|
Oh so uploading to VT isn't a bad thing in itself usually, it's just that they've basically created a worse variant and made it 'public' by uploading it too soon? And the current situation means it might start a whole new fire before it can be contained?
|
#
?
May 15, 2017 12:51
|
|
|
|
| # ? May 22, 2024 05:00 |
|
|
baka kaba posted:Oh so uploading to VT isn't a bad thing in itself usually, it's just that they've basically created a worse variant and made it 'public' by uploading it too soon? And the current situation means it might start a whole new fire before it can be contained? Well, there is certainly the possibility they shortcut the lead time for someone developing and releasing a nastier variant. At this point it in WCry's lifecycle it was irresponsible.
|
|
#
?
May 15, 2017 12:57
|
|
|
On May 12th, Comodo had a "database system error" that has resulted in their loss of all certificates issued from May 3rd to the 12th. Given the suspect timing, what's the likelihood the largest certificate authority in the world depended on unpatched XP or Server 2003?
|
|
#
?
May 15, 2017 18:21
|
|
|
They had a database issue and lost... 9 days worth of orders? That's insane.
|
|
#
?
May 15, 2017 18:24
|
|
|
Cugel the Clever posted:On May 12th, Comodo had a "database system error" that has resulted in their loss of all certificates issued from May 3rd to the 12th. Given the suspect timing, what's the likelihood the largest certificate authority in the world depended on unpatched XP or Server 2003? Same comodo that went after let's encrypt? Nah, just straight up incompetence.
|
|
#
?
May 15, 2017 18:42
|
|
|
I really hope things are segmented in such a way that not everyone was affected. They seem to funnel a bunch of things through their cert-portal.com interface.
|
|
#
?
May 15, 2017 18:55
|
|
|
Note to self: don't stop massive malware attacks or the press will doxx you. https://flipboard.com/@thenextweb/-doxing-the-hero-who-stopped-wannacry-wa/f-fa540c0a7c%2Fthenextweb.com
|
|
#
?
May 15, 2017 19:33
|
|
|
Moatman posted:Note to self: don't stop massive malware attacks or the press will doxx you. https://flipboard.com/@thenextweb/-doxing-the-hero-who-stopped-wannacry-wa/f-fa540c0a7c%2Fthenextweb.com Jesus, I thought US journos were poo poo.
|
|
#
?
May 15, 2017 19:39
|
|
|
RFC2324 posted:Jesus, I thought US journos were poo poo.  British tabloids are notorious for this kind of thing, remember the whole phone hacking scandal?
|
|
#
?
May 15, 2017 19:49
|
|
|
incoherent posted:Same comodo that went after let's encrypt? Nah, just straight up incompetence.
|
|
#
?
May 15, 2017 20:06
|
|
|
Moatman posted:Note to self: don't stop massive malware attacks or the press will doxx you. https://flipboard.com/@thenextweb/-doxing-the-hero-who-stopped-wannacry-wa/f-fa540c0a7c%2Fthenextweb.com What in the actual gently caress is this... Unreal lol
|
|
#
?
May 15, 2017 20:14
|
|
|
Forgall posted:Went after in what way? https://arstechnica.com/tech-policy/2016/06/800-pound-comodo-tries-to-trademark-upstart-rivals-lets-encrypt-name/ CEO went after the "Lets encrypt" trademark deeming it a part of their bussness, the free 90 day certificate. The difference is LE can be renewed indefinitely for free and comodo was using it to upsell certs.
|
|
#
?
May 15, 2017 20:41
|
|
|
CLAM DOWN posted:
The British tabloid press (that includes the Telegraph now) are a festering sewer and the sooner everybody involved ends up on the street because someone has found out how to make people angry through Instagram or whatever the better.
|
|
#
?
May 15, 2017 21:11
|
|
|
ChubbyThePhat posted:What in the actual gently caress is this... yeah I can't believe flipboard is still going either
|
|
#
?
May 15, 2017 21:13
|
|
|
hobbesmaster posted:yeah I can't believe flipboard is still going either 
|
|
#
?
May 15, 2017 22:25
|
|
|
Moatman posted:Note to self: don't stop massive malware attacks or the press will doxx you. https://flipboard.com/@thenextweb/-doxing-the-hero-who-stopped-wannacry-wa/f-fa540c0a7c%2Fthenextweb.com loving unbelievable.
|
|
#
?
May 16, 2017 00:38
|
|
|
Scarry
|
|
#
?
May 16, 2017 01:27
|
|
|
Anyone here have much experience with Netscaler? Having some issues getting syslog from Netscaler to Splunk to our SIEM because of headers that Splunk is adding. We're looking at just adding the SIEM as a syslog destination to Netscaler but it would be the 3rd destination and an IT manager is afraid that it would have performance impacts to add a 3rd. I don't work with the Citrix environment so I don't know if that's realistic or not. I would not normally expect it to be an issue with other network devices...
|
|
#
?
