|
Optimus_Rhyme posted:https://twitter.com/DKMatai/status/831250823757848576 the most gartner slide Munkeymon posted:what the poo poo has augmented reality got to do even a little bit with security? they're both concepts from William Gibson books
|
#
?
Feb 13, 2017 23:30
|
|
|
|
| # ? May 17, 2024 17:26 |
|
|
do any of you know much about Carbon Black? it's apparently an application whitelisting program for windows that they're rolling out here at work. i'm just curious how many ways it inadvertently links other user activity to the admins or vendor, as it sounds like the vendor has to actually help our local admins add things to the whitelist from the internal memo.
|
|
#
?
Feb 13, 2017 23:35
|
|
|
LeftistMuslimObama posted:do any of you know much about Carbon Black? it's apparently an application whitelisting program for windows that they're rolling out here at work. i'm just curious how many ways it inadvertently links other user activity to the admins or vendor, as it sounds like the vendor has to actually help our local admins add things to the whitelist from the internal memo. i can tell you all about carbon.
|
|
#
?
Feb 13, 2017 23:38
|
|
|
cabrón black
|
|
#
?
Feb 13, 2017 23:43
|
|
|
Cocoa Crispies posted:cabrón black
|
|
#
?
Feb 13, 2017 23:54
|
|
|
https://twitter.com/larao68/status/831297085496401920
|
|
#
?
Feb 14, 2017 02:23
|
|
|
Gonna be at rsa this week, any good things to do there or good party recommendations for thursday?
|
|
#
?
Feb 14, 2017 02:26
|
|
|
*NSA, and random aides, while surrounded by mar-a-largo guests having diner join us in the opsec thread for more
|
|
#
?
Feb 14, 2017 02:27
|
|
|
Has anyone heard of IBM Security Trusteer Rapport? Multiple Canadian banks are recommending it. They must have some sort of deal.
|
|
#
?
Feb 14, 2017 06:47
|
|
|
this is literally one hour of RSA tomorrow. such quality and part of the rest of the afternoon 
|
|
#
?
Feb 14, 2017 06:56
|
|
|
carbon black is good software, I did bug bounty stuff for them. would recommend. not so sure about your privacy as an end user, but you should assume networking knows what you jack to
|
|
#
?
Feb 14, 2017 07:11
|
|
|
Optimus_Rhyme posted:this is literally one hour of RSA tomorrow. such quality please tell me the one about "talk to your teen about cyber" is going to be recorded so i can see it because lol
|
|
#
?
Feb 14, 2017 07:51
|
|
|
Applebees posted:Has anyone heard of IBM Security Trusteer Rapport? Multiple Canadian banks are recommending it. They must have some sort of deal.
|
|
#
?
Feb 14, 2017 08:23
|
|
|
the client is a piece of poo poo. Its protective features include stopping you pressing printscreen for some reason
|
|
#
?
Feb 14, 2017 09:11
|
|
|
Rufus Ping posted:the client is a piece of poo poo. Its protective features include stopping you pressing printscreen for some reason
|
|
#
?
Feb 14, 2017 09:57
|
|
|
Applebees posted:Has anyone heard of IBM Security Trusteer Rapport? Multiple Canadian banks are recommending it. They must have some sort of deal.
|
|
#
?
Feb 14, 2017 10:01
|
|
|
I know this post is ancient history now, but I have been waiting months for an appropriate time to make this joke. and this probably isn't itflakeloaf posted:bgp bgp bg, bg, bg, can't you see, sometimes your routes just hypnotize me
|
|
#
?
Feb 14, 2017 12:08
|
|
|
Notorious BGP
|
|
#
?
Feb 14, 2017 12:31
|
|
|
Applebees posted:Has anyone heard of IBM Security Trusteer Rapport? Multiple Canadian banks are recommending it. They must have some sort of deal. Finance uses it at work for talking to our bank. The program sucks and the brightcloud protections in it time out causing connection issues. We had to turn off the web filtering to get it to work for the nice ladies that cut my check.
|
|
#
?
Feb 14, 2017 13:51
|
|
|
stoopidmunkey posted:We had to turn off <INSERT_SECURITY_MECHANISM_HERE> to get it to work for the nice ladies that cut my check.
|
|
#
?
