Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Boner Wad
Nov 16, 2003

I'm dumb, what's the dumpster fire here?

Adbot
ADBOT LOVES YOU

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

Boner Wad posted:

I'm dumb, what's the dumpster fire here?

Depends really but security log collection can be a dumpster fire.

Bunni-kat
May 25, 2010

Service Desk B-b-bunny...
How can-ca-caaaaan I
help-p-p-p you?
I feel really stupid, but I can't find the stream, and the link just takes me to a 5 and a half hour talk from yesterday.

susan b buffering
Nov 14, 2016


Does NPR really use reaction gifs in articles how? I thought I was reading buzzfeed for a second.

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

Avenging_Mikon posted:

I feel really stupid, but I can't find the stream, and the link just takes me to a 5 and a half hour talk from yesterday.

It should be starting again at 10:30. I may have to link to it again.

Cup Runneth Over
Aug 8, 2009

She said life's
Too short to worry
Life's too long to wait
It's too short
Not to love everybody
Life's too long to hate


skull mask mcgee posted:

Does NPR really use reaction gifs in articles how? I thought I was reading buzzfeed for a second.

The kids, they listen to the rap music...

Pile Of Garbage
May 28, 2007



NPR merged with WorldStar.

The Fool
Oct 16, 2003


skull mask mcgee posted:

Does NPR really use reaction gifs in articles how? I thought I was reading buzzfeed for a second.

Considering it's an article about a term that was made popular by reaction gifs, I didn't think anything of it.

Bunni-kat
May 25, 2010

Service Desk B-b-bunny...
How can-ca-caaaaan I
help-p-p-p you?

Lain Iwakura posted:

It should be starting again at 10:30. I may have to link to it again.

Stream's going. BSides Track 1 Day 2?

Audio's echoing like crazy.

CLAM DOWN
Feb 13, 2007





Lmao

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

Avenging_Mikon posted:

Stream's going. BSides Track 1 Day 2?

Audio's echoing like crazy.

I haven't spoken yet.

https://twitter.com/KateLibc/status/973609996071067649?s=19

Bunni-kat
May 25, 2010

Service Desk B-b-bunny...
How can-ca-caaaaan I
help-p-p-p you?

Lain Iwakura posted:

I haven't spoken yet.

I'm really bad with time zones, okay? I figured I'd missed you.

Wrath of the Bitch King
May 11, 2005

Research confirms that black is a color like silver is a color, and that beyond black is clarity.
I dip my toe into the security side of IT a bit, but can anyone give me the rundown on the "forensic" client-based tools like CarbonBlack, CyberReason, etc.?

We're being asked to push one of these clients onto every workstation and server in the environment as a reactionary effort, and the whole thing seems like a really terrible idea just from the potential disruption it could cause.

Pile Of Garbage
May 28, 2007



Avenging_Mikon posted:

I'm really bad with time zones, okay? I figured I'd missed you.

It's live now https://www.youtube.com/watch?v=DRnDBPQIEmo

EVIL Gibson
Mar 23, 2001

Internet of Things is just someone else's computer that people can't help attaching cameras and door locks to!
:vapes:
Switchblade Switcharoo

Wrath of the Bitch King posted:

I dip my toe into the security side of IT a bit, but can anyone give me the rundown on the "forensic" client-based tools like CarbonBlack, CyberReason, etc.?

We're being asked to push one of these clients onto every workstation and server in the environment as a reactionary effort, and the whole thing seems like a really terrible idea just from the potential disruption it could cause.

I looked up carbonblack and now I loving hate that you think that is "forensic" software. It's not. I'll descibe after the below spiel.

CarbonBlack is a suite of tools to block and detect odd things going on in the system and how it talks.

For example, if a computer normally talks to the outside world through a proxy and all of the sudden it is now sending all traffic through an IP it never used as a proxy that would be detected as that does not fit normal use.

When the system is first implemented it should go through a a detect only phase where the system will throw alerts but not prevent work. Your IT department goes through the alerts and makes sure that the alerts are false positives then make rules to allow that sort of behavior (of course sending traffic through one of our two proxies with these ips are okay).

Make sure when going through these alerts you confirm and DOUBLE confirm what you see is true; you don't want to permit a connection being used by malware forever.

Then the system, when you go through a day of not a lot of alerts switch it to a block phase where things that are not allowed are actually blocked (with alerts , but now should be louder and more visible since there shouldn't be as many)

Now why I hate the word "forensic" is used is because that has a very specific connotation to it; to turn an electronic into something that can be submitted to court,used as evidence, or researched if it contains malware.

Forensics takes drive images in a way that no cluster is out of place, no file/folder deleted, and it can even get to the point that the memory contents are accurate. It should allow you to make a copy easily while leaving the original exactly what it looked like. Usually crypto certs or similiar are used to verify the contents are as they were when the system was imaged. What I'm trying to say, consider "forensics" as a spin word that is constantly being abused in the security industry today.

The Fool
Oct 16, 2003


Forensics doesn't just apply to imaging drives, it applies to any investigation after the fact with special attention being paid to maintaining the chain of custody for any data you are analyzing.

The Fool
Oct 16, 2003



Good talk.

Is there going to be a link to just your session? I have some coworkers who would benefit greatly from the content covered.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

Forensics just means “to do with crime”. I was doing network intrusion and exfiltration analysis with and without police in 1995, and it everyone called it forensics, and I had no chain of custody requirements. (Those would have been awkward, because I wasn’t yet of the age of majority for some of that time.)