May 19, 2017 15:13
|
|
|
Solaron posted:Anyone here have much experience with Netscaler? Having some issues getting syslog from Netscaler to Splunk to our SIEM because of headers that Splunk is adding. We're looking at just adding the SIEM as a syslog destination to Netscaler but it would be the 3rd destination and an IT manager is afraid that it would have performance impacts to add a 3rd. I don't work with the Citrix environment so I don't know if that's realistic or not. I would not normally expect it to be an issue with other network devices... What do you mean "headers"? Do you just have generic syslog collection going on or are you doing some sort of transform in the process?
|
|
#
?
May 19, 2017 16:32
|
|
|
OSI bean dip posted:What do you mean "headers"? Do you just have generic syslog collection going on or are you doing some sort of transform in the process? Well, this process is managed overseas and they're not really open to giving us access to see the inner workings, so I only know what they're telling me. I own the SIEM and that's why I'm even having to be involved. I'm told that Splunk is just forwarding the logs they receive from Netscaler but we're seeing IPADDR TIMESTAMP IPADDR instead of the 3164 format of <PRI> TIMESTAMP IPADDR when we receive the logs from Splunk, and it's breaking the parser. I can only assume they're massaging the data on their end somehow but all I'm being told is 'Splunk doesn't offer any options to let us modify this'.
|
|
#
?
May 19, 2017 18:28
|
|
|
Solaron posted:Well, this process is managed overseas and they're not really open to giving us access to see the inner workings, so I only know what they're telling me. I own the SIEM and that's why I'm even having to be involved. I'm told that Splunk is just forwarding the logs they receive from Netscaler but we're seeing IPADDR TIMESTAMP IPADDR instead of the 3164 format of <PRI> TIMESTAMP IPADDR when we receive the logs from Splunk, and it's breaking the parser. Put logstash on your end and strip the useless crap from it. If you're using ArcSight you can use the CEF codec to format your data.
|
|
#
?
May 19, 2017 19:09
|
|
|
Solaron posted:Well, this process is managed overseas and they're not really open to giving us access to see the inner workings, so I only know what they're telling me. I own the SIEM and that's why I'm even having to be involved. I'm told that Splunk is just forwarding the logs they receive from Netscaler but we're seeing IPADDR TIMESTAMP IPADDR instead of the 3164 format of <PRI> TIMESTAMP IPADDR when we receive the logs from Splunk, and it's breaking the parser. Splunk natively doesn't add anything to the data being received other than putting the raw data into a field if there are no field extractions. If you're finding that the data is being modified then either it's an issue with the Netscaler, somehow there is a transform/props configuration going awry, or they're not giving you the whole truth. https://splunkbase.splunk.com/app/2770/ This likely has the right configuration and they should be using this at the forwarder.
|
|
#
?
May 19, 2017 19:14
|
|
|
OSI bean dip posted:Splunk natively doesn't add anything to the data being received other than putting the raw data into a field if there are no field extractions. If you're finding that the data is being modified then either it's an issue with the Netscaler, somehow there is a transform/props configuration going awry, or they're not giving you the whole truth. OSI and Loch - thanks for the feedback and the link, I'll check it out. What you're saying makes sense.
|
|
#
?
May 19, 2017 19:56
|
|
|
People using KeePass for password management, do you just open up the database and copy your password every time you need to login to a site or is there an easier method? How do people feel about other password managers like Dashlane if the information is kept local and not synced through their servers?
|
|
#
?
May 19, 2017 20:34
|
|
|
Levitate posted:People using KeePass for password management, do you just open up the database and copy your password every time you need to login to a site or is there an easier method? Ctrl-v
|
|
#
?
May 19, 2017 20:42
|
|
|
I went to a local infosec conference here in Winnipeg on Tuesday. I got Kevin Mitnick's business card. Like most conferences (probably) it was jammed with vendors trying to sell stuff and I don't know how much I learned in the various sessions. I'm basically a desktop support guy at my current IT job but from listening to the talks it sounds like I want to move to tier 1/tier 2 SOC analyst at a larger company that actually has a NOC/SOC. Would I need certs for that type of work? CCNA or an ISACA cert or something?
|
|
#
?
May 19, 2017 21:04
|
|
|
Levitate posted:People using KeePass for password management, do you just open up the database and copy your password every time you need to login to a site or is there an easier method? KeePass2 for example Android. You can store it in gdrive or services like that or use it local for more secure. Best is you can do a fast log in that means the first time you have to uses your complete password than you can manage that you only have to write the last 5 symbols of your password until you close the databank. That is extrem useful if you need over a longer time diverent logins and passwords. Best ist you can implement the sit that needs your pass/ login so keepass2 can login you automatical no copy and paste needed. If you have to copy and paste It brings his own keyboard so other android apps can't steal your datas with this shared cache thing.... All you have to do is press button a for loginname and b for password You dont have to copy and past that dose the app. https://play.google.com/store/apps/details?id=keepass2android.keepass2android
|
|
#
?
