|
https://twitter.com/troyhunt/status/924095418421481474 Quoting: https://twitter.com/imrichardmorris/status/923980655050002432
|
# ? Oct 28, 2017 03:09 |
|
|
# ? May 19, 2024 21:40 |
|
Running Windows 7 at that.
|
# ? Oct 28, 2017 03:40 |
|
Any Charlotte infosec folks looking for a job? Our Vulnerability Management team is looking to hire for folks with experience in Configuration Management, Tripwire implementation, and knowledge of NERC CIP (this would be a bonus)
|
# ? Oct 30, 2017 21:21 |
|
After using a Mac for a year for real work, there are blessings I founds (Unix shell plus one single place for certs instead of each browser having their own store) but one thing that always seem off is the frequency of password entry for the same store and apps asking for things from the keychain beyond their use. Every day I will enter my password no less than 20 (not for login ) times. Outlook is the main offender but I am surprised how many times it asks if it wants to remember the password and never does. Isn't this a super bad risk encouraging the use of weaker passwords ? I use a password of at least 20 characters all across the character set but typing passwords like that repeatedly can be beyond a normal user who just wants to get poo poo done. The other thing is why does a text editor like sublime require keychain access? I am guessing it's ability to connect to svn or git is the reason but does it need it if no such config is entered? I use Intellj and Eclipse IDEs for decompile work. Even on Mac they don't need access to git or svn requiring keychain access until, hold on to your asses for this one, I'm actually using git/svn. Maybe because all this nonsense is because I am running a Mac in a windows network world.
|
# ? Oct 31, 2017 15:22 |
|
It sounds like it's setup wrong, certain apps might want to install Finder extensions or whatever, but that should be a one time thing, or once per version update, not every time you launch it.
|
# ? Oct 31, 2017 15:34 |
|
EVIL Gibson posted:After using a Mac for a year for real work, there are blessings I founds (Unix shell plus one single place for certs instead of each browser having their own store) but one thing that always seem off is the frequency of password entry for the same store and apps asking for things from the keychain beyond their use. Something got set up wrong. Outlook never asks me for my password beyond my initial login to my active directory account. I don't use sublime myself, but I do use PyCharm, and again other than installation time I've never been asked for a password. Even using GitHub only asked for it as part of the setup in the config.
|
# ? Oct 31, 2017 15:40 |
|
pretty sure you can adjust how long the keychain remembers your password in the settings for it.
|
# ? Oct 31, 2017 17:19 |
|
RFC2324 posted:pretty sure you can adjust how long the keychain remembers your password in the settings for it. My password is apparently stored throughout the keychain like herpes. Is there a log feature for keychain that tells me what application/service requested what password?
|
# ? Oct 31, 2017 18:56 |
|
EVIL Gibson posted:My password is apparently stored throughout the keychain like herpes. Is there a log feature for keychain that tells me what application/service requested what password? I'm dumb and posted in the wrong thread RFC2324 posted:when I googled it, first hit was this:
|
# ? Oct 31, 2017 20:56 |
Endless September still hasn't completely given up the ghost? It's going out with a 10.0 on CVSS v3 for CVE-2017-10151 affecting Oracle Identity Manager. Nevermind, it's not clear that this dates from back in September like I thought. Still, 10.0s don't come around every day. BlankSystemDaemon fucked around with this message at 00:19 on Nov 2, 2017 |
|
# ? Nov 2, 2017 00:10 |
|
D. Ebdrup posted:Endless September still hasn't completely given up the ghost? It's going out with a 10.0 on CVSS v3 for CVE-2017-10151 affecting Oracle Identity Manager. Fuuuuuckkk. I know a couple places that are hosed. Basically, Oracle uses this tech for ANYTHING dealing with authentication. They have crammed this into all sorts of grams. Db auth, web auth, two factor, ldap and other types of networks, email, smart cards and other pki. I think the main lure of the tech is if you have a login in one , it can be made to also auth you in anything else without creating new passwords. Permissions to the resources would have to be granted to you but imagine a world where automatically log in as admin to prod with the same creds as you do to log into ldap? Yah... I could see the risk if they slipped in one tiny thing to, I dunno, allow anyone that had guest access that is managed by OIM to have guest (or worse) access everywhere else.
|
# ? Nov 2, 2017 02:15 |
That sounds like the kind of Fun you get in Dwarf Fortress.
|
|
# ? Nov 2, 2017 17:17 |
|
D. Ebdrup posted:That sounds like the kind of Fun you get in Dwarf Fortress. Everything always ends in fire. ...So we're not far off really.
