|
Klyith posted:"Attacker can gently caress with your BIOS" seems like a big enough prerequisite that any exploit following up on that is just icing on the cake. Yeah, she did a presentation on the risks of the ME and the compete lack of a way of effectively bypass/disable it at CCC a few years back
|
# ? Dec 11, 2017 16:31 |
|
|
# ? May 27, 2024 04:04 |
|
gourdcaptain posted:And in "I am genuinely completely baffled", my Lenovo Yoga 700-11isk, the Skylake (Intel Core m5-6Y54) tablet convertible that tests vulnerable to the Intel Management Engine issues with Intel's detection tools but wasn't on Lenovo's list of vulnerable laptops: Ok sir hello, I need you to open your browser and go to double you double you double you, dot Lenovo, dot com, and type in your model laptop, and then click on support, and then click on firmware Ok, yes sir, I understand sir, but I need you to please follow my instructions. No, sir, I need you to follow the instructions, we must try this to trouble shoot your problem. No sir, my manager is not available. Please open your browser and
|
# ? Dec 12, 2017 04:17 |
|
1998 attack that messes with sites’ secret crypto keys is back in a big way
|
# ? Dec 13, 2017 00:55 |
|
|
# ? Dec 13, 2017 00:58 |
|
Internet Explorer posted:1998 attack that messes with sites’ secret crypto keys is back in a big way "Exploits typically require an attacker to make tens of thousands of connections to a vulnerable site. " I mean that sounds really noisy and the kind of thing a facebook or paypal -worthy IDS would pick up right
|
# ? Dec 13, 2017 01:24 |
|
NevergirlsOFFICIAL posted:"Exploits typically require an attacker to make tens of thousands of connections to a vulnerable site. " A distributed network pushing an aggregate 1qps for a few hours? That seems more like something that's going to get lost in the noise.
|
# ? Dec 13, 2017 01:30 |
|
NevergirlsOFFICIAL posted:"Exploits typically require an attacker to make tens of thousands of connections to a vulnerable site. " Yeah, but frankly there plenty of cash to be made on marks without IDS (or someone actually watching ids)
|
# ? Dec 13, 2017 01:38 |
|
a) ids is garbage and insufficient for new attacks of this calibre b) poc was made against facebook - twice. the second poc was after the engineers attempted a fix and a different variation of the attack was made c) bleichenbacher variants aren't something that have been forgotten to the mists of time, it's the basis of DROWN
|
# ? Dec 13, 2017 01:49 |
|
I guess it's InfoSec related. I just discovered WireGuard, a kind-of replacement for IPSEC (it operates at layer 3 like IPSEC, not at layer 6 like OpenVPN). The whitepaper is pretty good and the tech seems solid. There are rumors it'll make it into the Linux Kernel in the coming two years. The best difference with IPSEC is that the configuration file is like 6 lines (compare that to the nightmare that is StrongSwan, because ISAKMP/IKE is so complex). ~~ Anyway ~~ I was wondering if anybody knows of a Windows, client implementation of that because I could only find modules for Linux. Which is fine for some of my cases but I'd like to be able to run this from my dev machine because it runs Windows.
|
# ? Dec 13, 2017 10:12 |
|
Furism posted:I guess it's InfoSec related. I just discovered WireGuard, a kind-of replacement for IPSEC (it operates at layer 3 like IPSEC, not at layer 6 like OpenVPN). The whitepaper is pretty good and the tech seems solid. There are rumors it'll make it into the Linux Kernel in the coming two years. The best difference with IPSEC is that the configuration file is like 6 lines (compare that to the nightmare that is StrongSwan, because ISAKMP/IKE is so complex). as long as you aren't trying to use this now quote:About The Project but there doesn't look to be a windows client implementation at present, no. astral fucked around with this message at 10:19 on Dec 13, 2017 |
# ? Dec 13, 2017 10:16 |
|
astral posted:as long as you aren't trying to use this now Yes it wouldn't be for anything critical, barely a little more than experimenting with it. But you're right to point it out.
|
# ? Dec 13, 2017 10:30 |
Furism posted:I guess it's InfoSec related. I just discovered WireGuard, a kind-of replacement for IPSEC (it operates at layer 3 like IPSEC, not at layer 6 like OpenVPN). The whitepaper is pretty good and the tech seems solid. There are rumors it'll make it into the Linux Kernel in the coming two years. The best difference with IPSEC is that the configuration file is like 6 lines (compare that to the nightmare that is StrongSwan, because ISAKMP/IKE is so complex). However, let's assume for a second that the implementation passes muster - there's still the same blocker for any and all VPN technologies, namely client OS adoption. IPsec can be relied on to be available basically everywhere and with NAT-T and ESP (defaults to aes128-sha256 on FreeBSD, anything supplied by crypto(9) can be used) there are very few places where you can't use it. Plus, if you throw L2TP into the mix, there's basically nothing you can't use it for. OpenVPN, WireGuard, and anything else requiring additional client software limits deployability, doesn't necessarily carry all traffic, and there are networks where it won't be usable.
