|
"im not a crook! im not a crook!!", i continue to insist as i slowly shrink and transform into nixon.
|
# ? May 12, 2017 23:19 |
|
|
# ? May 11, 2024 16:19 |
|
I think we should all be very concerned about whatever military action he's contemplating to take the gaze off of this Russia poo poo. Worst case is going kinetic on the DPRK, best case is taking Iraq/Syria/Afghanistan to "the next level" Jesus gently caress almighty it's gonna be a blood bath to get a diversion.
|
# ? May 12, 2017 23:26 |
|
LtCol J. Krusinski posted:I think we should all be very concerned about whatever military action he's contemplating to take the gaze off of this Russia poo poo. He might announce another investigation of Clinton's emails. The usual right-wing propagandists are calling for one.
|
# ? May 12, 2017 23:31 |
|
Hes going to be too busy golfing this weekend to announce anything.
|
# ? May 12, 2017 23:32 |
|
ded posted:Hes going to be too busy golfing this weekend to announce anything. Leeds the way
|
# ? May 12, 2017 23:46 |
|
Fister Roboto posted:"im not a crook! im not a crook!!", i continue to insist as i slowly shrink and transform into nixon. Nice LtCol J. Krusinski posted:I think we should all be very concerned about whatever military action he's contemplating to take the gaze off of this Russia poo poo. Pretty much
|
# ? May 12, 2017 23:57 |
|
Don't let any of this distract you from the the fact that in 1966, Al Bundy scored four touchdowns in a single game while playing for the Polk High School Panthers in the 1966 city championship game versus Andrew Johnson High School, including the game-winning touchdown in the final seconds against his old nemesis, "Spare Tire" Dixon.
|
# ? May 13, 2017 00:09 |
|
Fister Roboto posted:"im not a crook! im not a crook!!", i continue to insist as i slowly shrink and transform into nixon. He's nowhere near as good or intelligent as Nixon was...on well anything.
|
# ? May 13, 2017 00:21 |
|
Trumps war on gays is heating up: https://www.usatoday.com/story/news/politics/2017/05/10/transgender-troop-ban-president-donald-trump-defense-secretary-jim-mattis/101527662/
|
# ? May 13, 2017 00:29 |
|
Poppyseed Poundcake posted:Trumps war on gays is heating up: https://www.usatoday.com/story/news/politics/2017/05/10/transgender-troop-ban-president-donald-trump-defense-secretary-jim-mattis/101527662/ transgender != gay
|
# ? May 13, 2017 00:32 |
|
psydude posted:Definitely. Automated containment and response (such as issuing an 802.1X change of authorization upon detection for quarantine) is becoming a big selling point right now. Companies are spending shitloads on tools like this, without any staff that knows how the gently caress to actually use them (actually, this is true for any infosec budget spending lately). It's completely nuts. Even large, well-funded enterprises I've worked with are prone to it. The EDR tech is super cool (and I really do dig the host isolation features) when it's deployed correctly, but it's still used in a sort of reactive manner by most companies, just struggling to play whack-a-mole with monitoring events. It's nice to not be completely dependent on finding someone from the helldesk in a remote office and tell them to unplug someone's network port asap (and pray they pull the right one) though. So, great solutions but the implementation tends to be lackluster. Kudos to the companies that do it well, though. For today's WannaCry ransomware hilarity, most of the prevention was super straightforward (and should have been planned for in general incident response plans and security strategies), and there's a shitload of methods to mitigate specific capabilities of the malware. The best part was the researcher who jumped in and registered the C2 domain and sinkholed it though, which really took the wind out of this one before it could get much, much worse. Unfortunately, the genie's effectively out of the bottle and this worm/ransomware hybrid poo poo is going to become the new normal. One of the bigger challenges will be moving from a narrower focus on things like AppLocker and other application whitelisting solutions to impair the malware executables' ability to run, and also having to focus on the long-forgotten worm mitigations we stopped thinking about after Conficker mostly died off, and looking at more granular network segmentation, analyzing protocols and services in use, how shares are utilized, etc. Disabling SMBv1 isn't going to be doable for everyone for ~reasons~ but should be considered for most portions of the network, for example (and I'm totally generalizing here). That helps prevent the self-propagation aspect for the most part. After that, you're back to the usual ransomware bullshit: dealing with malicious documents, lovely email gateway configurations, and easily-misled users.
