|
CLAM DOWN posted:Man, is that actually a stereotype of Vancouver? That's terrible haha, I only know like one person in all my social circles who smokes the weed regularly. Yeah definitely, even though my closet's rent is only like $2k/mo, there's definitely a strong security scene there. We actually have a lot of trouble finding security-trained and experienced people for positions, like for a security-related job posting, we might get 20 applicants, not a single security cert or previous position. It's a buyer's market! For jobs, not for real estate. i covet my job for a good reason. a lot of the security roles in vancouver pay absolutely horribly and i have that one unicorn job that allows me to actually live comfortably. annoyingly i am one of four women i know of in the city who does infosec too
|
#
?
Dec 24, 2017 08:25
|
|
|
|
| # ? May 17, 2024 02:52 |
|
|
Someone figured out how to handle password leaks.
|
|
#
?
Dec 28, 2017 17:50
|
|
|
I had this happen to me when I was running Canario. They wanted their clients' e-mail addresses and password hashes removed from the database.
|
|
#
?
Dec 28, 2017 18:56
|
|
|
I have no need for it (Defender user of course), but I'm intrigued by Webroot as an AV solution. Purely out of curiosity, any good independent analysis of how well it works out there? My Googlin' leads me to the various generic reviews rather than any serious look.
|
|
#
?
Dec 29, 2017 18:14
|
|
|
https://twitter.com/chelseakomlo/status/946904128554504192 It's about Jacob Appelbaum, in case you don't want to click the link to find out.
|
|
#
?
Dec 30, 2017 05:08
|
|
|
This industry is loving toxic.
|
|
#
?
Dec 30, 2017 05:11
|
|
|
Not sure this is the right place to ask, but I've ended up being tasked with putting together a website that will be sending financial documents to a AWS database. I know nothing about cybersecurity or infosec and am somewhat terrified doing something like this, though thankfully I am not personally liable if anything goes wrong. Is there a good resource for like, putting together something simple and not loving over a bunch of customers due to a lack of research?
|
|
#
?
Dec 30, 2017 06:13
|
|
|
Thermopyle posted:I have no need for it (Defender user of course), but I'm intrigued by Webroot as an AV solution. Purely out of curiosity, any good independent analysis of how well it works out there? My Googlin' leads me to the various generic reviews rather than any serious look. They had a pretty significant fuckup earlier this year although they say they’ve learned from it, etc etc. From what I’ve seen, they’re a pretty decent player in the MSP space.
|
|
#
?
Dec 30, 2017 08:03
|
|
|
everythingWasBees posted:Not sure this is the right place to ask, but I've ended up being tasked with putting together a website that will be sending financial documents to a AWS database. I know nothing about cybersecurity or infosec and am somewhat terrified doing something like this, though thankfully I am not personally liable if anything goes wrong. Is there a good resource for like, putting together something simple and not loving over a bunch of customers due to a lack of research? Depends a bit on what kind of information you store and what you're supposed to do with it. Large banks are using AWS, so it's no inherently a problem. You just have to do the right things to prevent abuse or leaks. PCI-DSS v3 has a simple list of things to do, AWS themselves have best practices too, if you *really* want to be sure you're not doing something dangerous look into what the cloud security alliance matrix (which is basically ssae16/iso27001/hipaa/pci/etcetcetc controls combined into one massive list, may be missing gdpr technical controls - haven't checked) expects of you. And then consider what meets your risk appetite and how much you or your employer cares about and/or are liable for people's personal lives. Without any more information about what you're supposed to be doing, it's hard to give specific advice.
|
|
#
?
Dec 30, 2017 10:49
|
|
|
CLAM DOWN posted:This industry is loving toxic.
|
|
#
?
Dec 30, 2017 12:17
|
|
|
evil_bunnY posted:What makes you think it’s different elsewhere? It’s lovely for women everyfuckingwhere. It’s toxic, even if it’s not uniquely toxic.
|
|
#
?
Dec 30, 2017 12:26
|
|
|
evil_bunnY posted:What makes you think it’s different elsewhere? It’s lovely for women everyfuckingwhere. I didn't say it was different or unqiue in any way and I have zero idea how you drew that from my post.
|
|
#
?
