http://www.redmondpie.com/firm-that-helped-fbi-break-into-san-bernardino-iphone-gets-hacked-tools-leaked-online/ #whoa
|
|
# ? Feb 4, 2017 13:13 |
|
|
# ? May 17, 2024 18:30 |
|
cheese-cube posted:i'm a big proponent of surface area limitation taken to the extreme which includes not installing bullshit software on servers and such. I also subscribe to this, and inherited an environment where 100+ servers have full desktop environments installed. Rip me. Thankfully I have free will to improve the gently caress out of this poo poo and it soothes my tism so hard. ErIog fucked around with this message at 14:02 on Feb 4, 2017 |
# ? Feb 4, 2017 13:36 |
|
cheese-cube posted:for actualy content, xpost from the cisco thread: at six months to crack that password it's almost better to just rebuild
|
# ? Feb 4, 2017 16:58 |
|
https://twitter.com/PrissSoares_/status/827579332080050181
|
# ? Feb 4, 2017 19:38 |
|
your operating system is printing owned sheets.
|
# ? Feb 4, 2017 20:09 |
|
nothing but receipts: https://twitter.com/lmaostack
|
# ? Feb 4, 2017 20:14 |
|
OSI bean dip posted:nothing but receipts: The printernet of poo poo
|
# ? Feb 4, 2017 20:23 |
|
Volmarias posted:The printernet of poo poo
|
# ? Feb 4, 2017 20:35 |
|
everyone likes a meme
|
# ? Feb 4, 2017 20:36 |
|
OSI bean dip posted:nothing but receipts: quote:For the love of God, please close this port, skid
|
# ? Feb 4, 2017 20:37 |
|
hacked hacked lol just, kidding
|
# ? Feb 4, 2017 20:39 |
|
chaotic good as gently caress
|
# ? Feb 4, 2017 20:48 |
|
duTrieux. posted:chaotic good as gently caress
|
# ? Feb 4, 2017 20:58 |
|
https://twitter.com/HPSupport/status/827963612606119938
|
# ? Feb 4, 2017 22:10 |
|
lp0 botnet on fire
|
# ? Feb 4, 2017 22:22 |
|
pc bot letter? what the gently caress does that mean?
|
# ? Feb 4, 2017 22:42 |
|
OSI bean dip posted:nothing but receipts: this is good
|
# ? Feb 4, 2017 22:48 |
|
I'm gonna take a wild shot in the dark here but any receipt printer spewing that out is proooooobably not in a PCI compliant configuration
|
# ? Feb 5, 2017 05:25 |
|
since when did a receipt printer need to be pci compliant
|
# ? Feb 5, 2017 05:28 |
|
anthonypants posted:since when did a receipt printer need to be pci compliant when it's connected to a point of sale system, as most receipt printers are?
|
# ? Feb 5, 2017 05:29 |
|
so when you see an obfuscated credit card number on a receipt, you think it's the printer's job to translate numbers to asterisks?
|
# ? Feb 5, 2017 05:33 |
|
minivanmegafun posted:when it's connected to a point of sale system, as most receipt printers are? I have never seen a receipt printer come up as a PCI audit point. Are you confusing them with portable POS devices with integrated receipt printers maybe?
|
# ? Feb 5, 2017 05:35 |
|
if a printer has to be pci compliant then so does the display on the pos system in any pci compliant report i've read, printers have never come up
|
# ? Feb 5, 2017 05:39 |
|
anthonypants posted:since when did a receipt printer need to be pci compliant if a receipt printer has a way to talk to it over the public internet do you really believe the pos terminal itself does not
|
# ? Feb 5, 2017 05:43 |
|
you could argue that the pos terminal's network is segmented/isolated properly and the printer's is not, but, uh, we're talking about the people who setup networks in hundreds of small businesses as quickly as they can and that's a lot of faith to put in them
|
# ? Feb 5, 2017 05:44 |
|
Storysmith posted:if a receipt printer has a way to talk to it over the public internet do you really believe the pos terminal itself does not Still missing the point of there is no such thing as a "PCI compliant configuration" for a printer. It's just not a thing.