|
# ? May 13, 2017 00:54 |
|
Ok, the "admission yesterday that he fired Directory Comey..." what was that? I remember the bragging about how he was going to fire Comey regardless of recommendations, but I do not remember this bit. Fister Roboto posted:"im not a crook! im not a crook!!", i continue to insist as i slowly shrink and transform into nixon. https://www.youtube.com/watch?v=_t8hpEKb4gk Also, this: https://twitter.com/Pixelfish/status/863053326530756608
|
# ? May 13, 2017 01:06 |
|
For your normal, every day Joe, what would you recommend doing to prevent this sort of thing happening to them? Beyond the standard, "Don't click funny links in weird emails, don't visit weird websites, etc"?
|
# ? May 13, 2017 01:11 |
|
windshipper posted:For your normal, every day Joe, what would you recommend doing to prevent this sort of thing happening to them? Beyond the standard, "Don't click funny links in weird emails, don't visit weird websites, etc"? Don't allow non-authorized computers to enter your network, block out things like thumb drives, nail down your intranet/network with proper firewalls ect. Oh and keep the 'guest' wifi seperate from your poo poo.
|
# ? May 13, 2017 01:18 |
|
windshipper posted:For your normal, every day Joe, what would you recommend doing to prevent this sort of thing happening to them? Beyond the standard, "Don't click funny links in weird emails, don't visit weird websites, etc"? I'm assuming you're coming at this from a personal user thing, rather than for a business-like environment, so I'll take that angle. Aside from what you said, which is still correct, the best basic poo poo that works for me:
Most malware affecting regular folks these days typically comes in via email, or by exploiting vulnerabilities in web browsers and their plugins. So the main course of action is simply to try to limit that surface area by being aware of what you're using and how you're using it. The email stuff preys on peoples' short attention spans, and uses basic social engineering to goad them to open things. Somehow people still fall for anything marked as a FedEx or UPS notification. Edit: and let Windows run its damned updates. Don't sit there and wait three weeks telling it to delay. Oct fucked around with this message at 01:32 on May 13, 2017 |
# ? May 13, 2017 01:29 |
|
windshipper posted:For your normal, every day Joe, what would you recommend doing to prevent this sort of thing happening to them? Beyond the standard, "Don't click funny links in weird emails, don't visit weird websites, etc"? If you're a regular Joe and you don't need to expose services to the internet. If your ports are not accessible from the internet (they shouldn't be if you have a router) then it's just the standard advice. Update your poo poo. This was patched in March
|
# ? May 13, 2017 01:31 |
|
windshipper posted:For your normal, every day Joe, what would you recommend doing to prevent this sort of thing happening to them? Beyond the standard, "Don't click funny links in weird emails, don't visit weird websites, etc"? Your not the target or likely gong to be a victim. Don't open attachments from anyone you're not expecting, don't click on links in emails, etc. etc. In my case we spent a few hours running this down in a major enterprise. The malware sample we found connects over 443 and 9001 to about 10 different IPs. It was embedded in a Word doc file. We got lucky as there was no impact observed on our enterprise. Block the IPs, triple check the patches using external scanners, and we're "safe". We also spun up 3 bridges and about 30 people. At my previous employer they're praying that they don't get hit and just duck and cover. They simply lack the manpower to do anything and the CISO preferred security theater to actually improving the team.
|
# ? May 13, 2017 01:31 |
|
MazelTovCocktail posted:He's nowhere near as good or intelligent as Nixon was...on well anything. Nixon also grew up dirt poor, served honorably in the military, and overcame numerous setbacks in his lengthy political career. I'd vote for post-Watergate Nixon over Trump any day.
|
# ? May 13, 2017 01:33 |
|
Nystral posted:Your not the target or likely gong to be a victim. We're you patched for MS17 010? I was assuming it started worming through SMB on execution. I need to get me a sample Laranzu fucked around with this message at 01:38 on May 13, 2017 |
# ? May 13, 2017 01:36 |
|
windshipper posted:For your normal, every day Joe, what would you recommend doing to prevent this sort of thing happening to them? Beyond the standard, "Don't click funny links in weird emails, don't visit weird websites, etc"?
|
# ? May 13, 2017 01:43 |
|
Yeah, I have Chrome with uBlock Origin and use PIA when I can (if I'm honest, sometimes it slows my internet down.... and I'm lazy and impatient). Always use PIA when at work, however. The emails/weird websites thing, while yeah, common sense, is something I always avoid, and with gmail I don't have to worry about as much. I will definitely be checking on the router settings, however, as that does sound handy and something I couldn't confirm offhand one way or another. Thank you!
