|
Cheers guys, I'm being met with "Why are you even raising this? It's not a problem" and "The vendor says they wont do anything so why don't you trust them?" It doesnt sit right with me and it sounds like it shouldn't sit right with anyone
|
# ? May 24, 2018 00:37 |
|
|
# ? May 29, 2024 22:48 |
|
You're trusting (probably) any random employee at the vendor with full unsupervised access to your AD
|
# ? May 24, 2018 00:48 |
|
Beccara posted:Cheers guys, I'm being met with "Why are you even raising this? It's not a problem" and "The vendor says they wont do anything so why don't you trust them?" It doesnt sit right with me and it sounds like it shouldn't sit right with anyone Seriously, you should follow up with the fact that, if your access is unaudited, YOU have too much access and need to implement auditing. If they insist on going through at least protect yourself and your company by ensuring your backups are good, working, and frequent as well as auditing. That way when their social media intern accidentally your domain, you can prove it was them and fix the problem they caused.
|
# ? May 24, 2018 01:04 |
|
Tooting my own horn again here: https://blog.keigher.ca/2018/03/performing-your-own-dentistry.html So yeah. We just finished our migration off of Splunk Cloud. I will not and cannot recommend it.
|
# ? May 24, 2018 05:30 |
|
Lain Iwakura posted:Tooting my own horn again here: I dug the windows nt screenshot. Nice.
|
# ? May 24, 2018 05:33 |
|
Sickening posted:I dug the windows nt screenshot. Nice. I wanted to be cheeky so I looked for something antiquated.
|
# ? May 24, 2018 05:38 |
keseph posted:If you were designing your own password manager from the ground up, what would be your most critical feature(s)? In other news, a new botnet, this time with advanced capabilities has been outed, and it can do almost everything. It's kinda cool, in a very scary way. BlankSystemDaemon fucked around with this message at 08:12 on May 24, 2018 |
|
# ? May 24, 2018 07:57 |
|
Beccara posted:Cheers guys, I'm being met with "Why are you even raising this? It's not a problem" and "The vendor says they wont do anything so why don't you trust them?" It doesnt sit right with me and it sounds like it shouldn't sit right with anyone The issue is not simply trusting the people at the vendor. When they want to implement such a shoddy and dangerous update method it is an indication of incompetence and you can't trust that they are able to protect their own systems. They would be a direct route to the heart of your systems and probably many others. When the wrong people learn about this setup the vendor becomes a juicy target for adversaries. Your company may not be a big enough target to spend such effort for hacking, but sound like the vendor would certainly be and your company and numerous others will go down with them.
|
# ? May 24, 2018 11:51 |
|
Lain Iwakura posted:Tooting my own horn again here: I’m currently tearing my hair out dealing with Splunk cloud support, the one saving grace of Cloud is hybrid search. Having an on-prem search head at least gives you some additional flexibility
|
# ? May 24, 2018 13:14 |
|
Softcox posted:I’m currently tearing my hair out dealing with Splunk cloud support, the one saving grace of Cloud is hybrid search. Having an on-prem search head at least gives you some additional flexibility Cloud support's SLA is absolute garbage. The amount of time it takes me now to install an app in contrast to how long it took when they managed it for me is absolutely asinine.
|
# ? May 24, 2018 14:57 |
|
Beccara posted:Cheers guys, I'm being met with "Why are you even raising this? It's not a problem" and "The vendor says they wont do anything so why don't you trust them?" It doesnt sit right with me and it sounds like it shouldn't sit right with anyone At this point they've made their decision so in your shoes I would just say "I can't in good conscience approve this so if you really want to proceed then it has to be okayed at a higher level". If you're lucky enough to have a structure where that can happen. Ideally InfoSec doesn't report in to the same C as IT, but I suspect that's not the case in a lot of smaller orgs.
|
# ? May 24, 2018 16:12 |
|
Martytoof posted:At this point they've made their decision so in your shoes I would just say "I can't in good conscience approve this so if you really want to proceed then it has to be okayed at a higher level". Yeah, if there’s any way this can blow back on you definitely create a CYA email trail.
|
# ? May 24, 2018 16:37 |
|
Softcox posted:I’m currently tearing my hair out dealing with Splunk cloud support, the one saving grace of Cloud is hybrid search. Having an on-prem search head at least gives you some additional flexibility Yeah its _infuriating_. I don't know about hybrid search with cloud; what did having the second search head give you? I'm trying to figure out what it would gain me and can't think of anything but I'm guessing that could easily be explained with a "scale" thing. Lain Iwakura posted:Cloud support's SLA is absolute garbage. The amount of time it takes me now to install an app in contrast to how long it took when they managed it for me is absolutely asinine. You migrated to on prem? Were you able to retain the logs from cloud instance? Did they move over to your new cluster or stay in the cloud, accessible but apart from your new cluster? In about...8 months when we hit the end of the contract with splunk cloud i'm gonna be pushing hard for on prem and am curious about road blocks.
