|
if they're all poo poo might as well stick with the one you already have
|
# ? May 26, 2017 09:05 |
|
|
# ? May 17, 2024 04:44 |
DoctorTristan posted:if they're all poo poo might as well stick with the one you already have no
|
|
# ? May 26, 2017 09:22 |
|
DoctorTristan posted:if they're all poo poo might as well stick with the one you already have you mean like the free* copy of norton that came installed on my bestbuy computer?
|
# ? May 26, 2017 09:49 |
|
Daman posted:how can msmpeng not be sandboxed? like, what? they rolled it in as a standard component. they're even sandboxing dangerous kernel areas now. I bet it can but keep in mind this is ultimately a scanning engine MS acquired from GiantAV years ago. Sandboxing wasn't common then and it's quite a bit of work to shoehorn it in. I bet they're putting some serious resources in to it now that they've been popped a few times, MS understands security models and how to write code they chose not to do so until forced. As it stands MSE is still the least-bad and gets patched in a timely manner without the devs fighting or denying you. This is a difficult and obscure bug the execute, he was turning up a ton of dirt before with basic poo poo like input fuzzing which demonstrates other products having zero real security review for their coding teams.
|
# ? May 26, 2017 13:26 |
|
My company doesn't want to start a security bug bounty program because it might make us look weak.
|
# ? May 26, 2017 14:53 |
ratbert90 posted:My company doesn't want to start a security bug bounty program because it might make us look weak. show them us army bug bounty programs
|
|
# ? May 26, 2017 14:55 |
|
I would like to see what someone like tavis would do to an EHR. they'd probably try to sue him into the dirt.
|
# ? May 26, 2017 14:56 |
|
ratbert90 posted:My company doesn't want to start a security bug bounty program because it might make us look weak. "we got hit with ransomware" "walk it off"
|
# ? May 26, 2017 15:01 |
|
DumbWhiteGuy posted:"we got hit with ransomware" It's for our embedded product. We don't have an established security bug bounty program, but his worry is that other companies in our industry might go: "See, THEY have bugs, so don't buy them. " (Our competitors also do not have security bug bounty programs either.)
|
# ? May 26, 2017 15:07 |
|
Shaggar posted:I would like to see what someone like tavis would do to an EHR. they'd probably try to sue him into the dirt. epic hides all description of security bugs in a secret folder they only the person fixing has access to. they never disclose them to customers until they're patched. most of them are straight up code injection due to heavy use of the x and d @ operators in their code.
|
# ? May 26, 2017 15:33 |
|
_somebody_ should own they poo poo and do a full disclosure maybe
|
# ? May 26, 2017 15:34 |
|
redleader posted:it's cool how there's this giant, freakishly insecure subsystem buried deep in every modern windows installation that's why corporate it people like windows, they see a bit of themselves in it
|
# ? May 26, 2017 15:36 |
|
Cocoa Crispies posted:that's why corporate it people like windows, they see a bit of themselves in it
|
# ? May 26, 2017 15:51 |
|
con\con is back in mft form https://arstechnica.com/information-technology/2017/05/in-a-throwback-to-the-90s-ntfs-bug-lets-anyone-hang-or-crash-windows-7-8-1/
|
# ? May 26, 2017 16:01 |
|
so apparently ubuntu can get owned by that smb thing https://twitter.com/hdmoore/status/867490406111604736
|
# ? May 26, 2017 16:36 |
|
Shaggar posted:I would like to see what someone like tavis would do to an EHR. they'd probably try to sue him into the dirt. loving christ he'd probably end up accidentally killing thousands just by touching a dev server. somehow
|
# ? May 26, 2017 17:01 |
|
Cocoa Crispies posted:that's why corporate it people like windows, they see a bit of themselves in it
|
# ? May 26, 2017 17:02 |
|
Cocoa Crispies posted:that's why corporate it people like windows, they see a bit of themselves in it lol
|
# ? May 26, 2017 17:12 |
|
Mr SuperAwesome posted:so apparently ubuntu can get owned by that smb thing The Samba bug affects over 7 years worth of Samba releases. 95% of everything serving SMB from a *nix-ish platform released in this decade is vulnerable if it hasn't been patched or had the affected feature (something about named pipes) turned off.
|
# ? May 26, 2017 18:13 |
|
wolrah posted:The Samba bug affects over 7 years worth of Samba releases. 95% of everything serving SMB from a *nix-ish platform released in this decade is vulnerable if it hasn't been patched or had the affected feature (something about named pipes) turned off. hahahahah HAHAHAHAHAH yes
|
# ? May 26, 2017 18:15 |
|
I am sure all those storage appliances that companies are dependent on will be issued prompt patches that will be installed by IT staff
|
# ? May 26, 2017 18:16 |
|
wolrah posted:The Samba bug affects over 7 years worth of Samba releases. 95% of everything serving SMB from a *nix-ish platform released in this decade is vulnerable if it hasn't been patched or had the affected feature (something about named pipes) turned off. centos is unaffected because selinux saves the day
|
# ? May 26, 2017 18:20 |
|
does selinux stop samba from executing as root somehow?
