|
Shifty Pony posted:versions of the software on air gapped systems would hide data packets on the hand carried USB drives used to carry data/updates to or from the air gapped systems. then when that drive was attached to a system which was internet connected and also infected the data is gotten out using more traditional means. i kinda assumed that smart people know better than to plug things into airgapped machines with production stuff directly 
|
#
?
Oct 12, 2017 18:35
|
|
|
|
| # ? May 14, 2024 21:27 |
|
|
cinci zoo sniper posted:i kinda assumed that smart people know better than to plug things into airgapped machines with production stuff directly It's pretty much SoP for vendors doing software updates unfortunately. They think an air gap is better than a correctly configured firewall/dmz for this poo poo.
|
|
#
?
Oct 12, 2017 18:56
|
|
|
BangersInMyKnickers posted:It's pretty much SoP for vendors doing software updates unfortunately. They think an air gap is better than a correctly configured firewall/dmz for this poo poo. speaking of dmz, what's the tl;dr on it?
|
|
#
?
Oct 12, 2017 18:57
|
|
|
Sorry, I'm not exactly sure what you're asking there?
|
|
#
?
Oct 12, 2017 19:02
|
|
|
BangersInMyKnickers posted:Sorry, I'm not exactly sure what you're asking there?
|
|
#
?
Oct 12, 2017 19:04
|
|
|
Basically you put anything that needs to reach outside the network (WSUS, maybe a backup server for outside replication, SCCM, a fileshare) that is in a supporting role of the internal network in the DMZ. Internal clients can reach in to the DMZ for whatever they need, but not to the internet zone directly. DMZ clients can reach out to the internet to stage content and maybe reach back in to the internal network on certain ports for some circumstances (but best to avoid/restrict that as much as possible). All traffic between zones has a default bi-direcitonal deny so you are forced to explicitly document and allow necessary traffic. This gives you logical choke points on the network that you can dump an IDS/IPS in the middle of as well as monitor traffic flows for anomalies with whatever software you have to do that work.
|
|
#
?
Oct 12, 2017 19:11
|
|
|
dmz is usually meant as a separate vlan/subnet where you have public servers and poo poo, and you have routing set so you can get to them, but they can't get to your network. so when someone inevitably logs into your public ftp your idiot clients need and use a zero day to escape it, they can't see other machines that might have private info no them. e;fb
|
|
#
?
Oct 12, 2017 19:12
|
|
|
cinci zoo sniper posted:being just a casual thread reader, rather an infosec person of any kind, my only knowledge of dmz is seeing setting called like that in routers i had, so im wonder if theres anything more to it than what i assume to be "virtual airgap" if dmz is like demilitarised zone irl You point machine guns at the DMZ servers receiving connections from the internet and whenever they attempt to talk to servers in your internal network you light them up. It's this basically. Can also just be one firewall. 
Nuclearmonkee fucked around with this message at 19:19 on Oct 12, 2017 |
|
#
?
Oct 12, 2017 19:12
|
|
|
BangersInMyKnickers posted:It's pretty much SoP for vendors doing software updates unfortunately. They think an air gap is better than a correctly configured firewall/dmz for this poo poo. an airgap is strictly better, but if you're using physical media to move stuff in or out you now have to manage chain-of-custody for that media which is hard cinci zoo sniper posted:speaking of dmz, what's the tl;dr on it? the "dmz" where like a home router just treats a given IP as a catchall? it's this in network form: https://twitter.com/dril/status/464802196060917762
|
|
#
?
Oct 12, 2017 19:15
|
|
|
pr0zac posted:who were the people i accused of being overly paranoid about home assistants constantly recording and sending audio to google/amazon so i can apologize? me I'll take an apology payment in the form of the new alexa and a bunch of smart light bulbs and like... 3 of those sweet teddy bears with the cameras inside of them Phone fucked around with this message at 19:19 on Oct 12, 2017 |
|
#
?
Oct 12, 2017 19:17
|
|
|
Cocoa Crispies posted:an airgap is strictly better, but if you're using physical media to move stuff in or out you now have to manage chain-of-custody for that media which is hard airgapping also results in total isolation so all 24/7 monitoring/alarming/everything needs to be configured and run on-site. Without extensive staffing on par of a large nuclear or government facility, this can result in blindspots that could otherwise been handle by a 3rd party NoC/SoC. I won't disagree that in its purest form air gapping is superior, but not being able to leverage outside network resources and staffing makes it lovely in practice.
|
|
#
?
Oct 12, 2017 19:21
|
|
|
BangersInMyKnickers posted:Basically you put anything that needs to reach outside the network (WSUS, maybe a backup server for outside replication, SCCM, a fileshare) that is in a supporting role of the internal network in the DMZ. Internal clients can reach in to the DMZ for whatever they need, but not to the internet zone directly. DMZ clients can reach out to the internet to stage content and maybe reach back in to the internal network on certain ports for some circumstances (but best to avoid/restrict that as much as possible). All traffic between zones has a default bi-direcitonal deny so you are forced to explicitly document and allow necessary traffic. This gives you logical choke points on the network that you can dump an IDS/IPS in the middle of as well as monitor traffic flows for anomalies with whatever software you have to do that work. Truga posted:dmz is usually meant as a separate vlan/subnet where you have public servers and poo poo, and you have routing set so you can get to them, but they can't get to your network. so when someone inevitably logs into your public ftp your idiot clients need and use a zero day to escape it, they can't see other machines that might have private info no them. Nuclearmonkee posted:You point machine guns at the DMZ servers receiving connections from the internet and whenever they attempt to talk to servers in your internal network you light them up. Cocoa Crispies posted:an airgap is strictly better, but if you're using physical media to move stuff in or out you now have to manage chain-of-custody for that media which is hard oh, i see. thanks!
|
|
#
?