|
# ? May 24, 2018 16:43 |
|
Jowj posted:You migrated to on prem? Were you able to retain the logs from cloud instance? Did they move over to your new cluster or stay in the cloud, accessible but apart from your new cluster? Yes, yes, and to answer your last question: we hired a contractor to create a hybrid search and then once the new indexers were in place we had the pre-existing data migrated to an S3 bucket and then restored via that. It took us about two months to get it down right but minus some hitches with our local forwarders, everything went flawlessly. What made it not suck so much was the fact that we were still going to have it all in AWS but 100% in our control otherwise. If I ever get it cleared by my director, I'll probably blog about it.
|
# ? May 25, 2018 02:17 |
|
Lain Iwakura posted:Yes, yes, and to answer your last question: we hired a contractor to create a hybrid search and then once the new indexers were in place we had the pre-existing data migrated to an S3 bucket and then restored via that. It took us about two months to get it down right but minus some hitches with our local forwarders, everything went flawlessly. What made it not suck so much was the fact that we were still going to have it all in AWS but 100% in our control otherwise. Dope. That process doesn't seem like murder, and my env would only have like 6-8 TB to move around. Lain Iwakura posted:If I ever get it cleared by my director, I'll probably blog about it.
|
# ? May 25, 2018 16:43 |
|
Jowj posted:Dope. That process doesn't seem like murder, and my env would only have like 6-8 TB to move around. Compressed, our data was about 32 TB. We do about 150-200 GB/day but have clearance up to 300 GB. My new project starting sometime this summer will see me collect way more data than before.
|
# ? May 25, 2018 21:26 |
|
Beccara posted:LocalSystem level access on a PDC
|
# ? May 25, 2018 22:06 |
|
Oh hey were we just talking about how awesome QRadar is?? https://blogs.securiteam.com/index.php/archives/3689
|
# ? May 28, 2018 21:48 |
|
Martytoof posted:Oh hey were we just talking about how awesome QRadar is?? I always love when topical posts like this happen.
|
# ? May 28, 2018 21:54 |
|
Martytoof posted:Oh hey were we just talking about how awesome QRadar is?? This industry owns
|
# ? May 28, 2018 21:55 |
|
https://www.securityweek.com/russia-asks-apple-help-block-telegram mmmmhmmmmmmmmmm
|
# ? May 28, 2018 23:51 |
|
ChubbyThePhat posted:https://www.securityweek.com/russia-asks-apple-help-block-telegram I wonder what their plan is. It's not really realistic to block Android or Apple phones altogether as that would probably hurt the economy. What kind of sanctions could Russia apply to coerce these companies to comply? It's not like they could put the execs there in jail like they do for the other companies, because then the companies could have the sanctions of their own and pull out from the country altogether (and once more hurting Russian's economy).
|
# ? May 29, 2018 08:55 |
|
The FSB leaks Tim Cook's homosexuality during WWDC, crippling the company at a critical moment.
|
# ? May 29, 2018 14:19 |
|
https://twitter.com/neopg_/status/1001424463815208961
|
# ? May 29, 2018 14:25 |
BGP really needs some form of overhaul.
|
|
# ? May 29, 2018 17:01 |
|
https://twitter.com/AaronToponce/status/997831665366876163
|
# ? May 30, 2018 23:30 |
|
It seems inappropriate for a mod to doxx both my home and my corporate security strategy in one drat post
|
# ? May 31, 2018 04:25 |
|
Maybe you should have better infosec then
|
# ? May 31, 2018 11:38 |
|
Which one of you
|
# ? May 31, 2018 18:47 |
|
This seems like the thread to ask since in the past the Android thread has been no help. Is there a way to pull all of the data off of an old android phone and android-formatted SD card using Windows or Linux? I feel like there should be because of the old adage about physical access meaning you will eventually have data access, but I don’t know anything about that sort of thing.
|
# ? May 31, 2018 18:52 |
|
22 Eargesplitten posted:This seems like the thread to ask since in the past the Android thread has been no help. Is there a way to pull all of the data off of an old android phone and android-formatted SD card using Windows or Linux? I feel like there should be because of the old adage about physical access meaning you will eventually have data access, but I don’t know anything about that sort of thing.
