|
I would hope that it wipes all unallocated space.
|
#
?
Mar 15, 2017 12:07
|
|
|
|
| # ? May 23, 2024 09:53 |
|
|
Subjunctive posted:I would hope that it wipes all unallocated space. This. Also depends on how you're wiping it (Pattern, number of passes, etc.)
|
|
#
?
Mar 15, 2017 14:31
|
|
|
Red posted:I'm turning in a laptop to work on my last day, and using Cipher to wipe things I've deleted. I would think it would have errored out, but you need to use valid paths using cipher. So 'cipher /w: c: \Users' <-- space is there because I can't be bothered to figure how to non-emoji it. And not I can't see it taking that long EVER. I've also never used it other than just specifying the drive.
|
|
#
?
Mar 15, 2017 15:08
|
|
users - and it wasn't done like 7 hours later, but users directory isn't that big, so does Cipher wipe the entire drive regardless?
|
Getting a weird problem on Chrome where trying to open any non-HTTPS webpage instead loads a blank white page with "Url not found." I'm not using any proxies, hosts file is fine, changing from OpenDNS to Google DNS didn't help, basically all the stuff I could think of. It'd be less of a problem if HTTPSEverywhere actually made an effort to try to open a page in HTTPS first. Any ideas?
|
|
#
?
Mar 17, 2017 16:45
|
|
|
Cup Runneth Over posted:Getting a weird problem on Chrome where trying to open any non-HTTPS webpage instead loads a blank white page with "Url not found." I'm not using any proxies, hosts file is fine, changing from OpenDNS to Google DNS didn't help, basically all the stuff I could think of. It'd be less of a problem if HTTPSEverywhere actually made an effort to try to open a page in HTTPS first. Any ideas?
|
|
#
?
Mar 17, 2017 16:48
|
|
|
Sorry, should have mentioned I already did that and only use incognito mode anyway.
|
|
#
?
Mar 17, 2017 17:28
|
|
|
Have you paid your bill? Some comically bad ISPs will just block port 80. You don't mention if this is only Chrome specifically. Another likely option is someone had hijacked your browser, is trying to redirect every non-secure page and their resource is down.
|
|
#
?
Mar 17, 2017 17:36
|
|
|
Cup Runneth Over posted:Sorry, should have mentioned I already did that and only use incognito mode anyway.
|
|
#
?
Mar 17, 2017 17:37
|
|
|
Use a different browser, and or curl/wget. Check for rogue extensions or plugins. If you have a laptop, connect it to your network. Try and figure out if it's your network or your computer. Speak onto the monitor "I know you're watching", see what happens.
|
|
#
?
Mar 17, 2017 17:39
|
|
|
Another option is that your firewall has had a lovely update and it is now filtering HTTPS even though it isn't supposed to be. This happened to me earlier this year. This also assumes you're like me and had an overkill firewall for a long time.
|
|
#
?
Mar 17, 2017 17:43
|
|
|
Tested it on different browsers and had the same problem, then tried connecting to my phone as a hotspot. That fixed it, so it looks like it's a problem with my router. Resetting it didn't fix it, so I'll look into it on my own. Thanks fellas, I was overthinking it.Khablam posted:Some comically bad ISPs will just block port 80. Are there any other kind?
|
|
#
?
Mar 17, 2017 17:44
|
|
|
A rogue DNS is also possible
|
|
#
?
Mar 17, 2017 18:11
|
|
|
spankmeister posted:A rogue DNS is also possible How would that affect https and http differently? Some SNI interaction I can't quite see?
|
|
#
?
Mar 17, 2017 19:46
|
|
|
Subjunctive posted:How would that affect https and http differently? Some SNI interaction I can't quite see? Oh wait HTTPS works but plain HTTP doesn't. Well it could still be rogue DNS if they're very careful about only modifying known http-only sites but it doesn't seem likely.
|
|
#
?