|
# ? May 13, 2017 01:53 |
|
Cugel the Clever posted:Keep your computer up-to-date. From what I understand, the hospitals that fell victim were using an out-of-date version of Windows XP, which is years past the end of its official support. The hospitals involved are profoundly negligent with the security and safety of their patients. Having quit a hospital fairly recently in the US, they are also using XP and the IT staff is like 3 people, I hope it doesn't make it over here.
|
# ? May 13, 2017 01:54 |
|
Fister Roboto posted:Nixon also grew up dirt poor, served honorably in the military, and overcame numerous setbacks in his lengthy political career. He was also a total goon with women.
|
# ? May 13, 2017 01:56 |
|
Fister Roboto posted:Nixon also grew up dirt poor, served honorably in the military, and overcame numerous setbacks in his lengthy political career.
|
# ? May 13, 2017 01:58 |
|
Hospitals, doctors', and dentists' offices are objectively the worst IT environments.
|
# ? May 13, 2017 02:05 |
|
OPSEXXXY
|
# ? May 13, 2017 02:16 |
|
phuzzylodgik posted:Hospitals, doctors', and dentists' offices are objectively the worst IT environments. My everyday involves exactly this and good god you're not kidding
|
# ? May 13, 2017 02:17 |
|
psydude posted:They aren't gonna give them poo poo unless they're subpoenaed. And they ain't gonna get subpoenaed because the Republicans know that all of the outcomes for that look terrible for the party.
|
# ? May 13, 2017 02:32 |
|
Oct posted:Companies are spending shitloads on tools like this, without any staff that knows how the gently caress to actually use them (actually, this is true for any infosec budget spending lately). It's completely nuts. Even large, well-funded enterprises I've worked with are prone to it. The EDR tech is super cool (and I really do dig the host isolation features) when it's deployed correctly, but it's still used in a sort of reactive manner by most companies, just struggling to play whack-a-mole with monitoring events. It's nice to not be completely dependent on finding someone from the helldesk in a remote office and tell them to unplug someone's network port asap (and pray they pull the right one) though. So, great solutions but the implementation tends to be lackluster. Kudos to the companies that do it well, though. Pretty much. We sell consulting services to integrate everything, but we aren't a MSP so we aren't leaving people on site or providing remote support unless they pay us a lot. 75% of my customers (most of whom are Federal) are woefully unequipped to maintain an advanced security infrastructure; most of them are normal network engineers or even just systems administrators that had this stuff thrown on them by their management. To be honest, though, this is where the automation piece becomes even more essential, because someone who's worried about pushing out GPOs and updates in SCCM every day probably isn't going to be too focused on looking at PCAPs. I think the Security as a Service model will continue to pick up steam, even in the federal sector, because there's just such a massive shortage of security people and maintaining a full SOC with incident handlers, reverse engineering/forensics specialists, and security engineers is way too expensive. quote:One of the bigger challenges will be moving from a narrower focus on things like AppLocker and other application whitelisting solutions to impair the malware executables' ability to run, and also having to focus on the long-forgotten worm mitigations we stopped thinking about after Conficker mostly died off, and looking at more granular network segmentation, analyzing protocols and services in use, how shares are utilized, etc. Disabling SMBv1 isn't going to be doable for everyone for ~reasons~ but should be considered for most portions of the network, for example (and I'm totally generalizing here). That helps prevent the self-propagation aspect for the most part. After that, you're back to the usual ransomware bullshit: dealing with malicious documents, lovely email gateway configurations, and easily-misled users. Certain products (Cisco AMP, Palo Alto TRAPS) can flat out prevent ransomware from executing once they're on the target machine. These are just now starting to gain mainstream adoption in larger enterprises, though.
|
# ? May 13, 2017 03:34 |
|
https://www.wsj.com/articles/former-trump-adviser-paul-manaforts-bank-records-sought-in-probe-1494637248?tesla=y&mod=e2fbquote:The Justice Department last month requested banking records of Paul Manafort as part of a widening of probes related to President Donald Trump’s former campaign associates and whether they colluded with Russia in interfering with the 2016 election, according to people familiar with the matter.