Oct 12, 2017 19:21
|
|
|
Nuclearmonkee posted:You point machine guns at the DMZ servers receiving connections from the internet and whenever they attempt to talk to servers in your internal network you light them up. think of it this way https://www.youtube.com/watch?v=HQDy-5IQvuU&t=10s
|
|
#
?
Oct 12, 2017 19:25
|
|
|
pr0zac posted:who were the people i accused of being overly paranoid about home assistants constantly recording and sending audio to google/amazon so i can apologize? here's the writeup from the guy it actually happened to http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ supposedly it was a hardware defect that made the mini think it was randomly being touch-activated
|
|
#
?
Oct 12, 2017 19:38
|
|
|
Pikavangelist posted:supposedly it was a hardware defect that made the mini think it was randomly being touch-activated a $690B company failed to build a working button don't buy hardware from advertising companies
|
|
#
?
Oct 12, 2017 20:19
|
|
|
really stay away from capacitive buttons at all unless you really know what you're doing sony, who has been making consumer hardware for decades, hosed it up too and some early model ps4s had a habit of ejecting discs or powering themselves off at random
|
|
#
?
Oct 12, 2017 20:21
|
|
|
Pikavangelist posted:here's the writeup from the guy it actually happened to http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ haveblue posted:really stay away from capacitive buttons at all unless you really know what you're doing
|
|
#
?
Oct 12, 2017 20:35
|
|
|
wolrah posted:My cat used to turn off my Xbox 360 S all the time by nosing the button... maybe your smart kitty just wanted you to stop and pet it? 
|
|
#
?
Oct 12, 2017 20:46
|
|
|
cracking pws like nobody's business https://twitter.com/tinkersec/status/918562485069893632
|
|
#
?
Oct 12, 2017 22:12
|
|
|
Chris Knight posted:cracking pws like nobody's business 
|
|
#
?
Oct 12, 2017 22:17
|
|
|
Chris Knight posted:cracking pws like nobody's business this is so sick
|
|
#
?
Oct 12, 2017 22:29
|
|
|
haveblue posted:major updates ask for your icloud password as part of a special ui flow, that's not what's being spoofed here and it would be much harder for third party apps to fake if i am playing music and dont have cell reception or wi-fi then ios decides that my password must be wrong and prompts me to re-enter it, the prompt looks exactly like that. ignoring it works fine and it sorts itself out again when it has a data connection.
|
|
#
?
Oct 12, 2017 23:02
|
|
|
oh no, what loving goober harassed someone now https://twitter.com/sarahjeong/status/918595705966596096
|
|
#
?
Oct 12, 2017 23:10
|
|
|
there's this: https://twitter.com/ggrucilla/status/918388486847131649
|
|
#
?
Oct 12, 2017 23:52
|
|
|
is it this guy? https://en.wikipedia.org/wiki/Morgan_Marquis-Boire
|
|
#
?
Oct 13, 2017 00:01
|
|
|
that's what it looks like
|
|
#
?
Oct 13, 2017 00:03
|
|
|
sec gently caress mor elike sick gently caress
|
|
#
?
Oct 13, 2017 00:33
|
|
|
hackbunny posted:is it this guy? https://en.wikipedia.org/wiki/Morgan_Marquis-Boire if it's that guy gently caress that guy. i hadn't heard anything about sexual assault with him until now but thought he was a piece of poo poo anyway.
|
|
#
?
Oct 13, 2017 01:03
|
|
|
ThePeavstenator posted:sec gently caress mor elike sick gently caress
|
|
#
?
Oct 13, 2017 01:12
|
|
|
Midjack posted:thought he was a piece of poo poo anyway. that's all itsec people though
|
|
#
?
Oct 13, 2017 01:26
|
|
|
hackbunny posted:that's all itsec people though hey
|
|
#
?
Oct 13, 2017 02:37
|
|
|
bros in itsec are garbage
|
|
#
?
Oct 13, 2017 02:37
|
|
|
https://twitter.com/pizzahutuk/status/918563493418295296
|
|
#
?
Oct 13, 2017 02:55
|
|
|
loooooooooooooooooooooool
|
|
#
?
Oct 13, 2017 03:11
|
|
|
Excuse me sir, this is a Pizza hut.
|
|
#
?
Oct 13, 2017 03:20
|
|
|
yah, it is. right there in the referer m8
|
|
#
?
Oct 13, 2017 03:53
|
|
|
hackbunny posted:that's all itsec people though I may be a useless piece of genial poo poo, but I won't mess with your body maybe I should put that on my resume, right next to how I can always pass a piss test because I'm boring
|
|
#
?
Oct 13, 2017 04:03
|
|
|
akadajet posted:Not when you do major updates. From like ios 10 -> 11 Didn’t ask when I upgraded my phone or iPad.
|
|
#
?
Oct 13, 2017 05:14
|
|
|
hackbunny posted:that's all itsec people though oi 
|
|
#
?
Oct 13, 2017 07:33
|
|
|
|
| # ? May 14, 2024 21:27 |
|
|
Lain Iwakura posted:bros in itsec are garbage also all other itsec people. and everyone who has touched a computer. and everyone else. hail satan.
|
|
#
?
Oct 13, 2017 08:48
|
|