|
Jimmy Carter posted:9/11 mayor getting made chief of cyber. one of these days i'm going to give enough of a poo poo to edit in giulianiilini and a cloud service logo
|
#
?
Mar 17, 2017 18:15
|
|
|
|
| # ? May 18, 2024 11:55 |
|
|
duTrieux. posted:one of these days i'm going to give enough of a poo poo to edit in giulianiilini and a cloud service logo Oldster
|
|
#
?
Mar 17, 2017 18:43
|
|
|
https://twitter.com/kenvogel/status/842790114635997184 FDE your poo poo peeps
|
|
#
?
Mar 17, 2017 18:57
|
|
|
sharepoint 2016 ladies and gents
|
|
#
?
Mar 17, 2017 19:08
|
|
|
was updating the wildcard cert on our servers and came across one of them which didn't work because the account used for impersonation had a bad password. and the account belongs to one of our developers. and the password it has is "Companyname6!". and i tested with runas just now and his password is "Companyname7!".
|
|
#
?
Mar 17, 2017 19:52
|
|
|
BiohazrD posted:sharepoint 2016 ladies and gents how do you usually bootstrap a new account? have them stand at the IT gal's desk?
|
|
#
?
Mar 17, 2017 19:59
|
|
|
encrypted email to the account requester's isso, have him stand at that guy's desk, force password change on first login
|
|
#
?
Mar 17, 2017 20:01
|
|
|
AggressivelyStupid posted:On a scale of 1 to 10 how bad is storing SSNs in plaintext? I'm asking for a friend. don't store SSN
|
|
#
?
Mar 17, 2017 20:02
|
|
|
Subjunctive posted:how do you usually bootstrap a new account? have them stand at the IT gal's desk? use windows auth so they don't have to think about another password
|
|
#
?
Mar 17, 2017 20:03
|
|
|
yeah. SSO your way out of that
|
|
#
?
Mar 17, 2017 20:03
|
|
|
sharepoint can do saml and ws-federation as well if the stars have aligned correctly and you make the right prayers to the right ancient gods
|
|
#
?
Mar 17, 2017 20:05
|
|
|
Shaggar posted:use windows auth so they don't have to think about another password well obviously if you have an existing account they can use. that's not always the case (and how do you bootstrap the windows auth password?)
|
|
#
?
Mar 17, 2017 20:08
|
|
|
generated passwords in a ticketing system that are relayed by mouth from their supervisor during which they create their new pw. for external users yeah I don't really see another way to do it. a time expiring password creation link would probably be better since its likely the authentication store (like AD) doesn't have a concept of one off password expiry (afaik)
|
|
#
?
Mar 17, 2017 20:11
|
|
|
alternatively, have them login with their company's 365
|
|
#
?
Mar 17, 2017 20:11
|
|
|
Loving Africa Chaps posted:https://twitter.com/kenvogel/status/842790114635997184 this is pretty fuckin' bad
|
|
#
?
Mar 17, 2017 20:43
|
|
|
loving lol at that secret service agent leaving her backpack in her car in her driveway while she was inside the house.
|
|
#
?
Mar 17, 2017 21:03
|
|
|
Ur Getting Fatter posted:loving lol at that secret service agent leaving her backpack in her car in her driveway while she was inside the house. for real, tho
|
|
#
?
Mar 17, 2017 22:06
|
|
|
Hmm someone was just able to break out of a VM and compromise the host in VMWare, I think that will cause some rethinking of things
|
|
#
?
Mar 17, 2017 22:06
|
|
|
yo dawg I heard you like virtualization
|
|
#
?
Mar 17, 2017 22:21
|
|
|
cheese-cube posted:just gony drop this here eeeh that's arguable imo but this: https://twitter.com/faultywarrior/status/842569756360302593 is not. omg don't use encrypted filesystems as archives, it's a bad bad idea. it's bad crypto! disk encryption is, frankly, a hack: the cipher modes are poorly studied compared to stuff like cbc, and the encryption isn't authenticated (or at least I've never seen an authenticating implementation). never do this
|
|
#
?
Mar 17, 2017 22:47
|
|
|
Pryor on Fire posted:Hmm someone was just able to break out of a VM and compromise the host in VMWare, I think that will cause some rethinking of things why pay for the whole exploit when you only need the edge https://twitter.com/thezdi/status/842788469923442689
|
|
#
?