May 19, 2017 21:07
|
|
|
Levitate posted:People using KeePass for password management, do you just open up the database and copy your password every time you need to login to a site or is there an easier method? On the desktop, if you're using Professional edition (still free) there is an autotype option. It gets setup based on the title of the window that has focus when you hit the keyboard shorty, ctrl+alt+a by default.
|
|
#
?
May 19, 2017 21:12
|
|
|
KeePass + Google Drive/Dropbox + Keepass2Android (or there is an iOS app too) is fantastic
|
|
#
?
May 19, 2017 21:16
|
|
|
rafikki posted:On the desktop, if you're using Professional edition (still free) there is an autotype option. It gets setup based on the title of the window that has focus when you hit the keyboard shorty, ctrl+alt+a by default. Thank you that exactly was in my mind what I want to tell him but didnt find the right words. ☺
|
|
#
?
May 19, 2017 21:27
|
|
|
rafikki posted:On the desktop, if you're using Professional edition (still free) there is an autotype option. It gets setup based on the title of the window that has focus when you hit the keyboard shorty, ctrl+alt+a by default. I don't get why 2.x is called "Professional" edition. It's just 2.0.
|
|
#
?
May 19, 2017 22:02
|
|
|
Cool, thanks, I'll keep looking into it. 
|
|
#
?
May 20, 2017 05:07
|
|
|
anyone here come from military background? im currently about to enlist for this. People are saying it will be pretty easy to transition to a civilian career afterwards, just wondering if thats true from your perspectives and anything else you'd like to share. I dont really know anything about infosec/networks atm and school is only 6mo long so i have my doubts about those claims am i goina be the bad guy SeismicTriangle fucked around with this message at 05:52 on May 20, 2017 |
|
#
?
May 20, 2017 05:44
|
|
|
That's because you would have a clearance and veteran's preference for any federal jobs. So you could do help desk for SIPRnet or whatever
|
|
#
?
May 20, 2017 05:54
|
|
|
rafikki posted:On the desktop, if you're using Professional edition (still free) there is an autotype option. It gets setup based on the title of the window that has focus when you hit the keyboard shorty, ctrl+alt+a by default. I could never get that to works and I have no idea why 
|
|
#
?
May 20, 2017 08:21
|
|
|
Furism posted:I could never get that to works and I have no idea why Just playing around with this and it seems like the key to it working with a given site is that the title of your keypass entry match the display name of the website in the browser window. e: though sometimes it doesn't work but you can edit the entry and autotype settings and there's an option to select a current browser window as one that would activate the autotype but ultimately I guess you have to open the keypass database whenever you are gonna be browsing and close it when you're done type of thing eh e: I mean without a plugin or something that can hit the database each time requested, that makes sense. Levitate fucked around with this message at 19:20 on May 20, 2017 |
|
#
?
May 20, 2017 18:39
|
|
|
Theres also the webautotype plugin which will match against the url of the page displayed in the browser. Can use regex against the url as well. I'm conflicted about whether the security implications of taking on yet another devs code is worth it, but I do use it.
|
|
#
?
May 20, 2017 18:45
|
|
|
lol the British tabloids apparently doxxed the MalwareTech guy that stopped the first version of WannaCry by registering the killswitch domain.
|
|
#
?
May 20, 2017 21:56
|
|
|
Savagely so, yeah. Address, picture of house, etc.
|
|
#
?
May 20, 2017 22:00
|
|
|
|
| # ? May 22, 2024 05:00 |
|
|
SeismicTriangle posted:anyone here come from military background? im currently about to enlist for this. People are saying it will be pretty easy to transition to a civilian career afterwards, just wondering if thats true from your perspectives and anything else you'd like to share. I dont really know anything about infosec/networks atm and school is only 6mo long so i have my doubts about those claims I wasn't military but I used to work with CTNs and the other branch equivalents on the DoD civilian side. You'll gain a lot of exposure to things like pentesting that will make you employable in infosec as a civilian, but like hobbesmaster said the biggest thing is that you will end up with a TS/SCI clearance. This means that the civilian companies that will want to employ you the most will be defense contractors. Infosec is really broad so you will have other options, but having the clearance is basically a golden ticket to a large paycheck if you stick with government contractors. And no you won't be stuck just doing help desk/IT stuff in the civilian world. Whether or not you will be the bad guy really depends on how you feel about the US military industrial complex. The NSA would be a potential duty station for a CTN, so again it depends on your personal opinions.
|
|
#
?
May 23, 2017 01:03
|
|
