|
Lain Iwakura posted:On the subject of dumpster fires... I'm dumb, what's the dumpster fire here?
|
# ? Mar 13, 2018 16:19 |
|
|
# ? May 14, 2024 08:02 |
|
Boner Wad posted:I'm dumb, what's the dumpster fire here? Depends really but security log collection can be a dumpster fire.
|
# ? Mar 13, 2018 16:32 |
|
I feel really stupid, but I can't find the stream, and the link just takes me to a 5 and a half hour talk from yesterday.
|
# ? Mar 13, 2018 16:49 |
|
Does NPR really use reaction gifs in articles how? I thought I was reading buzzfeed for a second.
|
# ? Mar 13, 2018 16:50 |
|
Avenging_Mikon posted:I feel really stupid, but I can't find the stream, and the link just takes me to a 5 and a half hour talk from yesterday. It should be starting again at 10:30. I may have to link to it again.
|
# ? Mar 13, 2018 17:14 |
|
skull mask mcgee posted:Does NPR really use reaction gifs in articles how? I thought I was reading buzzfeed for a second. The kids, they listen to the rap music...
|
# ? Mar 13, 2018 17:31 |
|
NPR merged with WorldStar.
|
# ? Mar 13, 2018 17:42 |
|
skull mask mcgee posted:Does NPR really use reaction gifs in articles how? I thought I was reading buzzfeed for a second. Considering it's an article about a term that was made popular by reaction gifs, I didn't think anything of it.
|
# ? Mar 13, 2018 17:45 |
|
Lain Iwakura posted:It should be starting again at 10:30. I may have to link to it again. Stream's going. BSides Track 1 Day 2? Audio's echoing like crazy.
|
# ? Mar 13, 2018 17:47 |
|
Lmao
|
# ? Mar 13, 2018 17:59 |
|
Avenging_Mikon posted:Stream's going. BSides Track 1 Day 2? I haven't spoken yet. https://twitter.com/KateLibc/status/973609996071067649?s=19
|
# ? Mar 13, 2018 18:25 |
|
Lain Iwakura posted:I haven't spoken yet. I'm really bad with time zones, okay? I figured I'd missed you.
|
# ? Mar 13, 2018 18:29 |
|
I dip my toe into the security side of IT a bit, but can anyone give me the rundown on the "forensic" client-based tools like CarbonBlack, CyberReason, etc.? We're being asked to push one of these clients onto every workstation and server in the environment as a reactionary effort, and the whole thing seems like a really terrible idea just from the potential disruption it could cause.
|
# ? Mar 13, 2018 18:55 |
|
Avenging_Mikon posted:I'm really bad with time zones, okay? I figured I'd missed you. It's live now https://www.youtube.com/watch?v=DRnDBPQIEmo
|
# ? Mar 13, 2018 18:56 |
|
Wrath of the Bitch King posted:I dip my toe into the security side of IT a bit, but can anyone give me the rundown on the "forensic" client-based tools like CarbonBlack, CyberReason, etc.? I looked up carbonblack and now I loving hate that you think that is "forensic" software. It's not. I'll descibe after the below spiel. CarbonBlack is a suite of tools to block and detect odd things going on in the system and how it talks. For example, if a computer normally talks to the outside world through a proxy and all of the sudden it is now sending all traffic through an IP it never used as a proxy that would be detected as that does not fit normal use. When the system is first implemented it should go through a a detect only phase where the system will throw alerts but not prevent work. Your IT department goes through the alerts and makes sure that the alerts are false positives then make rules to allow that sort of behavior (of course sending traffic through one of our two proxies with these ips are okay). Make sure when going through these alerts you confirm and DOUBLE confirm what you see is true; you don't want to permit a connection being used by malware forever. Then the system, when you go through a day of not a lot of alerts switch it to a block phase where things that are not allowed are actually blocked (with alerts , but now should be louder and more visible since there shouldn't be as many) Now why I hate the word "forensic" is used is because that has a very specific connotation to it; to turn an electronic into something that can be submitted to court,used as evidence, or researched if it contains malware. Forensics takes drive images in a way that no cluster is out of place, no file/folder deleted, and it can even get to the point that the memory contents are accurate. It should allow you to make a copy easily while leaving the original exactly what it looked like. Usually crypto certs or similiar are used to verify the contents are as they were when the system was imaged. What I'm trying to say, consider "forensics" as a spin word that is constantly being abused in the security industry today.
|
# ? Mar 13, 2018 19:23 |
|
Forensics doesn't just apply to imaging drives, it applies to any investigation after the fact with special attention being paid to maintaining the chain of custody for any data you are analyzing.
|
# ? Mar 13, 2018 19:30 |
|
Lain Iwakura posted:I haven't spoken yet. Good talk. Is there going to be a link to just your session? I have some coworkers who would benefit greatly from the content covered.
|
# ? Mar 13, 2018 19:32 |
|
Forensics just means “to do with crime”. I was doing network intrusion and exfiltration analysis with and without police in 1995, and it everyone called it forensics, and I had no chain of custody requirements. (Those would have been awkward, because I wasn’t yet of the age of majority for some of that time.)