Dec 30, 2017 19:22
|
|
|
The kingdoms invented police to deal with crime 800 years ago, let's not poo poo up infosec with the daily troubles of lovely people and their victims.
|
|
#
?
Dec 30, 2017 23:15
|
|
|
EssOEss posted:The kingdoms invented police to deal with crime 800 years ago, let's not poo poo up infosec with the daily troubles of lovely people and their victims. Are you referring to this: Absurd Alhazred posted:https://twitter.com/chelseakomlo/status/946904128554504192 Because I'm not sure how calling out a rapist in the infosec community isn't about the infosec industry and community
|
|
#
?
Dec 30, 2017 23:32
|
|
|
There's a site set up that compiles the allegations against that guy and one of them said he used to organize the lightning talks at 3c until he was harassed into never attending again because someone wanted to do a 5 min lightning talk about how Appelbaum was an rear end in a top hat
|
|
#
?
Dec 30, 2017 23:39
|
|
|
Thanks Microsoft! https://twitter.com/SwiftOnSecurity/status/947277933344935937
|
|
#
?
Dec 31, 2017 02:33
|
|
|
Absurd Alhazred posted:Thanks Microsoft! Wasn't that one of the selling points of paying for the Pro version to begin with?
|
|
#
?
Dec 31, 2017 05:27
|
|
|
Zil posted:Wasn't that one of the selling points of paying for the Pro version to begin with? It's been a PITA on Pro for a while on non-domain machines but possible, enterprise is the one that doesn't just ignore registry settings for it.
|
|
#
?
Dec 31, 2017 05:32
|
|
|
Pffffh cmon what home user DOESNT pay $122 per year for Enterprise licensing per workstation plus operate and update a domain controller?
|
|
#
?
Dec 31, 2017 05:40
|
|
|
Is there no way to buy a single license for enterprise, lol?
|
|
#
?
Dec 31, 2017 20:34
|
|
|
I think you can get a single E3 subscription from a reseller, but it’s tough to find information on this for some countries. I’m not sure why Microsoft don’t sell an Ultimate edition anymore and just charge more to make up for the lost ad revenue they get from home and pro users.
|
|
#
?
Dec 31, 2017 20:49
|
|
|
Daman posted:Is there no way to buy a single license for enterprise, lol? You can now engage ms for single license subscriptions.
|
|
#
?
Dec 31, 2017 20:51
|
|
|
Have a link for that?
|
|
#
?
Dec 31, 2017 20:53
|
|
|
How does the educational license fit in with this? It has almost all of the features of enterprise, does it also have the ads tho?
|
|
#
?
Dec 31, 2017 21:51
|
|
|
RFC2324 posted:How does the educational license fit in with this? It has almost all of the features of enterprise, does it also have the ads tho? Education is just Pro with the option to defer updates for slightly longer. LTSB is locked and not possible to upgrade, except manually when new versions come out.
|
|
#
?
Dec 31, 2017 21:59
|
|
|
bobfather posted:Education is just Pro with the option to defer updates for slightly longer. According to this: https://liliputing.com/2015/07/differences-between-windows-10-home-pro-enterprise-and-education.html Education is Enterprise without Cortana(and I assume LTSB, but its not listed)
|
|
#
?
Dec 31, 2017 22:21
|
|
|
RFC2324 posted:According to this: https://liliputing.com/2015/07/differences-between-windows-10-home-pro-enterprise-and-education.html Education is only targeted to K-12, now, with Pro being offered to college students/universities as of early 2017 as far as I've seen. https://docs.microsoft.com/en-us/education/windows/
|
|
#
?
