builds so now all our new servers will get an A on ssl labs out of the box. thanks to BangersInMyKnickers for the inspiration and the good posts re schannel config on windows.
|
#
?
Feb 2, 2017 15:59
|
|
|
|
| # ? May 17, 2024 17:25 |
|
|
np, glad people can make use of it now if my lovely contractor would upgrade this garbage oracle/apache/openssl .9.8 stack that can only handle tls 1.0/3des with a million CVEs my qualys scans will stop coming back as hot garbage too
|
|
#
?
Feb 2, 2017 16:50
|
|
|
lol, same but SAP and JRE 6.x only liking DES kerberos keytabs
|
|
#
?
Feb 2, 2017 16:52
|
|
|
|
|
#
?
Feb 2, 2017 21:40
|
|
|
|
|
#
?
Feb 2, 2017 22:16
|
|
|
today I found out that the way my predecessor wrote web apis, it's all vulnerable to rces. tomorrow I plan to patch out the really obvious vulns but I'm excited to see what else he has in store!
|
|
#
?
Feb 3, 2017 00:46
|
|
|
infernal machines posted:
|
|
#
?
Feb 3, 2017 02:32
|
|
|
https://twitter.com/xuf_/status/827253174306217984
|
|
#
?
Feb 3, 2017 06:01
|
|
|
should have bounced through internic instead, then they could have gone back and deleted the logs afterwards
|
|
#
?
Feb 3, 2017 06:29
|
|
|
i have a grey that doesn't get why teamviewer is idioticSamizdata posted:I personally prefer TeamViewer. Easy to use, multiplatform, bandwidth friendly and requires 2FA when needed. OSI bean dip posted:TeamViewer is a terrible piece of software to suggest. By installing the application you're allowing a third-party server to control access to your PC and the 2FA is only good enough in verifying that the access is being done by you and not someone else using the same credentials. This however does not protect you from attacks via vulnerabilities and whatnot found within their infrastructure. There is a lot of speculation that TeamViewer wasn't forthcoming on how people got breached. Samizdata posted:You seem pretty determined you know everything, so I wonder why you even started the thread. yes. let's have a third party service provide access to my desktop because it's secured by 2fa
|
|
#
?
Feb 3, 2017 06:36
|
|
|
3rd parties are better than opening 3389 or god forbid whatever port VNC uses imo maybe not teamviewer tho
|
|
#
?
Feb 3, 2017 06:45
|
|
|
I just don't get it. Why would you make a thread about a topic you already know things about? And try to educate other people in such a thread? It makes no sense I tell you.
|
|
#
?
Feb 3, 2017 06:45
|
|
|
wyoak posted:3rd parties are better than opening 3389 or god forbid whatever port VNC uses imo my suggestion is ssh tunnelling really Jabor posted:I just don't get it. Why would you make a thread about a topic you already know things about? And try to educate other people in such a thread? It makes no sense I tell you. reading comprehension isn't this grey's specialty
|
|
#
?
Feb 3, 2017 06:45
|
|
|
https://twitter.com/ManishEarth/status/827381855162732548
|
|
#
?
Feb 3, 2017 06:51
|
|
|
That's not the first time that poster has done that either. He butted heads in there before over AV.
|
|
#
?
Feb 3, 2017 07:09
|
|
|
SperginMcBadposter posted:That's not the first time that poster has done that either. He butted heads in there before over AV. he seems to think that 2fa is new in teamviewer too when it has been around for at least four years now teamviewer is the only thing i have ever asked to have blocked on our application firewall because of the way it pretty much violates our access control methods
|
|
#
?
Feb 3, 2017 07:12
|
|
|
booooooooo
|
|
#
?
Feb 3, 2017 07:18
|
|
|
OSI bean dip posted:i have a grey that doesn't get why teamviewer is idiotic I dont understand how that thread is so good at bringing out weird views on security.
|
|
#
?
Feb 3, 2017 07:26
|
|
|
Jabor posted:should have bounced through internic instead, then they could have gone back and deleted the logs afterwards
|
|
#
?
Feb 3, 2017 07:34
|
|
|
apseudonym posted:I dont understand how that thread is so good at bringing out weird views on security.
|
|
#
?
Feb 3, 2017 07:40
|
|
|
apseudonym posted:I dont understand how that thread is so good at bringing out weird views on security. Honeypot
|
|
#
?
Feb 3, 2017 14:30
|
|
|
OSI bean dip posted:i have a grey that doesn't get why teamviewer is idiotic i tried teamviewer for a week so i could use my compy from work without too much pain, but i kept coming home to find my computer awake, logged in, with the teamviewer control panel open and flattened the whole thing posthaste.
|
|
#
?
Feb 3, 2017 14:36
|
|
|
i use teamviewer for family computer janitoring, but only since they know how to use it
|
|
#
?
Feb 3, 2017 14:39
|
|
|
yeah, i use parallels access and gently caress if i'm ever changing. it is so loving convenient and i haven't heard of any breaches yet. still requires local passwords when actually connecting, too, though how that's actually enforced is an unknown
|
|
#
?
Feb 3, 2017 14:59
|
|
|
|
|
#
?