|
# ? May 31, 2018 19:09 |
|
22 Eargesplitten posted:This seems like the thread to ask since in the past the Android thread has been no help. Is there a way to pull all of the data off of an old android phone and android-formatted SD card using Windows or Linux? I feel like there should be because of the old adage about physical access meaning you will eventually have data access, but I don’t know anything about that sort of thing. I've used ADB for this purpose in the past, first writeup on google: https://www.androidauthority.com/android-customization-transfer-files-adb-push-adb-pull-601015/
|
# ? May 31, 2018 19:11 |
|
22 Eargesplitten posted:This seems like the thread to ask since in the past the Android thread has been no help. Is there a way to pull all of the data off of an old android phone and android-formatted SD card using Windows or Linux? I feel like there should be because of the old adage about physical access meaning you will eventually have data access, but I don’t know anything about that sort of thing. On Android devices by default the SD card is formatted FAT32 so you can just put it in a PC and read it straight up. Those with rooted phones also often added a second EXT4 partition and used something like APPS2SD to link it in with their system, but again that'll be readable on any Linux system or with addon drivers on Windows/Mac. Newer Android devices running 6.0 or newer have an optional mode called adoptable storage where the SD card is formatted entirely EXT4 but also encrypted with 128 bit AES. I do not know if there's an easy way to recover the key in these cases, or if it uses standard Linux disk encryption versus some Android-specific system. As far as reading the entire device, you can usually get a lot with ADB but newer versions have locked this down. If the device has an unlocked bootloader you can replace the recovery with something like TWRP and do a full device backup to SD or USB storage.
|
# ? May 31, 2018 19:24 |
|
22 Eargesplitten posted:This seems like the thread to ask since in the past the Android thread has been no help. Is there a way to pull all of the data off of an old android phone and android-formatted SD card using Windows or Linux? I feel like there should be because of the old adage about physical access meaning you will eventually have data access, but I don’t know anything about that sort of thing. We don't take the philosophy that physical access means data access. You can use adb backup to get data from apps which have opted in to being backed up but not all the data.
|
# ? May 31, 2018 19:35 |
|
Well, if it isn't FSLabs, up to their old bullshit... Nice!
|
# ? Jun 1, 2018 02:02 |
|
PS - I am aware of the malware in the past. This is unrelated.
|
# ? Jun 1, 2018 02:33 |
|
Schadenboner posted:PS - I am aware of the malware in the past. This is unrelated. Oh, I have such sights to show you... Absurd Alhazred posted:From the Flightsim Thread:
|
# ? Jun 1, 2018 03:22 |
|
Space Gopher posted:The equivalent in a web context is Facebook allowing people to deploy random poo poo straight from source control to a public-facing server with a *.facebook.com cert and key. Doesn’t Facebook do continuous deployment now?
|
# ? Jun 1, 2018 13:13 |
|
anthonypants posted:What kind of data are you asking about? Contacts / texts / pictures mostly. A lot of contacts and pictures seem to have actually gotten backed up to her Google account, thankfully. I’ll ask if there’s anything else. My wife’s phone screen got super hosed up and the new phone wants to format the SD card rather than read it. It’s a Moto G4. She wouldn’t have set up any additional security. She refused to even add a PIN to unlock the screen. Thankfully this new one has a fingerprint reader, so maybe she’ll actually use it.
|
# ? Jun 1, 2018 14:12 |
|
|
# ? May 29, 2024 22:48 |
|
Subjunctive posted:Doesn’t Facebook do continuous deployment now? CD shouldn't let anybody go straight from a dev branch, all the way out to production, without any checks. There should be human code reviews and multiple layers of automated tests. Merging to master might end up automatically initiating a global prod deploy, but any sane CI/CD pipeline will make sure that there's an audit trail and quality gates before that merge happens, and more quality gates between the merge and the final big push. If a single person can push random poo poo (as in, potentially untested or failing code - including code with obvious or maliciously placed vulnerabilities) all the way through your release process, then you've got a deeply dysfunctional environment. Assuming FB hasn't overhauled their web release pipeline since https://code.facebook.com/posts/270314900139291/rapid-release-at-massive-scale/ , it looks like they have a robust quality gate system. They run automated tests before allowing code into master, then go through a couple of canary stages (employees-only, then 2% of global traffic) before the whole world gets a given quasi-CD release. I'm guessing that there's some level of two-person-rule code review in the merge to master, too.
|
# ? Jun 1, 2018 14:23 |