Dec 31, 2017 23:11
|
|
|
RFC2324 posted:According to this: https://liliputing.com/2015/07/differences-between-windows-10-home-pro-enterprise-and-education.html I’m pretty sure it goes like this: Education can defer upgrades for a little while and lacks Cortana. Enterprise can defer upgrades for a little while and lacks Cortana and most or all Metro apps. LTSB can defer upgrades forever and lacks literally everything, including Edge. I’m also pretty sure there’s working Powershell scripts to take Enterprise / Education and restore the features missing versus Pro, but there isn’t any way to take LTSB and restore all the features it’s missing. Finally, I’m pretty sure Education and Enterprise cannot defer upgrades indefinitely. There’s ways to stop upgrades manually (Windows Update Minitool, or disable the upgrade service totally) or by using WSUS, but the OS by itself can’t stop upgrades.
|
|
#
?
Dec 31, 2017 23:12
|
|
|
Grassy Knowles posted:Education is only targeted to K-12, now, with Pro being offered to college students/universities as of early 2017 as far as I've seen. loving Microsoft loving with SKUs
|
|
#
?
Dec 31, 2017 23:13
|
|
|
RFC2324 posted:loving Microsoft loving with SKUs
|
|
#
?
Dec 31, 2017 23:15
|
|
|
bobfather posted:Enterprise can defer upgrades for a little while and lacks Cortana and most or all Metro apps. I had to disable Cortana and a ton of metro apps in my enterprise image. My users also used to get “suggested app” notifications until I got that turned off. The only difference between enterprise and pro is that you’re actually able to turn those things off in enterprise.
|
|
#
?
Dec 31, 2017 23:24
|
|
|
The Fool posted:I had to disable Cortana and a ton of metro apps in my enterprise image. Yeah I think I’ve jumbled around what’s not in Enterprise with what’s actually not in LTSB. The short of it is, loving Microsoft and all their SKUs.
|
|
#
?
Dec 31, 2017 23:26
|
|
|
Pick some not-poo poo defaults please MS
|
|
#
?
Dec 31, 2017 23:34
|
|
|
https://twitter.com/s1guza/status/947603265700601856
|
|
#
?
Jan 1, 2018 04:41
|
|
|
I am one of the biggest critics of MS's "content delivery" and appx in general, and I'm not even sure what infosec taylor swift is talking about. They disabled some group policies that could prevent the ads from showing up, but a) that was in 2016, Redstone 2 was the spring 2017 update b) those settings were never really effective because major updates are fresh installs and fresh installs of win10 have those junk apps no matter what policies or settings you try to use on them. poo poo comes back every 6 months no matter what.
|
|
#
?
Jan 1, 2018 05:20
|
|
|
bobfather posted:Enterprise can defer upgrades for a little while and lacks Cortana and most or all Metro apps.
|
|
#
?
Jan 1, 2018 07:00
|
|
|
Klyith posted:I am one of the biggest critics of MS's "content delivery" and appx in general, and I'm not even sure what infosec taylor swift is talking about. They disabled some group policies that could prevent the ads from showing up, but You could beat them by installing offline, deleting the stub files for the apps, then connecting. Perhaps that's no longer possible?
|
|
#
?
Jan 1, 2018 07:03
|
|
|
Grassy Knowles posted:You could beat them by installing offline, deleting the stub files for the apps, then connecting. Perhaps that's no longer possible? which is kinda more work than just right clicking a bunch of dumb ad tiles and selecting uninstall But since this is the infosec thread, how do people here feel about appx in general? The driving force behind it seems to be security (also microsoft realizing they're the only company not making a 30% cut of every app sold on their platform). But I've just had terrible luck with it, it seems too secure for it's own good. Right now I have some of the standard OS apps that are totally broken with Event 69 errors, which as far as I can tell mean that the permissions have gotten hosed up so they can't launch. (They also can't update, and I'm pretty sure the only thing that will fix it is an in-place reinstall. Which I can't be bothered to do so I'm just waiting for the spring update.) My calculator doesn't work because its security is busted. That, IMHO, is a sign that your poo poo has gone off the rails.
|
|
#
?
Jan 1, 2018 07:22
|
|
|
Ah that's just Microsoft trying to cover up security flaws by preventing proofs of concept from launching calc.exe! 
|
|
#
?
Jan 1, 2018 07:25
|
|
|
|
| # ? May 17, 2024 02:52 |
|
|
Happy new year 
|
|
#
?
Jan 1, 2018 07:27
|
|