Mar 17, 2017 19:52
|
|
|
I was having trouble setting up RANCID, and their documentation sucks rear end, so I thought I'd look at alternatives, and came across rConfig. It has a native web interface, and my coworkers hate Linux, so I thought I'd give it a look. Here's a few problems: 1) The install method is to download and run an installer script at http://rconfig.com/downloads/scripts/install_rConfig.sh. This script is a wrapper to determine if you have CentOS 6 or CentOS 7. You can get to this file over https, but then the script calls http://www.rconfig.com/downloads/scripts/centos7_install.sh or http://www.rconfig.com/downloads/scripts/centos6_install.sh, depending on what version of CentOS you have. I'm only going to bother with the CentOS 7 version, but I don't think there's going to be that much of a difference. 2) The next thing it does is install wget. Through yum, thankfully. Then it downloads http://www.rconfig.com/downloads/scripts/login.sh and moves it to /etc/profile.d/. 3) Then it disables SELinux by modifying /etc/selinux/config and changing 'enforcing' to 'disabled'. It then checks to see if it's set to disabled, and if it's set to permissive, this part of the script will probably fail. A backup of the original /etc/selinux/config is not saved. 4) /etc/sudoers is modified to allow the apache user access to disable requiring tty, and also allowing access to the crontab, zip, chmod, chown, whoami, wc, tail, and rm commands without a password. 5) The firewalld service is disabled and stopped. The iptables service is stopped. 6) The following repos are installed: - epel-release, via yum install - http://rpms.famillecollet.com/enterprise/remi-release-7.rpm, via rpm -Uvh - https://mirror.webtatic.com/yum/el7/webtatic-release.rpm, via rpm -Uvh - http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm, via rpm -Uvh - https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm, via rpm -Uvh - http://mirror.cogentco.com/pub/linux/epel/6/i386/epel-release-6-8.noarch.rpm, via rpm -ivh 7) The epel and remo repos are used to install httpd. wget is installed again. mlocate, attr, open-vm-tools, tree, the Development Tools group, ntp, sudo, telnet, bind-utils, traceroute, tree, unzip, vixie-cron, crontabs, openssl-devel, openssl, mod_ssl, vsftpd, mysql-server, mysql, mod_auth_mysql, mysql-devel, php70w-devel, php70w, php70w-gd, php70w-mbstring, php70w-mysql, php70w-pear, php70w-cli, php70w-common, and php70w-pdo are installed via yum. 8) ntp, httpd, mysqld, vsftpd, and crond are enabled and started. 9) vsftp is configured. The original /etc/vsftpd/vsftpd.conf is preserved as /etc/vsftpd/vsftpd.conf.original. The user is given the option to allow the root user access to connect over FTP. 10) ntp is configured. The user is given the option to define an ntp server, or it can use time.nist.gov. 11) The file http://www.rconfig.com/downloads/scripts/centos7_postReboot.sh is downloaded. The user is asked to reboot after the following step and run this script. 12) mysql_secure_installation is run. 13) The user reboots, and runs the post-reboot script. 14) http://www.rconfig.com/downloads/rconfig-3.6.7.zip is downloaded and unzipped into /home, creating /home/rconfig, and the apache user is assigned recursive ownership of the folder. 15) /etc/httpd/conf/httpd.conf is moved to /etc/httpd/conf/httpd.conf.original, and a new httpd.conf is moved in its place. Apache is restarted. 16) /etc/php.ini is configured. Apache is restarted. 17) SELinux is checked again by looking for a 'dot' at the end of the permissions list in ls -ahl, and if it finds one, it modifies every folder in the /home directory by removing the security.selinux attribute with setfattr. 18) The user is prompted to go to [url]https://[/url]$hostname/install to finish the installation. /home/rconfig gets chowned to the apache user again, and any shell scripts in /home are removed. Miscellaneous comments: You have to sign up to get the link to the download script or any installation documentation. They have a GitHub and a more recent version is allegedly in development, but it wasn't immediately clear how to deploy that, so I just went with the stable version. When you register, they send you an email address with your username and password in it. You cannot change your password. They have an SSL cert for https://www.rconfig.com but it expired in November of last year. They're using Let's Encrypt, so there's really no reason why they can't get it renewed, or why they can't also get one for rconfig.com. Some of their other domains also have expired certs. There are a lot of hardcoded progress bars that don't actually do anything. Like, here's one from the first installer script, but there's one of these in almost every section of each script: code:anthonypants fucked around with this message at 20:21 on Mar 22, 2017 |
|
#
?