|
# ? May 26, 2017 18:21 |
|
BangersInMyKnickers posted:does selinux stop samba from executing as root somehow? https://access.redhat.com/security/cve/CVE-2017-7494 posted:Mitigation
|
# ? May 26, 2017 18:24 |
|
I am asking this in all honestly: what is the architecture in selinux that prevents services running as root like samba from tampering with its own constraints and escaping? Is it some sort of integrity level mechanism?
|
# ? May 26, 2017 18:27 |
|
BangersInMyKnickers posted:I am sure all those storage appliances that companies are dependent on will be issued prompt patches that will be installed by IT staff i literally just sent a notice to a client telling them to update their synology asap
|
# ? May 26, 2017 18:46 |
|
Synology's will autoupdate and restart with a 1 hour warning which is kinda nice but also you can't configure a maintenance interval last I checked so its probably getting turned off my the small business segment. I get an email notification at like 5am a few times a month
|
# ? May 26, 2017 18:49 |
|
there isn't a true root under selinux, it's privileges all the way down. you can give a program or user specific privileges, but it doesn't include an omnipotent power to alter privileges
|
# ? May 26, 2017 19:03 |
|
BangersInMyKnickers posted:I am asking this in all honestly: what is the architecture in selinux that prevents services running as root like samba from tampering with its own constraints and escaping? Is it some sort of integrity level mechanism? The service doesn't control it's selinux domain. Unless it has selinux permissions to transition to another domain it's stuck there till it owns the kernel or owns someone else it's allowed to talk to
|
# ? May 26, 2017 19:11 |
|
Cool, thanks.
|
# ? May 26, 2017 19:17 |
|
So is Microsoft dropping EMET because they're rolling all the features in to the base OS at some point or because they have some idiotic dream that all apps in a year will come through the Windows store and enforce opt-in for all the security features that EMET enforces? Because there's still going to be decades of legacy applications that could benefit from it
|
# ? May 26, 2017 19:37 |
|
BangersInMyKnickers posted:So is Microsoft dropping EMET because they're rolling all the features in to the base OS at some point or because they have some idiotic dream that all apps in a year will come through the Windows store and enforce opt-in for all the security features that EMET enforces? Because there's still going to be decades of legacy applications that could benefit from it iirc lots of emet was already made native as part of defender in win10
|
# ? May 26, 2017 19:53 |
|
Shaggar posted:iirc lots of emet was already made native as part of defender in win10 This was my understanding as well but I don't follow window sec news v closely
|
# ? May 26, 2017 19:59 |
|
they make it hard to follow any emet news in particular
|
# ? May 26, 2017 20:10 |
|
BangersInMyKnickers posted:Synology's will autoupdate and restart with a 1 hour warning which is kinda nice but also you can't configure a maintenance interval last I checked so its probably getting turned off my the small business segment. I get an email notification at like 5am a few times a month you can set a time and day for automatic updates to be applied and for the box to reboot if required i can poo poo-talk about synology a lot which mainly comes down to people using them for things they arent meant to do, but they are on the ball with their patches Thanks Ants fucked around with this message at 20:19 on May 26, 2017 |
# ? May 26, 2017 20:16 |
|
Wiggly Wayne DDS posted:they make it hard to follow any emet news in particular hmm, looks like its EOL https://technet.microsoft.com/en-us/security/jj653751 I was not aware
|
# ? May 26, 2017 20:24 |
|
yeah but even before EOL it was nigh impossible to get any news on their updates
|
# ? May 26, 2017 20:46 |
|
Shaggar posted:iirc lots of emet was already made native as part of defender in win10 Got any documentation I'd like to know exactly what they are doing
|
# ? May 26, 2017 20:53 |
|
The poo poo still works and even the server OS ships with too many system-wide mitigations as opt-in when they should be enforced or opt-out and I'm not really seeing MS addressing that possibly because they are poo poo gently caress idiots
|
# ? May 26, 2017 20:55 |
|
|
# ? May 17, 2024 04:44 |
|
BangersInMyKnickers posted:The poo poo still works and even the server OS ships with too many system-wide mitigations as opt-in when they should be enforced or opt-out and I'm not really seeing MS addressing that possibly because they are poo poo gently caress idiots don't sign
|
# ? May 26, 2017 21:25 |