|
|
# ? Dec 13, 2017 12:44 |
|
D. Ebdrup posted:Despite the fact that Jason does excellent work (I'm very happy with password-store, which he also makes), there aren't a whole lot of citations for the whitepaper, and none from papers published in journals on the master list. Totally agree. But IPSEC isn't simple enough for Not Enterprise use. I should know, part of my job is stress testing IPSEC gateways. It's a nightmare to figure out the configuration of each device, and most of the time the network admins don't know. Different vendors have different names for the same parameters, etc. And most of the time you still need a vendor's own client because it's such a pain in the rear end to setup natively in the OS it's just not worth the hassle. I have a Cisco, Check Point, Palo Alto and Fortinet VPN client on my PC right now, when Windows should be perfectly capable to do it. But noooo, Win 10 requires EAP, you see, but not MacOS, so I suppose IT just goes "gently caress it, let's install one more software through the AD." I don't want to sound like I'm ranting against IPSEC, because I like the protocol a lot. But the RFC leaves too many things to interpretation/decision of whoever. I prefer tight protocols. I know that wasn't the goal of IPSEC (it needs to accommodate anything between "road warriors" to site-to-site to loving LTE data plane) but it's the goal of WireGuard so, in principle, I like it. I do take your point about the white paper not having lots of citations etc, and you seem like you know your stuff so I'd like to hear more if possible.
|
# ? Dec 13, 2017 15:41 |
|
Furism posted:Totally agree. But IPSEC isn't simple enough for Not Enterprise use. I should know, part of my job is stress testing IPSEC gateways. It's a nightmare to figure out the configuration of each device, and most of the time the network admins don't know. It’s my hope that something like algo can help change that by showing there’s a demand for it. I know it’s not directly solving your criticisms, but it’s a good step in removing the barrier to entry.
|
# ? Dec 15, 2017 01:23 |
|
Nam Taf posted:It’s my hope that something like algo can help change that by showing there’s a demand for it. I know it’s not directly solving your criticisms, but it’s a good step in removing the barrier to entry. Sweet, had never heard of this before. I'll look into it, thanks a lot!
|
# ? Dec 15, 2017 10:14 |
|
https://twitter.com/gN3mes1s/status/941315826107510784
|
# ? Dec 16, 2017 04:56 |
|
Lmao that's an MS signed exe? So much for application whitelisting stopping that one
|
# ? Dec 16, 2017 05:51 |
|
what the gently caress
|
# ? Dec 16, 2017 15:00 |
|
HAHAHAHAHAHAHAHA
|
# ? Dec 16, 2017 18:59 |
|
CLAM DOWN posted:Lmao that's an MS signed exe? So much for application whitelisting stopping that one Visio is signed too.
|
# ? Dec 17, 2017 02:54 |
|
CLAM DOWN posted:Lmao that's an MS signed exe? So much for application whitelisting stopping that one AppLocker enforcement of exe's has always been vulnerable to this, they're very explicit about it and that's why they let you do DLL enforcement as well. The trick will be if the dll injected is also signed which this is not showing. If you're not doing DLL enforcement then you need to add its code signature to the block list since you're probably allowing all MS-signed stuff by default.
|
# ? Dec 18, 2017 16:33 |
|
BangersInMyKnickers posted:AppLocker enforcement of exe's has always been vulnerable to this, they're very explicit about it and that's why they let you do DLL enforcement as well. The trick will be if the dll injected is also signed which this is not showing. If you're not doing DLL enforcement then you need to add its code signature to the block list since you're probably allowing all MS-signed stuff by default. Yeah, we're using a third party as applocker is so minimal it's not a true whitelisting solution. And we do dll enforcement, although given the headache implementing it I would bet most people out there are not.
|
# ? Dec 18, 2017 17:28 |
|
What functionality are you looking for that AppLocker doesn't provide?
|
# ? Dec 18, 2017 17:30 |
|
BangersInMyKnickers posted:What functionality are you looking for that AppLocker doesn't provide? Stoppin' those viruses you said it would stop, doggone it! I need a :ceo: like but in a suit
|
# ? Dec 18, 2017 18:25 |
|
BangersInMyKnickers posted:What functionality are you looking for that AppLocker doesn't provide? There's a significant amount of functionality provided by software like Bit9/Carbon Black over something very minimal and lacking like Applocker: Much more granular policies, approvals based on signatures and much more detailed publisher approvals, trusted users and paths, auto approvals with Fireeye integration, detailed automated file discovery, the list goes on.
|
# ? Dec 18, 2017 18:29 |
|
Approvals based on signatures are now available with Device Guard I think.. It's probably Enterprise only and Windows 10 only but I think it supports signature based whitelisting.. https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide
|
# ? Dec 19, 2017 00:26 |
|
AppLocker has supported signature-based approvals since day one so I have no idea what clam is talking about. Maybe he's thinking of its predecessor software restriction policies or something.