|
# ? Feb 5, 2017 05:44 |
|
flosofl posted:Still missing the point of there is no such thing as a "PCI compliant configuration" for a printer. It's just not a thing. i was talking about the POS installation as a whole, not just the printer itself I mean sure a single receipt printer living somewhere not near a register has no requirements
|
# ? Feb 5, 2017 05:45 |
|
Storysmith posted:if a receipt printer has a way to talk to it over the public internet do you really believe the pos terminal itself does not minivanmegafun posted:i was talking about the POS installation as a whole, not just the printer itself
|
# ? Feb 5, 2017 05:47 |
|
your printer is broadcasting an IP address /!\
|
# ? Feb 5, 2017 05:48 |
|
anthonypants posted:it's very likely, because these are just dumb printers with like port 9100 or whatever open. opening up that port to the world is probably the easiest way for the pos system to be able to talk to it, because whoever installed it was also a pos I haven't dealt with printers directly in almost 20 years, but I see "port 9100" and I felt a chill run down my spine. Those loving HP JetDirect cards.
|
# ? Feb 5, 2017 05:50 |
|
let's just all agree that all printers suck
|
# ? Feb 5, 2017 05:50 |
|
anthonypants posted:
there seem to be some register jockeys bemused about their printers spewing weird ascii art so I think some real POS installs might actually be effected! https://mobile.twitter.com/faithers99/status/827920542007037955?ref_src=twsrc%5Etfw
|
# ? Feb 5, 2017 05:52 |
|
At least this guy prints out harmless messages instead of weev and his nazi propaganda.
spankmeister fucked around with this message at 12:59 on Feb 5, 2017 |
# ? Feb 5, 2017 12:57 |
|
spankmeister posted:At least this guy prints out harmless messages instead of weev and his nazi propaganda. "Fix your poo poo lmao" is probably one of the best possible outcomes here.
|
# ? Feb 5, 2017 15:08 |
|
OSI bean dip posted:nothing but receipts: this is the weirdest, and most effective, STEM outreach for women I've seen
|
# ? Feb 5, 2017 17:03 |
|
lol. a us judge just nuked the global market for cloud services from us based companies turns out having local data centers can't save you from the us drinking your data through a straw. looks like ms built those fancy new canadian data centers for nothing infernal machines fucked around with this message at 17:34 on Feb 5, 2017 |
# ? Feb 5, 2017 17:31 |
|
infernal machines posted:lol. a us judge just nuked the global market for cloud services from us based companies lol as if they're not going to do it anyway no matter where you're located, if they can get the flimsiest reason to care about you. especially if you do your alternate hosting in any of the explicit spying ally countries of the us.
|
# ? Feb 5, 2017 17:33 |
|
the point is that previous ruling was the only reason patriated data centers mattered. if you have a legal requirement to store data domestically, you had the option of using local data centers even if they were being managed by an american company, because at least legally speaking the us couldn't just subpoena all your data across national boundaries. ms specifically built a bunch of canadian DCs so that they could bid on a shared services contract for the federal government. whoops, that's out the window now.
|
# ? Feb 5, 2017 17:40 |
|
infernal machines posted:the point is that previous ruling was the only reason patriated data centers mattered. if you have a legal requirement to store data domestically, you had the option of using local data centers even if they were being managed by an american company, because at least legally speaking the us couldn't just subpoena all your data across national boundaries. i'm sure the groaning will start because it's still deployed (but not managed!) by american staff and that access tunnel potentially means the feds will have legal avenues to grab data
|
# ? Feb 5, 2017 18:10 |
|
|
# ? May 17, 2024 18:30 |
|
The Germans (and French, sometimes) are hella strict on data transfer, and they do investigate if there's any connection to anything non-local whenever news like this pops, or someone feels like it. Ever since the safe harbor/privacy shield fiasco the Germans have been on companies like mad dogs about those things as well, issuing plenty of fines, but mostly poking around hoping its all still "secure" Best advice? Got big German clients? Make sure you're doing what you've said you were doing ;-).
|
# ? Feb 5, 2017 18:21 |