|
Pikavangelist posted:https://arstechnica.com/security/2016/04/nation-wide-radio-station-hack-airs-hours-of-vulgar-furry-sex-ramblings/ lmao
|
#
?
Apr 9, 2017 16:37
|
|
|
|
| # ? May 18, 2024 18:26 |
|
|
Double Punctuation posted:I loving love Cloud To Butt right now.  Also, is that malware that has you play a game to decrypt your stuff legit? I ... I want to be infected to play shmups.
|
|
#
?
Apr 9, 2017 17:15
|
|
|
EVIL Gibson posted:
Yes https://www.bleepingcomputer.com/news/security/rensenware-will-only-decrypt-files-if-victim-scores-2-billion-in-th12-game/
|
|
#
?
Apr 9, 2017 18:38
|
|
|
Thanks Ants posted:lmao Reminds me of this incident. https://youtu.be/tWdgAMYjYSs But on the radio. And "yiffier" (no computer I do NOT want you to learn that as an autocorrect word!)
|
|
#
?
Apr 9, 2017 19:26
|
|
|
Yeah I was trying to make a furry-based pun that rhymed with Max Headroom but utterly failed
|
|
#
?
Apr 9, 2017 20:29
|
|
|
Just met some recruiters from Cylance, a new enterprise AV program trying to make it big. Their gimmick is using neural networks for heuristic analysis rather than manually-updated databases, and keeping the application small, lightweight, and unintrusive. They had a marketing lady peddling the usual bullshit, but I'm curious how legitimate the actual software looks.
|
|
#
?
Apr 9, 2017 22:26
|
|
|
Cup Runneth Over posted:Just met some recruiters from Cylance, a new enterprise AV program trying to make it big. Their gimmick is using neural networks for heuristic analysis rather than manually-updated databases, and keeping the application small, lightweight, and unintrusive. They had a marketing lady peddling the usual bullshit, but I'm curious how legitimate the actual software looks. If you like super restrictive NDAs and C#, then this is the job for you! They also laid off a huge chunk of their staff recently.
|
|
#
?
Apr 9, 2017 23:54
|
|
|
OSI bean dip posted:They also laid off a huge chunk of their staff recently. Their software is obviously so good that they don't need all of those extra people!
|
|
#
?
Apr 9, 2017 23:56
|
|
|
Aren't they the people that won't let anybody publicly review their product?
|
|
#
?
Apr 10, 2017 00:43
|
|
|
Thanks Ants posted:Aren't they the people that won't let anybody publicly review their product? Well, there's this
|
|
#
?
Apr 10, 2017 00:59
|
|
|
OSI bean dip posted:If you like super restrictive NDAs and C#, then this is the job for you! I mean, I'm ok with C#. Good to know they're as shady as they appear, though.
|
|
#
?
Apr 10, 2017 02:22
|
|
|
Hollow Talk posted:Their software is obviously so good that they don't need all of those extra people! Uh yeah, that's what the neural networks are for.
|
|
#
?
Apr 10, 2017 05:26
|
|
|
Neural networks seem the way to go for heuristics (or, rather, heuristics seem to be the way to go to detect malware) but without a full and open review of the technology it's hard to tell how well it works (both in terms of design but also of accuracy). If they were so confident in the technology I don't know they'd be hiding it so much. By the way it seems some other people are doing this now, some head hunter wanted me to interview for these guys: https://www.vectranetworks.com/ ; don't know how good they are either.
|
|
#
?
Apr 10, 2017 09:31
|
|
|
Whatever method you use for malware detection, it still will have the same fundamental 0-day problem. Malware writers can always test the malware against the AV and make a version that gets past it.
|
|
#
?
Apr 10, 2017 09:56
|
|
|
Rectus posted:Whatever method you use for malware detection, it still will have the same fundamental 0-day problem. I think the (maybe unachievable) goal of heuristic-based detection is to make 0-days a thing of the past. I'm not sure how achievable that is.
|
|
#
?
Apr 10, 2017 10:01
|
|
|
Rectus posted:Whatever method you use for malware detection, it still will have the same fundamental 0-day problem. Malware writers can always test the malware against the AV and make a version that gets past it. Not if they can't get a copy! 
|
|
#
?
Apr 10, 2017 10:09
|
|
|
EVIL Gibson posted:loving GOOD! 
|
|
#
?
Apr 10, 2017 13:31
|
|
|
EVIL Gibson posted:loving GOOD! Turns out the place that seems to be doing decent work when it comes to IoT is... IKEA (& another link) 
|
|
#
?
