|
you gotta send all commands by fax
|
# ? Feb 3, 2017 22:36 |
|
|
# ? May 17, 2024 05:22 |
|
Powaqoatse posted:i had to help my sister with a thing a week ago & used teamviewer if you were also using a mac and you both have iMessage set up, you can just open messages.app, select a convo with her, click something (her name I think, don't have it in front of me ATM) in upper right area of the window, and request to view her screen. after the connection is established the person on the being-viewed end can opt to give the viewer remote control (via the blinking icon in the menu bar which tells you your screen is being viewed). this connection also gives you voice chat you are excused for not knowing about any of this because apple hides it behind a non intuitive interface in a place where you might not expect it. it's a nice built in tech support tool once you know about it oh and afaik aside from the startup requests going through iMessage it's all peer to peer. underlying screen sharing is vnc protocol over an encrypted channel or something like that.
|
# ? Feb 3, 2017 22:37 |
|
Subjunctive posted:what are the regulatory constraints? windows update has the ability to execute commands given server instruction, as do all browsers with a decent update model in this case our only specific constraint is that all data must be stored in canada. our clients have requested that any data stored offsite be encrypted, and they have ongoing concerns re remote data storage. basically everyone uses rdi for offsite work and all onsite systems use bitlocker. updates are managed by wsus locally, enforced by gpo and all automatic updates on 3rd party software are disabled, updating 3rd party applications is handled by sccm or ninite*. my concern is providing a direct control channel to the server from a 3rd party cloud service *yeah, i know, this is a potentially huge issue waiting to happen, since you're trusting their cached binaries implicitly
|
# ? Feb 3, 2017 22:50 |
|
pr0zac posted:same, don't doubt there's some crazy regulatory thing around lawyer stuff I don't know, am interested in what it is tho this isn't a specifically regulatory compliance thing, this is a "our balls will be nailed to the wall if the systems are breached through our maintenance and monitoring system" thing
|
# ? Feb 3, 2017 23:08 |
|
infernal machines posted:in this case our only specific constraint is that all data must be stored in canada. our clients have requested that any data stored offsite be encrypted, and they have ongoing concerns re remote data storage. basically everyone uses rdi for offsite work and all onsite systems use bitlocker. updates are managed by wsus locally, enforced by gpo and all automatic updates on 3rd party software are disabled, updating 3rd party applications is handled by sccm or ninite*. this sounds p good, imo
|
# ? Feb 3, 2017 23:11 |
|
bonus secfuck: while setting up some workstations for a client, borrowed from an associated company, all the laptops had bitlocker enabled, with a pin required at boot. the pin was helpfully printed on a label affixed on the palmrest of each laptop
|
# ? Feb 3, 2017 23:32 |
|
wyoak posted:whichever you use, don't let your password manager hook into your browser assuming you arent joking, please explain
|
# ? Feb 3, 2017 23:54 |
|
Rufus Ping posted:assuming you arent joking, please explain reduction (arguably elimination) of attack surface If your password manager is filling out forms for you, it's probably doing some outrageous poo poo like injecting JS into the page you're viewing. Bridging the browser / password manager gap is how we ended up with multiple lastpass vulns along the lines of "whoops, turns out we exposed all your passwords to any website that asked for them"
|
# ? Feb 4, 2017 00:22 |
|
COACHS SPORT BAR posted:reduction (arguably elimination) of attack surface this is why i only use lastpass for dumb poo poo i don't care about like my forums password, but not my email or bank
|
# ? Feb 4, 2017 00:35 |
|
lastpass fuckups aren't password manager fuckups. reducing attack surface is fine, but be wary of providing advice which will cause the user to think of the software as a hindrance
|
# ? Feb 4, 2017 00:40 |
|
i think the solution here is to pick a password manager that isnt written by morons rather than lumber yourself with something you have to copy/paste from by hand like a god drat cave man
|
# ? Feb 4, 2017 00:42 |
|
Rufus Ping posted:something you have to copy/paste from by hand like a god drat cave man a bunch of text files in a TrueCrypt archive, in my case
|
# ? Feb 4, 2017 00:44 |
|
i was curious so i checked how many accounts i have in lastpass and it's 171 how in the gently caress do i have 171 accounts for anything i use like 10 websites + apps, tops (note that i am not a computer janitor either and i don't keep work passwords in lastpass anyway)
|
# ? Feb 4, 2017 00:48 |
|
pr0zac posted:same, don't doubt there's some crazy regulatory thing around lawyer stuff I don't know, am interested in what it is tho wordperfect rce
|
# ? Feb 4, 2017 01:14 |
|
Cold on a Cob posted:i was curious so i checked how many accounts i have in lastpass and it's 171 That actually sounds around where I am. It's not as high as you think when you start going through them.
|
# ? Feb 4, 2017 01:17 |
|
320 accounts for me in 1Password. gently caress.
|
# ? Feb 4, 2017 01:20 |
|
223 i also have all of my licence keys in my keepass file
|
# ? Feb 4, 2017 01:23 |
|
Raere posted:wordperfect rce first find a ipx/spx network driver for those remaining wordperfect for dos users
|
# ? Feb 4, 2017 01:24 |
|
Rufus Ping posted:assuming you arent joking, please explain
|
# ? Feb 4, 2017 01:30 |
|
new york just passed legislation requiring all customer data being held in our industry to be encrypted in transit and at rest people keep asking us if our software is compliant and the official answer from on high is "redirect them to sales" because the unofficial answer is "no and we're so boned lol"
|
# ? Feb 4, 2017 01:49 |
|
one advantage to browser integration in your password manager is protecting yourself from phishing attacks - convincing someone to copy-paste their password into a phishing site is just as easy as convincing them to type it in, while fooling the browser integration is (at least in theory) a bit more challenging.
