|
fyuck you rear end in a top hat all dogs good dogs
|
# ? Sep 13, 2017 18:09 |
|
|
# ? May 23, 2024 16:59 |
|
Purse dogs are good dogs with bad owners.
|
# ? Sep 13, 2017 18:21 |
|
Dog food company puts out a batch that kills your dog. You join a class action suit. Lawyers get millions, company admits to nothing, and you get a coupon for 10% off a bag of the same dog food that killed your dog in the first place.
|
# ? Sep 13, 2017 20:31 |
|
Wasn't that Blue Diamond or some brand like that?
|
# ? Sep 13, 2017 20:48 |
|
Lawyers get millions from the company that's at fault. You are free to leave the class and sue them for killing your dog, and you absolutely should in that case. Arbitration prevents you from doing that, so your state or the feds have to sue, and you get absolutely nothing even if they do and win, which is why it's more of an issue than class action bans.
|
# ? Sep 13, 2017 20:59 |
|
Crap RSA moved to April and I need CPEs before then. Any other good conference between now and March that'll fill me up with CPE goodness?
|
# ? Sep 14, 2017 17:09 |
|
Mustache Ride posted:Crap RSA moved to April and I need CPEs before then. Any other good conference between now and March that'll fill me up with CPE goodness? I got my fill of CPEs just now, but SecTor in Toronto in November and.. I dunno
|
# ? Sep 14, 2017 17:12 |
|
Mustache Ride posted:Crap RSA moved to April and I need CPEs before then. Any other good conference between now and March that'll fill me up with CPE goodness? DerbyCon if you buy a ticket? Also maybe ShmooCon? maybe check out https://www.hackermaps.org
|
# ? Sep 14, 2017 17:38 |
|
Like 30 of my 40 CPEs were Security Weekly/Risky Business podcasts and watching SC Vendor Webcasts on lunch break. Shouldn't be too difficult to bang them out. https://www.scmagazine.com/webcasts/section/6821/
|
# ? Sep 14, 2017 17:59 |
|
Username: admin Password: admin
|
# ? Sep 14, 2017 18:00 |
|
Just post your ssn, birth, and name on your Facebook and make your profile public.What's the difference.
|
# ? Sep 14, 2017 18:02 |
|
Too much work.
|
# ? Sep 14, 2017 18:20 |
|
I here Toronto is nice in November, right? That's easier than podcasts, nobody has time for those. Thanks guys.
|
# ? Sep 14, 2017 19:33 |
|
Mustache Ride posted:I here Toronto is nice in November, right? No, no it's not.
|
# ? Sep 14, 2017 19:35 |
|
it's spelled and pronounced "Toronna" please get it right
|
# ? Sep 14, 2017 19:48 |
|
BangersInMyKnickers posted:it's spelled and pronounced "Toronna" please get it right
|
# ? Sep 14, 2017 20:30 |
|
CLAM DOWN posted:No, no it's not. It is if your definition of "nice" is 180 degrees opposite of correct
|
# ? Sep 14, 2017 21:05 |
|
Something a little less serious: I think I may have discovered the first DDOS attack ever undertaken. It was brilliantly organized, and occurred in 1810. https://youtu.be/e7G5I7AxkjQ
|
# ? Sep 15, 2017 01:47 |
|
https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/quote:"We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement." Two months old vulnerability. That's not too bad, because apparently it's a pain in the rear end to upgrade it (you can't just patch it). But I'm wondering why their IPS didn't catch it.
|
# ? Sep 15, 2017 08:04 |
|
I wouldn't be surprised if they either weren't scanning TLS sessions at all or couldn't support ephemeral keys but were using those ciphers regardless
|
# ? Sep 15, 2017 15:31 |
|
So who here is prepared for the clusterfuck that is going to be GDPR? If you have European clients you better be ready for that! In the Equifax example, if there'd been european clients, they'd be forced to come out in 72hrs time.
|
# ? Sep 15, 2017 16:29 |
|
My body is ready. But my mind is taking a holiday.
|
# ? Sep 15, 2017 17:15 |
|
I have a small question about the WiFi security (or lack of). Is it better (as in safer, even by a tiny bit) to set your wifi to be hidden (not broadcast ssid) or not? Use case: Living in a place where there are tens of wifi access points, some even open. Then, wouldn't it make sense that if someone is looking for some "free" wifi to steal to go where the doors are open? Or even if the doors are closed, at least he knows that the doors are there? For a determined thief, the ssid being broadcast or not is irrelevant, as there are always ways to find it, but for the not so determined thief ... aren't there easier targets?. I am not talking about not having a passphrase, that's out of the question of course, but just not be obviously "out there".
|
# ? Sep 15, 2017 18:49 |
|
Volguus posted:I have a small question about the WiFi security (or lack of). Any benefit to security by having a hidden ssid (almost none) is far outweighed by the added inconvenience of trying to use an AP with a hidden SSID.
|
# ? Sep 15, 2017 18:51 |
|
orange sky posted:So who here is prepared for the clusterfuck that is going to be GDPR?