Apr 10, 2017 14:37
|
|
|
Cup Runneth Over posted:Just met some recruiters from Cylance, a new enterprise AV program trying to make it big. Their gimmick is using neural networks for heuristic analysis rather than manually-updated databases, and keeping the application small, lightweight, and unintrusive. They had a marketing lady peddling the usual bullshit, but I'm curious how legitimate the actual software looks. I went to a Cylance demo and presentation at a restaurant a few months ago - Stuart McClure, the CEO was there and discussing Cylance and why it was so much better than the competition. There was definitely a lot of emphasis on the neural network / machine learning and everything it could do that traditional signature based AV struggles with. We haven't used it but are considering it (along with a few others) to replace our existing AV. Their big selling point used in that meeting was the OPM's use of Cylance to investigate their hack last year: https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/
|
|
#
?
Apr 10, 2017 14:45
|
|
|
|
|
#
?
Apr 10, 2017 15:07
|
|
|
Cup Runneth Over posted:Just met some recruiters from Cylance, a new enterprise AV program trying to make it big. Their gimmick is using neural networks for heuristic analysis rather than manually-updated databases, and keeping the application small, lightweight, and unintrusive. They had a marketing lady peddling the usual bullshit, but I'm curious how legitimate the actual software looks. I think the machine learning AV business is probably a bit better than your standard McAfee install or whatever, but I still don't think the improvement is going to be very remarkable. You still have the zero day problem and ultimately it's still just kind of a fancy heuristic based approach. I saw a presentation from Carbon Black a couple of weeks ago and it seems like their "AV" product is more of a step in the right direction. They're basically looking at processes, tagging activities and scoring the activities on a continuum of "maliciousness". Outlook spawning Chrome? Pretty low on the scale, but Outlook spawning Word, spawning cmd, invoking powershell...that gets a much high rating. So less of a concern about the files and more about process behavior.
|
|
#
?
Apr 10, 2017 15:39
|
|
|
 But seriously, IoT will always be bad but people won't stop buying them because the "Internet is Stupid". One of the few things that would help is an industry standard to clear before a product is released like, i dunno, maybe not leave the telnet port open with default creds "admin/admin"
|
|
#
?
Apr 10, 2017 16:31
|
|
|
EVIL Gibson posted:One of the few things that would help is an industry standard to clear before a product is released like, i dunno, maybe not leave the telnet port open with default creds "admin/admin" I'd take it further and say a LEGAL standard rather than just an industry standard. Releasing a device that's intended and expected to be exposed to the internet with a default password of any kind is negligence at this point, there's no way for a reasonable person developing these products to not be aware of the risk. Intentional backdoors I'd consider reckless at minimum. If companies start losing lawsuits because they released a steaming pile of vulnerable poo poo they'll start caring really fast. It's not like it's even that hard to not be horrible. 1. Don't have any backdoors. 2. Don't allow a default password to actually be used on a device in operation. Make it only work after a factory reset, where the password is required to be changed before the device will operate in any meaningful way. Those two simple things would knock out 95% of the low hanging fruit out there and take between zero and negative effort to implement. Bonus points for not listening to any traffic from outside of the local subnet unless explicitly configured to do so. Those things are easy to do, easy to test, don't inconvenience the user significantly, and raise the bar for a Mirai style worm from "can port scan and ask nicely to be let in" to "must find a pre-authentication vulnerability in an internet-exposed service".
|
|
#
?
Apr 10, 2017 18:41
|
|
|
EVIL Gibson posted:
Please don't talk about my companies old product. (Yes it actually does this.)
|
|
#
?
Apr 10, 2017 19:51
|
|
|
EVIL Gibson posted:
This is because if people can't immediately get in they call tech support. And if you have a set a password wizard they'll set it back to admin/admin. Users are the biggest problem for security. Telnet on WAN by default is bad but I can understand because we get support cases that are "I can't get into my <device>" when they're using the WAN interface. (I thankfully don't work with a consumer product at least)
|
|
#
?
Apr 10, 2017 19:59
|
|
|
Randomly generate admin credentials when the product sticker is made (not derived from the MAC address, serial number etc.) use QR code in mobile app as part of setup process to set those credentials on the device. Advanced users can change it later if they want to.
|
|
#
?
Apr 10, 2017 20:29
|
|
|
My vacuum (right?) has a fixed random password that's printed on the inside, and I don't think I can change it without flashing new firmware off a USB stick. Who needs to change the password? You can look it up when you need it every 5 months, if you don't have a password manager.
|
|
#
?
