|
Meat Beat Agent posted:i bet that dude will WannaCry after he gets fired lol
|
#
?
Jun 29, 2017 18:52
|
|
|
|
| # ? May 15, 2024 00:00 |
|
|
I'm at a training for amongst other things selling iot solutions one of the main talking points was how to sell solutions without talking to IT departments 
|
|
#
?
Jun 29, 2017 18:58
|
|
|
so apparently the MeDoc secfuck was serving unsigned updates over HTTP from an ISP tied to the FSB
|
|
#
?
Jun 29, 2017 19:16
|
|
|
pseudorandom name posted:so apparently the MeDoc secfuck was serving unsigned updates over HTTP from an ISP tied to the FSB oh what? have a link to this?
|
|
#
?
Jun 29, 2017 19:25
|
|
|
microsoft's thrown together exploit analysis on eternal champion: https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/
|
|
#
?
Jun 29, 2017 19:28
|
|
|
BeOSPOS posted:oh what? have a link to this?
|
|
#
?
Jun 29, 2017 20:23
|
|
|
infernal machines posted:were there any vulns found in apple's SMB implementation? they rolled their own sometime after 10.6 iirc not sure about apple's Implimentation but I recall seeing evidence that the attack was viable on Samba as well
|
|
#
?
Jun 29, 2017 20:29
|
|
|
the supported cipher list from a major industrial controls vendor's monitoring and remote access platform: TLS_RSA_WITH_NULL_MD5 (0x1) INSECURE 0 TLS_RSA_WITH_NULL_SHA (0x2) INSECURE 0 TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010) ECDH sect571r1 (eq. 15360 bits RSA) FS INSECURE 0 TLS_ECDH_anon_WITH_NULL_SHA (0xc015) INSECURE 0 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) INSECURE 40 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x14) DH 512 bits FS INSECURE 40 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x19) INSECURE 40 TLS_RSA_WITH_DES_CBC_SHA (0x9) INSECURE 56 TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15) DH 1024 bits FS INSECURE 56 TLS_DH_anon_WITH_DES_CBC_SHA (0x1a) INSECURE 56 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK 112 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x1b) INSECURE 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH sect571r1 (eq. 15360 bits RSA) FS WEAK 112 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE 112 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH sect571r1 (eq. 15360 bits RSA) FS 128 TLS_DH_anon_WITH_AES_128_CBC_SHA (0x34) INSECURE 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) INSECURE 128
|
|
#
?
Jun 29, 2017 20:36
|
|
|
Since the lab manager and I figured out the ransomware scare was fake and reported that before too many resources were devoted to this, electronics guy is just getting yelled at and/or possibly written up.Meat Beat Agent posted:i bet that dude will WannaCry after he gets fired lol I'm sorry post, you didn't deserve this wet fart of an ending.
|
|
#
?
Jun 29, 2017 20:36
|
|
|
BangersInMyKnickers posted:the supported cipher list from a major industrial controls vendor's monitoring and remote access platform:
|
|
#
?
Jun 29, 2017 20:38
|
|
|
BangersInMyKnickers posted:the supported cipher list from a major industrial controls vendor's monitoring and remote access platform: Gonna party like it's 1999.
|
|
#
?
Jun 29, 2017 20:53
|
|
|
BangersInMyKnickers posted:the supported cipher list from a major industrial controls vendor's monitoring and remote access platform: just give up and punch in TLS_NULL_WITH_NULL_NULL 
|
|
#
?
Jun 29, 2017 20:53
|
|
|
part of me believes that there's got to be some off-by-one error going on there, i just don't want to believe someone configured that intentionally can you tell us what kind of server it is? iis on windows, apache on linux, etc.
|
|
#
?
Jun 29, 2017 20:58
|
|
|
pseudorandom name posted:does ExPetr actually rely on ETERNALBLUE or did the Russians just throw that in there to blame the NSA? seems sensible to milk the vuln it for what its worth while people still haven't updated makes me think this is just a small taste of what someone could wreak if they were willing to blow a zero-day or two
|
|
#
?
Jun 29, 2017 21:04
|
|
|
suffix posted:seems sensible to milk the vuln it for what its worth while people still haven't updated the whole thing is probably intended as a demonstration of capabilities. there was a report not too long ago that the US has malware already in place to cripple Russia's networks on command, deployed in response to the election hacking. even just the deployment method is scary. how many random auto-updaters are there out there that might be vulnerable? all it would take is one computer somewhere running improperly configured or user-installed software and your entire company is hosed. Shifty Pony fucked around with this message at 21:53 on Jun 29, 2017 |
|
#
?
Jun 29, 2017 21:28
|
|
|
Don't use a BCC line to ask for personal information because inevitably someone will press reply-all by accident.
SRQ fucked around with this message at 21:57 on Jun 29, 2017 |
|
#
?
Jun 29, 2017 21:28
|
|
|
anthonypants posted:part of me believes that there's got to be some off-by-one error going on there, i just don't want to believe someone configured that intentionally I assume its some manner of load balancer in front of their ~cLoUd~ service. It stinks of a bone stock apache/openssl stack with no parameters provided. They're claiming to be FIPS-compliant.
|
|
#
?