Feb 3, 2017 15:00
|
|
|
this is my new favorite tweet
|
|
#
?
Feb 3, 2017 15:48
|
|
|
OSI bean dip posted:my suggestion is ssh tunnelling really "I don't trust this software cause it has had vulnerabilities. Please use this software that has had vulnerabilities instead!" it would be great if windows remote assistance actually worked cause it would eliminate all this 3rd party stuff.
|
|
#
?
Feb 3, 2017 16:17
|
|
|
Shaggar posted:"I don't trust this software cause it has had vulnerabilities. Please use this software that has had vulnerabilities instead!" are you trying to do your usual thing where you talk about a non-microsoft product as being a piece of poo poo? because openssh is fine
|
|
#
?
Feb 3, 2017 16:18
|
|
|
openssh has had plenty of vulnerabilities in the past and the idea you're presenting that because its linux its immune to attacks is absolutely retarded. You should use as much caution approaching access via openssh as you should access via teamviewer. same with rdp. I would never leave it open to the internet even if it is more secure than openssh. also lol @ the idea that you're gonna have a remote user setup an ssh tunnel to you so you can access their machine.
|
|
#
?
Feb 3, 2017 16:24
|
|
|
ssh is still better than teamviewer, teamviewer has vulnerabilities plus is controlled by a 3rd party
|
|
#
?
Feb 3, 2017 16:37
|
|
|
Shaggar posted:openssh has had plenty of vulnerabilities in the past and the idea you're presenting that because its linux its immune to attacks is absolutely retarded. You should use as much caution approaching access via openssh as you should access via teamviewer. same with rdp. I would never leave it open to the internet even if it is more secure than openssh. lmfao @ u
|
|
#
?
Feb 3, 2017 16:38
|
|
|
is the chrome remoting extension bad in the same ways as TeamViewer?
|
|
#
?
Feb 3, 2017 16:38
|
|
|
Perplx posted:ssh is still better than teamviewer, teamviewer has vulnerabilities plus is controlled by a 3rd party the benefit of teamviewer is the lack of user knowledge required. SSH requires an autistic to use. teamviewer requires someone who can go to a website, type in a number, and click a button.
|
|
#
?
Feb 3, 2017 16:40
|
|
|
if you're external users are all autistics then ssh is probably an appropriate choice but they also can probably figure out their problems themselves.
|
|
#
?
Feb 3, 2017 16:40
|
|
|
Shaggar posted:openssh has had plenty of vulnerabilities in the past and the idea you're presenting that because its linux its immune to attacks is absolutely retarded. You should use as much caution approaching access via openssh as you should access via teamviewer. same with rdp. I would never leave it open to the internet even if it is more secure than openssh. you're just as loving dumb as the grey poster, shaggar. did you even read what my response was? OSI bean dip posted:Besides, it does not matter if you have 2FA enabled or not, it won't matter if somehow TeamViewer's own infrastructure is breached. What does the 2FA do for you when either the software is compromised or someone takes hold of one of their systems and then starts to go hog wild? this is irrelevant to your dumbass points about openssh and its vulnerabilities. it's not like rdp hasn't had any? shut the gently caress up and stop posting
|
|
#
?
Feb 3, 2017 16:41
|
|
|
OSI bean dip posted:you're just as loving dumb as the grey poster, shaggar. did you even read what my response was? shut the gently caress up and don't reply to shaggar
|
|
#
?
Feb 3, 2017 16:43
|
|
|
Cocoa Crispies posted:shut the gently caress up and don't reply to shaggar
|
|
#
?
Feb 3, 2017 16:44
|
|
|
OSI bean dip posted:you're just as loving dumb as the grey poster, shaggar. did you even read what my response was? what are you talking about. we're talking about remote assistance. this is for when the user is outside of the network and needs assistance, meaning they cant get into the network. are you going to walk them through setting up an ssh tunnel to you? seriously?
|
|
#
?
Feb 3, 2017 16:45
|
|
|
I mean I'm not surprised some autistic linux users cant comprehend normal users not being able to configure openssh but god drat you guys must not ever interact with humans ever.
|
|
#
?
Feb 3, 2017 16:46
|
|
|
|
| # ? May 17, 2024 17:25 |
|
|
Maybe you don't understand the problem scope here so lets walk through it. You have a remote user who is having problems and cant get into your network but they do have internet access. You don't want to just leave ports open on their machine and there are probably firewalls between you that you don't control anyway so you need a way to control their computer from outside of your network. The user doesn't know anything about computers. They're a normal human being. You need to provide them with a way to give you remote access with as little effort on their part as possible. So what are your options. Windows remote assistance is supposed to exactly fulfill this mission, but it never loving works. its also windows specific. what if this person is using a linux like osx? How about something like GoToMeeting? This actually works pretty well, but it means your user needs to be able to operate the presenter controls within GoToMeeting which is a tall ask. This is the void that teamviewer fills. its like GoToMeeting/webex but they don't need to understand how to work the presenter controls. They go to a website and type in a thing and join the "meeting" and you fix their poo poo and then they close the "meeting".
|
|
#
?
Feb 3, 2017 16:59
|
|