EVIL Gibson
Mar 23, 2001

Internet of Things is just someone else's computer that people can't help attaching cameras and door locks to!
:vapes:
Switchblade Switcharoo

The Fool posted:

Forensics doesn't just apply to imaging drives, it applies to any investigation after the fact with special attention being paid to maintaining the chain of custody for any data you are analyzing.

Yes, that's correct. I was using hard drives to get across with the most understood example.

Basically, techniques to prevent electronic changes and use ways to show it has not been modified in transit .

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

The Fool posted:

Good talk.

Is there going to be a link to just your session? I have some coworkers who would benefit greatly from the content covered.

I believe so. I'll link to it with the slides once I have those details.

Bunni-kat
May 25, 2010

Service Desk B-b-bunny...
How can-ca-caaaaan I
help-p-p-p you?

The Fool posted:

Good talk.

Agreed, in that I know nothing about this, and actually could follow along.

Kazinsal
Dec 13, 2011


I was in a meeting and missed it :(

Really looking forward to the video+slides of it being posted!

CLAM DOWN
Feb 13, 2007




I was there live, and it was an awesome talk! I'm going to forward my former coworkers to the slides because god drat they should have learned those things before their disastrous MSSP foray a couple years ago

Media Bloodbath
Mar 1, 2018

PIVOT TO ETERNAL SUFFERING
:hb:
So is AMD getting thrown under the bus by Intel or short sellers?

https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

Like the whitepaper, it’s probably nothing that exciting.

Kazinsal
Dec 13, 2011


No paper trail for the existence of the company behind the findings, no disclosure period, disclaimer in the whitepaper admitting financial connection and interest in AMD's competitors, marketing buzzwords instead of technical details, citations to random PDFs on the internet, and to top it all off, no HTTPS on a supposed security consultancy's website.

This reeks of corporate hit piece.

BlankSystemDaemon
Mar 13, 2009



Quoting myself because that :munch: is a link, and here's some words about it.

Wrath of the Bitch King
May 11, 2005

Research confirms that black is a color like silver is a color, and that beyond black is clarity.

I really appreciate the response, thanks. Forensics is definitely a buzzword in the industry, and I called it such since that's how our internal Security team is trying to sell this to the higher ups. They aren't building the argument for the product as a preventative measure, they're building an argument for the product as a web of client software that encapsulates all behavior going on in the environment at all times. I'm not saying that's accurate, but that's how it's being presented; a tool to increase visibility.

This is also being layered with traditional endpoint protection.

Daman
Oct 28, 2011
if traditional endpoint protection means third party AV, that's a waste of time

carbon black or similar is a real good thing to have. it's an idiot proof way of setting up an equivalent to sysmon+WEF+siem alerts.

windows defender ATP does the same but better. the GUI is less poo poo, faster, better default rules, etc. they even supposedly support non-win10 systems now.

The Fool
Oct 16, 2003


Daman posted:

windows defender ATP does the same but better. the GUI is less poo poo, faster, better default rules, etc. they even supposedly support non-win10 systems now.

I'm in the process of deploying Defender ATP right now. The dashboard is actually super useful and provides a lot of information in a very easy to consume way.

Internet Explorer
Jun 1, 2005





gently caress you, Equifax execs.

Senior ex-Equifax executive charged with insider trading
CIO allegedly sold $1 million worth of stock 10 days before public learned of breach.

evil_bunnY
Apr 2, 2003

And they're more likely to suffer repercussions from that than the actual leak.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE

evil_bunnY posted:

And they're more likely to suffer repercussions from that than the actual leak.

Honestly, I'm surprised they are even doing something about it.

evobatman
Jul 30, 2006

it means nothing, but says everything!
Pillbug
loving over rich white people is one of the few remaining things rich white people can go to jail for.

Cup Runneth Over
Aug 8, 2009

She said life's
Too short to worry
Life's too long to wait
It's too short
Not to love everybody
Life's too long to hate


So long as they aren't considerably richer than the other rich white people

ChubbyThePhat
Dec 22, 2006

Who nico nico needs anyone else
It's all relative, really.

orange sky
May 7, 2007

Interesting chat on Twitter today, while talking about security in a case where a judicial worker shared a password with a helpdesk worker that illegally accessed her data. I said something to the tune of "the system isn't flawed per se, people create the flaws"

Some dude answered "if the system is good people can't create flaws" and I just said "good luck with that."

His answer: "I have 10 years of experience creating ERP profiles. I don't need luck :cool:"

Motherfucking lol

Bunni-kat
May 25, 2010

Service Desk B-b-bunny...
How can-ca-caaaaan I
help-p-p-p you?
I mean, I guess if you mandate 2FA, and location-based permissions, then giving out your password wouldn't matter.

I'd still bet on a user finding a way to gently caress it up.

orange sky
May 7, 2007

Yeah that was the case in point my follow up in the first tweet was that I've been in 50 different places where we wanted to implement MFA and everyone was like "oh no no way our users would never be able to/want to do that"

The dude was somehow implying you could build a perfect system with flawed, stupid people

Adbot
ADBOT LOVES YOU

Thanks Ants
May 21, 2004

#essereFerrari


An admin can grant the wrong privileges to a user and they can gain access to sensitive data that they shouldn't have seen. Is that a system flaw?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply