|
Phone posted:popehat's been posting all day? see how often I check twitter
|
#
?
Aug 4, 2017 07:56
|
|
|
|
| # ? Jun 6, 2024 15:42 |
|
|
Rufus Ping posted:grsecurity are suing bruce perens for writing this I'm hopefully waiting for the ruling to come as: "nope, looks like you're in violation of the GPL and the copyright of torvalds et al" and the resulting infringement case
|
|
#
?
Aug 4, 2017 08:09
|
|
|
Proteus Jones posted:He was given a 12 hour posting ban, thanks to the slap fight he's having with that Texas lawyer/bigot. Goddammit, Twitter-Radium! 
|
|
#
?
Aug 4, 2017 08:19
|
|
|
Wiggly Wayne DDS posted:assuming brit/wisconsin combo how's the russian in this compared to native: not fantastic. a fairly good attempt at mimicry, but it's decidedly failing at consistency
|
|
#
?
Aug 4, 2017 10:21
|
|
|
also it is sort of wrriten like an undercover cops speech in a gang scene in a comedy movie
|
|
#
?
Aug 4, 2017 10:22
|
|
|
Wiggly Wayne DDS posted:yeah that's how everyone learns about rootkits though so i wouldn't read into that much translator is certainly not native. well, at the very least a native who has for a long rear end time or always lived abroad
|
|
#
?
Aug 4, 2017 10:23
|
|
|
E: saw tldr on chat log
cinci zoo sniper fucked around with this message at 10:42 on Aug 4, 2017 |
|
#
?
Aug 4, 2017 10:25
|
|
|
what does it say though?
|
|
#
?
Aug 4, 2017 12:18
|
|
|
A Pinball Wizard posted:what does it say though? it's a brief kronos feature presentation, as well as info on pricing and purchase
|
|
#
?
Aug 4, 2017 12:21
|
|
|
a bit more detail on the lnk vuln patched last month on windows ( https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464 ) https://www.kb.cert.org/vuls/id/824672 quote:Microsoft Windows automatically executes code specified in shortcut files
|
|
#
?
Aug 4, 2017 13:31
|
|
|
Wiggly Wayne DDS posted:a bit more detail on the lnk vuln patched last month on windows ( https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464 ) yes, we accidentally insufficiently patched it. by accident. silly us.
|
|
#
?
Aug 4, 2017 16:36
|
|
|
lmbo SEP to SEPM traffic appears to be straight HTTP on an alt port how the gently caress hasn't someone arp poisoned or intercepted on wifi to use this to compromise endpoints as root
|
|
#
?
Aug 4, 2017 16:42
|
|
|
I guess the guy doing the WINE filename interpretation was just trying to maintain compatibility.
|
|
#
?
Aug 4, 2017 16:46
|
|
|
Trabisnikof posted:Thank goodness California has a SLAPP statute. I wish popehat wasn't on twitter probation so I could read his musings on this it's federal though
|
|
#
?
Aug 4, 2017 17:01
|
|
|
Proteus Jones posted:He was given a 12 hour posting ban, thanks to the slap fight he's having with that Texas lawyer/bigot.
|
|
#
?
Aug 4, 2017 17:16
|
|
|
BangersInMyKnickers posted:lmbo SEP to SEPM traffic appears to be straight HTTP on an alt port how the gently caress hasn't someone arp poisoned or intercepted on wifi to use this to compromise endpoints as root its probably checking signatures but also probably checking signatures in a way that's wrong and exploitable
|
|
#
?
Aug 4, 2017 18:12
|
|
|
Shaggar posted:its probably checking signatures but also probably checking signatures in a way that's wrong and exploitable I can't find anything in the config the binds it to the server in a meaningful way and that would create situations where someone hoses a management server and now the clients are orphaned. They seem super willing to jump on a new servers and I just can't think of a good way to do that without having a persistent side channel or PKI certs which it is not using.
|
|
#
?
Aug 4, 2017 18:31
|
|
|
oh I was thinking it was updates, but if the control traffic is unencrypted and unsigned then lol. it would be pretty easy to grab a trace and see what its sending and if its signed or not.
|
|
#
?
Aug 4, 2017 18:34
|
|
|
Shaggar posted:oh I was thinking it was updates, but if the control traffic is unencrypted and unsigned then lol. it would be pretty easy to grab a trace and see what its sending and if its signed or not.
|
|
#
?
Aug 4, 2017 18:37
|
|
|
they could be exchanging keys the first time they get registered but you're right about them being very willing to join to any available management server. best case theres some wonkiness going on that makes them vulnerable during registration that might get hijacked. worst case they aren't doing any signing and even worse case they're signing with hardcoded keys.
|
|
#
?
Aug 4, 2017 18:40
|
|
|
Okay, so the latest 14 release supports (optional) HTTPS so I can slap a cert on there but I'll still have to handle the transition of legacy clients that can't support it and a million different forked configs that got delegated and hosed up. Can't Wait! I guess its just been twisting in the breeze for a decade now but they're starting to fix it. You have to configure all this through apache httpd.conf files for maximum gently caress You, please ignore that there is a perfectly good IIS/schannel stack sitting there but please run my crypto on the loving shittiest openssl Implimentation imaginable. They claim configured policies are signed in some way but it has to be weak signing at best because there's no proper trust chain.
|
|
#
?