Apr 10, 2017 21:01
|
|
|
Thanks Ants posted:Randomly generate admin credentials when the product sticker is made (not derived from the MAC address, serial number etc.) use QR code in mobile app as part of setup process to set those credentials on the device. Advanced users can change it later if they want to. AT&T does the sticker thing for their routers. They don't have any symbols, but they're a reasonable length and are fairly random. Subjunctive posted:My vacuum (right?) has a fixed random password I was thinking about hand-pushed vacuums and trying to figure out why they would need a password. I'm getting old. Double Punctuation fucked around with this message at 21:28 on Apr 10, 2017 |
|
#
?
Apr 10, 2017 21:26
|
|
|
Double Punctuation posted:I was thinking about hand-pushed vacuums and trying to figure out why they would need a password. I'm getting old. It's not that?
|
|
#
?
Apr 10, 2017 21:39
|
|
|
Avenging_Mikon posted:It's not that? I thought that too, but after Double Punctuation's remark I realized it could be an industrial or lab vacuum chamber. I can see it being network capable for experiments or integrating into an automated process.
|
|
#
?
Apr 10, 2017 21:43
|
|
|
Or just a roomba.
|
|
#
?
Apr 10, 2017 21:44
|
|
|
The Dyson variant, but yeah, basically a Roomba.
|
|
#
?
Apr 10, 2017 21:45
|
|
|
Thanks Ants posted:Randomly generate admin credentials when the product sticker is made (not derived from the MAC address, serial number etc.) use QR code in mobile app as part of setup process to set those credentials on the device. Advanced users can change it later if they want to. Double Punctuation posted:AT&T does the sticker thing for their routers. They don't have any symbols, but they're a reasonable length and are fairly random. Not true anymore...  Try having a 62 year old office manager who's half blind (the kind of person who complains to their boss when you disable their ability to set their 1920x1080 monitor to 1024x768) read that out over the phone.
|
|
#
?
Apr 10, 2017 21:54
|
|
|
wolrah posted:That definitely works but requires that their production process allow for that. Serial number or MAC address stickers can just be printed in bulk sequentially and applied as needed. Randomly generated passwords require some more significant integration between the sticker process and the rest of production. I meant that the device doesn't work out of the box, it just sits in a setup mode. Scanning the code into the mobile app writes that into the device itself, so there doesn't need to be any integration between sticker printing and device flashing. To pair more devices you need an existing paired device to put it in pairing mode, and then the second user can scan the code into their app. If you lose the only phone that is paired then you need to default the box.
|
|
#
?
Apr 10, 2017 21:59
|
|
|
Thanks Ants posted:I meant that the device doesn't work out of the box, it just sits in a setup mode. Scanning the code into the mobile app writes that into the device itself, so there doesn't need to be any integration between sticker printing and device flashing. To pair more devices you need an existing paired device to put it in pairing mode, and then the second user can scan the code into their app. If you lose the only phone that is paired then you need to default the box. Ahh, so effectively there's a hidden default password or total lack thereof that the app uses to take the device out of setup mode and as part of that process set some other key that was randomly generated at print time or chosen by the user. That seems like it'd be fine for the most part as long as that setup mode can't be activated remotely, like with those Nest cameras recently.
|
|
#
?
Apr 10, 2017 22:47
|
|
|
Yeah basically, initial setup over Bluetooth or something. I dunno, someone would find a way to utterly gently caress up the implementation. Ikea seem to have the right idea above - secured and there's no internet connected element other than software updates, remains to be seen if it all goes to poo poo if/when they try to make it an online accessible service. Thanks Ants fucked around with this message at 23:20 on Apr 10, 2017 |
|
#
?
Apr 10, 2017 23:15
|
|
|
Oh my god ArcSight is such a bloated piece of poo poo
|
|
#
?
Apr 12, 2017 19:20
|
|
|
CLAM DOWN posted:Oh my god ArcSight is such a bloated piece of poo poo Agreed 100%, and also "this but QRadar" And also most SIEMs I'd still rather use ArcSight over anything else, if it weren't as expensive as it is bloated.
|
|
#
?
Apr 12, 2017 19:40
|
|
|
My big problem with it is the Java UI console is such a pain in the dick. Inconsistent behavior, not able to easily maneuver via the keyboard, copy and paste sometimes work, etc.
|
|
#
?
Apr 12, 2017 19:48
|
|
|
|
| # ? May 18, 2024 18:26 |
|
|
My only experience with SIEM is NetWitness (formerly Security Analytics, formerly NetWitness), which we use at my current employer. How does that stack up?
|
|
#
?
Apr 12, 2017 20:19
|
|