|
# ? Nov 2, 2017 18:36 |
|
Sorry if this is the wrong place for this. My company's environment uses a '.corp' domain name for its AD/Windows domain for some godforsaken reason and has no AD CS/PKI/internal CA set up. I'm trying to secure a Windows server application with an SSL certificate. The server will talk to many clients (internally). Does anyone have any suggestions for how to accomplish this? Should I just create a self-signed certificate and push it out via a GPO or something? I have less Windows admin experience than Linux but got saddled with this project because reasons and am trying to figure out the best way to accomplish securing it. I know I am bad at my job. Thank you.
|
# ? Nov 2, 2017 19:25 |
|
my bitter bi rival posted:Sorry if this is the wrong place for this. My company's environment uses a '.corp' domain name for its AD/Windows domain for some godforsaken reason and has no AD CS/PKI/internal CA set up. I'm trying to secure a Windows server application with an SSL certificate. The server will talk to many clients (internally). Does anyone have any suggestions for how to accomplish this? Should I just create a self-signed certificate and push it out via a GPO or something? I have less Windows admin experience than Linux but got saddled with this project because reasons and am trying to figure out the best way to accomplish securing it. I know I am bad at my job. Thank you.
|
# ? Nov 2, 2017 19:27 |
|
anthonypants posted:Without an internal CA, you're either going to have to use a self-signed certificate, or pay for one from an external CA. What you should absolutely not do is create one self-signed certificate and push it out to multiple servers. i dont think that I can buy the certificate because '.corp' is a high-risk TLD according to ICANN and thus is not available for registration and probably never will be. I would gladly just go that route though. I think using a self-signed one would create issues right? (I'd need to distribute it to every client who needs to contact the server or they'll get cert errors, right?) This might be opening a huge can of worms but can anyone recommend a resource for setting up an internal CA in windows? I assume I should use AD CS for this but people make it sound like a very scary, delicate process... (eg the comments here: https://redmondmag.com/articles/2015/06/01/ad-certificate-services.aspx ) post hole digger fucked around with this message at 19:33 on Nov 2, 2017 |
# ? Nov 2, 2017 19:30 |
|
That's pretty much accurate. It can be a pain to stand up a CA inside an already existing environment because lots of authentication will break until you sort out the individual certs.
|
# ? Nov 2, 2017 19:38 |
|
ChubbyThePhat posted:That's pretty much accurate. It can be a pain to stand up a CA inside an already existing environment because lots of authentication will break until you sort out the individual certs. I need a beer.
|
# ? Nov 2, 2017 19:52 |
|
I used to work for a company that used a domain name owned by some other company. That seems like a really bad decision.
|
# ? Nov 2, 2017 20:02 |
|
my bitter bi rival posted:I need a beer.
|
# ? Nov 2, 2017 20:03 |
|
Craft beer names are getting weirder
|
# ? Nov 2, 2017 20:11 |
|
Thanks Ants posted:Craft beer names are getting weirder Holy poo poo. I think we need to start a company. SA goons could be rich.
|
# ? Nov 2, 2017 20:13 |
|
Thanks Ants posted:Craft beer names are getting weirder
|
# ? Nov 2, 2017 21:08 |
|
Internet Explorer posted:Holy poo poo. I think we need to start a company. SA goons could be rich. ID10T IPA - A 10%er to wash away the dumb PEBCAK Porter Tripel DES
|
# ? Nov 2, 2017 21:10 |
|
IP Over IPA
|
# ? Nov 2, 2017 21:24 |
|
Pikavangelist posted:IP Over IPA Internet Protocol Ale
|
# ? Nov 2, 2017 21:33 |
|
wolrah posted:ID10T IPA - A 10%er to wash away the dumb Triple DES could already be one!
|
# ? Nov 2, 2017 22:16 |
|
DLL Helles
|
# ? Nov 2, 2017 22:18 |
|
Thanks Ants posted:DLL Helles Error: Too Many Hops
|
# ? Nov 2, 2017 22:24 |
|
syslager
|
# ? Nov 2, 2017 22:34 |
|
Domain Name Stout Transmission Control Pilsner Read-Ahead Lager us-1-yeast Test Dubbel
|
# ? Nov 2, 2017 23:32 |
|
Disaster Reinheitsgebot
|
# ? Nov 2, 2017 23:39 |
|
Mirrored Porter
|
# ? Nov 2, 2017 23:45 |
|
Open Porter ^ wtf?!
|
# ? Nov 2, 2017 23:46 |
|
Porter seems like the easy one to go with. Border Gateway Porter
|
# ? Nov 2, 2017 23:57 |
|
Figure the brewery name could be Berkeley Suds Distribution?
|
# ? Nov 2, 2017 23:59 |
|
I'd KRACK one of those open for sure
|
# ? Nov 3, 2017 00:00 |
|
...get it?
|
# ? Nov 3, 2017 00:00 |
|
Brew the Needful
|
# ? Nov 3, 2017 00:01 |
|
|
# ? May 19, 2024 21:40 |
|
AleDAP.
|
# ? Nov 3, 2017 00:05 |