|
# ? May 13, 2017 03:35 |
|
https://twitter.com/SDNYnews/status/863210141285482498?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet
|
# ? May 13, 2017 04:07 |
|
Nostalgia4Butts posted:https://twitter.com/SDNYnews/status/863210141285482498?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet I want to see the entire Republican party slapped with a RICO charge I reminded of the words the warrior poet Jay-Z spoke : quote:One day you're cruising in your 7, next day you're sweating, forgetting your lies Could be so easily rewritten for politics. Those lies aren't matching up
|
# ? May 13, 2017 04:17 |
|
Nostalgia4Butts posted:https://twitter.com/SDNYnews/status/863210141285482498?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet
|
# ? May 13, 2017 04:24 |
|
psydude posted:Certain products (Cisco AMP, Palo Alto TRAPS) can flat out prevent ransomware from executing once they're on the target machine. These are just now starting to gain mainstream adoption in larger enterprises, though. Yup, we resell AMP (and Carbon Black, Crowdstrike, etc. etc...) as a VAR, so I've gotten all of the dog and pony shows (please don't take me as being dismissive, unless your marketing basis is that your product is powered by AI or Machine Learning though, I don't post often but tend to agree with you). I work on the IR consulting side, so the vendors to show off for us, hoping we will use the tools in engagements (and recommend them to clients, naturally). The adoption rate on EDR has really stepped up over the past year and a half. Thing is, I've seen all of these products fail on ransomware more times than I can count. They are still awesome for response, and they're not bad by any means, but I don't trust them more than traditional AV for prevention (but I love being able to trace back infection vectors for root cause analysis with these newer solutions). I still see better success in that area by either mitigating the infection vectors, or more extensive endpoint hardening. I suppose I'm a big proponent of using a scalable, manageable solution that is flexible, but backing it up with low- or no-cost mechanisms too. I mostly agree with your comment on MSSPs as well. They're incredibly helpful for augmenting internal security staffs. That said, quality SOC analysts who don't get burnt out are in short supply, and a lot of the ones I've seen entering the field (either for MSSP or internal ops) are not getting the right training. There's a huge gap in critical thinking skills that is killing efficacy, and throwing money at the problem doesn't seem to be the answer. And that doesn't even begin to get at the other issues like continuing to perceive security exclusively as a cost center too. It's gonna continue to be rough for a while here, but I guess that's good for job security. Too bad it lets the slackers continue to skate by too though.
|
# ? May 13, 2017 04:27 |
|
Oct posted:Thing is, I've seen all of these products fail on ransomware more times than I can count. They are still awesome for response, and they're not bad by any means, but I don't trust them more than traditional AV for prevention (but I love being able to trace back infection vectors for root cause analysis with these newer solutions). I still see better success in that area by either mitigating the infection vectors, or more extensive endpoint hardening. I suppose I'm a big proponent of using a scalable, manageable solution that is flexible, but backing it up with low- or no-cost mechanisms too. No doubt. It's kind of depressing and has made me somewhat cynical, because at the end of the day it's really just a multimillion dollar game of whackamole at most places. You poked fun at AI and machine learning earlier, but I really do think that's the only possible way we can actually contain this kind of poo poo in the future: products that can look at what's happening in the abstract and then discern what's normal from what's not. Not just a NBAR solution, but a platform that can act like an actual security analyst. We're still a ways of from that as an industry, since we're just getting around to finally mastering basic stuff like speech and facial recognition. psydude fucked around with this message at 04:35 on May 13, 2017 |
# ? May 13, 2017 04:31 |
|
Posting more for the title of the article, rather than the (dubious and unsourced) content. From the Guardian: Comey don’t play that: ex-FBI director defies Trump Article posted:He hopes there are tapes. That would be perfect.
|
# ? May 13, 2017 04:31 |
|
Isn't everything that happens in the White House recorded? It would be odd if it was not.
|
# ? May 13, 2017 05:07 |
|
ded posted:Isn't everything that happens in the White House recorded? It would be odd if it was not. pre nixon a lot of presidents did it wonder why they stopped
|
# ? May 13, 2017 05:11 |
|
ded posted:Isn't everything that happens in the White House recorded? It would be odd if it was not. It take a long time to release them. Apparently the Hamilton ones just came out.
|
# ? May 13, 2017 05:18 |
|
|
# ? May 11, 2024 16:19 |
|
Nostalgia4Butts posted:pre nixon a lot of presidents did it Here's one of the reasons: https://youtu.be/S3GT9UN7nDo
|
# ? May 13, 2017 05:27 |