Mar 22, 2017 20:18
|
|
|
anthonypants posted:I was having trouble setting up RANCID, and their documentation sucks rear end, so I thought I'd look at alternatives, and came across rConfig. It has a native web interface, and my coworkers hate Linux, so I thought I'd give it a look. Here's a few problems: Have you published this rant anywhere? I want to link it to my coworkers. That is a heroic amount of effort to do everything possible wrong.
|
|
#
?
Mar 22, 2017 23:32
|
|
|
Saukkis posted:Have you published this rant anywhere? I want to link it to my coworkers. I could probably put it on their GitHub issue tracker after reworking it, maybe add some suggestions, and it might be interesting to fix their garbage to the point where it works on Linux without having everything disabled, but I have very little motivation to do so.
|
|
#
?
Mar 22, 2017 23:45
|
|
|
anthonypants posted:I was going to put it in the sec gently caress thread but I figured it was too much of an effortpost for YOSPOS. I don't have a blog and it's too big for twitter. Also, I don't think they'd like the URLs for their installer scripts out in the public. On the contrary. When it comes to secfucks, YOSPOS applauds effort posts. See hackbunny's posts if you don't believe. Either way, post it in the secfuck thread
|
|
#
?
Mar 24, 2017 19:57
|
|
|
Migishu posted:On the contrary. When it comes to secfucks, YOSPOS applauds effort posts. See hackbunny's posts if you don't believe.
|
|
#
?
Mar 24, 2017 22:28
|
|
|
anthonypants posted:Thank you for the flattering comparison but hackbunny is way smarter than me and that makes a huge difference.  Don't over think it
|
|
#
?
Mar 25, 2017 02:53
|
|
|
If this isn't the right thread, apologies and please let me know where to ask this instead. Since Congress decided to gently caress over every single American Internet user today, I want to get a VPN. What's the best way to do that? I feel like I've read about putting OpenVPN on a router, but that seems counterintuitive to me - how can a VPN be on the same side of the modem as me? Besides, I'm sure my current one won't support that anyway. The other option I'm aware of would be paying for a service, but I have no idea which companies are reputable, nor how to choose among them even if I did know that. Please help, goons!
|
|
#
?
Mar 29, 2017 03:37
|
|
|
hooah posted:I feel like I've read about putting OpenVPN on a router, but that seems counterintuitive to me - how can a VPN be on the same side of the modem as me? hooah posted:The other option I'm aware of would be paying for a service, but I have no idea which companies are reputable, nor how to choose among them even if I did know that.
|
|
#
?
Mar 29, 2017 04:12
|
|
|
hooah posted:If this isn't the right thread, apologies and please let me know where to ask this instead. There are also a few tradeoffs you'll have to live with if you use a VPN service from home. Like you probably won't be able to use streaming video services, and if you plan to do anything with mobile device things only get worse. But, like rufo says, they're all bad in one way or another. You absolutely can't trust any of the free ones, because they'll either sell your info or inject ads/malware. You can't necessarily trust any of the pay ones. You could host your own, but what endpoint do you trust? Can you use a VPN at work? Can you trust AWS/Azure/DigitalOcean?
|
|
#
?
Mar 29, 2017 04:30
|
|
|
If someone wants to write an adequate VPN setup guide, I'm interested. Having said that, all paid VPN options as rufo adequately put it are "poo poo" and there will be no recommendations made.
|
|
#
?
Mar 29, 2017 05:10
|
|
|
https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/ Welp.
|
|
#
?
Mar 29, 2017 08:24
|
|
|
c0burn posted:https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/ Keep rear end still in the clear.
|
|
#
?
Mar 29, 2017 08:59
|
|
|
OSI bean dip posted:Having said that, all paid VPN options as rufo adequately put it are "poo poo" and there will be no recommendations made. Could this be added to the OP at least? It's still useful information for us non-experts.
|
|
#
?
Mar 29, 2017 10:51
|
|
|
There was a goon run VPN hostvpn.com I'm mobile it may be archived.. First month for a $0.01 if you can find the threads discount code It may have been SAGOONS You need a pretty beefy router to dial all your networks traffic through the VPN, the 200-400mhz and poo poo ram doesn't cut it, you are better off running it on the client. i noticed a 20-40% reduction on speed test via running it through the router. Strangely enough my upload improved quite a bit with it, Comcast was capping certain traffic pretty hard at the time I suspect, it helped me access my bank when I thought it was down, (in retrospect that may have been risky activity)
|
|
#
?