|
# ? Feb 4, 2017 01:50 |
|
A Pinball Wizard posted:new york just passed legislation requiring all customer data being held in our industry to be encrypted in transit and at rest Does it specify the method? If not, time to just XOR all the things!
|
# ? Feb 4, 2017 01:52 |
|
Volmarias posted:Does it specify the method? If not, time to just XOR all the things! I assume it says something like "industry standard encryption," so that means they can get away with 3DES.
|
# ? Feb 4, 2017 02:07 |
|
Volmarias posted:Does it specify the method? If not, time to just XOR all the things! quote:Section 500.15 Encryption of Nonpublic Information so I guess as long as the csio says "rdp using self-signed certs is a-ok" and "every help desk monkey at our msp is an authorized user now" then it's all good! A Pinball Wizard fucked around with this message at 02:10 on Feb 4, 2017 |
# ? Feb 4, 2017 02:08 |
|
Volmarias posted:That actually sounds around where I am. It's not as high as you think when you start going through them. yeah, we have a few dozen just for the billion servicers our student loans have been split and sold to over the years
|
# ? Feb 4, 2017 02:15 |
|
CommunistPancake posted:I assume it says something like "industry standard encryption," so that means they can get away with 3DES. Which would be dumb, but not completely terrible.
|
# ? Feb 4, 2017 02:16 |
|
wyoak posted:3rd parties are better than opening 3389 or god forbid whatever port VNC uses imo put up your own rdp gateway microsoft has already given you a solution
|
# ? Feb 4, 2017 02:45 |
|
anthonypants posted:idk but its what i use same. it's why I asked just so loving convenient compared to any alternative I've found downsides so far include: may have left something NWS up on my desktop
|
# ? Feb 4, 2017 02:45 |
|
pctD posted:320 accounts for me in 1Password. gently caress. 482 :/ I feel like that number actually went up rapidly after I started using a manager since I no longer give a gently caress if I have an account somewhere or not because all of the passwords are unique.
|
# ? Feb 4, 2017 03:03 |
|
i miscounted because apparently lastpass started helpfully adding newer accounts to groups at some point, so it's actually 260 there's a part of me that really wishes i could nuke most of these accounts. at least they all have generated passwords so idgaf when the sites get hacked sometimes i get emails from sites that got hacked and it's like 'oh yeah that loving site'
|
# ? Feb 4, 2017 03:55 |
|
El Mero Mero posted:I feel like that number actually went up rapidly after I started using a manager since I no longer give a gently caress if I have an account somewhere or not because all of the passwords are unique. yeah this when i was searching for a job year before last i had to register for more than one bespoke HR portal for whatever lovely company i was applying for, who comes up with this poo poo? thankfully i never got any callbacks on those places
|
# ? Feb 4, 2017 03:59 |
|
Cold on a Cob posted:yeah this
|
# ? Feb 4, 2017 04:08 |
|
Jewel posted:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751 wait wait wait, did I get this correctly? encfs which changes its command line interface in a random bug fix is stable enough to get into the next Debian stable release... while cryptkeeper which is unmaintained and thus by definition as stable as any application can ever be is... already gone from Debian for being too unstable
|
# ? Feb 4, 2017 04:10 |
|
isn't teamviewer the app that all those scammers calling from "Microsoft security" tell you to use?
|
# ? Feb 4, 2017 04:10 |
|
Jimmy Carter posted:isn't teamviewer the app that all those scammers calling from "Microsoft security" tell you to use? It is one of many yeah.
|
# ? Feb 4, 2017 04:25 |
|
Jimmy Carter posted:isn't teamviewer the app that all those scammers calling from "Microsoft security" tell you to use? Yep. They keep cycling through 7 day demo accounts.
|
# ? Feb 4, 2017 04:42 |
|
Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite lol
|
# ? Feb 4, 2017 06:32 |
i have 40 something accounts on keepass, and some of the more useful keys to avoid losing. couldve been noticeably more, but im slow to visit random old poo poo so i add new accounts and change info on the old ones as they come and go
|
|
# ? Feb 4, 2017 08:54 |
|
*me catching up on thread* "lol shaggar" i'm a big proponent of surface area limitation taken to the extreme which includes not installing bullshit software on servers and such. there are many reasons why installing third-party software on servers is a bad idea, the primary being that unless it is packaged and supported by someone the installs wont get updated. also those environments where windows firewall is disabled on all servers because "durr legacy something something drink a litre of piss". anyway, where possible i'll try and find a first-party solution which is secure and meets requirements before even considering third-party sw. RDS gateway mentioned by bangers is one. SSH tunnel (or any VPN tunnel really) as mentioned by OSI is also good because you are still using the first-party product only you're adding a layer to ensure it's secure. installing garbage software which doesn't really even have any use case in tyool 2017 outside of abject laziness and adherence to being a shitbird helps no one.
|
# ? Feb 4, 2017 11:46 |
|
|
# ? May 17, 2024 05:22 |
|
for actualy content, xpost from the cisco thread:the spyder posted:My night thus far has involved hash cat, several GPU's, and the admin password for our 7010 chassis. I don't even want to talk about how we got here, the short answer is former employee. Even with half a dozen GPU's at my disposal, it would still be 6 months to brute-force the password according to the software. This. This is why you don't let a site manage its own gear. God.drat.It. (Excuse the rant). lmao
|
# ? Feb 4, 2017 12:13 |