Feb 14, 2017 18:12
|
|
|
LeftistMuslimObama posted:do any of you know much about Carbon Black? it's apparently an application whitelisting program for windows that they're rolling out here at work. i'm just curious how many ways it inadvertently links other user activity to the admins or vendor, as it sounds like the vendor has to actually help our local admins add things to the whitelist from the internal memo. man I had this idea years ago. Wrote a service that acted as a whitelist for other windows services. Listened for service start events and killed any service that attempted to start but wasn't allowed by the whitelist my goal was to stop IT from pushing software onto my work machine via the domain / group policy, lol it didn't end well
|
|
#
?
Feb 14, 2017 18:48
|
|
|
stoopidmunkey posted:Finance uses it at work for talking to our bank. The program sucks and the brightcloud protections in it time out causing connection issues. We had to turn off the web filtering to get it to work for the nice ladies that cut my check. it's been pushed for years up here by a few of the banks. i'm constantly having to pull it from systems because it breaks https sessions in new and exciting ways. breaks in the sense of connections just plain ol fail at random if it's running. it also occasionally manages to peg an entire cpu core, doing something
|
|
#
?
Feb 14, 2017 19:07
|
|
|
ErIog posted:I know this post is ancient history now, but I have been waiting months for an appropriate time to make this joke. and this probably isn't it spankmeister posted:Notorious BGP these are both good
|
|
#
?
Feb 14, 2017 19:40
|
|
|
spankmeister posted:Notorious BGP
|
|
#
?
Feb 14, 2017 19:55
|
|
|
Optimus_Rhyme posted:this is literally one hour of RSA tomorrow. such quality I'm the cyber-law
|
|
#
?
Feb 15, 2017 01:03
|
|
|
spankmeister posted:Notorious BGP
|
|
#
?
Feb 15, 2017 01:20
|
|
|
spankmeister posted:Notorious BGP
|
|
#
?
Feb 15, 2017 08:07
|
|
|
spankmeister posted:Notorious BGP mods pls do the needful
|
|
#
?
Feb 15, 2017 08:23
|
|
|
https://www.vusec.net/projects/anc/ aslr
|
|
#
?
Feb 15, 2017 11:37
|
|
|
we almost bought thycotic and thank god we didn't cause lmao @ that name.
|
|
#
?
Feb 15, 2017 14:16
|
|
|
https://www.youtube.com/watch?v=fKLmZNnMT0A
|
|
#
?
Feb 15, 2017 14:23
|
|
|
Welp. quote:AnC, on the other hand, exploits a fundamental mechanism that is in place for efficient code execution that is present in all modern processors. Hence, it is not straightforward to “fix” AnC. Furthermore, AnC runs from JavaScript and does not need to make assumptions on core placement, significantly increasing its impact over Jump over ASLR.
|
|
#
?
Feb 15, 2017 16:21
|
|
|
has anyone looked into their native library yet? exactly what address is it that they're finding via JS? from their videos that looks like a stack or library address, stack makes more sense because the data changes, but I'm not sure. if it is a stack location there's way less cause for concern than if they leaked an executable's aslr slide. if it turns out they can only leak addresses for locations they can rapidly change the contents of, that's disappointing
|
|
#
?
Feb 15, 2017 18:24
|
|
|
google's private 2014 report into apt28 is out, notably made a month before fireeye publicised the group: https://www.documentcloud.org/documents/3461560-Google-Aquarium-Clean.html
|
|
#
?
Feb 15, 2017 18:53
|
|
|
javascript is the absolute worst thing
|
|
#
?
Feb 15, 2017 18:54
|
|
|
Shaggar posted:javascript is the absolute worst thing You can do the exact same thing, easier, with Java.
|
|
#
?
Feb 15, 2017 18:56
|
|
|
java has mechanisms for establishing trust and most people don't have jvms even installed on their machines. javascript requires that you run untrusted code everywhere and is installed on every computer.
|
|
#
?
Feb 15, 2017 18:59
|
|
|
Shaggar posted:javascript is the absolute worst thing much like you're posting
|
|
#
?
Feb 15, 2017 18:59
|
|
|
basically if you ever supported firefox or chrome for their expansion of the use of javascript it is entirely 100% your fault that the state of web security is so bad.
|
|
#
?
Feb 15, 2017 19:00
|
|
|
|
| # ? May 17, 2024 17:26 |
|
|
Wiggly Wayne DDS posted:google's private 2014 report into apt28 is out, notably made a month before fireeye publicised the group: https://www.documentcloud.org/documents/3461560-Google-Aquarium-Clean.html
|
|
#
?
Feb 15, 2017 19:09
|
|