|
# ? Dec 19, 2017 01:09 |
|
BangersInMyKnickers posted:AppLocker has supported signature-based approvals since day one so I have no idea what clam is talking about. Maybe he's thinking of its predecessor software restriction policies or something. I obviously could be, that's just been my understanding. Obviously you're very pro-Applocker, I'm not trying to poo poo on you or anything and it's weird you're referring to me in 3rd person like that, I've just have had an excellent experience with alternate solutions and Applocker isn't really considered sufficient for highly secure enterprises.
|
# ? Dec 19, 2017 01:18 |
|
CLAM DOWN posted:I obviously could be, that's just been my understanding. Obviously you're very pro-Applocker, I'm not trying to poo poo on you or anything and it's weird you're referring to me in 3rd person like that, I've just have had an excellent experience with alternate solutions and Applocker isn't really considered sufficient for highly secure enterprises. There’s highly secure enterprises in Vancouver?
|
# ? Dec 19, 2017 03:01 |
|
Avenging_Mikon posted:There’s highly secure enterprises in Vancouver? Yes sir, I tend to be pretty private/vague when posting stuff about my work (or myself for that matter) publicly on SA, but yup.
|
# ? Dec 19, 2017 03:08 |
|
Avenging_Mikon posted:There’s highly secure enterprises in Vancouver? HSBC has their Canadian HQ there, and HSBC's most profitable clientele tends to demand discreet, effective security.
|
# ? Dec 19, 2017 03:19 |
|
Why would you make it easy to report fraud online? What is this, 2017 or something?! https://twitter.com/briankrebs/status/942920896616034305
|
# ? Dec 19, 2017 05:17 |
|
Proteus Jones posted:HAHAHAHAHAHAHAHA I just got a no-warning forced update on windows 10 that gave me a "these updates are to protect you in an online world!" message on restart, i assume it's related to this debacle
|
# ? Dec 19, 2017 06:10 |
|
andrew smash posted:I just got a no-warning forced update on windows 10 that gave me a "these updates are to protect you in an online world!" message on restart, i assume it's related to this debacle Don't worry. It'll just end up being more fuel for the fire.
|
# ? Dec 19, 2017 12:25 |
|
CLAM DOWN posted:I obviously could be, that's just been my understanding. Obviously you're very pro-Applocker, I'm not trying to poo poo on you or anything and it's weird you're referring to me in 3rd person like that, I've just have had an excellent experience with alternate solutions and Applocker isn't really considered sufficient for highly secure enterprises. AppLocker has legitimate shortfalls with logging and monitoring that need to be compensated for with something like Splunk and I was genuinely asking what you were getting with the 3rd party stuff that may be helping with that. But some of what you claim AppLocker cannot do is objectively incorrect and is actually its primary function.
|
# ? Dec 19, 2017 15:28 |
|
CLAM DOWN posted:Yes sir, I tend to be pretty private/vague when posting stuff about my work (or myself for that matter) publicly on SA, but yup. I just figured y'all were too stoned to bother with security. Maybe after I study more security stuff I should move to Vancou then. Can I crash in your cardboard box?
|
# ? Dec 19, 2017 18:43 |
|
Avenging_Mikon posted:I just figured y'all were too stoned to bother with security. Maybe after I study more security stuff I should move to Vancou then. Can I crash in your cardboard box? Man, is that actually a stereotype of Vancouver? That's terrible haha, I only know like one person in all my social circles who smokes the weed regularly. Yeah definitely, even though my closet's rent is only like $2k/mo, there's definitely a strong security scene there. We actually have a lot of trouble finding security-trained and experienced people for positions, like for a security-related job posting, we might get 20 applicants, not a single security cert or previous position. It's a buyer's market! For jobs, not for real estate.
|
# ? Dec 19, 2017 18:47 |
|
CLAM DOWN posted:, like for a security-related job posting, we might get 20 applicants, not a single security cert or previous position. It's a buyer's market! For jobs, not for real estate. Okay, serious questions time: I'm completely self-trained on everything I know. I'm currently studying for Sec+, and then plan to get a couple courses from SANS. My only official experience in IT work is service desk. Once I have those SANS courses, how high up the list would that get me for an interview?
|
# ? Dec 19, 2017 19:22 |
|
Avenging_Mikon posted:Okay, serious questions time: Even though we recognize how insanely expensive it is, we really strongly value SANS training and I believe it's probably the best in the industry (again, that said, I totally understand how it's not possible for a lot of people to do due to the cost). So I recommend the following and would look on positively in an interview if you do: Sec+ SANS, at least SEC 401 to kick off that training track Home lab work, play with some security tools Community interest, join a local user group (like google VanCitySec for ours), attend B-Sides, etc. By doing that, you're above like 99% of candidates I interview for security stuff.
|
# ? Dec 19, 2017 19:25 |
|
|
# ? May 27, 2024 04:04 |
|
Sweet. I'm really enjoying security stuff. Not "glamorous" stuff like pen testing or red teams, but setting up an environment that allows users to do what they need, no more, no less, while minimizing risk of data breeches. HIDS and NIDS and all that fun poo poo. It's something I'd like to get in to as my focus. Just don't know what aspect yet. Really appeals to my nit-picky nature.
|
# ? Dec 19, 2017 20:06 |