|
# ? Mar 13, 2018 19:48 |
|
The Fool posted:Forensics doesn't just apply to imaging drives, it applies to any investigation after the fact with special attention being paid to maintaining the chain of custody for any data you are analyzing. Yes, that's correct. I was using hard drives to get across with the most understood example. Basically, techniques to prevent electronic changes and use ways to show it has not been modified in transit .
|
# ? Mar 13, 2018 19:50 |
|
The Fool posted:Good talk. I believe so. I'll link to it with the slides once I have those details.
|
# ? Mar 13, 2018 19:51 |
|
The Fool posted:Good talk. Agreed, in that I know nothing about this, and actually could follow along.
|
# ? Mar 13, 2018 19:52 |
|
I was in a meeting and missed it Really looking forward to the video+slides of it being posted!
|
# ? Mar 13, 2018 20:03 |
|
I was there live, and it was an awesome talk! I'm going to forward my former coworkers to the slides because god drat they should have learned those things before their disastrous MSSP foray a couple years ago
|
# ? Mar 13, 2018 20:09 |
|
So is AMD getting thrown under the bus by Intel or short sellers? https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond
|
# ? Mar 13, 2018 20:11 |
|
Like the whitepaper, it’s probably nothing that exciting.
|
# ? Mar 13, 2018 20:16 |
|
No paper trail for the existence of the company behind the findings, no disclosure period, disclaimer in the whitepaper admitting financial connection and interest in AMD's competitors, marketing buzzwords instead of technical details, citations to random PDFs on the internet, and to top it all off, no HTTPS on a supposed security consultancy's website. This reeks of corporate hit piece.
|
# ? Mar 13, 2018 20:33 |
Quoting myself because that is a link, and here's some words about it.
|
|
# ? Mar 13, 2018 21:12 |
|
EVIL Gibson posted:Info I really appreciate the response, thanks. Forensics is definitely a buzzword in the industry, and I called it such since that's how our internal Security team is trying to sell this to the higher ups. They aren't building the argument for the product as a preventative measure, they're building an argument for the product as a web of client software that encapsulates all behavior going on in the environment at all times. I'm not saying that's accurate, but that's how it's being presented; a tool to increase visibility. This is also being layered with traditional endpoint protection.
|
# ? Mar 14, 2018 01:36 |
|
if traditional endpoint protection means third party AV, that's a waste of time carbon black or similar is a real good thing to have. it's an idiot proof way of setting up an equivalent to sysmon+WEF+siem alerts. windows defender ATP does the same but better. the GUI is less poo poo, faster, better default rules, etc. they even supposedly support non-win10 systems now.
|
# ? Mar 14, 2018 18:21 |
|
Daman posted:windows defender ATP does the same but better. the GUI is less poo poo, faster, better default rules, etc. they even supposedly support non-win10 systems now. I'm in the process of deploying Defender ATP right now. The dashboard is actually super useful and provides a lot of information in a very easy to consume way.
|
# ? Mar 14, 2018 18:35 |
|
gently caress you, Equifax execs. Senior ex-Equifax executive charged with insider trading CIO allegedly sold $1 million worth of stock 10 days before public learned of breach.
|
# ? Mar 14, 2018 21:42 |
|
Internet Explorer posted:gently caress you, Equifax execs.
|
# ? Mar 14, 2018 22:40 |
|
evil_bunnY posted:And they're more likely to suffer repercussions from that than the actual leak. Honestly, I'm surprised they are even doing something about it.
|
# ? Mar 14, 2018 23:23 |
|
loving over rich white people is one of the few remaining things rich white people can go to jail for.
|
# ? Mar 15, 2018 08:22 |
|
So long as they aren't considerably richer than the other rich white people
|
# ? Mar 15, 2018 11:42 |
|
It's all relative, really.
|
# ? Mar 15, 2018 16:31 |
|
Interesting chat on Twitter today, while talking about security in a case where a judicial worker shared a password with a helpdesk worker that illegally accessed her data. I said something to the tune of "the system isn't flawed per se, people create the flaws" Some dude answered "if the system is good people can't create flaws" and I just said "good luck with that." His answer: "I have 10 years of experience creating ERP profiles. I don't need luck " Motherfucking lol
|
# ? Mar 15, 2018 22:42 |
|
I mean, I guess if you mandate 2FA, and location-based permissions, then giving out your password wouldn't matter. I'd still bet on a user finding a way to gently caress it up.
|
# ? Mar 15, 2018 22:44 |
|
Yeah that was the case in point my follow up in the first tweet was that I've been in 50 different places where we wanted to implement MFA and everyone was like "oh no no way our users would never be able to/want to do that" The dude was somehow implying you could build a perfect system with flawed, stupid people
|
# ? Mar 15, 2018 22:51 |
|
|
# ? May 14, 2024 08:02 |
|
An admin can grant the wrong privileges to a user and they can gain access to sensitive data that they shouldn't have seen. Is that a system flaw?
|
# ? Mar 15, 2018 22:56 |