dogstile posted:

If this thread has taught me anything its that I should never get into infosec or i'll be abrasive and mad all the time.

dogstile posted:

If this thread has taught me anything its that I should never get into infosec or i'll be abrasive and mad all the time.

dogstile posted:

If this thread has taught me anything its that I should never get into infosec or i'll be abrasive and mad all the time.

dogstile posted:

If this thread has taught me anything its that I should never get into infosec or i'll be abrasive and mad all the time.

cheese-cube posted:

I was just posting a thing that I thought people might enjoy reading. Also posted the same thing in the secfuck thread in case you want to throw your weight around there.

PCjr sidecar posted:

Mirrored avaiators, ccl licenses, and other leo cosplay.

Apex Rogers posted:

Mind linking to the secfuck thread?

PBS posted:

They keep closing it and opening new ones, looks like this is the current though.

https://forums.somethingawful.com/showthread.php?threadid=3855827

The Fool posted:

https://bgr.com/2018/07/10/apple-1password-acquisition-deal/

ratbert90 posted:

Getting into infosec means you have a huge "CYA" folder in your inbox full of email chains that end in "We have your report, solution: WONTFIX".
Then a year later poo poo hits the fan and they start to bitch and moan at you until you pull that email chain with a giant.

anthonypants posted:

https://twitter.com/1Password/status/1016710603359096846

quote:

AlienVault is excited to announce the intended acquisition by AT&T. This acquisition will bolster AT&T’s and AlienVault’s ability to deliver cybersecurity solutions, including threat intelligence, across all sales channels. AT&T will continue to invest in and build on AlienVault’s foundational technology as the company integrates AlienVault into AT&T’s cybersecurity suite of services.

AT&T will acquire the company, including all assets of AlienVault - the technology, platforms, infrastructure, talent including partner relationships and OTX communities. AT&T understands the value in AlienVault’s channels and expects to continue to work with our partners and MSSPs.

For now, this announcement has no impact on how we engage and support our partners, and it is business as usual and all interaction remains the same. Your account management, marketing and support teams continue to be focused on your success. There are no changes in licensing or delivery - we recognize that you have built service offerings on AlienVault’s USM platform and our commitment to you is unchanged.

This is an exciting time, and I am sure you have some questions. Right now, we’re focused on planning for a smooth transition to AT&T for our customers, partners and employees after close. Should you wish to address anything specific, feel free to reach out to me or your Channel Account Manager. Thank you for your partnership and we look forward to continued mutual success

Diva Cupcake posted:

AT&T is buying AlienVault. lol

Thanks Ants posted:

Telcos getting involved with things always improves them, I'm optimistic about this

Evis posted:

What about gpg isn’t working for you?

SnatchRabbit posted:

We need to use an external application to fire off gpg -e encryption commands to our external server using su. gpg doesnt allow that by design and we can't engineer around that limitation.

EVIL Gibson posted:

What is the exact limitation? Are the keys living on local or the remote external server?

SnatchRabbit posted:

The keys live on the external server, but the application needs to be able to send the gpg command using an su profile which gpg does not support. I've tried for a couple weeks trying to get it to work but seems its explicitly not supported.

CLAM DOWN posted:

This is so awesome

https://github.com/eslint/eslint-scope/issues/39

Dumping npm credentials right to a pastebin

https://github.com/eslint/eslint-scope/issues/39#issuecomment-404543050 posted:

For anyone curious about the signing situation, the NPM maintainers actively rejected package signing in 2015.

anthonypants posted:

CLAM DOWN posted:

Looks like NPM stepped in and invalidated all tokens themselves rather than wait for users to maybe do it

https://status.npmjs.org/incidents/dn7c1fgrr7ng

This entire thing was caused by a contributor not having 2FA lmao

anthonypants posted:

Do they mention how they knew that everyone had upgraded from the bad versions of eslint-scope and eslint-config-eslint before they did this?

Diva Cupcake posted:

AT&T is buying AlienVault. lol

wyoak posted:

I just ran into an issue where some of our partners were pulling the incorrect IPv4 addresses for their payment processor (CES / FirstData).

The payment gateways are:
vxn.datawire.net
vxn1.datawire.net
vxn2.datawire.net

The correct IP's are 216.220.36.75, 205.167.140.10, and 64.243.142.36. However, our affected locations (in Alaska on two different ISP's) were getting 45.227.252.17 as the IPv4 address, which I think is registered to a web hosting company in the Caribbean. The HTTPS site at that IP is using a self-signed SSL certificate, issued on 7-5, for those domain names. The Hello World text is the same as the actual servers. This all looks like someone trying to harvest credit card records. Fortunately for us, our card processing software does verify the SSL certificate and didn't send any transactions since the cert wasn't signed by a trusted CA, but this is still really weird and I'm wondering how the ISP DNS servers are getting the wrong server. My initial thought was their router got popped by some bot since I'm sure no one updates their firwmare ever, but on investigating the bad records were actually coming from the ISP nameservers.

From googling around and trying different public DNS servers in that corner of the world, I found that the University of British Colombia is serving the incorrect IP as well. Doing an NSLOOKUP against the public servers listed on this page will get you the wrong IP (at least as of 8:54 AM mountain time on 7-13-2018).

One of the originally affected sites is now getting the correct IP information from their ISP (MTA Online), but ACS Alaska's nameservers are still serving incorrect info.

I guess I'm wondering if anyone else is seeing this and how the records were poisoned, and who I would go try to report this to if I was so inclined.

wyoak posted:

I just ran into an issue where some of our partners were pulling the incorrect IPv4 addresses for their payment processor (CES / FirstData).

The payment gateways are:
vxn.datawire.net
vxn1.datawire.net
vxn2.datawire.net

The correct IP's are 216.220.36.75, 205.167.140.10, and 64.243.142.36. However, our affected locations (in Alaska on two different ISP's) were getting 45.227.252.17 as the IPv4 address, which I think is registered to a web hosting company in the Caribbean. The HTTPS site at that IP is using a self-signed SSL certificate, issued on 7-5, for those domain names. The Hello World text is the same as the actual servers. This all looks like someone trying to harvest credit card records. Fortunately for us, our card processing software does verify the SSL certificate and didn't send any transactions since the cert wasn't signed by a trusted CA, but this is still really weird and I'm wondering how the ISP DNS servers are getting the wrong server. My initial thought was their router got popped by some bot since I'm sure no one updates their firwmare ever, but on investigating the bad records were actually coming from the ISP nameservers.

From googling around and trying different public DNS servers in that corner of the world, I found that the University of British Colombia is serving the incorrect IP as well. Doing an NSLOOKUP against the public servers listed on this page will get you the wrong IP (at least as of 8:54 AM mountain time on 7-13-2018).

One of the originally affected sites is now getting the correct IP information from their ISP (MTA Online), but ACS Alaska's nameservers are still serving incorrect info.

I guess I'm wondering if anyone else is seeing this and how the records were poisoned, and who I would go try to report this to if I was so inclined.