Mar 29, 2017 11:20
|
|
|
syscall girl posted:Keep rear end still in the clear. Only because LastPass is specifically being targeted by the white hats. Once they get tired of all the smug comments and decide to turn the razor on Keepass, all bet will be off, I'd say.
|
|
#
?
Mar 29, 2017 13:48
|
|
|
You are aware what the difference between the two is, right?
|
|
#
?
Mar 29, 2017 14:00
|
|
|
Kerning Chameleon posted:Only because LastPass is specifically being targeted by the white hats. Once they get tired of all the smug comments and decide to turn the razor on Keepass, all bet will be off, I'd say. This isn't a thread for such opinions--which are wrong. Feel free to take your (wrong) opinions here. DoctorTristan posted:Could this be added to the OP at least? It's still useful information for us non-experts. Not a terrible idea. I'll add that in when I have a chance.
|
|
#
?
Mar 29, 2017 15:15
|
|
|
anthonypants posted:But, like rufo says, they're all bad in one way or another. You absolutely can't trust any of the free ones, because they'll either sell your info or inject ads/malware. You can't necessarily trust any of the pay ones. You could host your own, but what endpoint do you trust? Can you use a VPN at work? Can you trust AWS/Azure/DigitalOcean? Is there actually anything to suggest the paid ones with provably no logging are actively bad? Sure they could be compromised, but ISPs have a pretty poor record of holding onto customer data.
|
|
#
?
Mar 29, 2017 16:53
|
|
|
Khablam posted:Problem is, if you decide you can't trust anyone to host a VPN, you are by default trusting your ISP's collection and retention instead. You don't get to opt out of trusting all your browsing habits to someone. You're better off just using a VPS. Paid services have all sorts of problems. If the VPN provider gets compromised then many accounts are at risk whereas hosting your own just means you're an island of many.
|
|
#
?
Mar 29, 2017 16:57
|
|
|
c0burn posted:https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/ Alright how do I totally nuke my account with this service? Should I manually change all of my login info to bogus entries before cancelling or something?
|
|
#
?
Mar 29, 2017 17:02
|
|
|
Khablam posted:Is there actually anything to suggest the paid ones with provably no logging are actively bad? Would this be the same PrivateInternetAccess who use the same single shared secret to encrypt every customer's traffic?
|
|
#
?
Mar 29, 2017 18:27
|
|
|
OSI bean dip posted:You're better off just using a VPS. So you'd rent a VPS and then what, install OpenVPN on it? That sounds pretty doable.
|
|
#
?
Mar 29, 2017 20:15
|
|
|
hooah posted:So you'd rent a VPS and then what, install OpenVPN on it? That sounds pretty doable.
|
|
#
?
Mar 29, 2017 20:19
|
|
|
Rufus Ping posted:Would this be the same PrivateInternetAccess who use the same single shared secret to encrypt every customer's traffic? I'm going to agree with other posters and say a VPS is better. The issues discussed there don't affect people using the bundled OpenVPN clients though; just using L2TP. Not sure about other vendors but PIA did discuss this after people misattributed that article to their client. That said the article there (and common sense) suggests if you're just trying to cloak your data from your ISP, it's a workable solution. No one is recommending it against oppressive regimes (inb4 lol trump) or using it to hide whistle-blowers.
|
|
#
?
Mar 30, 2017 16:46
|
|
|
Khablam posted:I'm going to agree with other posters and say a VPS is better. The issues discussed there don't affect people using the bundled OpenVPN clients though; just using L2TP. Not sure about other vendors but PIA did discuss this after people misattributed that article to their client. Worth mentioning that L2TP is also considered insecure anyway now.
|
|
#
?
Mar 30, 2017 16:57
|
|
|
|
| # ? May 23, 2024 09:53 |
|
|
I hadn't updated my video drivers in a while and ended up getting flagged for what I didn't immediately realize were false positives which I ended up removing instead of leaving quarantined, one of the entries was a Windows Defender exclusion for my Intel Bluetooth, do I need to go back into my registry and fix this to keep my Bluetooth healthy or should I be fine leaving it alone?
|
|
#
?
Apr 2, 2017 04:12
|
|