Aug 4, 2017 18:49
|
|
|
they probably have their own key system built into the product that's not obvious or easy to manage, but it could certainly be done fine with some basic key distribution from the management server. the trust chain would be direct to the management server's cert. also remember when people used to claim httpd was so much better than iis cause the configuration was done in bash and it had fewer vulnerabilities? lol. also you could probably setup IIS as a proxy in front so you could have good tls
|
|
#
?
Aug 4, 2017 19:35
|
|
|
q!=e
|
|
#
?
Aug 4, 2017 19:35
|
|
|
Lain Iwakura posted:tell us: why do you want an american-based vpn provider? Netflix obviously.
|
|
#
?
Aug 4, 2017 19:44
|
|
|
i just fell for a fake phishing email with a link to a file called "2017 Employee_Salaraies_Bonus_Schedule.xlsm"" and fake-sent via dropbox but actually coming from dropboxnotifications.com which is a Sophos anti-phishing domain. And I guess my failure was recorded or something? Maybe I have to take a training. I am sure they will inform me of the dangers of macro-enabled excel files. The danger is real, folks.
|
|
#
?
Aug 5, 2017 04:35
|
|
|
lol if you don't ignore your email and only respond to slack or hipchat
|
|
#
?
Aug 5, 2017 04:45
|
|
|
FAT32 SHAMER posted:lol if you don't ignore your email and only respond to slack or hipchat We have MS Teams...
|
|
#
?
Aug 5, 2017 05:13
|
|
|
teams is good
|
|
#
?
Aug 5, 2017 05:16
|
|
|
I'm not sure if that's a good thing or a bad thing
|
|
#
?
Aug 5, 2017 05:16
|
|
|
French Canadian posted:i just fell for a fake phishing email with a link to a file called "2017 Employee_Salaraies_Bonus_Schedule.xlsm"" and fake-sent via dropbox but actually coming from dropboxnotifications.com which is a Sophos anti-phishing domain. And I guess my failure was recorded or something? Maybe I have to take a training. I am sure they will inform me of the dangers of macro-enabled excel files.
|
|
#
?
Aug 5, 2017 05:23
|
|
|
French Canadian posted:i just fell for a fake phishing email with a link to a file called "2017 Employee_Salaraies_Bonus_Schedule.xlsm"" and fake-sent via dropbox but actually coming from dropboxnotifications.com which is a Sophos anti-phishing domain. And I guess my failure was recorded or something? Maybe I have to take a training. I am sure they will inform me of the dangers of macro-enabled excel files. hope u took all your personal effects home with you today cause your badge won't work monday morning
|
|
#
?
Aug 5, 2017 05:29
|
|
|
idk what the rest of the email would have to look like for anyone to click on http://dropboxnotifications.com/base64_of_my_email_address/2017%20Employee_Salaraies_Bonus_Schedule.xlsm but it had better be pretty good
|
|
#
?
Aug 5, 2017 05:37
|
|
|
anthonypants posted:idk what the rest of the email would have to look like for anyone to click on http://dropboxnotifications.com/base64_of_my_email_address/2017%20Employee_Salaraies_Bonus_Schedule.xlsm but it had better be pretty good The link was embedded in a "get the file!"-type image that begged to be clicked. I clicked it so hard.  And it's true. We didn't get bonuses this year. And they spelled salaries wrong. I shouldn't check email at home after a visit to the bar?
|
|
#
?
Aug 5, 2017 05:43
|
|
|
French Canadian posted:The link was embedded in a "get the file!"-type image that [i]begged to be clicked. I clicked it so hard. lol what a lovely thing to use as bait i mean it's good bait, but wow gently caress that
|
|
#
?
Aug 5, 2017 05:45
|
|
|
ate all the Oreos posted:lol what a lovely thing to use as bait Everyone already knew they weren't getting bonuses. But still a lovely thing to play off of I would say.
|
|
#
?
Aug 5, 2017 05:45
|
|
|
god it even has xlsm in the body of the email
|
|
#
?
Aug 5, 2017 05:51
|
|
|
anthonypants posted:god it even has xlsm in the body of the email Excel files from the internet are not permitted to run macros, etc unless the user grants permission  But it's like a double-gotcha. "Well, I knew that my computer was safe because x, y, z reasons" "Yes but why were you opening SENSITIVE HR FILES?!?! SHAME! NO ONE CAN KNOW HOW MUCH THE OTHER MAKES!" French Canadian fucked around with this message at 05:57 on Aug 5, 2017 |
|
#
?
Aug 5, 2017 05:54
|
|
|
French Canadian posted:Excel files from the internet are not permitted to run macros, etc unless the user grants permission
|
|
#
?
Aug 5, 2017 05:57
|
|
|
anthonypants posted:by default Yes? I guess I don't know what you mean.
|
|
#
?
Aug 5, 2017 05:58
|
|
|
|
| # ? Jun 6, 2024 15:42 |
|
|
https://arstechnica.com/tech-policy/2017/08/security-researcher-who-neutralized-wcry-to-be-released-on-30000-bond/quote:According to the reporter, federal prosecutors told the court that Hutchins admitted to developing the malware at the heart of the criminal case and to playing a role in its sale. She said Hutchins' attorney disagreed with that claim. Federal prosecutors also attempted to block Hutchins' request for bail on grounds he had shot firearms at a shooting range last week while in Vegas for the Black Hat and Defcon security gatherings. Magistrate Judge Nancy Koppe ruled that Hutchins is not a danger to the community and has sufficient community support to not be a flight risk, the Associated Press reported.
|
|
#
?
Aug 5, 2017 05:59
|
|