Jun 29, 2017 21:31
|
|
|
Cocoa Crispies posted:so wait was there a new legit ransomware attack this week or is petya older and just the non-ransomware targeted at ukraine is new? Petya is an older ransomware. The attack on Ukraine uses malware based heavily on Petya but it's not legit ransomware, it amounts to a wiper. There was also a campaign with Loki making the rounds this week which caused some confusion but it's unrelated.
|
|
#
?
Jun 29, 2017 21:46
|
|
|
some people upthread were saying that Ukraine has been an "live fire range" for Russian malware for a while now. Is there any good in depth journalism on this? I'd love to read a potted history of what's happened.
|
|
#
?
Jun 29, 2017 21:51
|
|
|
wired has a story on it which isn't entirely awful. it goes over the pattern of the attacks starting out as largely manually executed against a particular system and then iterating until they are automated attacks based on modular tools which could be more easily adapted for use against other targets. if you dig a bit online about each of the incidents in the article there are usually a few blog posts by researchers.
|
|
#
?
Jun 29, 2017 22:25
|
|
|
SRQ posted:Don't use a BCC line to ask for personal information because inevitably someone will press reply-all by accident. you mean do use BCC instead of CC? if they're all in the BCC line the recipients only see the FROM address...
|
|
#
?
Jun 30, 2017 00:06
|
|
|
BangersInMyKnickers posted:the supported cipher list from a major industrial controls vendor's monitoring and remote access platform: so... rockwell?
|
|
#
?
Jun 30, 2017 00:11
|
|
|
There are many vendors in this space and my advice is to validate anything they tell you with regards to cryptography
|
|
#
?
Jun 30, 2017 00:58
|
|
|
BangersInMyKnickers posted:There are many vendors in this space and my advice is to validate anything they tell you with regards to cryptography i'm very aware of the ics space i was more or less curious which vendor you're talking about in particular here because the stupid poo poo i see in it is overwhelming
|
|
#
?
Jun 30, 2017 01:00
|
|
|
BangersInMyKnickers posted:the supported cipher list from a major industrial controls vendor's monitoring and remote access platform: ohh yeahh that's the good stuff
|
|
#
?
Jun 30, 2017 01:09
|
|
|
necrotic posted:you mean do use BCC instead of CC? if they're all in the BCC line the recipients only see the FROM address... CC then, because I can see all 50 people in the chain.
|
|
#
?
Jun 30, 2017 01:40
|
|
|
updated windows and found a warning sign on the windows defender icon... .... oh gently caress off
|
|
#
?
Jun 30, 2017 01:48
|
|
|
Shinku ABOOKEN posted:updated windows and found a warning sign on the windows defender icon... better turn on our data collection if you know what's good for ya bub, pretty nice computer you got here shame if something were to pop up in the taskbar over and over whining at you every day
|
|
#
?
Jun 30, 2017 02:48
|
|
|
if you turn on all the microsoft telemetrics, no more threats! bing bong simple
|
|
#
?
Jun 30, 2017 03:05
|
|
|
and here I am with a work computer that has cylance running on it, which just loves to randomly decide vim or scp are viruses and quarantines them
|
|
#
?
Jun 30, 2017 03:05
|
|
|
Not really secfuckup and the opsec thread got gassed, so not sure where else to toss this but... NIST came out with new Digital Identity guidelines for federal agencies recently: couple headlines in 800-63b with new policies for passwords in the federal government: * don't make users rotate passwords * don't require specific character classes and allow passphrases, and * let people paste in passwords so that password managers can be used. That being said, this is government so the worst things will get implemented first over a 5 year period, just in time for the best things to have become obsolete and backwards implementations.
|
|
#
?
Jun 30, 2017 03:14
|
|
|
there's a new opsec thread, but I think you're on topic here fwiw
|
|
#
?
Jun 30, 2017 03:15
|
|
|
Constant password changes decrease security while eating up help desk resources
|
|
#
?
Jun 30, 2017 03:40
|
|
|
win-win
|
|
#
?
Jun 30, 2017 03:40
|
|
|
Subjunctive posted:there's a new opsec thread, but I think you're on topic here fwiw it got gassed, unless there's another one i missed
|
|
#
?
Jun 30, 2017 03:45
|
|
|
huh, yeah
|
|
#
?
Jun 30, 2017 03:46
|
|
|
don't make users rotate passwords? what? ever? sounds dumb, more chance they'll have the same password as a public breach. at least they'd need to use PasswordJuly17 if they had to rotate
|
|
#
?
Jun 30, 2017 03:48
|
|
|
force them to use two specified characters in their password, and they can't reuse. forbid numbers for even better odds against reuse.
|
|
#
?
Jun 30, 2017 03:51
|
|
|
hah we haven't even gotten completely shifted over to a 60 day password rotation yet. in four years I look forward to not changing my password all the drat time. smart-card based 2fa works pretty great though and make my life so much easier.
|
|
#
?
Jun 30, 2017 04:04
|
|
|
|
| # ? May 15, 2024 00:00 |
|
|
Shifty Pony posted:hah we haven't even gotten completely shifted over to a 60 day password rotation yet. in four years I look forward to not changing my password all the drat time. supposedly at work we have 90 day password rotation enforced except i've never had to rotate any of my passwords ever so uh
|
|
#
?
Jun 30, 2017 04:11
|
|