Mar 17, 2017 22:59
|
|
|
hackbunny posted:eeeh that's arguable imo but this: for desktops there's this https://www.youtube.com/watch?v=-G8sEYCOv-o
|
|
#
?
Mar 17, 2017 23:00
|
|
|
even simpler than that: just read "%TEMP%\~secretzzzz.txt.autosave"
|
|
#
?
Mar 17, 2017 23:09
|
|
|
Pryor on Fire posted:Hmm someone was just able to break out of a VM and compromise the host in VMWare, I think that will cause some rethinking of things Well, VM escapes aren't exactly new. It's really cool how they chained all the exploits though.
|
|
#
?
Mar 17, 2017 23:09
|
|
|
shaggar was wrong
|
|
#
?
Mar 17, 2017 23:18
|
|
|
duTrieux. posted:why pay for the whole exploit when you only need the edge good thing they weren't using webkit
|
|
#
?
Mar 17, 2017 23:19
|
|
|
Subjunctive posted:I GUESS
|
|
#
?
Mar 17, 2017 23:31
|
|
|
spankmeister posted:Well, VM escapes aren't exactly new. It's really cool how they chained all the exploits though. yeah, it's like that SpaceX rocket landing video
|
|
#
?
Mar 17, 2017 23:34
|
|
|
Ur Getting Fatter posted:loving lol at that secret service agent leaving her backpack in her car in her driveway while she was inside the house.  now let's wonder about all the things that could conveniently be "found" on said laptopnah let's not that's dumb
|
|
#
?
Mar 17, 2017 23:47
|
|
|
can't wait to see the president's coke habit confirmed
|
|
#
?
Mar 18, 2017 00:09
|
|
|
Coke and not alphabetamines? E: I meant amphetamines but love that autosuggestion error so I'll keep it. WrenP-Complete fucked around with this message at 00:14 on Mar 18, 2017 |
|
#
?
Mar 18, 2017 00:12
|
|
|
WrenP-Complete posted:Coke and not alphabetamines? alphabetamines would suggest literacy though
|
|
#
?
Mar 18, 2017 00:25
|
|
|
cinci zoo sniper posted:alphabetamines would suggest literacy though lol
|
|
#
?
Mar 18, 2017 00:28
|
|
|
cinci zoo sniper posted:alphabetamines would suggest literacy though Truth.
|
|
#
?
Mar 18, 2017 00:30
|
|
|
cinci zoo sniper posted:alphabetamines would suggest literacy though
|
|
#
?
Mar 18, 2017 00:32
|
|
|
cinci zoo sniper posted:alphabetamines would suggest literacy though lmbo
|
|
#
?
Mar 18, 2017 01:05
|
|
|
these are mainly vizio tvs: https://www.shodan.io/search?query=ERROR%7C101%7CUnknown+Message+Type%7CEND&page=1
|
|
#
?
Mar 18, 2017 01:28
|
|
|
cinci zoo sniper posted:alphabetamines would suggest literacy though
|
|
#
?
Mar 18, 2017 01:30
|
|
|
anthonypants posted:they caught silk road kingpin ross ulbricht at a public library while his disk was encrypted and he was caught with a bunch of unencrypted mycrimes.txt documents no, his mycrimes.txt were encrypted with FDE. that's why they nabbed him at the library. they wanted a place where both (a) he had the computer on, encryption password activated, screen unlocked, and (b) where they could sneak up behind him, cause a distraction, and snag the machine from him while it was in the unlocked state
|
|
#
?
Mar 18, 2017 01:33
|
|
|
|
| # ? May 18, 2024 11:55 |
|
|
Lutha Mahtin posted:no, his mycrimes.txt were encrypted with FDE. that's why they nabbed him at the library. they wanted a place where both (a) he had the computer on, encryption password activated, screen unlocked, and (b) where they could sneak up behind him, cause a distraction, and snag the machine from him while it was in the unlocked state my favorite random little detail in this story is that he didn't bring his laptop charger with him so the FBI agents had to scramble to find an ac adapter compatible with that type of laptop
|
|
#
?
Mar 18, 2017 01:39
|
|