|
# ? Sep 15, 2017 18:57 |
|
The Fool posted:Any benefit to security by having a hidden ssid (almost none) is far outweighed by the added inconvenience of trying to use an AP with a hidden SSID. Are there (as far as anyone can tell) any downsides though? Security-wise not convenience.
|
# ? Sep 15, 2017 19:12 |
|
Volguus posted:I have a small question about the WiFi security (or lack of). No. There is absolutely no security benefit to using a "hidden" SSID as long as you're using even the slightest bit of additional security. Think about it. If you're using any kind of encryption, even WEP, an attacker would need to be doing things far more complicated than passively sniffing a few channels. Hell even MAC filtering, the second most idiotic WiFi "security" option, is technically slightly harder to bypass. As noted you make it significantly more annoying to use the network legitimately while having basically zero impact on an actual attacker. The way I see it hiding the SSID actually has the opposite effect as most people are expecting, because for the client to find the AP they instead have to be constantly broadcasting "Hey <hidden SSID>, are you out there?" any time they're looking for networks to connect to. Now instead of their AP advertising its presence within its own range where any activity would be visible anyways, you have all the clients advertising that they're looking for a certain AP anywhere they go. That could probably be abused with fake AP attacks. If for some idiotic reason you have some WiFi device which can't be replaced or upgraded but doesn't even support WEP64 then technically MAC filtering + hidden SSID would be better than nothing for that specific case, but if there's even WEP's half-rear end flawed "security" then neither of those add anything more to the equation while both making legitimate use more annoying.
|
# ? Sep 15, 2017 19:15 |
|
wolrah posted:
hmm, that does sound like a possible thing to happen, indeed. thanks for the info. The idea was not about not using encryption (I was under the impression that WEP is .. nothing really, a coffee maker can decrypt that) or passphrase, but about simply not advertising your presence as much, especially when there are so many others to choose from. But yes, if the device itself then needs to yell to the world looking for that AP, then that's not good.
|
# ? Sep 15, 2017 19:35 |
|
wolrah posted:No. There is absolutely no security benefit to using a "hidden" SSID as long as you're using even the slightest bit of additional security. I will also add that the main reason people attack APs is not to get basic internet access, but privileged access that network has. File shares, other computers (including wired computers, not just wireless, if the router was not configured to separate wireless and wired), tunnels, and VPN is the router was setup to VPN all connections . If any of your devices are hitting the hidden ssid, that ssid is as good as visible to anyone promiciously sniffing the wireless.
|
# ? Sep 15, 2017 19:40 |
|
Turning off beaconing (which is what "hiding SSID is), is useless as a sec measure. To be complaint with 802.11, the AP still has to respond to probes sent out by clients. On top of that, management frames are going to have the BSSID and ESSID in the headers, which are unencrypted. So the only thing you're doing it stopping people from *passviely* finding the SSID (kind of). As an experiment you can do on your phone (or at least iPhone). Go to General > WiFi and look at the list of "Available Networks". These are BSSIDs that are actively beaconing. Right now at home, I see 4. Now open AirPort Utility (you don't need an actual Airport AP to use this part). Hit the WiFi Scan in the upper right. The select Scan. This is pulling not only SSIDs from frame headers, but also actively sending Probe requests to generate a Beacon. Right now, I've compiled a list of 25 or so (some keep dropping off and adding since I'm right at the edge of coverage signal wise for those). Proteus Jones fucked around with this message at 19:49 on Sep 15, 2017 |
# ? Sep 15, 2017 19:46 |
|
Turning off beaconing is as secure as not giving your website a DNS name.
|
# ? Sep 15, 2017 19:55 |
|
Well, i guess this settles it then.
|
# ? Sep 15, 2017 19:58 |
|
Volguus posted:I have a small question about the WiFi security (or lack of). https://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssid-really-more-secure/ The last part explains how hidding your SSID is, ironically, a privacy leak. Furism fucked around with this message at 21:55 on Sep 15, 2017 |
# ? Sep 15, 2017 21:53 |
|
Double Punctuation posted:Lawyers get millions from the company that's at fault. You are free to leave the class and sue them for killing your dog, and you absolutely should in that case. Arbitration prevents you from doing that, so your state or the feds have to sue, and you get absolutely nothing even if they do and win, which is why it's more of an issue than class action bans. class actions are basically a privatized system to fine bad conduct, not really to compensate the victims
|
# ? Sep 15, 2017 22:46 |
|
Asked in the IT Cert thread but I'll check here too. Anyone taken the CISA lately? Working on pivoting to audit and assurance a little more and I'm thinking of doing CISA in '18.
|
# ? Sep 16, 2017 00:12 |
|
Audio is https://twitter.com/DanJackson415/status/908928246711906305
|
# ? Sep 16, 2017 07:36 |
|
n/m
|
# ? Sep 16, 2017 07:38 |
|
Martytoof posted:Asked in the IT Cert thread but I'll check here too. Mine came in a few months ago, but I took the exam like two years ago (had to wait on the experience requirement). My boss is working on hers right now.
|
# ? Sep 16, 2017 14:55 |
|
CCleaner
|
# ? Sep 18, 2017 16:06 |
|
|
# ? May 23, 2024 16:59 |
|
Clean your C
|
# ? Sep 18, 2017 16:17 |